CVE-2026-49009 - Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Director

CVE-2026-48792 - pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, s

CVE-2026-48066 - pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, s

CVE-2026-48065 - pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, s

CVE-2026-48064 - pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, w

CVE-2026-47274 - pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, m

CVE-2026-47273 - pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, p

CVE-2026-47272 - pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, t

CVE-2026-47271 - pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, s

CVE-2026-47161 - RELATE is a web-based courseware package. Prior to commit d66ba5659b459bf1ba56b7109b5f9ecf197cbefb,

CVE-2026-45134 - LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith

CVE-2026-45108 - Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to befor

CVE-2026-45104 - MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDPa

CVE-2026-45102 - OneUptime is an open-source monitoring and observability platform. Prior to 10.0.98, OneUptime uses

CVE-2026-44888 - Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Aler

CVE-2026-44887 - Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Aler

CVE-2026-44886 - Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 20

CVE-2026-44724 - systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linu

CVE-2026-44681 - Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1

CVE-2026-44590 - Sherlock hunts down social media accounts by username across social networks. Prior to 0.16.1, the G

CVE-2026-42877 - FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored

CVE-2026-42197 - RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566

CVE-2026-33552 - Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control.

CVE-2026-8716 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.7 before 18.10.7, 18.1

CVE-2026-6713 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.10.7, 18.1

CVE-2026-5296 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.10.7, 18.11 b

CVE-2026-4868 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 b

CVE-2026-45046 - Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging level

CVE-2026-44635 - Kysely is a type-safe TypeScript SQL query builder. From 0.26.0 to 0.28.16, DefaultQueryCompiler.vis

CVE-2026-42879 - FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authe

CVE-2026-42878 - FacturaScripts is an open source accounting and invoicing software. Prior to v2026, an unauthenticat

CVE-2026-2601 - GitLab has remediated an issue in GitLab EE affecting all versions from 11.5 before 18.10.7, 18.11 b

CVE-2026-1402 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.10.7, 18.1

CVE-2026-5509 - An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router

CVE-2026-4392 - A vulnerability was detected in TeamSpeak 3 Server up to 3.13.7. This issue affects some unknown pro

CVE-2026-4391 - A security vulnerability has been detected in TeamSpeak 3 Server up to 3.13.7. This vulnerability af

CVE-2026-4390 - A weakness has been identified in TeamSpeak 3 Server up to 3.13.7. This affects the function process

CVE-2026-48153 - Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes a

CVE-2026-48152 - Budibase is an open-source low-code platform. Prior to 3.39.0, the single-datasource GET and PUT rou

CVE-2026-48151 - Budibase is an open-source low-code platform. Prior to 3.39.0, the webhook schema-building endpoint

CVE-2026-48150 - Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarde

CVE-2026-48149 - Budibase is an open-source low-code platform. Prior to 3.39.0, the Budibase Text component renders m

CVE-2026-48148 - Budibase is an open-source low-code platform. Prior to 3.35.3, the VectorDB configuration endpoint

CVE-2026-48147 - Budibase is an open-source low-code platform. Prior to 3.35.4, the buildMatcherRegex() / matches() f

CVE-2026-48146 - Budibase is an open-source low-code platform. Prior to 3.39.0, the OAuth2 token fetch function in pa

CVE-2026-48128 - Budibase is an open-source low-code platform. Prior to 3.39.0, the executeQuery automation step in B

CVE-2026-46427 - Budibase is an open-source low-code platform. Prior to 3.38.3, removeSecrets at packages/server/src/

CVE-2026-46426 - Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/at

CVE-2026-46425 - Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/src/api/routes/global

CVE-2026-46424 - Budibase is an open-source low-code platform. Prior to 3.38.2, the public API role unassignment endp

CVE-2026-45719 - Budibase is an open-source low-code platform. Prior to 3.38.1, the V1 Views API (POST /api/views) ac

CVE-2026-45718 - Budibase is an open-source low-code platform. Prior to 3.38.1, the row action trigger endpoint (POST

CVE-2026-45717 - Budibase is an open-source low-code platform. Prior to 3.38.1, Budibase exposes a REST API for datas

CVE-2026-45716 - Budibase is an open-source low-code platform. Prior to 3.38.1, the POST /api/global/users/onboard en

CVE-2026-45715 - Budibase is an open-source low-code platform. Prior to 3.38.1, the REST datasource integration (pack

CVE-2026-45548 - Budibase is an open-source low-code platform. Prior to 3.34.8, the processUrlFile function in packag

CVE-2026-45090 - Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, Par

CVE-2026-45089 - Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, whe

CVE-2026-45088 - Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, whe

CVE-2026-45087 - Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, whe

CVE-2026-45081 - Frappe HR is an open-source human resources management solution (HRMS). Prior to 16.5.0, authenticat

CVE-2026-45061 - Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint (POST

CVE-2026-45047 - bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler (and similarly webHandlerTe

CVE-2026-44521 - elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1

CVE-2026-44460 - FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operatio

CVE-2026-44378 - Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encoding

CVE-2026-44346 - BentoML is a Python library for building online serving systems optimized for AI apps and model infe

CVE-2026-44345 - BentoML is a Python library for building online serving systems optimized for AI apps and model infe

CVE-2026-42553 - Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a

CVE-2026-42328 - go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batte

CVE-2026-38808 - SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive info

CVE-2026-38807 - Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileg

CVE-2025-69600 - Command injection in Raynet rvia RayVentory Scan Engine 12.6 Update 8 and previous versions allows a

CVE-2025-67903 - Northern.tech Mender Client 5 before 5.0.4 allows a Cryptographic signature verification bypass.

CVE-2026-49054 - Missing Authorization vulnerability in Mamunur Rashid The Post Grid allows Exploiting Incorrectly Co

CVE-2026-48027 - Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console,

CVE-2026-45335 - WeGIA is a web manager for charitable institutions. Prior to 3.7.3, an Open Redirect vulnerability w

CVE-2026-45027 - WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in,

CVE-2026-44483 - RVF (formerly Remix Validated Form) provides easy form validation and state management for React. Fr

CVE-2026-44475 - Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core does not verify the

CVE-2026-44474 - Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core didn't enforce secu

CVE-2026-44473 - Ella Core is a 5G core designed for private networks. Prior to 1.10.0, a radio with a valid NG Setup

CVE-2026-44353 - Streamlink is a CLI utility which pipes video streams from various services into a video player. Pri

CVE-2026-44330 - free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mount

CVE-2026-44329 - free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mount

CVE-2026-44328 - free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mount

CVE-2026-44327 - free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mount

CVE-2026-44326 - free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mount

CVE-2026-44325 - free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NRF root

CVE-2026-44324 - free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-

CVE-2026-44323 - free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-

CVE-2026-44322 - free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF PATCH

CVE-2026-44321 - free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mount

CVE-2026-44320 - free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mount

CVE-2026-44319 - free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF termi

CVE-2026-44318 - free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's BSF PUT /

CVE-2026-44317 - free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST

CVE-2026-44316 - free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST

CVE-2026-44315 - free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mount

CVE-2026-42790 - Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key m

CVE-2026-42459 - free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the free5GC UDM com

CVE-2026-42083 - free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, PCF Npcf_SMPolicyCo

CVE-2026-42082 - free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC

CVE-2026-42081 - free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC

CVE-2026-38945 - Command injection in Raynet rvia version 12.6 Update 8 and previous versions allows adversaries to e

CVE-2026-38931 - A stored cross-site scripting (XSS) vulnerability in the /admin/config-module.php component of creat

CVE-2026-38930 - OpenRapid RapidCMS v1.3.1 was discovered to contain an authentication bypass in the /template/defaul

CVE-2025-70116 - A NULL pointer dereference in GPAC MP4Box: when parsing certain truncated MP4 files, an unknown/inva

CVE-2025-68712 - SpSoft AppLock (com.sp.protector.free) 7.9.40 for Android allows a local attacker with physical acce

CVE-2022-41656 - Missing Authorization vulnerability in Bizswoop Account Manager for WooCommerce allows Exploiting In

CVE-2026-9712 - When creating an export through the pretix API, API clients are returned an UUID value for their ex

CVE-2026-9674 - A cross-site request forgery (CSRF) vulnerability in Jenkins Multijob Plugin 662.vd2e0001f6b_b_d and

CVE-2026-6957 - Mattermost Plugins versions <=1.1.5 fail to sanitize filenames received from federated peers before

CVE-2026-49103 - Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mail

CVE-2026-49102 - Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in

CVE-2026-49059 - URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Facebook Facebook for WooCommer

CVE-2026-49053 - Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Inc

CVE-2026-49052 - Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Inc

CVE-2026-49051 - Missing Authorization vulnerability in Prasad Kirpekar WP Meta and Date Remover allows Exploiting In

CVE-2026-49047 - Missing Authorization vulnerability in DearHive DearFlip allows Exploiting Incorrectly Configured Ac

CVE-2026-49046 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-49045 - Missing Authorization vulnerability in WP Media Adminimize allows Exploiting Incorrectly Configured

CVE-2026-49044 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-48973 - Missing Authorization vulnerability in Benbodhi SVG Support allows Exploiting Incorrectly Configured

CVE-2026-48927 - Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the build URL, resulting in a stored

CVE-2026-48926 - Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does not perform a permission check in an

CVE-2026-48925 - A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Integration Plugin 0.7.3 and ear

CVE-2026-48924 - Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allo

CVE-2026-48923 - Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implemen

CVE-2026-48922 - Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not properly sanitize file na

CVE-2026-48921 - Jenkins Pipeline: Groovy Libraries Plugin 797.v90ea_a_9b_e45a_0 and earlier does not prohibit symbol

CVE-2026-48920 - Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as `base64` in

CVE-2026-48919 - Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without valid

CVE-2026-48918 - Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default.

CVE-2026-48917 - Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without vali

CVE-2026-48916 - Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals.

CVE-2026-48545 - Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers

CVE-2026-48544 - Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.

CVE-2026-47119 - Agent Zero before version 1.15 contains a stored cross-site scripting vulnerability that allows atta

CVE-2026-47118 - Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated a

CVE-2026-45571 - go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alp

CVE-2026-45570 - go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alp

CVE-2026-45022 - go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alp

CVE-2026-44988 - LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClie

CVE-2026-44972 - GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes a

CVE-2026-44971 - GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic re

CVE-2026-44902 - opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP r

CVE-2026-44839 - RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerabi

CVE-2026-44838 - RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin all

CVE-2026-44830 - Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. P

CVE-2026-42280 - Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific precon

CVE-2026-42184 - Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a fl

CVE-2026-37713 - An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker t

CVE-2026-37712 - An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker t

CVE-2026-37711 - An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker t

CVE-2026-31266 - Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint (

CVE-2026-30498 - A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the delete.php endpoint of Jason

CVE-2026-1248 - IBM Business Automation Workflow containers and traditional may leak information about its database

CVE-2025-70103 - Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::Decod

CVE-2026-9704 - A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerabili

CVE-2026-9617 - PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by cr

CVE-2026-9035 - IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Tra

CVE-2026-8405 - IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection named

CVE-2026-8180 - IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Tra

CVE-2026-8179 - IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Tra

CVE-2026-8175 - IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Tra

CVE-2026-7876 - IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19 is affected by an authentication bypass vulnerability.

CVE-2026-7528 - IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource co

CVE-2026-7524 - IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of

CVE-2026-7365 - IBM Operations Analytics - Log Analysis  and IBM SmartCloud Analytics - Log Analysis uses default pa

CVE-2026-7254 - IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticate

CVE-2026-6938 - IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote objec

CVE-2026-6936 - IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursio

CVE-2026-6053 - IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a

CVE-2026-6052 - IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when

CVE-2026-6051 - IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when e

CVE-2026-5516 - IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Serv

CVE-2026-5515 - IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log

CVE-2026-5065 - IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a passwor

CVE-2026-4410 - IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere Application S

CVE-2026-48972 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio

CVE-2026-48971 - Missing Authorization vulnerability in WebToffee Product Import Export for WooCommerce allows Exploi

CVE-2026-47104 - libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parse_iad_array

CVE-2026-46103 - In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix devres lifetime

CVE-2026-46102 - In the Linux kernel, the following vulnerability has been resolved: net: strparser: fix skb_head le

CVE-2026-46101 - In the Linux kernel, the following vulnerability has been resolved: netfilter: reject zero shift in

CVE-2026-46100 - In the Linux kernel, the following vulnerability has been resolved: fs: afs: revert mmap_prepare()

CVE-2026-46099 - In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix NOREF dst use in

CVE-2026-46098 - In the Linux kernel, the following vulnerability has been resolved: net: caif: clear client service

CVE-2026-46097 - In the Linux kernel, the following vulnerability has been resolved: Input: edt-ft5x06 - fix use-aft

CVE-2026-46096 - In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix missing tpm_

CVE-2026-46095 - In the Linux kernel, the following vulnerability has been resolved: md/md-llbitmap: raise barrier b

CVE-2026-46094 - In the Linux kernel, the following vulnerability has been resolved: ext4: fix bounds check in check

CVE-2026-46093 - In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: take vmap_purge_loc

CVE-2026-46092 - In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: check for PCI upst

CVE-2026-46091 - In the Linux kernel, the following vulnerability has been resolved: media: rc: igorplugusb: heed co

CVE-2026-46090 - In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime U

CVE-2026-46089 - In the Linux kernel, the following vulnerability has been resolved: zram: do not forget to endio fo

CVE-2026-46088 - In the Linux kernel, the following vulnerability has been resolved: ALSA: control: Validate buf_len

CVE-2026-46087 - In the Linux kernel, the following vulnerability has been resolved: mm/damon/stat: fix memory leak

CVE-2026-46086 - In the Linux kernel, the following vulnerability has been resolved: net: bridge: use a stable FDB d

CVE-2026-46085 - In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxkad crypto unalign

CVE-2026-46084 - In the Linux kernel, the following vulnerability has been resolved: RDMA/mana_ib: Disable RX steeri

CVE-2026-46083 - In the Linux kernel, the following vulnerability has been resolved: spi: fix resource leaks on devi

CVE-2026-46082 - In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Inject #UD for INVLPG

CVE-2026-46081 - In the Linux kernel, the following vulnerability has been resolved: crypto: acomp - fix wrong point

CVE-2026-46080 - In the Linux kernel, the following vulnerability has been resolved: ocfs2: split transactions in di

CVE-2026-46079 - In the Linux kernel, the following vulnerability has been resolved: rbd: fix null-ptr-deref when de

CVE-2026-46078 - In the Linux kernel, the following vulnerability has been resolved: erofs: fix the out-of-bounds na

CVE-2026-46077 - In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-tdes - fix DMA sy

CVE-2026-46076 - In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Raise #UD if unhandl

CVE-2026-46075 - In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix pot

CVE-2026-46074 - In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix memory leaks on

CVE-2026-46073 - In the Linux kernel, the following vulnerability has been resolved: hwmon: (powerz) Fix missing usb

CVE-2026-46072 - In the Linux kernel, the following vulnerability has been resolved: ntfs3: add buffer boundary chec

CVE-2026-46071 - In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Avoid clearing VMCB_

CVE-2026-46070 - In the Linux kernel, the following vulnerability has been resolved: md/raid5: validate payload size

CVE-2026-46069 - In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: fix use-after-fr

CVE-2026-46068 - In the Linux kernel, the following vulnerability has been resolved: crypto: nx - fix bounce buffer

CVE-2026-46067 - In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damos_q

CVE-2026-46066 - In the Linux kernel, the following vulnerability has been resolved: ceph: fix num_ops off-by-one wh

CVE-2026-46065 - In the Linux kernel, the following vulnerability has been resolved: fbdev: defio: Disconnect deferr

CVE-2026-46064 - In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix heap over-read in i

CVE-2026-46063 - In the Linux kernel, the following vulnerability has been resolved: x86/shstk: Prevent deadlock dur

CVE-2026-46062 - In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix integer overflow in

CVE-2026-46061 - In the Linux kernel, the following vulnerability has been resolved: jbd2: fix deadlock in jbd2_jour

CVE-2026-46060 - In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix IRQ cleanup o

CVE-2026-46059 - In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use NextRIP a

CVE-2026-46058 - In the Linux kernel, the following vulnerability has been resolved: media: amphion: Fix race betwee

CVE-2026-46057 - In the Linux kernel, the following vulnerability has been resolved: landlock: Fix LOG_SUBDOMAINS_OF

CVE-2026-46056 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: fix poten

CVE-2026-46055 - In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix string overrun du

CVE-2026-46054 - In the Linux kernel, the following vulnerability has been resolved: selinux: fix overlayfs mmap() a

CVE-2026-46053 - In the Linux kernel, the following vulnerability has been resolved: net: rds: fix MR cleanup on cop

CVE-2026-46052 - In the Linux kernel, the following vulnerability has been resolved: ceph: only d_add() negative den

CVE-2026-46051 - In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix soft lockup in re

CVE-2026-46050 - In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix deadlock with ch

CVE-2026-46049 - In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Add fallback to de

CVE-2026-46048 - In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: fix usb_dev refcou

CVE-2026-46047 - In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Fix use-after-fr

CVE-2026-46046 - In the Linux kernel, the following vulnerability has been resolved: ext4: fix missing brelse() in e

CVE-2026-46045 - In the Linux kernel, the following vulnerability has been resolved: md/md-llbitmap: skip reading rd

CVE-2026-46044 - In the Linux kernel, the following vulnerability has been resolved: ipmi:ssif: Clean up kthread on

CVE-2026-46043 - In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Validate pad and ICRC

CVE-2026-46042 - In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix memory leaks

CVE-2026-46041 - In the Linux kernel, the following vulnerability has been resolved: greybus: gb-beagleplay: fix sle

CVE-2026-46040 - In the Linux kernel, the following vulnerability has been resolved: inotify: fix watch count leak w

CVE-2026-46039 - In the Linux kernel, the following vulnerability has been resolved: rxgk: Fix potential integer ove

CVE-2026-46038 - In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Free the node du

CVE-2026-46037 - In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: validate reply type