CVE-2025-60464 - A use-after-free in the gf_sei_load_from_state_internal function (/filters/sei_load.c) of GPAC Proje

CVE-2026-57700 - Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Mali

CVE-2026-56790 - CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the

CVE-2026-56789 - RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in sr

CVE-2026-56788 - RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when proces

CVE-2026-56787 - RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decode_ssr3 func

CVE-2026-56786 - RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decode_type1033 function that

CVE-2026-56779 - MaxKB before 2.10.0 contains a server-side request forgery vulnerability in tool creation and update

CVE-2026-56774 - Kanboard through 1.2.52, fixed in commit 928c68a, UserViewController::removeSession fails to validat

CVE-2026-56772 - NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated user

CVE-2026-56771 - NewsBlur before version 14.5.0 contains a server-side request forgery vulnerability in the add_url e

CVE-2026-56770 - libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when proce

CVE-2026-56769 - Huly Platform through 0.7.423, fixed in commit 68cbf8a contains an authenticated server-side request

CVE-2026-56768 - Seahub before 13.0.23 does not enforce SHARE_LINK_LOGIN_REQUIRED on GET /api/v2.1/share-link-zip-tas

CVE-2026-56767 - Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storag

CVE-2026-56766 - Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication

CVE-2026-55667 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-54917 - SeaweedFS is a distributed storage system for object storage (S3), file systems, and Iceberg tables.

CVE-2026-54250 - K3s is a fully conformant production-ready Kubernetes distribution. Prior to 1.35.3+k3s1, 1.34.6+k3s

CVE-2026-54097 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-54096 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-54094 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-54093 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-54092 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-54091 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-54090 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-54089 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-54088 - File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing

CVE-2026-53925 - Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the secure_

CVE-2026-50549 - Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal comm

CVE-2026-50548 - Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal comm

CVE-2026-4930 - SYMCRYPTO is the SiXG301's host side hardware engine accessed by PSA crypto library that accelerates

CVE-2026-46611 - Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC

CVE-2026-46608 - Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC

CVE-2026-46607 - Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py

CVE-2026-46606 - Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEM

CVE-2026-28898 - swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control charact

CVE-2026-12921 - In AzeoTech DAQFactory versions 21.1 and prior, a Use After Free vulnerability can be exploited by a

CVE-2026-12897 - Horner Automation Cscape versions prior to 10.2 SP3 are vulnerable to an Out-of-Bounds Read vulnerab

CVE-2026-6291 - Bleichenbacher padding oracle in PKCS#7 KTRI decryption. When decrypting PKCS#7 EnvelopedData using

CVE-2026-6094 - Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This

CVE-2026-6091 - Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untruste

CVE-2026-55967 - AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were no

CVE-2026-55961 - wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that contains n

CVE-2026-55700 - pnpm is a package manager. From 11.3.0 until 11.5.3, `pnpm stage download` derived a local filename

CVE-2026-55699 - pnpm is a package manager. Prior to 10.34.2 and 11.5.3, Manifest bin object keys such as "", ".", an

CVE-2026-55698 - pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can persist package-manager bootstrap m

CVE-2026-55697 - pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared

CVE-2026-55487 - pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stri

CVE-2026-55180 - pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded ${ENV_VAR} placeho

CVE-2026-54679 - jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvp_string_append has a chance

CVE-2026-50573 - pnpm is a package manager. Prior to 10.34.0 and 11.4.0, `pnpm install` in non-frozen mode can accept

CVE-2026-50021 - pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extraction worker skips integ

CVE-2026-50017 - pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm can send user-level unscoped npm authen

CVE-2026-50016 - pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm allows a transitive dependency alias fr

CVE-2026-50015 - pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's patch application pipeline (@pnpm/pat

CVE-2026-50014 - pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git reso

CVE-2026-49839 - jq is a command-line JSON processor. Prior to 1.8.2,` jq --rawfile` can turn a handled oversized-str

CVE-2026-48995 - pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.github.com server can s

CVE-2026-47770 - jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays

CVE-2026-11999 - X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compatibility certificate verifier (

CVE-2026-9800 - A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to by

CVE-2026-9799 - A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Ac

CVE-2026-9705 - A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previous

CVE-2026-9099 - A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild() endpoint

CVE-2026-9086 - A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those w

CVE-2026-9083 - A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vu

CVE-2026-56123 - socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allow

CVE-2026-55439 - Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the

CVE-2026-55413 - ToolJet is the open-source foundation am AI-native platform for building and deploying internal tool

CVE-2026-55412 - ToolJet is the open-source foundation am AI-native platform for building and deploying internal tool

CVE-2026-55411 - ToolJet is the open-source foundation am AI-native platform for building and deploying internal tool

CVE-2026-55092 - Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an OCI artifact, it uses the org.

CVE-2026-54573 - Outline is a service that allows for collaborative documentation. Prior to 1.8.0, the Authentication

CVE-2026-54448 - Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive (.tgz), its cust

CVE-2026-54040 - LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the

CVE-2026-54037 - LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the

CVE-2026-54033 - LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, Libr

CVE-2026-54030 - LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.5, LibreCha

CVE-2026-54029 - LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the

CVE-2026-54027 - LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the

CVE-2026-54025 - LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, ther

CVE-2026-54024 - LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the

CVE-2026-45233 - HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authentic

CVE-2026-13351 - Zephyr's IPv6 network stack can be prevented from receiving or processing future incoming packets by

CVE-2026-13350 - Permissions where checked incorrectly during room creation, allowing attackers to create rooms of ty

CVE-2026-9718 - CWE-617 Reachable Assertion vulnerability exists that could allow an authenticated attacker to trigg

CVE-2026-9717 - CWE-78 Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerabili

CVE-2026-9716 - CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition

CVE-2026-9651 - CWE-732 Incorrect Permission Assignment for Critical Resource vulnerability that could cause unautho

CVE-2026-9650 - CWE-522 Insufficiently Protected Credentials vulnerability that could cause unauthorized access and

CVE-2026-57456 - Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion (ru

CVE-2026-57455 - Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spell_

CVE-2026-57454 - Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swa

CVE-2026-57453 - Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip

CVE-2026-57452 - Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted

CVE-2026-57451 - Vim is an open source, command line text editor. Prior to 9.2.0670, get_text_props() in src/textprop

CVE-2026-57438 - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4,

CVE-2026-55895 - Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulne

CVE-2026-55892 - Vim is an open source, command line text editor. Prior to 9.2.0662, the dump_prefixes() function in

CVE-2026-55693 - Vim is an open source, command line text editor. Prior to 9.2.0653, the tree_count_words() function

CVE-2026-55477 - 3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated admini

CVE-2026-54036 - LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the

CVE-2026-4522 - Missing authentication for critical function vulnerability in HYPR Passwordless on Windows allows Cr

CVE-2026-48946 - The K2 frontend article-attachment upload path accepts files whose extension is `.php`, and Apache's

CVE-2026-48945 - The K2 article gallery upload path accepts a zip/tar archive, extracts it under `/media/k2/galleries

CVE-2026-48944 - The K2 frontend article-save handler accepts an `attachment[N][existing]` POST field that is concate

CVE-2026-48943 - K2 ≤ 2.24 contains a mass-assignment defect in the K2 system user plugin `plg_user_k2`. A Registered

CVE-2026-48942 - K2 ≤ 2.26 renders the `#__k2_users.image` column directly into HTML `src` attributes via two distinc

CVE-2026-48941 - The K2 frontend `item.checkin` task accepts an unauthenticated `sigProFolder` query parameter and us

CVE-2026-48940 - A Joomla user with K2 "create item" rights (Author tier by default) can submit an article whose `emb

CVE-2026-12844 - List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise functi

CVE-2026-6432 - Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dyna

CVE-2026-57588 - A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file tha

CVE-2026-57587 - A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls rever

CVE-2026-57536 - Our payment integration with Mollie did not properly validate payment status responses. An attacker

CVE-2026-57535 - Content injected to PDF rendering contexts could, in many places, include HTML content including <im

CVE-2026-57534 - Malicious HTML content could be injected into the content of a page in the pretix-pages plugin.

CVE-2026-57533 - Malicious HTML content could be injected into the page pretix shows when redirection to an untruste

CVE-2026-57532 - Malicious HTML content contained in the layout specification of a PDF ticket or badge layout was ex

CVE-2026-57437 - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4,

CVE-2026-57436 - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4,

CVE-2026-57435 - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4,

CVE-2026-57434 - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4,

CVE-2026-57236 - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4,

CVE-2026-57235 - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4,

CVE-2026-57234 - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4,

CVE-2026-49319 - Remote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured b

CVE-2026-46735 - Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Neutraliz

CVE-2026-13314 - Malicious HTML content could be injected into the content rendered by the pretix-digital plugin.

CVE-2026-13225 - Malicious HTML content could be injected into the email address of an order, which pretix showed wi

CVE-2026-13223 - Our payment integration with Computop-based payment methods did not properly validate payment statu

CVE-2026-13222 - Our payment integration with Oppwa-based payment methods did not properly validate payment status r

CVE-2026-57619 - Contributor Sensitive Data Exposure in Elementor Website Builder <= 4.1.3 versions.

CVE-2026-57429 - Contributor Broken Access Control in Slim SEO <= 4.6.2 versions.

CVE-2026-56122 - Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthent

CVE-2026-56071 - Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 versions.

CVE-2026-56054 - Subscriber Arbitrary File Deletion in JS Help Desk <= 3.1.1 versions.

CVE-2026-56053 - Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions.

CVE-2026-56051 - Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions.

CVE-2026-56050 - Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectl

CVE-2026-56049 - Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions.

CVE-2026-56042 - Customer Cross Site Scripting (XSS) in Advanced Order Export For WooCommerce <= 4.0.9 versions.

CVE-2026-56023 - Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce <= 1.6.2 versions.

CVE-2026-56014 - Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions.

CVE-2026-56013 - Unauthenticated Insecure Direct Object References (IDOR) in License Manager for WooCommerce <= 3.0.1

CVE-2026-56006 - Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 versions.

CVE-2026-56005 - Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions.

CVE-2026-54849 - Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions.

CVE-2026-54848 - Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for

CVE-2026-54845 - Unauthenticated Local File Inclusion in MDTF <= 1.3.8 versions.

CVE-2026-54844 - Unauthenticated Broken Access Control in CheckView Automated Testing <= 2.1.0 versions.

CVE-2026-54843 - Unauthenticated SQL Injection in MDTF <= 1.3.7 versions.

CVE-2026-54842 - Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configu

CVE-2026-54841 - Unauthenticated Sensitive Data Exposure in Vitepos <= 3.4.2 versions.

CVE-2026-54838 - Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions.

CVE-2026-54836 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-54830 - Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions.

CVE-2026-54829 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-54828 - Unauthenticated Broken Access Control in Motors <= 1.4.109 versions.

CVE-2026-54823 - Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions.

CVE-2026-54822 - Subscriber SQL Injection in SALESmanago & Leadoo <= 3.11.2 versions.

CVE-2026-54821 - Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions.

CVE-2026-52690 - Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, cau

CVE-2026-4526 - In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in fr

CVE-2026-49506 - Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathn

CVE-2026-47154 - In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds re

CVE-2026-47153 - In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process th

CVE-2026-47152 - In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process th

CVE-2026-47151 - In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds w

CVE-2026-47150 - In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds

CVE-2026-47149 - In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger ou

CVE-2026-47148 - In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads pa

CVE-2026-47147 - In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-

CVE-2026-47146 - In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate

CVE-2026-47145 - In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate

CVE-2026-46734 - Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Certifica

CVE-2026-46733 - Dell Display and Peripheral Manager (DDPM Windows), versions prior to 2.3, contain an Improper Acces

CVE-2026-46732 - Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain a Concurrent Executio

CVE-2026-42390 - An invalid zone might pass ZONEMD validation while it should not. This is only relevant if ZoneToCac

CVE-2026-42389 - This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers

CVE-2026-42388 - Incomplete validation of the SOA record present in a catalog zone might lead to a crash.

CVE-2026-42387 - A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to

CVE-2026-41120 - Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untru

CVE-2026-40012 - ECS zero scoped answers are stored in the packet cache while they should not. This impacts only conf

CVE-2026-2815 - Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys

CVE-2026-27366 - Unauthenticated Broken Access Control in MainWP Child <= 6.1.1 versions.

CVE-2026-12755 - Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 throug

CVE-2026-42004 - An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, bu

CVE-2026-40211 - An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buf

CVE-2026-40210 - An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitial

CVE-2026-40209 - An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout o

CVE-2026-40208 - An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with a

CVE-2026-40011 - An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block b

CVE-2026-33612 - A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to

CVE-2026-42005 - An attacker can send a web request that causes unlimited memory allocation in the internal web serv

CVE-2026-56130 - "Remember me" cookie age is not verified on the server. This potentially allows an attacker to inter

CVE-2026-56091 - When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HT

CVE-2026-54226 - A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.6.0 through 2.15.0. U

CVE-2026-53277 - In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Take the SRCU lock

CVE-2026-53276 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix a use-after

CVE-2026-53275 - In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: Fix use-after-free

CVE-2026-53274 - In the Linux kernel, the following vulnerability has been resolved: net/smc: fix sleep-inside-lock

CVE-2026-53273 - In the Linux kernel, the following vulnerability has been resolved: tee: optee: prevent use-after-f

CVE-2026-53272 - In the Linux kernel, the following vulnerability has been resolved: erofs: fix use-after-free on sb

CVE-2026-53271 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix NULL-deref of opinfo

CVE-2026-53270 - In the Linux kernel, the following vulnerability has been resolved: ipvs: clear the svc scheduler p

CVE-2026-53269 - In the Linux kernel, the following vulnerability has been resolved: netfilter: synproxy: add mutex

CVE-2026-53268 - In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack_irc: fix p

CVE-2026-53267 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: bail out on

CVE-2026-53266 - In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: make ebt_sna

CVE-2026-53265 - In the Linux kernel, the following vulnerability has been resolved: dm cache policy smq: check allo

CVE-2026-53264 - In the Linux kernel, the following vulnerability has been resolved: net/sched: act_api: use RCU wit

CVE-2026-53263 - In the Linux kernel, the following vulnerability has been resolved: 6lowpan: fix off-by-one in mult

CVE-2026-53262 - In the Linux kernel, the following vulnerability has been resolved: l2tp: pppol2tp: hold reference

CVE-2026-53261 - In the Linux kernel, the following vulnerability has been resolved: devlink: Release nested relatio

CVE-2026-53260 - In the Linux kernel, the following vulnerability has been resolved: tcp: Add preempt_{disable,enabl

CVE-2026-53259 - In the Linux kernel, the following vulnerability has been resolved: ipv6: anycast: insert aca into

CVE-2026-53258 - In the Linux kernel, the following vulnerability has been resolved: wifi: fix leak if split 6 GHz s

CVE-2026-53257 - In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: enforce HE/EHT

CVE-2026-53256 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: hold listene

CVE-2026-53255 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate adver

CVE-2026-53254 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: validate skb

CVE-2026-53253 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: reject short f

CVE-2026-53252 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix memory leak in e

CVE-2026-53251 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not releasi

CVE-2026-53250 - In the Linux kernel, the following vulnerability has been resolved: xsk: cache csum_start/csum_offs

CVE-2026-53249 - In the Linux kernel, the following vulnerability has been resolved: ipv4: restrict IPOPT_SSRR and I

CVE-2026-53248 - In the Linux kernel, the following vulnerability has been resolved: net: airoha: Fix use-after-free

CVE-2026-53247 - In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: Fix

CVE-2026-53246 - In the Linux kernel, the following vulnerability has been resolved: sctp: validate cached peer INIT

CVE-2026-53245 - In the Linux kernel, the following vulnerability has been resolved: net/802/mrp: fix vector attribu

CVE-2026-53244 - In the Linux kernel, the following vulnerability has been resolved: VFS: fix possible failure to un

CVE-2026-53243 - In the Linux kernel, the following vulnerability has been resolved: rseq: Fix using an uninitialize

CVE-2026-53242 - In the Linux kernel, the following vulnerability has been resolved: ALSA: PCM: Fix wait queue list

CVE-2026-53241 - In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: dummy: fix UMP event

CVE-2026-53240 - In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix use-after-free

CVE-2026-53239 - In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix use-after-fre

CVE-2026-53238 - In the Linux kernel, the following vulnerability has been resolved: netlabel: validate unlabeled ad

CVE-2026-53237 - In the Linux kernel, the following vulnerability has been resolved: gpio: mvebu: fix NULL pointer d

CVE-2026-53236 - In the Linux kernel, the following vulnerability has been resolved: tcp: restrict SO_ATTACH_FILTER

CVE-2026-53235 - In the Linux kernel, the following vulnerability has been resolved: net: add pskb_may_pull() to skb

CVE-2026-53234 - In the Linux kernel, the following vulnerability has been resolved: net: ibm: emac: Fix use-after-f

CVE-2026-53233 - In the Linux kernel, the following vulnerability has been resolved: netdev: fix double-free in netd

CVE-2026-53232 - In the Linux kernel, the following vulnerability has been resolved: net: phy: clean the sfp upstrea

CVE-2026-53231 - In the Linux kernel, the following vulnerability has been resolved: net: phy: don't try to setup PH

CVE-2026-53230 - In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix slab-out-of-bound

CVE-2026-53229 - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fix DMA and xdp

CVE-2026-53228 - In the Linux kernel, the following vulnerability has been resolved: ipv6: sit: reload inner IPv6 he

CVE-2026-53227 - In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix possible