CVE-2026-0106 - In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a missing bounds check.

CVE-2025-12131 - A truncated 802.15.4 packet can lead to an assert, resulting in a denial of service.

CVE-2026-25630 - Rejected reason: Reason: This candidate was issued in error.

CVE-2026-1301 - In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond

CVE-2025-15343 - Tanium addressed an incorrect default permissions vulnerability in Enforce.

CVE-2025-15342 - Tanium addressed an improper access controls vulnerability in Reputation.

CVE-2025-15341 - Tanium addressed an incorrect default permissions vulnerability in Benchmark.

CVE-2025-15340 - Tanium addressed an incorrect default permissions vulnerability in Comply.

CVE-2025-15339 - Tanium addressed an incorrect default permissions vulnerability in Discover.

CVE-2025-15338 - Tanium addressed an incorrect default permissions vulnerability in Partner Integration.

CVE-2025-15337 - Tanium addressed an incorrect default permissions vulnerability in Patch.

CVE-2025-15336 - Tanium addressed an incorrect default permissions vulnerability in Performance.

CVE-2025-15335 - Tanium addressed an information disclosure vulnerability in Threat Response.

CVE-2025-15334 - Tanium addressed an information disclosure vulnerability in Threat Response.

CVE-2025-15333 - Tanium addressed an information disclosure vulnerability in Threat Response.

CVE-2025-15332 - Tanium addressed an information disclosure vulnerability in Threat Response.

CVE-2025-15331 - Tanium addressed an uncontrolled resource consumption vulnerability in Connect.

CVE-2025-15330 - Tanium addressed an improper input validation vulnerability in Deploy.

CVE-2025-15329 - Tanium addressed an information disclosure vulnerability in Threat Response.

CVE-2025-15328 - Tanium addressed an improper link resolution before file access vulnerability in Enforce.

CVE-2025-15327 - Tanium addressed an improper access controls vulnerability in Deploy.

CVE-2025-15326 - Tanium addressed an improper access controls vulnerability in Patch.

CVE-2025-15325 - Tanium addressed an improper input validation vulnerability in Discover.

CVE-2025-15324 - Tanium addressed a documentation issue in Engage.

CVE-2025-15323 - Tanium addressed an improper certificate validation vulnerability in Tanium Appliance.

CVE-2025-15321 - Tanium addressed an improper input validation vulnerability in Tanium Appliance.

CVE-2025-15312 - Tanium addressed an improper output sanitization vulnerability in Tanium Appliance.

CVE-2025-15311 - Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance.

CVE-2025-15289 - Tanium addressed an improper access controls vulnerability in Interact.

CVE-2026-1707 - pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability

CVE-2025-70073 - An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via th

CVE-2025-68121 - During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs field

CVE-2025-58190 - The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certai

CVE-2025-47911 - The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing ce

CVE-2025-15557 - An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an

CVE-2025-15551 - The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any r

CVE-2026-0715 - Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloa

CVE-2026-0714 - A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS fu

CVE-2025-70792 - Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An

CVE-2025-70791 - Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An

CVE-2025-69906 - Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The

CVE-2025-69619 - A path traversal in My Text Editor v1.6.2 allows attackers to cause a Denial of Service (DoS) via wr

CVE-2025-68723 - Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting (XSS) vulnerabilitie

CVE-2025-68643 - Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting (XSS) in the handling of the ti

CVE-2020-37152 - PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the 'panel_content' PO

CVE-2020-37150 - Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /wizard_reboot.asp pag

CVE-2020-37149 - Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery (CSRF) that can lead to c

CVE-2020-37148 - P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnera

CVE-2020-37145 - HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauth

CVE-2020-37144 - Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that allows attackers to c

CVE-2020-37143 - ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that allows attackers to c

CVE-2020-37142 - 10-Strike Network Inventory Explorer 8.54 contains a structured exception handler buffer overflow vu

CVE-2020-37140 - Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allo

CVE-2020-37139 - Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnerability that allows attackers

CVE-2020-37138 - 10-Strike Network Inventory Explorer 9.03 contains a buffer overflow vulnerability in the file impor

CVE-2020-37137 - PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'add_panel_form()' function

CVE-2020-37136 - ZOC Terminal 7.25.5 contains a denial of service vulnerability in the private key file input field t

CVE-2020-37134 - UltraVNC Viewer 1.2.4.0 contains a denial of service vulnerability that allows attackers to crash th

CVE-2020-37133 - UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configurat

CVE-2020-37132 - UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration p

CVE-2020-37131 - Nsauditor Product Key Explorer 4.2.2.0 contains a denial of service vulnerability that allows local

CVE-2020-37130 - Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field th

CVE-2020-37129 - Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged use

CVE-2020-37128 - ZOC Terminal 7.25.5 contains a script processing vulnerability that allows local attackers to crash

CVE-2020-37127 - Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcp_release utility that allow

CVE-2020-37126 - Free Desktop Clock 3.0 contains a stack overflow vulnerability in the Time Zones display name input

CVE-2020-37125 - Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code execution vulnerability that allows unauthenti

CVE-2020-37124 - B64dec 1.1.2 contains a buffer overflow vulnerability that allows attackers to execute arbitrary cod

CVE-2020-37123 - Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell comm

CVE-2020-37121 - CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitra

CVE-2020-37120 - Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability in the DICOM server name input field

CVE-2020-37119 - Nsauditor 3.0.28 and 3.2.1.0 contains a buffer overflow vulnerability in the DNS Lookup tool that al

CVE-2020-37118 - P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attac

CVE-2020-37117 - jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allo

CVE-2025-68722 - Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery (C

CVE-2025-68721 - Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin

CVE-2020-37151 - phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmc_u

CVE-2026-1927 - The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to unauthorize

CVE-2026-1523 - Path Traversal vulnerability in Digitek ADT1100 and Digitek DT950 from PRIMION DIGITEK, S.L.U (Azkoy

CVE-2025-14150 - IBM webMethods Integration (on prem) - Integration Server 10.15 through IS_10.15_Core_Fix2411.1 to I

CVE-2025-13491 - IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and

CVE-2025-13379 - IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send

CVE-2026-23797 - In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can disp

CVE-2026-23796 - Quick.Cart allows a user's session identifier to be set before authentication. The value of this ses

CVE-2026-23572 - Improper access control in the TeamViewer Full and Host clients (Windows, macOS, Linux) prior versio

CVE-2026-1966 - YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web U

CVE-2026-1517 - A vulnerability was identified in iomad up to 5.0. Affected is an unknown function of the component

CVE-2026-1654 - The Peter's Date Countdown plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via

CVE-2026-1294 - The All In One Image Viewer Block plugin for WordPress is vulnerable to Server-Side Request Forgery

CVE-2026-1271 - The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecu

CVE-2025-14079 - The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Missin

CVE-2026-1319 - The Robin Image Optimizer – Unlimited Image Optimization & WebP Converter plugin for WordPress is vu

CVE-2025-13416 - The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauth

CVE-2026-25198 - web2py versions 2.27.1-stable+timestamp.2023.11.16.08.03.57 and prior contain an open redirect vulne

CVE-2025-10258 - Infinera DNA is vulnerable to a time-based SQL injection vulnerability due to insufficient input val

CVE-2026-1953 - Nukegraphic CMS v3.1.2 contains a stored cross-site scripting (XSS) vulnerability in the user profil

CVE-2026-1268 - The Dynamic Widget Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-1246 - The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path tr

CVE-2026-0867 - The Essential Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug

CVE-2025-15080 - Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric MELSEC iQ-R

CVE-2025-61732 - A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resu

CVE-2025-10314 - Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Win

CVE-2025-11730 - A post‑authentication command injection vulnerability in the Dynamic DNS (DDNS) configuration CLI co

CVE-2026-1898 - A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file package

CVE-2026-1897 - A vulnerability was found in WeKan up to 8.20. Affected by this issue is some unknown functionality

CVE-2026-1896 - A vulnerability has been found in WeKan up to 8.20. Affected by this vulnerability is the function C

CVE-2025-13192 - The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Trigge

CVE-2019-25288 - Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnerability that allows local attac

CVE-2019-25287 - Adaware Web Companion version 4.8.2078.3950 contains an unquoted service path vulnerability in the W

CVE-2019-25286 - GCafé 3.0 contains an unquoted service path vulnerability in the gbClientService that allows local a

CVE-2019-25285 - Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in th

CVE-2019-25283 - Shrew Soft VPN Client 2.2.2 contains an unquoted service path vulnerability that allows local users

CVE-2019-25281 - NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows serv

CVE-2019-25276 - Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTa

CVE-2019-25275 - BartVPN 1.2.2 contains an unquoted service path vulnerability in the BartVPNService that allows loca

CVE-2019-25274 - ProShow Producer 9.0.3797 contains an unquoted service path vulnerability in the ScsiAccess service

CVE-2019-25273 - Easy-Hide-IP 5.0.0.3 contains an unquoted service path vulnerability in the EasyRedirect service tha

CVE-2019-25272 - TexasSoft CyberPlanet 6.4.131 contains an unquoted service path vulnerability in the CCSrvProxy serv

CVE-2019-25271 - NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Wind

CVE-2019-25269 - Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service conf

CVE-2019-25267 - Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to

CVE-2026-25585 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-22038 - AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intellig

CVE-2026-1895 - A flaw has been found in WeKan up to 8.20. Affected is the function applyWipLimit of the file models

CVE-2026-1894 - A vulnerability was detected in WeKan up to 8.20. This impacts an unknown function of the file model

CVE-2025-62616 - AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intellig

CVE-2025-62615 - AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intellig

CVE-2025-22873 - It was possible to improperly access the parent directory of an os.Root by opening a filename ending

CVE-2026-25584 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-25583 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-25582 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and appli

CVE-2026-25579 - Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0,

CVE-2026-25578 - Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0,

CVE-2026-25575 - NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f3

CVE-2026-25547 - @isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0

CVE-2026-25546 - Godot MCP is a Model Context Protocol (MCP) server for interacting with the Godot game engine. Prior

CVE-2026-25543 - HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can l

CVE-2026-25541 - Bytes is a utility library for working with bytes. From version 1.2.1 to before 1.11.1, Bytes is vul

CVE-2026-25540 - Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19

CVE-2026-25539 - SiYuan is a personal knowledge management system. Prior to version 3.5.5, the /api/file/copyFile end

CVE-2026-25538 - Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vu

CVE-2026-25537 - jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability

CVE-2026-25536 - MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. Fr

CVE-2026-25526 - JinJava is a Java-based template engine based on django template syntax, adapted to render jinja tem

CVE-2026-25523 - Magento-lts is a long-term support alternative to Magento Community Edition (CE). Prior to version 2

CVE-2026-25521 - Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. In ver

CVE-2026-25518 - cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and

CVE-2026-1892 - A security vulnerability has been detected in WeKan up to 8.20. This affects the function setBoardOr

CVE-2026-1884 - A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fe

CVE-2024-51451 - IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection, caused by improper validatio

CVE-2024-43181 - IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authen

CVE-2024-40685 - IBM Operations Analytics – Log Analysis versions 1.3.5.0 through 1.3.8.3 and IBM SmartCloud Analytic

CVE-2026-25519 - OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda,

CVE-2026-25517 - Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4,

CVE-2026-25512 - Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions

CVE-2026-25511 - Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions

CVE-2026-25499 - Terraform / OpenTofu Provider adds support for Proxmox Virtual Environment. Prior to version 0.93.1,

CVE-2026-1554 - XML Injection (aka Blind XPath Injection) vulnerability in Drupal Central Authentication System (CAS

CVE-2026-1553 - Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue af

CVE-2026-0948 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Microsoft Entra ID

CVE-2026-0947 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-0946 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-0945 - Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escal

CVE-2026-0944 - Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Group invite allows For

CVE-2025-2134 - IBM Jazz Reporting Service could allow an authenticated user on the network to affect the system's p

CVE-2025-27550 - IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain sensitive

CVE-2025-1823 - IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial o

CVE-2025-15555 - A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the fu

CVE-2025-13375 - IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 could allow an unauthenticated user to

CVE-2024-39724 - IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 (on CP4D 4.8), 7.7 (on CP4D 5.0), and 7.8 (on CP4

CVE-2023-38281 - IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. A

CVE-2023-38017 - IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed

CVE-2023-38010 - IBM Cloud Pak System displays sensitive information in user messages that could aid in further attac

CVE-2026-25514 - FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version

CVE-2026-25513 - FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version

CVE-2026-25505 - Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to ve

CVE-2026-25481 - Langroid is a framework for building large-language-model-powered applications. Prior to version 0.5

CVE-2026-25475 - OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia() function in src/

CVE-2026-25161 - Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to v

CVE-2026-25160 - Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to v

CVE-2026-25157 - OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vu

CVE-2026-25145 - melange allows users to build apk packages using declarative pipelines. From version 0.14.0 to befor

CVE-2026-25143 - melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to befor

CVE-2026-24884 - Compressing is a compressing and uncompressing lib for node. In version 2.0.0 and 1.10.3 and prior,

CVE-2026-24844 - melange allows users to build apk packages using declarative pipelines. From version 0.3.0 to before

CVE-2026-24843 - melange allows users to build apk packages using declarative pipelines. In version 0.11.3 to before

CVE-2026-23897 - Apollo Server is an open-source, spec-compliant GraphQL server that's compatible with any GraphQL cl

CVE-2025-71031 - Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service. The HTTP component do

CVE-2025-68699 - NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has

CVE-2026-25140 - apko allows users to build and publish OCI container images built from apk packages. From version 0.

CVE-2026-25122 - apko allows users to build and publish OCI container images built from apk packages. From version 0.

CVE-2026-25121 - apko allows users to build and publish OCI container images built from apk packages. From version 0.

CVE-2026-0536 - A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer

CVE-2026-25532 - ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5

CVE-2026-25508 - ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5

CVE-2026-25507 - ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5

CVE-2026-25139 - RIOT is an open-source microcontroller operating system, designed to match the requirements of Inter

CVE-2026-23624 - GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10

CVE-2026-22247 - GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLP

CVE-2026-22044 - GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an aut

CVE-2026-21893 - n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a comman

CVE-2025-69215 - OpenSTAManager is an open source management software for technical assistance and invoicing. In vers

CVE-2025-69213 - OpenSTAManager is an open source management software for technical assistance and invoicing. In vers

CVE-2025-64712 - The unstructured library provides open-source components for ingesting and pre-processing images and

CVE-2026-25115 - n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the P

CVE-2026-25056 - n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerabi

CVE-2026-25055 - n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workf

CVE-2026-25054 - n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Sit

CVE-2026-25053 - n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabil

CVE-2026-25052 - n8n is an open source workflow automation platform. Prior to versions 1.123.18 and 2.5.0, a vulnerab

CVE-2026-25051 - n8n is an open source workflow automation platform. Prior to version 1.123.2, a Cross-Site Scripting

CVE-2026-25049 - n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authent

CVE-2026-23110 - In the Linux kernel, the following vulnerability has been resolved: scsi: core: Wake up the error h

CVE-2026-23109 - In the Linux kernel, the following vulnerability has been resolved: fs/writeback: skip AS_NO_DATA_I

CVE-2026-23108 - In the Linux kernel, the following vulnerability has been resolved: can: usb_8dev: usb_8dev_read_bu

CVE-2026-23107 - In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Allocate

CVE-2026-23106 - In the Linux kernel, the following vulnerability has been resolved: timekeeping: Adjust the leap st

CVE-2026-23105 - In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use cl_is_activ

CVE-2026-23104 - In the Linux kernel, the following vulnerability has been resolved: ice: fix devlink reload call tr

CVE-2026-23103 - In the Linux kernel, the following vulnerability has been resolved: ipvlan: Make the addrs_lock be

CVE-2026-23102 - In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Fix resto

CVE-2026-23101 - In the Linux kernel, the following vulnerability has been resolved: leds: led-class: Only Add LED t

CVE-2026-23100 - In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix hugetlb_pmd_sha

CVE-2026-23099 - In the Linux kernel, the following vulnerability has been resolved: bonding: limit BOND_MODE_8023AD

CVE-2026-23098 - In the Linux kernel, the following vulnerability has been resolved: netrom: fix double-free in nr_r

CVE-2026-23097 - In the Linux kernel, the following vulnerability has been resolved: migrate: correct lock ordering

CVE-2026-23096 - In the Linux kernel, the following vulnerability has been resolved: uacce: fix cdev handling in the

CVE-2026-23095 - In the Linux kernel, the following vulnerability has been resolved: gue: Fix skb memleak with inner

CVE-2026-23094 - In the Linux kernel, the following vulnerability has been resolved: uacce: fix isolate sysfs check

CVE-2026-23093 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbd: fix dma_unmap_sg()

CVE-2026-23092 - In the Linux kernel, the following vulnerability has been resolved: iio: dac: ad3552r-hs: fix out-o

CVE-2026-23091 - In the Linux kernel, the following vulnerability has been resolved: intel_th: fix device leak on ou

CVE-2026-23090 - In the Linux kernel, the following vulnerability has been resolved: slimbus: core: fix device refer

CVE-2026-23089 - In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix use-after-

CVE-2026-23088 - In the Linux kernel, the following vulnerability has been resolved: tracing: Fix crash on synthetic

CVE-2026-23087 - In the Linux kernel, the following vulnerability has been resolved: scsi: xen: scsiback: Fix potent

CVE-2026-23086 - In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: cap TX credit to

CVE-2026-23085 - In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Avoid trunc

CVE-2026-23084 - In the Linux kernel, the following vulnerability has been resolved: be2net: Fix NULL pointer derefe

CVE-2026-23083 - In the Linux kernel, the following vulnerability has been resolved: fou: Don't allow 0 for FOU_ATTR

CVE-2026-23082 - In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bul

CVE-2026-23081 - In the Linux kernel, the following vulnerability has been resolved: net: phy: intel-xway: fix OF no

CVE-2026-23080 - In the Linux kernel, the following vulnerability has been resolved: can: mcba_usb: mcba_usb_read_bu

CVE-2026-23079 - In the Linux kernel, the following vulnerability has been resolved: gpio: cdev: Fix resource leaks

CVE-2026-23078 - In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Fix buffer ove

CVE-2026-23077 - In the Linux kernel, the following vulnerability has been resolved: mm/vma: fix anon_vma UAF on mre

CVE-2026-23076 - In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Fix potential OOB

CVE-2026-23075 - In the Linux kernel, the following vulnerability has been resolved: can: esd_usb: esd_usb_read_bulk

CVE-2026-23074 - In the Linux kernel, the following vulnerability has been resolved: net/sched: Enforce that teql ca

CVE-2026-23073 - In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: Fix memory corruptio