Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11037
Total
752
Critical
3191
High
3530
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-31970 | MEDIUM | 5.3 | HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could … | May 06, 2026 |
| CVE-2026-6860 | UNKNOWN | — | A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard … | May 06, 2026 |
| CVE-2026-43975 | MEDIUM | 6.5 | FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write … | May 06, 2026 |
| CVE-2026-43646 | HIGH | 7.5 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, … | May 06, 2026 |
| CVE-2026-43120 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix double free related to rereg_user_mr If IB_MR_REREG_TRANS is set during rereg_user_mr, the umem … | May 06, 2026 |
| CVE-2026-43119 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: annotate data-races around hdev->req_status __hci_cmd_sync_sk() sets hdev->req_status under hdev->req_lock: hdev->req_status = HCI_REQ_PEND; However, … | May 06, 2026 |
| CVE-2026-43118 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix zero size inode with non-zero size after log replay When logging that an … | May 06, 2026 |
| CVE-2026-43117 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() If overlay is used on … | May 06, 2026 |
| CVE-2026-43116 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ensure safe access to master conntrack Holding reference on the expectation is not … | May 06, 2026 |
| CVE-2026-43115 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: srcu: Use irq_work to start GP in tiny SRCU Tiny SRCU's srcu_gp_start_if_needed() directly calls schedule_work(), … | May 06, 2026 |
| CVE-2026-43114 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry New test case fails unexpectedly when avx2 … | May 06, 2026 |
| CVE-2026-43113 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: validate packet IDs before indexing tx_frames wl1251_tx_packet_cb() uses the firmware completion ID directly … | May 06, 2026 |
| CVE-2026-43112 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath When cifs_sanitize_prepath is called with an empty string or … | May 06, 2026 |
| CVE-2026-43111 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: HID: roccat: fix use-after-free in roccat_report_event roccat_report_event() iterates over the device->readers list without holding the … | May 06, 2026 |
| CVE-2026-43110 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: validate bsscfg indices in IF events brcmf_fweh_handle_if_event() validates the firmware-provided interface index before … | May 06, 2026 |
| CVE-2026-43109 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: x86: shadow stacks: proper error handling for mmap lock 김영민 reports that shstk_pop_sigframe() doesn't check … | May 06, 2026 |
| CVE-2026-43108 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pd-mapper: Fix element length in servreg_loc_pfr_req_ei It looks element length declared in servreg_loc_pfr_req_ei … | May 06, 2026 |
| CVE-2026-43107 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: xfrm: account XFRMA_IF_ID in aevent size calculation xfrm_get_ae() allocates the reply skb with xfrm_aevent_msgsize(), then … | May 06, 2026 |
| CVE-2026-43106 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix incorrect dentry refcount in cachefiles_cull() The patch mentioned below changed cachefiles_bury_object() to expect … | May 06, 2026 |
| CVE-2026-43105 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix memory leak of BO array in hang state The hang state's BO array … | May 06, 2026 |
| CVE-2026-43104 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix a memory leak in hang state error path When vc4_save_hang_state() encounters an early … | May 06, 2026 |
| CVE-2026-43103 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net: lapbether: handle NETDEV_PRE_TYPE_CHANGE lapbeth_data_transmit() expects the underlying device type to be ARPHRD_ETHER. Returning NOTIFY_BAD … | May 06, 2026 |
| CVE-2026-43102 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net: airoha: Fix memory leak in airoha_qdma_rx_process() If an error occurs on the subsequents buffers … | May 06, 2026 |
| CVE-2026-43101 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data() We need to check __in6_dev_get() for possible … | May 06, 2026 |
| CVE-2026-43100 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: bridge: guard local VLAN-0 FDB helpers against NULL vlan group When CONFIG_BRIDGE_VLAN_FILTERING is not set, … | May 06, 2026 |