Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11702
Total
781
Critical
3315
High
3732
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-31712 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: require minimum ACE size in smb_check_perm_dacl() Both ACE-walk loops in smb_check_perm_dacl() only guard against … | May 01, 2026 |
| CVE-2026-31711 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: smb: server: fix active_num_conn leak on transport allocation failure Commit 77ffbcac4e56 ("smb: server: fix leak … | May 01, 2026 |
| CVE-2026-31710 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix dir separator in SMB1 UNIX mounts When calling cifs_mount_get_tcon() with SMB1 UNIX … | May 01, 2026 |
| CVE-2026-31709 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: smb: client: validate the whole DACL before rewriting it in cifsacl build_sec_desc() and id_mode_to_cifs_acl() derive … | May 01, 2026 |
| CVE-2026-31708 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path smb2_ioctl_query_info() has two response-copy branches: PASSTHRU_FSCTL … | May 01, 2026 |
| CVE-2026-31707 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate response sizes in ipc_validate_msg() ipc_validate_msg() computes the expected message size for each response … | May 01, 2026 |
| CVE-2026-31706 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl() smb_inherit_dacl() trusts the on-disk num_aces value … | May 01, 2026 |
| CVE-2026-31705 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment smb2_get_ea() applies 4-byte alignment padding via memset() … | May 01, 2026 |
| CVE-2026-31704 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: use check_add_overflow() to prevent u16 DACL size overflow set_posix_acl_entries_dacl() and set_ntacl_dacl() accumulate ACE sizes … | May 01, 2026 |
| CVE-2026-31703 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: writeback: Fix use after free in inode_switch_wbs_work_fn() inode_switch_wbs_work_fn() has a loop like: wb_get(new_wb); while (1) … | May 01, 2026 |
| CVE-2026-31702 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io() In f2fs_compress_write_end_io(), dec_page_count(sbi, type) can bring the F2FS_WB_CP_DATA … | May 01, 2026 |
| CVE-2026-31701 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: take a reference on the USB device in create_card() The caiaq driver stores … | May 01, 2026 |
| CVE-2026-31700 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd() In tpacket_snd(), when PACKET_VNET_HDR is enabled, … | May 01, 2026 |
| CVE-2026-31699 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed When retrieving … | May 01, 2026 |
| CVE-2026-31698 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed When … | May 01, 2026 |
| CVE-2026-31697 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed When retrieving … | May 01, 2026 |
| CVE-2026-31696 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix missing validation of ticket length in non-XDR key preparsing In rxrpc_preparse(), there are … | May 01, 2026 |
| CVE-2026-31695 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: wifi: virt_wifi: remove SET_NETDEV_DEV to avoid use-after-free Currently we execute `SET_NETDEV_DEV(dev, &priv->lowerdev->dev)` for the virt_wifi … | May 01, 2026 |
| CVE-2026-31694 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache fuse_add_dirent_to_cache() computes a serialized dirent size from the … | May 01, 2026 |
| CVE-2026-7581 | MEDIUM | 4.3 | A security vulnerability has been detected in alexta69 MeTube up to 2026.04.09. This affects the function on_prepare of the file app/main.py of the component CORS … | May 01, 2026 |
| CVE-2026-7580 | MEDIUM | 5.3 | A vulnerability was detected in Exiftool up to 13.53. Impacted is the function Process_mrld of the file lib/Image/ExifTool/GM.pm of the component JPEG/QuickTime/MOV/MP4. The manipulation of … | May 01, 2026 |
| CVE-2026-7579 | HIGH | 7.3 | A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component … | May 01, 2026 |
| CVE-2026-3772 | HIGH | 8.8 | The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing … | May 01, 2026 |
| CVE-2026-3140 | MEDIUM | 4.3 | The Ultimate Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.14. This is due to a … | May 01, 2026 |
| CVE-2026-7578 | MEDIUM | 4.7 | A weakness has been identified in MacCMS Pro up to 2022.1.3. This vulnerability affects the function install of the file /admi.php/admin/addon/add.html of the component Plugin … | May 01, 2026 |