Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12600
Total
849
Critical
3629
High
3944
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-31549 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: i2c: cp2615: fix serial string NULL-deref at probe The cp2615 driver uses the USB device … | Apr 24, 2026 |
| CVE-2026-31548 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down When the nl80211 socket that originated a PMSR request … | Apr 24, 2026 |
| CVE-2026-31547 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing runtime PM reference in ccs_mode_store ccs_mode_store() calls xe_gt_reset() which internally invokes xe_pm_runtime_get_noresume(). … | Apr 24, 2026 |
| CVE-2026-31546 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL deref in bond_debug_rlb_hash_show rlb_clear_slave intentionally keeps RLB hash-table entries on the … | Apr 24, 2026 |
| CVE-2026-31545 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: NFC: nxp-nci: allow GPIOs to sleep Allow the firmware and enable GPIOs to sleep. This … | Apr 24, 2026 |
| CVE-2026-31544 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix NULL dereference on notify error path Since commit b5daf93b809d1 ("firmware: arm_scmi: Avoid … | Apr 24, 2026 |
| CVE-2026-31543 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: crash_dump: don't log dm-crypt key bytes in read_key_from_user_keying When debug logging is enabled, read_key_from_user_keying() logs … | Apr 24, 2026 |
| CVE-2026-31542 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: x86/platform/uv: Handle deconfigured sockets When a socket is deconfigured, it's mapped to SOCK_EMPTY (0xffff). This … | Apr 24, 2026 |
| CVE-2026-31541 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: tracing: Fix trace_marker copy link list updates When the "copy_trace_marker" option is enabled for an … | Apr 24, 2026 |
| CVE-2026-31540 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Check set_default_submission() before deferencing When the i915 driver firmware binaries are not present, the … | Apr 24, 2026 |
| CVE-2026-31539 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: smb: smbdirect: introduce smbdirect_socket.recv_io.credits.available The logic off managing recv credits by counting posted recv_io and … | Apr 24, 2026 |
| CVE-2026-31538 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirect_socket.recv_io.credits.available The logic off managing recv credits by counting posted … | Apr 24, 2026 |
| CVE-2026-31537 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirect_socket.send_io.bcredits It turns out that our code will corrupt the … | Apr 24, 2026 |
| CVE-2026-31536 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: smb: server: let send_done handle a completion without IB_SEND_SIGNALED With smbdirect_send_batch processing we likely have … | Apr 24, 2026 |
| CVE-2026-31535 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: smb: client: make use of smbdirect_socket.recv_io.credits.available The logic off managing recv credits by counting posted … | Apr 24, 2026 |
| CVE-2026-31534 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Apr 24, 2026 |
| CVE-2026-31052 | MEDIUM | 5.3 | An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Checkout Authentication Flow component | Apr 24, 2026 |
| CVE-2026-31051 | LOW | 3.8 | An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Client Balance component | Apr 24, 2026 |
| CVE-2026-31050 | MEDIUM | 4.9 | Cross Site Scripting vulnerability in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code | Apr 24, 2026 |
| CVE-2025-61872 | MEDIUM | 6.1 | Mahara before 25.04.2 and 24.04.11 are vulnerable to displaying results that can trigger XSS via a malicious search query string. This occurs in the 'search … | Apr 24, 2026 |
| CVE-2026-25660 | UNKNOWN | — | CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends … | Apr 24, 2026 |
| CVE-2026-5367 | HIGH | 8.6 | A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with … | Apr 24, 2026 |
| CVE-2026-5265 | MEDIUM | 6.5 | When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body … | Apr 24, 2026 |
| CVE-2026-40690 | MEDIUM | 4.3 | The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could … | Apr 24, 2026 |
| CVE-2026-38743 | MEDIUM | 4.3 | The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance records: a logged-in Airflow user with read access to … | Apr 24, 2026 |