Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12604
Total
849
Critical
3630
High
3947
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5377 | MEDIUM | 4.3 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that could have allowed an authenticated user to access titles … | Apr 22, 2026 |
| CVE-2026-5262 | HIGH | 8.0 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain … | Apr 22, 2026 |
| CVE-2026-4922 | HIGH | 8.1 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have … | Apr 22, 2026 |
| CVE-2026-3254 | LOW | 3.5 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user … | Apr 22, 2026 |
| CVE-2026-35382 | UNKNOWN | — | Rejected reason: Voluntarily withdrawn | Apr 22, 2026 |
| CVE-2026-35381 | LOW | 3.3 | A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s (only-delimited) flag when using the -z (null-terminated) and … | Apr 22, 2026 |
| CVE-2026-35380 | MEDIUM | 5.5 | A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret the literal two-byte string '' (two single quotes) as … | Apr 22, 2026 |
| CVE-2026-35379 | LOW | 3.3 | A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the [:graph:] and [:print:] character classes. The implementation mistakenly … | Apr 22, 2026 |
| CVE-2026-35378 | LOW | 3.3 | A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the … | Apr 22, 2026 |
| CVE-2026-35377 | LOW | 3.3 | A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S (split-string) option. In … | Apr 22, 2026 |
| CVE-2026-35376 | MEDIUM | 4.5 | A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the chcon utility of uutils coreutils during recursive operations. The implementation resolves recursive targets using a fresh … | Apr 22, 2026 |
| CVE-2026-35375 | LOW | 3.3 | A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The … | Apr 22, 2026 |
| CVE-2026-35374 | MEDIUM | 6.3 | A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the split utility of uutils coreutils. The program attempts to prevent data loss by checking for identity … | Apr 22, 2026 |
| CVE-2026-35373 | LOW | 3.3 | A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms … | Apr 22, 2026 |
| CVE-2026-35372 | MEDIUM | 5.0 | A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic link target even when the --no-dereference (or -n) … | Apr 22, 2026 |
| CVE-2026-35371 | LOW | 3.3 | The id utility in uutils coreutils exhibits incorrect behavior in its "pretty print" output when the real UID and effective UID differ. The implementation incorrectly … | Apr 22, 2026 |
| CVE-2026-35370 | MEDIUM | 4.4 | The id utility in uutils coreutils miscalculates the groups= section of its output. The implementation uses a user's real GID instead of their effective GID … | Apr 22, 2026 |
| CVE-2026-35369 | MEDIUM | 5.5 | An argument parsing error in the kill utility of uutils coreutils incorrectly interprets kill -1 as a request to send the default signal (SIGTERM) to … | Apr 22, 2026 |
| CVE-2026-35368 | HIGH | 7.8 | A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam() after entering … | Apr 22, 2026 |
| CVE-2026-35367 | LOW | 3.3 | The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, … | Apr 22, 2026 |
| CVE-2026-35366 | MEDIUM | 4.4 | The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the … | Apr 22, 2026 |
| CVE-2026-35365 | MEDIUM | 6.6 | The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands … | Apr 22, 2026 |
| CVE-2026-35364 | MEDIUM | 6.3 | A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the destination path before … | Apr 22, 2026 |
| CVE-2026-35363 | MEDIUM | 5.6 | A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly … | Apr 22, 2026 |
| CVE-2026-35362 | LOW | 3.6 | The safe_traversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of-Use (TOCTOU) symlink races using file-descriptor-relative syscalls, is incorrectly limited to Linux targets. … | Apr 22, 2026 |