Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12604
Total
849
Critical
3630
High
3947
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6355 | MEDIUM | 6.5 | A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This … | Apr 22, 2026 |
| CVE-2026-5750 | UNKNOWN | — | An insecure direct object reference (IDOR) vulnerability in the Fullstep V5 registration process allows authenticated users to access data belonging to other registered users through … | Apr 22, 2026 |
| CVE-2026-5749 | UNKNOWN | — | Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact … | Apr 22, 2026 |
| CVE-2026-41651 | HIGH | 8.8 | PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between … | Apr 22, 2026 |
| CVE-2026-33611 | MEDIUM | 6.5 | An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn … | Apr 22, 2026 |
| CVE-2026-33610 | MEDIUM | 5.9 | A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request … | Apr 22, 2026 |
| CVE-2026-33609 | MEDIUM | 5.3 | Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees. | Apr 22, 2026 |
| CVE-2026-33608 | HIGH | 7.4 | An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to … | Apr 22, 2026 |
| CVE-2026-33602 | MEDIUM | 6.5 | A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds … | Apr 22, 2026 |
| CVE-2026-33599 | LOW | 3.1 | A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade (Lua) option to … | Apr 22, 2026 |
| CVE-2026-33598 | MEDIUM | 4.8 | A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress() or getAddressListByDomain() on a packet cache. | Apr 22, 2026 |
| CVE-2026-33597 | LOW | 3.7 | PRSD detection denial of service | Apr 22, 2026 |
| CVE-2026-33596 | LOW | 3.1 | A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of … | Apr 22, 2026 |
| CVE-2026-33595 | MEDIUM | 5.3 | A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were … | Apr 22, 2026 |
| CVE-2026-33594 | MEDIUM | 5.3 | A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate … | Apr 22, 2026 |
| CVE-2026-33593 | HIGH | 7.5 | A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query. | Apr 22, 2026 |
| CVE-2026-33254 | MEDIUM | 5.3 | An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of … | Apr 22, 2026 |
| CVE-2026-31530 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use after free of parent_port in cxl_detach_ep() cxl_detach_ep() is called during bottom-up removal … | Apr 22, 2026 |
| CVE-2026-31529 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix leakage in __construct_region() Failing the first sysfs_update_group() needs to explicitly kfree the resource … | Apr 22, 2026 |
| CVE-2026-31528 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: perf: Make sure to use pmu_ctx->pmu for groups Oliver reported that x86_pmu_del() ended up doing … | Apr 22, 2026 |
| CVE-2026-31527 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: driver core: platform: use generic driver_override infrastructure When a driver is probed through __driver_attach(), the … | Apr 22, 2026 |
| CVE-2026-31526 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix exception exit lock checking for subprogs process_bpf_exit_full() passes check_lock = !curframe to check_resource_leak(), … | Apr 22, 2026 |
| CVE-2026-31525 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN The BPF interpreter's signed 32-bit division … | Apr 22, 2026 |
| CVE-2026-31524 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: HID: asus: avoid memory leak in asus_report_fixup() The asus_report_fixup() function was returning a newly allocated … | Apr 22, 2026 |
| CVE-2026-31523 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: nvme-pci: ensure we're polling a polled queue A user can change the polled queue count … | Apr 22, 2026 |