Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13551
Total
895
Critical
3928
High
4272
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-23441 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent concurrent access to IPSec ASO context The query or updating IPSec offload object … | Apr 03, 2026 |
| CVE-2026-23440 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix race condition during IPSec ESN update In IPSec full offload mode, the device … | Apr 03, 2026 |
| CVE-2026-23439 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n When CONFIG_IPV6 is disabled, the udp_sock_create6() … | Apr 03, 2026 |
| CVE-2026-23438 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: guard flow control update with global_tx_fc in buffer switching mvpp2_bm_switch_buffers() unconditionally calls mvpp2_bm_pool_update_priv_fc() … | Apr 03, 2026 |
| CVE-2026-23437 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect late read accesses to the hierarchy We look up a netdev during … | Apr 03, 2026 |
| CVE-2026-23436 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect from late creation of hierarchy We look up a netdev during prep … | Apr 03, 2026 |
| CVE-2026-23435 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: perf/x86: Move event pointer setup earlier in x86_pmu_enable() A production AMD EPYC system crashed with … | Apr 03, 2026 |
| CVE-2026-23434 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: serialize lock/unlock against other NAND operations nand_lock() and nand_unlock() call into chip->ops.lock_area/unlock_area without … | Apr 03, 2026 |
| CVE-2026-23433 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: arm_mpam: Fix null pointer dereference when restoring bandwidth counters When an MSC supporting memory bandwidth … | Apr 03, 2026 |
| CVE-2026-23432 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: mshv: Fix use-after-free in mshv_map_user_memory error path In the error path of mshv_map_user_memory(), calling vfree() … | Apr 03, 2026 |
| CVE-2026-23431 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: spi: amlogic-spisg: Fix memory leak in aml_spisg_probe() In aml_spisg_probe(), ctlr is allocated by spi_alloc_target()/spi_alloc_host(), but … | Apr 03, 2026 |
| CVE-2026-23430 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Don't overwrite KMS surface dirty tracker We were overwriting the surface's dirty tracker here … | Apr 03, 2026 |
| CVE-2026-23429 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: iommu/sva: Fix crash in iommu_sva_unbind_device() domain->mm->iommu_mm can be freed by iommu_domain_free(): iommu_domain_free() mmdrop() __mmdrop() mm_pasid_drop() … | Apr 03, 2026 |
| CVE-2026-23428 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of share_conf in compound request smb2_get_ksmbd_tcon() reuses work->tcon in compound requests without … | Apr 03, 2026 |
| CVE-2026-23427 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in durable v2 replay of active file handles parse_durable_handle_context() unconditionally assigns dh_info->fp->conn … | Apr 03, 2026 |
| CVE-2025-68153 | UNKNOWN | — | Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From … | Apr 03, 2026 |
| CVE-2025-68152 | UNKNOWN | — | Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From … | Apr 03, 2026 |
| CVE-2025-64340 | MEDIUM | 6.7 | FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, server names containing shell metacharacters (e.g., &) can cause command injection on … | Apr 03, 2026 |
| CVE-2026-5469 | MEDIUM | 4.7 | A weakness has been identified in Casdoor 2.356.0. This vulnerability affects unknown code of the component Webhook URL Handler. Executing a manipulation can lead to … | Apr 03, 2026 |
| CVE-2026-26477 | HIGH | 7.5 | An issue in Dokuwiki v.2025-05-14b 'Librarian' allows a remote attacker to cause a denial of service via the media_upload_xhr() function in the media.php file | Apr 03, 2026 |
| CVE-2025-59711 | HIGH | 8.3 | An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism, an authenticated attacker is able to write … | Apr 03, 2026 |
| CVE-2025-59710 | UNKNOWN | — | An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During … | Apr 03, 2026 |
| CVE-2025-59709 | UNKNOWN | — | An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read by the server, a Super … | Apr 03, 2026 |
| CVE-2026-5468 | LOW | 3.5 | A security flaw has been discovered in Casdoor 2.356.0. This affects the function dangerouslySetInnerHTML. Performing a manipulation of the argument formCss/formCssMobile/formSideHtml results in cross site … | Apr 03, 2026 |
| CVE-2026-28736 | MEDIUM | 4.3 | ** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to validate file ownership when serving uploaded files. This allows an authenticated attacker who knows a … | Apr 03, 2026 |