Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20735
Total
1498
Critical
6296
High
6574
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-27366 | HIGH | 7.5 | Unauthenticated Broken Access Control in MainWP Child <= 6.1.1 versions. | Jun 25, 2026 |
| CVE-2026-12755 | LOW | 2.7 | Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce … | Jun 25, 2026 |
| CVE-2026-42004 | LOW | 3.7 | An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT … | Jun 25, 2026 |
| CVE-2026-40211 | MEDIUM | 5.3 | An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be … | Jun 25, 2026 |
| CVE-2026-40210 | MEDIUM | 4.8 | An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash. | Jun 25, 2026 |
| CVE-2026-40209 | MEDIUM | 5.3 | An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by … | Jun 25, 2026 |
| CVE-2026-40208 | LOW | 3.7 | An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame. | Jun 25, 2026 |
| CVE-2026-40011 | LOW | 3.7 | An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid … | Jun 25, 2026 |
| CVE-2026-33612 | HIGH | 7.5 | A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning. | Jun 25, 2026 |
| CVE-2026-42005 | MEDIUM | 4.3 | An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal … | Jun 25, 2026 |
| CVE-2026-53236 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: tcp: restrict SO_ATTACH_FILTER to priv users This patch restricts the use of SO_ATTACH_FILTER (cBPF) on … | Jun 25, 2026 |
| CVE-2026-53235 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net: add pskb_may_pull() to skb_gro_receive_list() skb_gro_receive_list() calls skb_pull(skb, skb_gro_offset(skb)) without first ensuring the data is … | Jun 25, 2026 |
| CVE-2026-53234 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net: ibm: emac: Fix use-after-free during device removal The driver was using devm_register_netdev() which causes … | Jun 25, 2026 |
| CVE-2026-53233 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: netdev: fix double-free in netdev_nl_bind_rx_doit() Sashiko flags that genlmsg_reply() always consumes the skb. The error … | Jun 25, 2026 |
| CVE-2026-53232 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net: phy: clean the sfp upstream if phy probing fails Sashiko reported that we don't … | Jun 25, 2026 |
| CVE-2026-53231 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net: phy: don't try to setup PHY-driven SFP cages when using genphy We don't have … | Jun 25, 2026 |
| CVE-2026-53230 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list mlx5_query_nic_vport_mac_list() sizes its firmware command buffer using the PF's log_max_current_uc/mc_list … | Jun 25, 2026 |
| CVE-2026-53229 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fix DMA and xdp_frame leak on XDP_TX xmit failure In the XSK branch … | Jun 25, 2026 |
| CVE-2026-53228 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ipv6: sit: reload inner IPv6 header after GSO offloads ipip6_tunnel_xmit() caches the inner IPv6 header … | Jun 25, 2026 |
| CVE-2026-53227 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix possible kfree_skb of ERR_PTR After the patch in the "Fixes" tag, the … | Jun 25, 2026 |
| CVE-2026-53226 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: gpio: rockchip: fix generic IRQ chip leak on remove The driver allocates domain generic chips … | Jun 25, 2026 |
| CVE-2026-53225 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: sctp: fix uninit-value in __sctp_rcv_asconf_lookup() __sctp_rcv_asconf_lookup() in net/sctp/input.c only checks that the ASCONF chunk can … | Jun 25, 2026 |
| CVE-2026-53224 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: sctp: validate embedded INIT chunk and address list lengths in cookie sctp_unpack_cookie() only checked that … | Jun 25, 2026 |
| CVE-2026-53223 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net: guard timestamp cmsgs to real error queue skbs skb_is_err_queue() treats PACKET_OUTGOING as the sole … | Jun 25, 2026 |
| CVE-2026-53222 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: fix resource freeing order Commit a60fc3294a37 ("ptp: rework ptp_clock_unregister() to disable events") added … | Jun 25, 2026 |