Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6420 | MEDIUM | 6.3 | A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability … | May 06, 2026 |
| CVE-2025-59854 | LOW | 3.1 | HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to … | May 06, 2026 |
| CVE-2025-59853 | LOW | 3.1 | HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to … | May 06, 2026 |
| CVE-2025-59852 | LOW | 3.7 | HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker … | May 06, 2026 |
| CVE-2025-59851 | LOW | 3.7 | HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker … | May 06, 2026 |
| CVE-2025-31970 | MEDIUM | 5.3 | HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could … | May 06, 2026 |
| CVE-2026-6860 | UNKNOWN | — | A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard … | May 06, 2026 |
| CVE-2026-43975 | MEDIUM | 6.5 | FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write … | May 06, 2026 |
| CVE-2026-43646 | HIGH | 7.5 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, … | May 06, 2026 |
| CVE-2026-43120 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix double free related to rereg_user_mr If IB_MR_REREG_TRANS is set during rereg_user_mr, the umem … | May 06, 2026 |
| CVE-2026-43119 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: annotate data-races around hdev->req_status __hci_cmd_sync_sk() sets hdev->req_status under hdev->req_lock: hdev->req_status = HCI_REQ_PEND; However, … | May 06, 2026 |
| CVE-2026-43118 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix zero size inode with non-zero size after log replay When logging that an … | May 06, 2026 |
| CVE-2026-43117 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() If overlay is used on … | May 06, 2026 |
| CVE-2026-43116 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ensure safe access to master conntrack Holding reference on the expectation is not … | May 06, 2026 |
| CVE-2026-43115 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: srcu: Use irq_work to start GP in tiny SRCU Tiny SRCU's srcu_gp_start_if_needed() directly calls schedule_work(), … | May 06, 2026 |
| CVE-2026-43114 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry New test case fails unexpectedly when avx2 … | May 06, 2026 |
| CVE-2026-43113 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: validate packet IDs before indexing tx_frames wl1251_tx_packet_cb() uses the firmware completion ID directly … | May 06, 2026 |
| CVE-2026-43112 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath When cifs_sanitize_prepath is called with an empty string or … | May 06, 2026 |
| CVE-2026-43111 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: HID: roccat: fix use-after-free in roccat_report_event roccat_report_event() iterates over the device->readers list without holding the … | May 06, 2026 |
| CVE-2026-43110 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: validate bsscfg indices in IF events brcmf_fweh_handle_if_event() validates the firmware-provided interface index before … | May 06, 2026 |
| CVE-2026-43109 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: x86: shadow stacks: proper error handling for mmap lock 김영민 reports that shstk_pop_sigframe() doesn't check … | May 06, 2026 |
| CVE-2026-43108 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pd-mapper: Fix element length in servreg_loc_pfr_req_ei It looks element length declared in servreg_loc_pfr_req_ei … | May 06, 2026 |
| CVE-2026-43107 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: xfrm: account XFRMA_IF_ID in aevent size calculation xfrm_get_ae() allocates the reply skb with xfrm_aevent_msgsize(), then … | May 06, 2026 |
| CVE-2026-43106 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix incorrect dentry refcount in cachefiles_cull() The patch mentioned below changed cachefiles_bury_object() to expect … | May 06, 2026 |
| CVE-2026-43105 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix memory leak of BO array in hang state The hang state's BO array … | May 06, 2026 |