Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-31702 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io() In f2fs_compress_write_end_io(), dec_page_count(sbi, type) can bring the F2FS_WB_CP_DATA … | May 01, 2026 |
| CVE-2026-31701 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: take a reference on the USB device in create_card() The caiaq driver stores … | May 01, 2026 |
| CVE-2026-31700 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd() In tpacket_snd(), when PACKET_VNET_HDR is enabled, … | May 01, 2026 |
| CVE-2026-31699 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed When retrieving … | May 01, 2026 |
| CVE-2026-31698 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed When … | May 01, 2026 |
| CVE-2026-31697 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed When retrieving … | May 01, 2026 |
| CVE-2026-31696 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix missing validation of ticket length in non-XDR key preparsing In rxrpc_preparse(), there are … | May 01, 2026 |
| CVE-2026-31695 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: wifi: virt_wifi: remove SET_NETDEV_DEV to avoid use-after-free Currently we execute `SET_NETDEV_DEV(dev, &priv->lowerdev->dev)` for the virt_wifi … | May 01, 2026 |
| CVE-2026-31694 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache fuse_add_dirent_to_cache() computes a serialized dirent size from the … | May 01, 2026 |
| CVE-2026-7581 | MEDIUM | 4.3 | A security vulnerability has been detected in alexta69 MeTube up to 2026.04.09. This affects the function on_prepare of the file app/main.py of the component CORS … | May 01, 2026 |
| CVE-2026-7580 | MEDIUM | 5.3 | A vulnerability was detected in Exiftool up to 13.53. Impacted is the function Process_mrld of the file lib/Image/ExifTool/GM.pm of the component JPEG/QuickTime/MOV/MP4. The manipulation of … | May 01, 2026 |
| CVE-2026-7579 | HIGH | 7.3 | A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component … | May 01, 2026 |
| CVE-2026-3772 | HIGH | 8.8 | The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing … | May 01, 2026 |
| CVE-2026-3140 | MEDIUM | 4.3 | The Ultimate Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.14. This is due to a … | May 01, 2026 |
| CVE-2026-7578 | MEDIUM | 4.7 | A weakness has been identified in MacCMS Pro up to 2022.1.3. This vulnerability affects the function install of the file /admi.php/admin/addon/add.html of the component Plugin … | May 01, 2026 |
| CVE-2026-42779 | CRITICAL | 9.8 | The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, … | May 01, 2026 |
| CVE-2026-42778 | CRITICAL | 9.8 | The fix for CVE-2026-41409 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: The fix for CVE-2024-52046 in Apache … | May 01, 2026 |
| CVE-2026-42404 | MEDIUM | 6.5 | Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the … | May 01, 2026 |
| CVE-2026-7567 | CRITICAL | 9.8 | The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation … | May 01, 2026 |
| CVE-2026-43003 | HIGH | 8.0 | An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-install from within a chroot of the deployed partition … | May 01, 2026 |
| CVE-2026-43001 | HIGH | 7.9 | An issue was discovered in OpenStack Keystone 13 through 29. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-type credential matched the … | May 01, 2026 |
| CVE-2026-42403 | HIGH | 7.5 | Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references (where Policy A references Policy B … | May 01, 2026 |
| CVE-2026-42402 | HIGH | 7.5 | Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian … | May 01, 2026 |
| CVE-2026-40201 | MEDIUM | 5.4 | @diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file. | May 01, 2026 |
| CVE-2026-7584 | HIGH | 7.8 | The LabOne Q serialization framework uses a class-loading mechanism (import_cls) to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism … | May 01, 2026 |