Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-31616 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete() A broken/bored/mean USB host can overflow … | Apr 24, 2026 |
| CVE-2026-31615 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: renesas_usb3: validate endpoint index in standard request handlers The GET_STATUS and SET/CLEAR_FEATURE handlers … | Apr 24, 2026 |
| CVE-2026-31614 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix off-by-8 bounds check in check_wsl_eas() The bounds check uses (u8 *)ea + … | Apr 24, 2026 |
| CVE-2026-31613 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB reads parsing symlink error response When a CREATE returns STATUS_STOPPED_ON_SYMLINK, smb2_check_message() … | Apr 24, 2026 |
| CVE-2026-31612 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate EaNameLength in smb2_get_ea() smb2_get_ea() reads ea_req->EaNameLength from the client request and passes it … | Apr 24, 2026 |
| CVE-2026-31611 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: require 3 sub-authorities before reading sub_auth[2] parse_dacl() compares each ACE SID against sid_unix_NFS_mode and … | Apr 24, 2026 |
| CVE-2026-31610 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc The kernel ASN.1 BER … | Apr 24, 2026 |
| CVE-2026-31609 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush() smbd_send_batch_flush() already calls smbd_free_send_io(), so we should … | Apr 24, 2026 |
| CVE-2026-31608 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list() smb_direct_flush_send_list() already calls smb_direct_free_sendmsg(), so we should … | Apr 24, 2026 |
| CVE-2026-31607 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: usbip: validate number_of_packets in usbip_pack_ret_submit() When a USB/IP client receives a RET_SUBMIT response, usbip_pack_ret_submit() unconditionally … | Apr 24, 2026 |
| CVE-2026-31606 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_hid: don't call cdev_init while cdev in use When calling unbind, then bind … | Apr 24, 2026 |
| CVE-2026-31605 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO Much like commit 19f953e74356 ("fbdev: fb_pm2fb: Avoid potential divide … | Apr 24, 2026 |
| CVE-2026-31604 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix device leak on probe failure Driver core holds a reference to the … | Apr 24, 2026 |
| CVE-2026-31603 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: staging: sm750fb: fix division by zero in ps_to_hz() ps_to_hz() is called from hw_sm750_crtc_set_mode() without validating … | Apr 24, 2026 |
| CVE-2026-31602 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Limit PTP to a single page Commit 391e69143d0a increased CT_PTP_NUM from 1 to … | Apr 24, 2026 |
| CVE-2026-31601 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: vfio/xe: Reorganize the init to decouple migration from reset Attempting to issue reset on VF … | Apr 24, 2026 |
| CVE-2026-31600 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: arm64: mm: Handle invalid large leaf mappings correctly It has been possible for a long … | Apr 24, 2026 |
| CVE-2026-31599 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections syzbot reported a general protection fault in … | Apr 24, 2026 |
| CVE-2026-31598 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix possible deadlock between unlink and dio_end_io_write ocfs2_unlink takes orphan dir inode_lock first and … | Apr 24, 2026 |
| CVE-2026-31597 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY filemap_fault() may drop the mmap_lock before returning VM_FAULT_RETRY, … | Apr 24, 2026 |
| CVE-2026-31596 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ocfs2: handle invalid dinode in ocfs2_group_extend [BUG] kernel BUG at fs/ocfs2/resize.c:308! Oops: invalid opcode: 0000 … | Apr 24, 2026 |
| CVE-2026-31595 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanup Disable the delayed work before clearing BAR … | Apr 24, 2026 |
| CVE-2026-31594 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown epf_ntb_epc_destroy() duplicates the teardown that the caller is … | Apr 24, 2026 |
| CVE-2026-31593 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU Reject synchronizing vCPU state … | Apr 24, 2026 |
| CVE-2026-31592 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock Take and hold kvm->lock for before checking … | Apr 24, 2026 |