Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-31541 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: tracing: Fix trace_marker copy link list updates When the "copy_trace_marker" option is enabled for an … | Apr 24, 2026 |
| CVE-2026-31540 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Check set_default_submission() before deferencing When the i915 driver firmware binaries are not present, the … | Apr 24, 2026 |
| CVE-2026-31539 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: smb: smbdirect: introduce smbdirect_socket.recv_io.credits.available The logic off managing recv credits by counting posted recv_io and … | Apr 24, 2026 |
| CVE-2026-31538 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirect_socket.recv_io.credits.available The logic off managing recv credits by counting posted … | Apr 24, 2026 |
| CVE-2026-31537 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirect_socket.send_io.bcredits It turns out that our code will corrupt the … | Apr 24, 2026 |
| CVE-2026-31536 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: smb: server: let send_done handle a completion without IB_SEND_SIGNALED With smbdirect_send_batch processing we likely have … | Apr 24, 2026 |
| CVE-2026-31535 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: smb: client: make use of smbdirect_socket.recv_io.credits.available The logic off managing recv credits by counting posted … | Apr 24, 2026 |
| CVE-2026-31534 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Apr 24, 2026 |
| CVE-2026-31052 | MEDIUM | 5.3 | An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Checkout Authentication Flow component | Apr 24, 2026 |
| CVE-2026-31051 | LOW | 3.8 | An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Client Balance component | Apr 24, 2026 |
| CVE-2026-31050 | MEDIUM | 4.9 | Cross Site Scripting vulnerability in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code | Apr 24, 2026 |
| CVE-2025-61872 | MEDIUM | 6.1 | Mahara before 25.04.2 and 24.04.11 are vulnerable to displaying results that can trigger XSS via a malicious search query string. This occurs in the 'search … | Apr 24, 2026 |
| CVE-2026-25660 | UNKNOWN | — | CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends … | Apr 24, 2026 |
| CVE-2026-5367 | HIGH | 8.6 | A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with … | Apr 24, 2026 |
| CVE-2026-5265 | MEDIUM | 6.5 | When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body … | Apr 24, 2026 |
| CVE-2026-40690 | MEDIUM | 4.3 | The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could … | Apr 24, 2026 |
| CVE-2026-38743 | MEDIUM | 4.3 | The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance records: a logged-in Airflow user with read access to … | Apr 24, 2026 |
| CVE-2026-21515 | CRITICAL | 9.9 | Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network. | Apr 24, 2026 |
| CVE-2026-6043 | UNKNOWN | — | P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user … | Apr 24, 2026 |
| CVE-2026-4313 | UNKNOWN | — | AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the … | Apr 24, 2026 |
| CVE-2026-23902 | HIGH | 8.1 | Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow … | Apr 24, 2026 |
| CVE-2026-41044 | HIGH | 8.8 | Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can … | Apr 24, 2026 |
| CVE-2026-41043 | MEDIUM | 6.5 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious … | Apr 24, 2026 |
| CVE-2026-40466 | HIGH | 8.8 | Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may … | Apr 24, 2026 |
| CVE-2025-62233 | MEDIUM | 6.3 | Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue affects Apache DolphinScheduler: Version >= 3.2.0 and < 3.3.1. Attackers who can access … | Apr 24, 2026 |