Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23813
Total
1705
Critical
7468
High
7599
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-8874 | HIGH | 7.1 | Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other … | Jun 03, 2026 |
| CVE-2026-7888 | UNKNOWN | — | Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that lack the allowed_classes … | Jun 03, 2026 |
| CVE-2026-45702 | MEDIUM | 4.4 | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting … | Jun 03, 2026 |
| CVE-2026-45614 | MEDIUM | 4.7 | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior … | Jun 03, 2026 |
| CVE-2026-42840 | UNKNOWN | — | An authenticated user can persist arbitrary HTML/JavaScript in the email_id or mobile_no fields of a Customer record and trigger unescaped rendering in the Point of … | Jun 03, 2026 |
| CVE-2026-42839 | UNKNOWN | — | An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the item_name, description, or image fields of an Item and trigger … | Jun 03, 2026 |
| CVE-2026-26379 | MEDIUM | 6.5 | An issue in Koha v.25.11 and before allows a remote attacker to execute arbitrary code via the Z39.50 configuration module | Jun 03, 2026 |
| CVE-2026-26378 | MEDIUM | 5.4 | Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features | Jun 03, 2026 |
| CVE-2026-46273 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do … | Jun 03, 2026 |
| CVE-2026-46272 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode When trying to run perf … | Jun 03, 2026 |
| CVE-2026-46271 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: do WoW offloads only on primary link In case of multi-link connection, WCN7850 … | Jun 03, 2026 |
| CVE-2026-46270 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: power: supply: rt9455: Fix use-after-free in power_supply_changed() Using the `devm_` variant for requesting IRQ _before_ … | Jun 03, 2026 |
| CVE-2026-46269 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix NULL pointer dereference when parsing devicetree When probing the k230 pinctrl … | Jun 03, 2026 |
| CVE-2026-46268 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Fix p2pmem_alloc_mmap() warning condition Commit b7e282378773 has already changed the initial page refcount of … | Jun 03, 2026 |
| CVE-2026-46267 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: nfc: hci: shdlc: Stop timers and work before freeing context llc_shdlc_deinit() purges SHDLC skb queues … | Jun 03, 2026 |
| CVE-2026-46266 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP Yizhou Zhao reported that simply having … | Jun 03, 2026 |
| CVE-2026-46265 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix WQ_MEM_RECLAIM warning When sunrpc is used, if a reset triggered, our wq may … | Jun 03, 2026 |
| CVE-2026-46264 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix sysfs initialization In case of devm_add_action_or_reset() failure the provided cleanup action will be … | Jun 03, 2026 |
| CVE-2026-46263 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds stream encoder index v3 eng_id can be negative and that stream_enc_regs[] can … | Jun 03, 2026 |
| CVE-2026-46262 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr_mode_put() This reverts commit f51424872760 ("ASoC: fsl_xcvr: fix … | Jun 03, 2026 |
| CVE-2026-46261 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() platform_get_resource_byname() can return NULL, which would … | Jun 03, 2026 |
| CVE-2026-46260 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bound access in fib6_add_rt2node(). syzbot reported out-of-bound read in fib6_add_rt2node(). [0] When IPv6 … | Jun 03, 2026 |
| CVE-2026-46259 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: procfs: fix missing RCU protection when reading real_parent in do_task_stat() When reading /proc/[pid]/stat, do_task_stat() accesses … | Jun 03, 2026 |
| CVE-2026-46258 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: gpio: cdev: Avoid NULL dereference in linehandle_create() In linehandle_create(), there is a statement like this: … | Jun 03, 2026 |
| CVE-2026-46257 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/timer-sp804: Fix an Oops when read_current_timer is called on ARM32 platforms where the SP804 is … | Jun 03, 2026 |