Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23813
Total
1705
Critical
7468
High
7599
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-46256 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: NFS/localio: prevent direct reclaim recursion into NFS via nfs_writepages LOCALIO is an NFS loopback mount … | Jun 03, 2026 |
| CVE-2026-46255 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-edma: don't explicitly disable clocks in .remove() The clocks in fsl_edma_engine::muxclk are allocated and … | Jun 03, 2026 |
| CVE-2026-46254 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: AppArmor: Allow apparmor to handle unaligned dfa tables The dfa tables can originate from kernel … | Jun 03, 2026 |
| CVE-2026-46253 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: pstore/ram: fix buffer overflow in persistent_ram_save_old() persistent_ram_save_old() can be called multiple times for the same … | Jun 03, 2026 |
| CVE-2026-46252 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulator_resolve_supply() error path If late enabling of a supply regulator … | Jun 03, 2026 |
| CVE-2026-46251 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block_group_tree dirty_list corruption When the incompat flag EXTENT_TREE_V2 is set, we unconditionally add … | Jun 03, 2026 |
| CVE-2026-46250 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: MIPS: Work around LLVM bug when gp is used as global register variable On MIPS, … | Jun 03, 2026 |
| CVE-2026-46249 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix PF driver crash with kexec kernel booting During a kexec reboot the hardware … | Jun 03, 2026 |
| CVE-2026-46248 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: clear stale link mapping of ahvif->links_map When an arvif is initialized in non-AP … | Jun 03, 2026 |
| CVE-2026-46247 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gfx3d: add parent to parent request map After commit d228ece36345 ("clk: divider: remove … | Jun 03, 2026 |
| CVE-2026-46246 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler Using the `devm_` variant for … | Jun 03, 2026 |
| CVE-2026-46245 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dc_link NULL handling in HPD init amdgpu_dm_hpd_init() may see connectors without a valid … | Jun 03, 2026 |
| CVE-2026-46244 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: Fix IPv6 inner_thoff desync In nft_inner_parse_l2l3(), when processing inner IPv6 packets, ipv6_find_hdr() correctly … | Jun 03, 2026 |
| CVE-2026-40290 | HIGH | 7.8 | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting … | Jun 03, 2026 |
| CVE-2026-39107 | MEDIUM | 6.3 | A Cross Site Scripting vulnerability exists in the Kimi AI v1.0 web interface's 'Preview' feature. The application fails to properly sanitize or encode HTML/JavaScript payloads … | Jun 03, 2026 |
| CVE-2026-36618 | MEDIUM | 4.3 | Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 responds to version.bind CHAOS TXT queries, disclosing the DNS resolver software version (unbound 1.22.0), aiding targeted attacks against … | Jun 03, 2026 |
| CVE-2026-36616 | MEDIUM | 5.9 | Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in … | Jun 03, 2026 |
| CVE-2026-36615 | MEDIUM | 4.3 | Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 exposes an undocumented /agileconfigreset endpoint that returns internal buffer contents to unauthenticated attackers on the adjacent network. | Jun 03, 2026 |
| CVE-2026-36613 | MEDIUM | 4.3 | Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 returns 128 bytes of uninitialized internal buffer contents when receiving HTTP POST requests to undefined paths, exposing server … | Jun 03, 2026 |
| CVE-2026-36612 | MEDIUM | 6.4 | Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 enables WPS 2.0 by default with a weak lockout policy (60-second lockout after 10 attempts). | Jun 03, 2026 |
| CVE-2026-36611 | HIGH | 7.3 | Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 returns 128 bytes of uninitialized buffer when receiving POST requests without SOAPAction header on UPnP port 1900, exposing … | Jun 03, 2026 |
| CVE-2026-36610 | MEDIUM | 5.9 | Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-middle … | Jun 03, 2026 |
| CVE-2026-36609 | HIGH | 7.3 | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 uses a static authentication nonce that does not change between requests from the same source IP. Combined … | Jun 03, 2026 |
| CVE-2026-36608 | HIGH | 8.8 | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own … | Jun 03, 2026 |
| CVE-2026-36607 | HIGH | 8.8 | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows unauthenticated brute-force attacks via the TDDP password change endpoint (code=10), which lacks the rate limiting applied … | Jun 03, 2026 |