Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12565
Total
848
Critical
3603
High
3938
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-23430 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Don't overwrite KMS surface dirty tracker We were overwriting the surface's dirty tracker here … | Apr 03, 2026 |
| CVE-2026-23429 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: iommu/sva: Fix crash in iommu_sva_unbind_device() domain->mm->iommu_mm can be freed by iommu_domain_free(): iommu_domain_free() mmdrop() __mmdrop() mm_pasid_drop() … | Apr 03, 2026 |
| CVE-2026-23428 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of share_conf in compound request smb2_get_ksmbd_tcon() reuses work->tcon in compound requests without … | Apr 03, 2026 |
| CVE-2026-23427 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in durable v2 replay of active file handles parse_durable_handle_context() unconditionally assigns dh_info->fp->conn … | Apr 03, 2026 |
| CVE-2025-68153 | UNKNOWN | — | Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From … | Apr 03, 2026 |
| CVE-2025-68152 | UNKNOWN | — | Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From … | Apr 03, 2026 |
| CVE-2025-64340 | MEDIUM | 6.7 | FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, server names containing shell metacharacters (e.g., &) can cause command injection on … | Apr 03, 2026 |
| CVE-2026-5469 | MEDIUM | 4.7 | A weakness has been identified in Casdoor 2.356.0. This vulnerability affects unknown code of the component Webhook URL Handler. Executing a manipulation can lead to … | Apr 03, 2026 |
| CVE-2026-26477 | HIGH | 7.5 | An issue in Dokuwiki v.2025-05-14b 'Librarian' allows a remote attacker to cause a denial of service via the media_upload_xhr() function in the media.php file | Apr 03, 2026 |
| CVE-2025-59711 | HIGH | 8.3 | An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism, an authenticated attacker is able to write … | Apr 03, 2026 |
| CVE-2025-59710 | UNKNOWN | — | An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During … | Apr 03, 2026 |
| CVE-2025-59709 | UNKNOWN | — | An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read by the server, a Super … | Apr 03, 2026 |
| CVE-2026-5468 | LOW | 3.5 | A security flaw has been discovered in Casdoor 2.356.0. This affects the function dangerouslySetInnerHTML. Performing a manipulation of the argument formCss/formCssMobile/formSideHtml results in cross site … | Apr 03, 2026 |
| CVE-2026-28736 | MEDIUM | 4.3 | ** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to validate file ownership when serving uploaded files. This allows an authenticated attacker who knows a … | Apr 03, 2026 |
| CVE-2026-25773 | HIGH | 8.1 | ** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker … | Apr 03, 2026 |
| CVE-2026-23426 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() The logicvc_drm_config_parse() function calls of_get_child_by_name() to find … | Apr 03, 2026 |
| CVE-2026-23425 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix ID register initialization for non-protected pKVM guests In protected mode, the hypervisor … | Apr 03, 2026 |
| CVE-2026-23424 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Validate command buffer payload count The count field in the command header is used … | Apr 03, 2026 |
| CVE-2026-23423 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: free pages on error in btrfs_uring_read_extent() In this function the 'pages' object is never … | Apr 03, 2026 |
| CVE-2026-23422 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler Commit 31a7a0bbeb00 ("dpaa2-switch: add … | Apr 03, 2026 |
| CVE-2026-23421 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/xe/configfs: Free ctx_restore_mid_bb in release ctx_restore_mid_bb memory is allocated in wa_bb_store(), but xe_config_device_release() only frees … | Apr 03, 2026 |
| CVE-2026-23420 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: Fix a locking bug Make sure that wl->mutex is locked before it is … | Apr 03, 2026 |
| CVE-2026-23419 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net/rds: Fix circular locking dependency in rds_tcp_tune syzbot reported a circular locking dependency in rds_tcp_tune() … | Apr 03, 2026 |
| CVE-2026-23418 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/xe/reg_sr: Fix leak on xa_store failure Free the newly allocated entry when xa_store() fails to … | Apr 03, 2026 |
| CVE-2026-27655 | HIGH | 7.3 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on Mailboxes report. | Apr 03, 2026 |