Export limit exceeded: 349058 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349058 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-31768 | 1 Linux | 1 Linux Kernel | 2026-05-03 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-adc161s626: use DMA-safe memory for spi_read() Add a DMA-safe buffer and use it for spi_read() instead of a stack memory. All SPI buffers must be DMA-safe. Since we only need up to 3 bytes, we just use a u8[] instead of __be16 and __be32 and change the conversion functions appropriately. | ||||
| CVE-2026-31766 | 1 Linux | 1 Linux Kernel | 2026-05-03 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate doorbell_offset in user queue creation amdgpu_userq_get_doorbell_index() passes the user-provided doorbell_offset to amdgpu_doorbell_index_on_bar() without bounds checking. An arbitrarily large doorbell_offset can cause the calculated doorbell index to fall outside the allocated doorbell BO, potentially corrupting kernel doorbell space. Validate that doorbell_offset falls within the doorbell BO before computing the BAR index, using u64 arithmetic to prevent overflow. (cherry picked from commit de1ef4ffd70e1d15f0bf584fd22b1f28cbd5e2ec) | ||||
| CVE-2026-31761 | 1 Linux | 1 Linux Kernel | 2026-05-03 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050: Move iio_device_register() to correct location iio_device_register() should be at the end of the probe function to prevent race conditions. Place iio_device_register() at the end of the probe function and place iio_device_unregister() accordingly. | ||||
| CVE-2026-31758 | 1 Linux | 1 Linux Kernel | 2026-05-03 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: usb: usbtmc: Flush anchored URBs in usbtmc_release When calling usbtmc_release, pending anchored URBs must be flushed or killed to prevent use-after-free errors (e.g. in the HCD giveback path). Call usbtmc_draw_down() to allow anchored URBs to be completed. | ||||
| CVE-2026-6481 | 2026-05-02 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2026-31784 | 1 Linux | 1 Linux Kernel | 2026-05-02 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: drm/xe/pxp: Clear restart flag in pxp_start after jumping back If we don't clear the flag we'll keep jumping back at the beginning of the function once we reach the end. (cherry picked from commit 0850ec7bb2459602351639dccf7a68a03c9d1ee0) | ||||
| CVE-2026-31781 | 1 Linux | 1 Linux Kernel | 2026-05-02 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: drm/ioc32: stop speculation on the drm_compat_ioctl path The drm compat ioctl path takes a user controlled pointer, and then dereferences it into a table of function pointers, the signature method of spectre problems. Fix this up by calling array_index_nospec() on the index to the function pointer list. | ||||
| CVE-2026-21023 | 1 Samsung | 2 Android, Mobile Devices | 2026-05-02 | 5.5 Medium |
| Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local attackers to modify the installation restriction of specific application. | ||||
| CVE-2026-43035 | 1 Linux | 1 Linux Kernel | 2026-05-02 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak When building netlink messages, tc_chain_fill_node() never initializes the tcm_info field of struct tcmsg. Since the allocation is not zeroed, kernel heap memory is leaked to userspace through this 4-byte field. The fix simply zeroes tcm_info alongside the other fields that are already initialized. | ||||
| CVE-2026-36841 | 1 Totolink | 1 N200re-v5 | 2026-05-02 | 9.8 Critical |
| TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function. | ||||
| CVE-2026-36340 | 1 Krayin | 1 Laravel-crm | 2026-05-02 | 8.1 High |
| An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function | ||||
| CVE-2026-1577 | 1 Ibm | 1 Db2 | 2026-05-02 | 6.5 Medium |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic. | ||||
| CVE-2026-42483 | 1 Hashcat | 1 Hashcat | 2026-05-02 | 7.3 High |
| A heap-based buffer overflow in the Kerberos hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted Kerberos hash file. The issue affects module_hash_decode in multiple Kerberos-related modules because account_info_len is calculated from untrusted delimiter positions without upper-bound validation before memcpy copies the data into a fixed-size account_info buffer. | ||||
| CVE-2026-31757 | 1 Linux | 1 Linux Kernel | 2026-05-02 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: usb: misc: usbio: Fix URB memory leak on submit failure When usb_submit_urb() fails in usbio_probe(), the previously allocated URB is never freed, causing a memory leak. Fix this by jumping to err_free_urb label to properly release the URB on the error path. | ||||
| CVE-2026-31783 | 1 Linux | 1 Linux Kernel | 2026-05-02 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: spi: amlogic: spifc-a4: unregister ECC engine on probe failure and remove() callback aml_sfc_probe() registers the on-host NAND ECC engine, but teardown was missing from both probe unwind and remove-time cleanup. Add a devm cleanup action after successful registration so nand_ecc_unregister_on_host_hw_engine() runs automatically on probe failures and during device removal. | ||||
| CVE-2026-43021 | 1 Linux | 1 Linux Kernel | 2026-05-02 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: fix leaks when hci_cmd_sync_queue_once fails When hci_cmd_sync_queue_once() returns with error, the destroy callback will not be called. Fix leaking references / memory on these failures. | ||||
| CVE-2026-43045 | 1 Linux | 1 Linux Kernel | 2026-05-02 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: mshv: Fix error handling in mshv_region_pin The current error handling has two issues: First, pin_user_pages_fast() can return a short pin count (less than requested but greater than zero) when it cannot pin all requested pages. This is treated as success, leading to partially pinned regions being used, which causes memory corruption. Second, when an error occurs mid-loop, already pinned pages from the current batch are not properly accounted for before calling mshv_region_invalidate_pages(), causing a page reference leak. Treat short pins as errors and fix partial batch accounting before cleanup. | ||||
| CVE-2026-38939 | 1 Andrewtch88 | 1 Mvc-ecommerce | 2026-05-02 | 6.1 Medium |
| Cross Site Scripting vulnerability in andrewtch88 mvc-ecommerce v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the product_catalogue.php component | ||||
| CVE-2026-38940 | 1 Rafymrx | 1 Toko-online-roti | 2026-05-02 | 6.1 Medium |
| Cross Site Scripting vulnerability in RafyMrX TOKO-ONLINE-ROTI v.1.0 allows a remote attacker to execute arbitrary code via the detail_produk.php component | ||||
| CVE-2026-36758 | 1 Halo | 1 Halo | 2026-05-02 | 4.3 Medium |
| A Server-Side Request Forgery (SSRF) in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request. | ||||