31,509 indexed
CVECVE vulnerabilities
31,509 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 1,251–1,300 of 8,314 in Critical · page 26 of 167
| ID | Title | Summary |
|---|---|---|
| CVE-2026-31659 | CVE-2026-31659 CVSS 9.8 | In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject oversized global TT response buffers batadv_tt_prepare_tvlv_global_dat… |
| CVE-2026-31657 | CVE-2026-31657 CVSS 9.8linux | In the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim backbone gateways by reference batadv_bla_add_claim() can replace … |
| CVE-2026-31649 | CVE-2026-31649 CVSS 9.8 | In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix integer underflow in chain mode The jumbo_frm() chain-mode implementatio… |
| CVE-2026-3164 | CVE-2026-3164 CVSS 9.8 | A vulnerability was found in itsourcecode News Portal Project 1.0. This issue affects some unknown processing of the file /admin/contactus.php. The manipulatio… |
| CVE-2026-31637 | CVE-2026-31637 CVSS 9.8linux | In the Linux kernel, the following vulnerability has been resolved: rxrpc: reject undecryptable rxkad response tickets rxkad_decrypt_ticket() decrypts the RX… |
| CVE-2026-31636 | CVE-2026-31636 CVSS 9.1 | In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix RESPONSE authenticator parser OOB read rxgk_verify_authenticator() copies auth… |
| CVE-2026-31633 | CVE-2026-31633 CVSS 9.8 | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix integer overflow in rxgk_verify_response() In rxgk_verify_response(), there's … |
| CVE-2026-31609 | CVE-2026-31609 CVSS 9.8 | In the Linux kernel, the following vulnerability has been resolved: smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush() smbd_… |
| CVE-2026-31608 | CVE-2026-31608 CVSS 9.8 | In the Linux kernel, the following vulnerability has been resolved: smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list… |
| CVE-2026-31607 | CVE-2026-31607 CVSS 9.8linux | In the Linux kernel, the following vulnerability has been resolved: usbip: validate number_of_packets in usbip_pack_ret_submit() When a USB/IP client receive… |
| CVE-2026-31589 | CVE-2026-31589 CVSS 9.8 | In the Linux kernel, the following vulnerability has been resolved: mm: call ->free_folio() directly in folio_unmap_invalidate() We can only call filemap_fre… |
| CVE-2026-31536 | CVE-2026-31536 CVSS 9.8 | In the Linux kernel, the following vulnerability has been resolved: smb: server: let send_done handle a completion without IB_SEND_SIGNALED With smbdirect_se… |
| CVE-2026-31533 | CVE-2026-31533 CVSS 9.8 | In the Linux kernel, the following vulnerability has been resolved: net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption The -EBUSY handling… |
| CVE-2026-3153 | CVE-2026-3153 CVSS 9.8 | A vulnerability has been found in itsourcecode Document Management System 1.0. Impacted is an unknown function of the file /register.php. Such manipulation of … |
| CVE-2026-3152 | CVE-2026-3152 CVSS 9.8 | A flaw has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/teacher-salary.php. This man… |
| CVE-2026-3151 | CVE-2026-3151 CVSS 9.8 | A vulnerability was detected in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /login/login.php. The manipulat… |
| CVE-2026-31501 | CVE-2026-31501 CVSS 9.8 | In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix use-after-free of CPPI descriptor in RX path cppi5_hdesc_get_p… |
| CVE-2026-3148 | CVE-2026-3148 CVSS 9.8 | A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1.0. This impacts an unknown function of the file /signup.php. This manip… |
| CVE-2026-31478 | CVE-2026-31478 CVSS 9.8 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len() After th… |
| CVE-2026-31463 | CVE-2026-31463 CVSS 9.8 | In the Linux kernel, the following vulnerability has been resolved: iomap: fix invalid folio access when i_blkbits differs from I/O granularity Commit aa35dd… |
| CVE-2026-31448 | CVE-2026-31448 CVSS 9.4 | In the Linux kernel, the following vulnerability has been resolved: ext4: avoid infinite loops caused by residual data On the mkdir/mknod path, when mapping … |
| CVE-2026-31444 | CVE-2026-31444 CVSS 9.8 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free and NULL deref in smb_grant_oplock() smb_grant_oplock() has two… |
| CVE-2026-31436 | CVE-2026-31436 CVSS 9.8 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() At the en… |
| CVE-2026-31414 | CVE-2026-31414 CVSS 9.8 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_expect: use expect->helper Use expect->helper in ctnetlink and /p… |
| CVE-2026-31405 | CVE-2026-31405 CVSS 9.8 | In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ule_mandatory_ext_handl… |
| CVE-2026-31402 | CVE-2026-31402 CVSS 9.8linux | In the Linux kernel, the following vulnerability has been resolved: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache The NFSv4.0 replay cache uses a fixe… |
| CVE-2026-3136 | CVE-2026-3136 CVSS 9.8 | An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrar… |
| CVE-2026-3135 | CVE-2026-3135 CVSS 9.8 | A weakness has been identified in itsourcecode News Portal Project 1.0. The impacted element is an unknown function of the file /admin/add-category.php. This m… |
| CVE-2026-3134 | CVE-2026-3134 CVSS 9.8 | A security flaw has been discovered in itsourcecode News Portal Project 1.0. The affected element is an unknown function of the file /newsportal/admin/edit-cat… |
| CVE-2026-3133 | CVE-2026-3133 CVSS 9.8 | A vulnerability has been found in itsourcecode Document Management System 1.0. This issue affects some unknown processing of the file /loging.php of the compon… |
| CVE-2026-3130 | CVE-2026-3130 CVSS 9.8 | Improper Enforcement of Behavioral Controls in Devolutions Server 2025.3.15 and earlier allows an authenticated attacker with the delete permission to delete a… |
| CVE-2026-31283 | CVE-2026-31283 CVSS 9.8 | In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing… |
| CVE-2026-31282 | CVE-2026-31282 CVSS 9.8 | Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. An attacker can chain… |
| CVE-2026-31272 | CVE-2026-31272 CVSS 9.8 | MRCMS 3.1.2 contains an access control vulnerability. The save() method in src/main/java/org/marker/mushroom/controller/UserController.java lacks proper author… |
| CVE-2026-31271 | CVE-2026-31271 CVSS 9.8 | megagao production_ssm v1.0 contains an authorization bypass vulnerability in the user addition functionality. The insert() method in UserController.java lacks… |
| CVE-2026-31255 | CVE-2026-31255 CVSS 9.8 | A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper ha… |
| CVE-2026-31242 | CVE-2026-31242 CVSS 9.1 | The mem0 v1.0.0 server lacks authentication and authorization controls for its memory reset functionality accessible via the DELETE /memories endpoint. An unau… |
| CVE-2026-31239 | CVE-2026-31239 CVSS 9.8 | The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization (CWE-502) when loading pre-trained models from HuggingFace Hub. The Mam… |
| CVE-2026-31238 | CVE-2026-31238 CVSS 9.8 | The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) in its model serving component. When starting a model server with the ludw… |
| CVE-2026-31237 | CVE-2026-31237 CVSS 9.8 | The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) through its predict() method. When a user provides a dataset file path to … |
| CVE-2026-31236 | CVE-2026-31236 CVSS 9.8 | The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow use… |
| CVE-2026-31235 | CVE-2026-31235 CVSS 9.8 | The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. The class use… |
| CVE-2026-31234 | CVE-2026-31234 CVSS 9.8 | Horovod thru 0.28.1 contains an insecure deserialization vulnerability (CWE-502) in its KVStore HTTP server component. The KVStore server, used for distributed… |
| CVE-2026-31233 | CVE-2026-31233 CVSS 9.8 | Guardrails AI thru 0.6.7 contains a code injection vulnerability (CWE-94) in its Hub package installation mechanism. When installing validator packages via gua… |
| CVE-2026-31231 | CVE-2026-31231 CVSS 9.8 | Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arb… |
| CVE-2026-31230 | CVE-2026-31230 CVSS 9.8 | The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component (robustness_evaluation_… |
| CVE-2026-31229 | CVE-2026-31229 CVSS 9.8 | The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains an insecure deserialization vulnerability (CWE-502) in its Kubeflow component's model loading fun… |
| CVE-2026-31228 | CVE-2026-31228 CVSS 9.8 | The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation functi… |
| CVE-2026-31226 | CVE-2026-31226 CVSS 9.8 | The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 (2025-58-24) contains a critical command injection vulnerability (CWE-78) in its HDFS… |
| CVE-2026-31220 | CVE-2026-31220 CVSS 9.8 | PySyft (Syft Datasite/Server) versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitte… |