CVE-2026-34263

Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application...

CVE-2026-24711

Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control...

CVE-2026-45393

A vulnerability chain in Cribl Edge for Windows before 4.17.1 allows a local authenticated user to escalate privileges to NT AUTHORITY\SYSTEM. Incorrect default permissions on the Windows installer's authentication directory CWE-276 expose a cryptographic secret used for JWT signing and...

CVE-2026-41684

A flaw was found in Incus, a system container and virtual machine manager. An authenticated user with permissions to import instance backups could craft a malicious backup archive. This archive, containing a valid inline configuration but a malformed legacy backup file, could cause the Incus daem...

CVE-2026-41648

A flaw was found in Incus. An authenticated user could provide a specially crafted image or backup tarball. When parsed, these files would load excessively large YAML documents into memory due to a lack of size restrictions. This could lead to a denial of service DoS by consuming all available...

CVE-2026-44515

A flaw was found in Nextcloud News. An authenticated attacker could exploit this by providing a malicious feed URL that points to internal or private network addresses. This action causes the Nextcloud server to perform server-side HTTP requests to attacker-controlled destinations without relayin...

CVE-2026-40243

A flaw was found in Incus, a system container and virtual machine manager. The Open Virtual Network OVN database connection logic contains broken Transport Layer Security TLS validation. A remote attacker, by impersonating or intercepting the OVN endpoint on the management network, can present a...

CVE-2026-35254

A flaw was found in Oracle OCI CLI. An unauthenticated attacker with network access can exploit this vulnerability, allowing imported files to be placed outside their intended directory. This could lead to arbitrary file placement, potentially enabling an attacker to write malicious files to...

CVE-2026-29514

A flaw was found in NetBox. Authenticated users with exporttemplate or configtemplate permissions can exploit a vulnerability in the RenderTemplateMixin.getenvironmentparams method. By specifying malicious Python code in the environmentparams field, attackers can bypass security protections and...

CVE-2026-8503

A flaw was found in Apache::Session::Generate::SHA256 within perl-Apache-Session-Browseable. The session ID generator uses predictable, low-entropy sources such as the rand function, epoch time, and process ID PID to create session identifiers. This weakness allows a remote attacker to predict...

CVE-2026-43331

A flaw was found in the Linux kernel. When Kernel Coverage KCOV instrumentation is enabled, a local user performing a kexec operation can trigger an invalid state within the x86/kexec component. This invalid state, related to the GS base that KCOV relies on for per-CPU data, causes the kernel to...

CVE-2026-44216

A flaw was found in Wasmtime, a runtime for WebAssembly. A remote attacker could exploit an arithmetic overflow vulnerability by instantiating a WebAssembly module or component that attempts to allocate an extremely large table using the WebAssembly memory64 proposal. This flaw causes Wasmtime to...

CVE-2026-43332

A flaw was found in the Linux kernel's thermal core subsystem. When thermalzonedeviceregisterwithtrips fails during device registration, it does not properly wait for the thermal zone device's removal completion. This can lead to the premature freeing of the device's memory, creating a...

CVE-2026-43325

A flaw was found in the Linux kernel's iwlwifi driver. This vulnerability occurs when the driver attempts to send a Wi-Fi 6E 6th Generation Extended related command, specifically MCCALLOWEDAPTYPECMD, to a device that does not support Wi-Fi 6E. Due to the device's firmware mistakenly advertising...

CVE-2026-44348

A flaw was found in PoDoFo, a C++17 PDF manipulation library. A double-free vulnerability exists in the computehashtosign function. This can occur if EVPDigestFinal fails after a buffer has already been freed, leading to heap corruption. This vulnerability could allow a local attacker to cause a...

CVE-2026-43334

A flaw was found in the Linux kernel's Bluetooth Security Manager Protocol SMP. An attacker could exploit this vulnerability during the Bluetooth pairing process by manipulating authentication requirements. This could lead to the selection of a weaker pairing method than intended, potentially...

CVE-2026-43326

A flaw was found in the Linux kernel, specifically within the schedext component. This vulnerability can lead to a system-wide deadlock, causing a Denial of Service DoS where the system becomes unresponsive. The issue arises when the kernel's scheduling mechanism enters a busy-wait state in a...

CVE-2026-43323

A flaw was found in the Linux kernel. Incorrect tracking of virtual runtime zerovruntime in the scheduler's fair scheduling component can occur under specific conditions, such as when tasks frequently yield or when multiple control groups cgroups are active. This can lead to the scheduler's...

CVE-2026-43324

A flaw was found in the Linux kernel's dummy-hcd driver. This vulnerability stems from an interrupt synchronization error where emulated interrupts can occur after the system attempts to synchronize interrupt handlers. This timing issue creates a race condition, potentially allowing a callback...

CVE-2026-43335

A flaw was found in the Linux kernel's interconnect driver for Qualcomm SM8450. The issue arises from unconverted dynamic IDs for platform interconnects, leading to a NULL pointer dereference in the icclinknodes function. This vulnerability can be triggered during runtime when a pointer to a...

CVE-2026-43337

A flaw was found in the Linux kernel's drm/amd/display component. This flaw occurs because the dcn401inithw function does not properly validate a callback pointer updatebwboundingbox before use. This can lead to a NULL pointer dereference, potentially causing a system crash or denial of service...

CVE-2026-43339

A flaw was found in the Linux kernel's IPv6 networking subsystem. Specifically, a Use-after-Free UaF vulnerability exists within the addrconfpermanentaddr function. This issue arises when the system attempts to access an IPv6 address after it has been freed, which could allow an attacker to cause...

CVE-2026-43329

A flaw was found in the Netfilter flowtable component of the Linux kernel. This vulnerability occurs because the system does not strictly check the maximum number of hardware offload actions for IPv6, allowing it to process more actions than supported. This could potentially lead to system...

CVE-2026-43490

A flaw was found in ksmbd, a Linux kernel module that provides an in-kernel Server Message Block SMB server. A remote attacker could exploit this vulnerability by providing a malformed inheritable Access Control Entry ACE within a security descriptor. This could lead to an out-of-bounds read or...

CVE-2026-43322

A flaw was found in the Bluetooth Host Controller Interface HCI synchronization module hcisync of the Linux kernel. A use-after-free UAF vulnerability exists in the lereadfeaturescomplete function, where a freed hciconn object is accessed. This can allow an attacker to cause a system crash, leadi...

CVE-2026-42281

A flaw was found in MagicMirror². An unauthenticated remote attacker can exploit a Server-Side Request Forgery SSRF vulnerability, which allows a server to be tricked into making requests to an unintended location, in the /cors endpoint. This enables the attacker to force the MagicMirror² server ...

CVE-2026-44637

A flaw was found in libsixel, a SIXEL encoder/decoder implementation. A remote attacker, by providing specially crafted SIXEL data, can trigger a signed integer overflow in the SIXEL parser's image-buffer doubling loop. This overflow can bypass size checks and lead to an out-of-bounds heap write...

CVE-2026-8575

An use after free flaw was found in the UI component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496217775...

CVE-2026-8570

A type confusion flaw was found in the V8 component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=490353576...

CVE-2026-8586

An inappropriate implementation flaw was found in the Chromoting component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=499154022...

CVE-2026-8587

An use after free flaw was found in the Extensions component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=507356235...

CVE-2026-8583

An insufficient policy enforcement flaw was found in the WebXR component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497975477...

CVE-2026-8582

An object lifecycle issue flaw was found in the Dawn component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497594413...

CVE-2026-8581

An use after free flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497292072...

CVE-2026-8580

An use after free flaw was found in the Mojo component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496639647...

CVE-2026-8579

An insufficient validation of untrusted input flaw was found in the Skia component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496526419...

CVE-2026-8578

An out of bounds read flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496395450...

CVE-2026-8574

An use after free flaw was found in the Core component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=495902113...

CVE-2026-8572

An insufficient policy enforcement flaw was found in the Network component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=495405493...

CVE-2026-8571

An insufficient policy enforcement flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=491422244...

CVE-2026-8569

An out of bounds write flaw was found in the Codecs component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=490229299...

CVE-2026-8568

Insufficient policy enforcement in AI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-8565

An inappropriate implementation flaw was found in the Downloads component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=442860473...

CVE-2026-8564

An incorrect security ui flaw was found in the Downloads component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=418273622...

CVE-2026-8563

An insufficient policy enforcement flaw was found in the IFrame Sandbox component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=40061220...

CVE-2026-8562

A side-channel information leakage flaw was found in the Navigation component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=40057534...

CVE-2026-8561

An incorrect security ui flaw was found in the Fullscreen component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=343352552...

CVE-2026-7481

GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to execute arbitrary JavaScript in other users' browsers due to improper input...

CVE-2026-6335

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user to execute arbitrary code in another user's browser session due to improper sanitization...

CVE-2026-7377

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers d...