1911 items
Unread (2158) All Dismissed
HIGH
CVE-2026-31686 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: mm/kasan: fix double free for k...
NVD CVE-2026-31686 40d ago
MEDIUM
CVE-2026-40514 (CVSS 5.9) — SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email...
NVD CVE-2026-40514 40d ago
HIGH
CVE-2026-32688 (CVSS 0) — Allocation of Resources Without Limits or Throttling vulnerability in elixir-plug plug_cowboy allows...
NVD CVE-2026-32688 40d ago
HIGH
CVE-2026-7101 (CVSS 8.8) — A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of ...
NVD CVE-2026-7101 40d ago
HIGH
CVE-2026-31583 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: media: em28xx: fix use-after-fr...
NVD CVE-2026-31583 43d ago
HIGH
CVE-2026-31581 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: ALSA: 6fire: fix use-after-free...
NVD CVE-2026-31581 43d ago
HIGH
CVE-2026-31580 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: bcache: fix cached_dev.sb_bio u...
NVD CVE-2026-31580 43d ago
HIGH
CVE-2026-31578 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: media: as102: fix to not free m...
NVD CVE-2026-31578 43d ago
HIGH
CVE-2026-31576 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: media: hackrf: fix to not free ...
NVD CVE-2026-31576 43d ago
HIGH
CVE-2026-6947 (CVSS 7.5) — DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, al...
NVD CVE-2026-6947 44d ago
MEDIUM
CVE-2026-32952 (CVSS 5.3) — go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0...
NVD CVE-2026-32952 44d ago
CRITICAL
CVE-2026-6942 (CVSS 9.8) — radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows rem...
NVD CVE-2026-6942 44d ago
HIGH
CVE-2026-41205 (CVSS 7.5) — Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vuln...
NVD CVE-2026-41205 44d ago
HIGH
CVE-2026-31532 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: can: raw: fix ro->uniq use-afte...
NVD CVE-2026-31532 44d ago
CRITICAL
CVE-2026-6887 (CVSS 9.8) — Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vul...
NVD CVE-2026-6887 44d ago
CRITICAL
CVE-2026-6886 (CVSS 9.8) — Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication By...
NVD CVE-2026-6886 44d ago
CRITICAL
CVE-2026-6885 (CVSS 9.8) — Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File U...
NVD CVE-2026-6885 44d ago
CRITICAL
CVE-2026-3960 (CVSS 9.8) — A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/I...
NVD CVE-2026-3960 44d ago
CRITICAL
CVE-2026-41179 (CVSS 9.8) — Rclone is a command-line program to sync files and directories to and from different cloud storage p...
NVD CVE-2026-41179 45d ago
HIGH
CVE-2026-31527 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: driver core: platform: use gene...
NVD CVE-2026-31527 45d ago
HIGH
CVE-2026-31500 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: serialize b...
NVD CVE-2026-31500 45d ago
HIGH
CVE-2026-31489 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: spi: meson-spicc: Fix double-pu...
NVD CVE-2026-31489 45d ago
HIGH
CVE-2026-31455 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushin...
NVD CVE-2026-31455 45d ago
HIGH
CVE-2026-6855 (CVSS 7.1) — A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in th...
NVD CVE-2026-6855 45d ago
MEDIUM
CVE-2026-6848 (CVSS 5.4) — A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive ...
NVD CVE-2026-6848 45d ago
INFO
CVE-2026-41144 (CVSS 0) — F´ (F Prime) is a framework that enables development and deployment of spaceflight and other embedde...
NVD CVE-2026-41144 46d ago
HIGH
CVE-2026-40938 (CVSS 7.5) — Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting ...
NVD CVE-2026-40938 46d ago
CRITICAL
CVE-2026-5965 (CVSS 9.8) — NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated l...
NVD CVE-2026-5965 47d ago
CRITICAL
CVE-2026-32311 (CVSS 9.8) — Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, tr...
NVD CVE-2026-32311 47d ago
HIGH
CVE-2026-31430 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: X.509: Fix out-of-bounds access...
NVD CVE-2026-31430 47d ago
HIGH
CVE-2026-40476 (CVSS 7.5) — graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCa...
NVD CVE-2026-40476 50d ago
CRITICAL
CVE-2026-29013 (CVSS 9.8) — libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling wher...
NVD CVE-2026-29013 50d ago
HIGH
CVE-2026-40527 (CVSS 7.8) — radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command...
NVD CVE-2026-40527 50d ago
HIGH
CVE-2026-40518 (CVSS 7.1) — ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerab...
NVD CVE-2026-40518 50d ago
CRITICAL
CVE-2025-15625 (CVSS 9.8) — Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in...
NVD CVE-2025-15625 50d ago
HIGH
CVE-2025-15624 (CVSS 7.5) — Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.  In ...
NVD CVE-2025-15624 50d ago
HIGH
CVE-2025-15623 (CVSS 7.5) — Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System In...
NVD CVE-2025-15623 50d ago
CRITICAL
CVE-2026-27820 (CVSS 9.8) — zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3...
NVD CVE-2026-27820 51d ago
HIGH
CVE-2026-41035 (CVSS 7.4) — In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call,...
NVD CVE-2026-41035 52d ago
HIGH
CVE-2026-6351 (CVSS 7.5) — MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticat...
NVD CVE-2026-6351 52d ago
CRITICAL
CVE-2026-6350 (CVSS 9.8) — MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing ...
NVD CVE-2026-6350 52d ago
CRITICAL
CVE-2026-6349 (CVSS 9.8) — The  iSherlock developed by HGiga  has an OS Command Injection vulnerability, allowing unauthenticat...
NVD CVE-2026-6349 52d ago
HIGH
CVE-2026-6348 (CVSS 8.8) — WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing...
NVD CVE-2026-6348 52d ago
HIGH
CVE-2026-5363 (CVSS 8.8) — Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allow...
NVD CVE-2026-5363 52d ago
HIGH
CVE-2026-33805 (CVSS 8.6) — @fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the clie...
NVD CVE-2026-33805 52d ago
CRITICAL
CVE-2026-33808 (CVSS 9.1) — Impact@fastify/express v4.0.4 and earlier fails to normalize URLs before passing them to Express mid...
NVD CVE-2026-33808 52d ago
HIGH
CVE-2026-27289 (CVSS 7.8) — Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when...
NVD CVE-2026-27289 53d ago
MEDIUM
CVE-2026-40447 (CVSS 5.1) — Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavi...
NVD CVE-2026-40447 55d ago
MEDIUM
CVE-2026-40446 (CVSS 6.9) — Access of resource using incompatible type ('type confusion') vulnerability in Samsung Open Source E...
NVD CVE-2026-40446 55d ago
MEDIUM
CVE-2026-25204 (CVSS 6.2) — Deserialization of untrusted data vulnerability in Samsung Open Source Escargot Java Script allows d...
NVD CVE-2026-25204 55d ago
HIGH NVD Mon, 27 Apr 2026 18:16:53 UTC
CVE-2026-31686 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: mm/kasan: fix double free for k...
https://nvd.nist.gov/vuln/detail/CVE-2026-31686
TL;DR
In the Linux kernel, the following vulnerability has been resolved: mm/kasan: fix double free for kasan pXds kasan_free_pxd() assumes the page table is always struct page aligned. But that's not always the case for all architectures. E.g. In case of powerpc with 64K pagesize, PUD table (of size 4096) comes from slab cache named pgtable-2^9. Hence instead of page_to_virt(pxd_page()) let's just dire…
CVE-2026-31686
Read full story ↗