1016 items
Unread (2155) All Dismissed
HIGH
CVE-2026-31430 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: X.509: Fix out-of-bounds access...
NVD CVE-2026-31430 47d ago
HIGH
CVE-2026-40476 (CVSS 7.5) — graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCa...
NVD CVE-2026-40476 49d ago
HIGH
CVE-2026-40527 (CVSS 7.8) — radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command...
NVD CVE-2026-40527 49d ago
HIGH
CVE-2026-40518 (CVSS 7.1) — ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerab...
NVD CVE-2026-40518 50d ago
HIGH
CVE-2025-15624 (CVSS 7.5) — Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.  In ...
NVD CVE-2025-15624 50d ago
HIGH
CVE-2025-15623 (CVSS 7.5) — Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System In...
NVD CVE-2025-15623 50d ago
HIGH
CVE-2026-41035 (CVSS 7.4) — In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call,...
NVD CVE-2026-41035 51d ago
HIGH
CVE-2026-6351 (CVSS 7.5) — MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticat...
NVD CVE-2026-6351 51d ago
HIGH
CVE-2026-6348 (CVSS 8.8) — WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing...
NVD CVE-2026-6348 51d ago
HIGH
CVE-2026-5363 (CVSS 8.8) — Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allow...
NVD CVE-2026-5363 51d ago
HIGH
CVE-2026-33805 (CVSS 8.6) — @fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the clie...
NVD CVE-2026-33805 52d ago
HIGH
Patch Tuesday, April 2026 Edition
Krebs breachesthreat-actorszero-day 52d ago
HIGH
CVE-2026-27289 (CVSS 7.8) — Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when...
NVD CVE-2026-27289 52d ago
HIGH
CVE-2026-32146 (CVSS 7.8) — Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows a...
NVD CVE-2026-32146 56d ago
HIGH
CVE-2026-40180 (CVSS 7.5) — Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs gen...
NVD CVE-2026-40180 56d ago
HIGH
CVE-2021-47961 (CVSS 8.1) — A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows ...
NVD CVE-2021-47961 57d ago
HIGH
CVE-2026-40072 (CVSS 7.2) — web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.1...
NVD CVE-2026-40072 57d ago
HIGH
CVE-2026-5883 (CVSS 8.8) — Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute...
NVD CVE-2026-5883 58d ago
HIGH
CVE-2026-32590 (CVSS 7.1) — A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload p...
NVD CVE-2026-32590 58d ago
HIGH
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
Krebs breachesthreat-actorsransomware 61d ago
HIGH
CVE-2026-34769 (CVSS 7.7) — Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and C...
NVD CVE-2026-34769 63d ago
HIGH
CVE-2026-31399 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: nvdimm/bus: Fix potential use a...
NVD CVE-2026-31399 64d ago
HIGH
CVE-2026-31395 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: bnxt_en: fix OOB access in DBG_...
NVD CVE-2026-31395 64d ago
HIGH
CVE-2026-23454 (CVSS 7) — In the Linux kernel, the following vulnerability has been resolved: net: mana: fix use-after-free i...
NVD CVE-2026-23454 64d ago
HIGH
CVE-2026-23448 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc_ncm: add ndpoffse...
NVD CVE-2026-23448 64d ago
HIGH
CVE-2026-5463 (CVSS 8.6) — Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version...
NVD CVE-2026-5463 64d ago
HIGH
CVE-2026-35535 (CVSS 7.4) — In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a ...
NVD CVE-2026-35535 64d ago
HIGH
CVE-2025-15620 (CVSS 8.6) — HiOS Switch Platform versions 09.1.00 through 09.4.04 and 10.0.00 through 10.3.00 contain a denial-o...
NVD CVE-2025-15620 64d ago
HIGH
CVE-2026-32145 (CVSS 0) — Allocation of Resources Without Limits or Throttling vulnerability in gleam-wisp wisp allows a denia...
NVD CVE-2026-32145 65d ago
HIGH
CVE-2026-34072 (CVSS 8.3) — Cr*nMaster (cronmaster) is a Cronjob management UI with human readable syntax, live logging and log ...
NVD CVE-2026-34072 65d ago
HIGH
CVE-2026-34352 (CVSS 8.5) — In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the ...
NVD CVE-2026-34352 71d ago
HIGH
CVE-2026-0966 (CVSS 8.2) — A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service w...
NVD CVE-2026-0966 71d ago
HIGH
CVE-2026-32846 (CVSS 7.5) — OpenClaw before 2026.3.28 contains a path traversal vulnerability in media parsing that allows attac...
NVD CVE-2026-32846 72d ago
HIGH
CVE-2026-3104 (CVSS 7.5) — A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying ...
NVD CVE-2026-3104 73d ago
HIGH
CVE-2026-23327 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: cxl/mbox: validate payload size...
NVD CVE-2026-23327 73d ago
HIGH
CVE-2026-23305 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: accel/rocket: fix unwinding in ...
NVD CVE-2026-23305 73d ago
HIGH
CVE-2026-23281 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix use-after-f...
NVD CVE-2026-23281 73d ago
HIGH
CVE-2019-25634 (CVSS 8.4) — Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attacker...
NVD CVE-2019-25634 74d ago
HIGH
CVE-2026-4342 (CVSS 8.8) — A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be u...
NVD CVE-2026-4342 78d ago
HIGH
CVE-2025-69720 (CVSS 7.3) — The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in an...
NVD CVE-2025-69720 79d ago
HIGH
CVE-2026-23262 (CVSS 0) — In the Linux kernel, the following vulnerability has been resolved: gve: Fix stats report corruptio...
NVD CVE-2026-23262 79d ago
HIGH
CVE-2026-23244 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: nvme: fix memory allocation in ...
NVD CVE-2026-23244 80d ago
HIGH
CVE-2026-4224 (CVSS 7.5) — When an Expat parser with a registered ElementDeclHandler parses an inline document type definition ...
NVD CVE-2026-4224 81d ago
HIGH
CVE-2026-3644 (CVSS 7.5) — The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete....
NVD CVE-2026-3644CVE-2026-0672 81d ago
HIGH
CVE-2026-3497 (CVSS 7.5) — Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerabilit...
NVD CVE-2026-3497 85d ago
HIGH
CVE-2026-28807 (CVSS 7.5) — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in glea...
NVD CVE-2026-28807 87d ago
HIGH
CVE-2026-28806 (CVSS 8.8) — Improper Authorization vulnerability in nerves-hub nerves_hub_web allows cross-organization device c...
NVD CVE-2026-28806 87d ago
HIGH
CVE-2026-26134 (CVSS 7.8) — Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileg...
NVD CVE-2026-26134 87d ago
HIGH
CVE-2026-26110 (CVSS 8.4) — Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthor...
NVD CVE-2026-26110 87d ago
HIGH
CVE-2026-23925 (CVSS 8.1) — An authenticated Zabbix user (User role) with template/host write permissions is able to create obje...
NVD CVE-2026-23925 92d ago
HIGH NVD Mon, 20 Apr 2026 10:16:16 UTC
CVE-2026-31430 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: X.509: Fix out-of-bounds access...
https://nvd.nist.gov/vuln/detail/CVE-2026-31430
TL;DR
In the Linux kernel, the following vulnerability has been resolved: X.509: Fix out-of-bounds access when parsing extensions Leo reports an out-of-bounds access when parsing a certificate with empty Basic Constraints or Key Usage extension because the first byte of the extension is read before checking its length. Fix it. The bug can be triggered by an unprivileged user by submitting a specially cr…
CVE-2026-31430
Read full story ↗