Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-43494 — net/rds: reset op_nents when zerocopy page pin fails

In the Linux kernel, the following vulnerability has been resolved: net/rds: reset op_nents when zerocopy page pin fails When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(), the pinne…

| Memory Corruption
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
6.9 MEDIUM
CVE-2026-0393 — CODESYS Visualization - Insufficiently Protected Credentials

The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerabil…

Remote | Authentication
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
0.0 NA
CVE-2026-45255 — Remote code execution via installer Wi-Fi access point scans

When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog(1) to prompt the user to select a network. This is implemented us…

| Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
0.0 NA
CVE-2026-45254 — Incorrect libcap_net limitation list manipulation

In the case of the cap_net service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected. In certain scenarios, an…

| Authorization
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
0.0 NA
CVE-2026-45253 — Missing validation in ptrace(PT_SC_REMOTE)

ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code …

| Memory Corruption
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
0.0 NA
CVE-2026-45252 — Heap overflow in FUSE_LISTXATTR

When a fusefs file system implements extended attributes, the kernel may send a FUSE_LISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE …

| Memory Corruption
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
0.0 NA
CVE-2026-45251 — Kernel use-after-free via file descriptor syscalls

A file descriptor can be closed while a thread is blocked in a poll(2) or select(2) call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, t…

| Memory Corruption
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
4.9 MEDIUM
CVE-2026-42396 — Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail

Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail

Remote | Misconfiguration
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.9 MEDIUM
CVE-2026-42002 — Concurrency and locking defects in GSS-TSIG

Concurrency and locking defects in GSS-TSIG

Remote | Race Condition
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.5 HIGH
CVE-2026-42001 — Insufficient Validation of Autoprimary SOA Queries

Insufficient Validation of Autoprimary SOA Queries

Remote | Misconfiguration
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
6.8 MEDIUM
CVE-2026-42000 — Insufficient Validation of Names During AXFR

Insufficient Validation of Names During AXFR

Remote | Misconfiguration
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
4.8 MEDIUM
CVE-2026-41999 — Incorrect Behaviour of Views with TCP PROXY Requests

Incorrect Behaviour of Views with TCP PROXY Requests

Remote
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
0.0 NA
CVE-2026-39461 — select(2) file descriptor set overflow causes stack overflow

libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available. However, it does not verify that its socket descript…

| Memory Corruption
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
7.8 HIGH
CVE-2026-28764 — MediaArea MediaInfoLib LXF Element Parsing Heap-Based Buffer Overflow Vulnerability

MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability

| Memory Corruption
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
8.6 HIGH
CVE-2026-9157 — Remote Code Execution in Gmission Web FAX

Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from 3.0 before 3.1.

| Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
3.7 LOW
CVE-2026-7837 — TOCTOU with root privilege in ad_flush

A time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited da…

Remote | Race Condition
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.9 MEDIUM
CVE-2026-5434 — Improper storage of sensitive information

Honeywell Control Network Module (CNM) contains insertion of sensitive information into an unintended directory. An attacker could exploit this vulnerability through probing system files, potentially…

Remote | Path Traversal
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
9.1 CRITICAL
CVE-2026-5433 — Improper Sanitization in CNM Web Interface

Honeywell Control Network Module (CNM) contains command injection vulnerability in the web interface. An attacker could exploit this vulnerability via command delimiters, potentially resulting in Rem…

Remote | Injection
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
8.0 HIGH
CVE-2026-4858 — Path traversal in integration action URL leading to arbitrary API execution via system ad…

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to check integration URL for path traversal which allows an malicious authenticated user to call an…

Remote | Path Traversal
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
0.0 NA
CVE-2026-45250 — Stack buffer overflow via setcred(2)

The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-…

| Memory Corruption
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
Showing 20 of 6446 Results