Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-43089 — xfrm_user: fix info leak in build_mapping()

In the Linux kernel, the following vulnerability has been resolved: xfrm_user: fix info leak in build_mapping() struct xfrm_usersa_id has a one-byte padding hole after the proto field, which ends u…

| Information Disclosure
May 06, 2026 May 06, 2026
May 06, 2026
May 06, 2026
0.0 NA
CVE-2026-43088 — net: af_key: zero aligned sockaddr tail in PF_KEY exports

In the Linux kernel, the following vulnerability has been resolved: net: af_key: zero aligned sockaddr tail in PF_KEY exports PF_KEY export paths use `pfkey_sockaddr_size()` when reserving sockaddr…

| Misconfiguration
May 06, 2026 May 06, 2026
May 06, 2026
May 06, 2026
0.0 NA
CVE-2026-43087 — pinctrl: mcp23s08: Disable all pin interrupts during probe

In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Disable all pin interrupts during probe A chip being probed may have the interrupt-on-change feature enabled o…

| Misconfiguration
May 06, 2026 May 06, 2026
May 06, 2026
May 06, 2026
0.0 NA
CVE-2026-43086 — ipvs: fix NULL deref in ip_vs_add_service error path

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix NULL deref in ip_vs_add_service error path When ip_vs_bind_scheduler() succeeds in ip_vs_add_service(), the local varia…

| Memory Corruption
May 06, 2026 May 06, 2026
May 06, 2026
May 06, 2026
0.0 NA
CVE-2026-43085 — netfilter: nfnetlink_log: initialize nfgenmsg in NLMSG_DONE terminator

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_log: initialize nfgenmsg in NLMSG_DONE terminator When batching multiple NFLOG messages (inst->qlen > 1), __…

| Information Disclosure
May 06, 2026 May 06, 2026
May 06, 2026
May 06, 2026
0.0 NA
CVE-2026-43084 — netfilter: nfnetlink_queue: make hash table per queue

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: make hash table per queue Sharing a global hash table among all queues is tempting, but it can cause …

| Memory Corruption
May 06, 2026 May 06, 2026
May 06, 2026
May 06, 2026
0.0 NA
CVE-2026-43083 — net: ioam6: fix OOB and missing lock

In the Linux kernel, the following vulnerability has been resolved: net: ioam6: fix OOB and missing lock When trace->type.bit6 is set: if (trace->type.bit6) { ... queue = skb_g…

| Memory Corruption
May 06, 2026 May 06, 2026
May 06, 2026
May 06, 2026
0.0 NA
CVE-2026-43082 — net: txgbe: leave space for null terminators on property_entry

In the Linux kernel, the following vulnerability has been resolved: net: txgbe: leave space for null terminators on property_entry Lists of struct property_entry are supposed to be terminated with …

May 06, 2026 May 06, 2026
May 06, 2026
May 06, 2026
0.0 NA
CVE-2026-43081 — net: ipa: fix GENERIC_CMD register field masks for IPA v5.0+

In the Linux kernel, the following vulnerability has been resolved: net: ipa: fix GENERIC_CMD register field masks for IPA v5.0+ Fix the field masks to match the hardware layout documented in downs…

| Misconfiguration
May 06, 2026 May 06, 2026
May 06, 2026
May 06, 2026
0.0 NA
CVE-2026-43080 — l2tp: Drop large packets with UDP encap

In the Linux kernel, the following vulnerability has been resolved: l2tp: Drop large packets with UDP encap syzbot reported a WARN on my patch series [1]. The actual issue is an overflow of 16-bit …

| Denial of Service
May 06, 2026 May 06, 2026
May 06, 2026
May 06, 2026
0.0 NA
CVE-2026-43079 — perf/x86/intel/uncore: Skip discovery table for offline dies

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Skip discovery table for offline dies This warning can be triggered if NUMA is disabled and the system boo…

| Memory Corruption
May 06, 2026 May 06, 2026
May 06, 2026
May 06, 2026
0.0 NA
CVE-2026-43078 — crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl

In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl When page reassignment was added to af_alg_pull_tsgl the orig…

| Memory Corruption
May 06, 2026 May 06, 2026
May 06, 2026
May 06, 2026
0.0 NA
CVE-2026-43077 — crypto: algif_aead - Fix minimum RX size check for decryption

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Fix minimum RX size check for decryption The check for the minimum receive buffer size did not take the tag …

| Cryptography
May 06, 2026 May 06, 2026
May 06, 2026
May 06, 2026
0.0 NA
CVE-2026-43076 — ocfs2: validate inline data i_size during inode read

In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate inline data i_size during inode read When reading an inode from disk, ocfs2_validate_inode_block() performs vario…

| Memory Corruption
May 06, 2026 May 06, 2026
May 06, 2026
May 06, 2026
0.0 NA
CVE-2026-43075 — ocfs2: fix out-of-bounds write in ocfs2_write_end_inline

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix out-of-bounds write in ocfs2_write_end_inline KASAN reports a use-after-free write of 4086 bytes in ocfs2_write_end_in…

| Memory Corruption
May 06, 2026 May 06, 2026
May 06, 2026
May 06, 2026
0.0 NA
CVE-2026-43074 — eventpoll: defer struct eventpoll free to RCU grace period

In the Linux kernel, the following vulnerability has been resolved: eventpoll: defer struct eventpoll free to RCU grace period In certain situations, ep_free() in eventpoll.c will kfree the epi->ep…

| Memory Corruption
May 06, 2026 May 06, 2026
May 06, 2026
May 06, 2026
0.0 NA
CVE-2026-42509 — Apache Wicket: crafted strings can break out of the JavaScript sequence

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 t…

| Cross-Site Scripting
May 06, 2026 May 06, 2026
May 06, 2026
May 06, 2026
0.0 NA
CVE-2026-40010 — Apache Wicket: possible session fixation using AuthenticatedWebSession

Missing invocation of Servlet http web request method changeSessionId after session binding can be exploited for a session fixation attack in Apache Wicket. This issue affects Apache Wicket: from 8.…

| Authentication
May 06, 2026 May 06, 2026
May 06, 2026
May 06, 2026
5.2 MEDIUM
CVE-2026-40001 — Local privilege escalation vulnerability in ZTE PROCESS Guard service of the cloud comput…

There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary code execution, privilege escalation and path traver…

| Path Traversal
May 06, 2026 May 06, 2026
May 06, 2026
May 06, 2026
6.6 MEDIUM
CVE-2026-35255 — Oracle Cloud Native Environment Command Line Interface Environment Variable Injection Vul…

Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability…

| Injection
May 06, 2026 May 06, 2026
May 06, 2026
May 06, 2026
Showing 20 of 5728 Results