Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.5 MEDIUM
CVE-2026-23238 — romfs: check sb_set_blocksize() return value

In the Linux kernel, the following vulnerability has been resolved: romfs: check sb_set_blocksize() return value romfs_fill_super() ignores the return value of sb_set_blocksize(), which can fail if…

linux_kernel | Misconfiguration
Mar 04, 2026 Mar 17, 2026
Mar 04, 2026
Mar 17, 2026
5.5 MEDIUM
CVE-2026-23237 — platform/x86: classmate-laptop: Add missing NULL pointer checks

In the Linux kernel, the following vulnerability has been resolved: platform/x86: classmate-laptop: Add missing NULL pointer checks In a few places in the Classmate laptop driver, code using the ac…

linux_kernel | Memory Corruption
Mar 04, 2026 Mar 17, 2026
Mar 04, 2026
Mar 17, 2026
7.3 HIGH
CVE-2026-23236 — fbdev: smscufx: properly copy ioctl memory to kernelspace

In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: properly copy ioctl memory to kernelspace The UFX_IOCTL_REPORT_DAMAGE ioctl does not properly copy data from user…

linux_kernel | Memory Corruption
Mar 04, 2026 Apr 02, 2026
Mar 04, 2026
Apr 02, 2026
7.1 HIGH
CVE-2026-23235 — f2fs: fix out-of-bounds access in sysfs attribute read/write

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix out-of-bounds access in sysfs attribute read/write Some f2fs sysfs attributes suffer from out-of-bounds memory access a…

linux_kernel | Memory Corruption
Mar 04, 2026 Mar 17, 2026
Mar 04, 2026
Mar 17, 2026
7.8 HIGH
CVE-2026-23234 — f2fs: fix to avoid UAF in f2fs_write_end_io()

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fs_write_end_io() As syzbot reported an use-after-free issue in f2fs_write_end_io(). It is caused by…

linux_kernel | Race Condition
Mar 04, 2026 Mar 17, 2026
Mar 04, 2026
Mar 17, 2026
7.8 HIGH
CVE-2026-23233 — f2fs: fix to avoid mapping wrong physical block for swapfile

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid mapping wrong physical block for swapfile Xiaolong Guo reported a f2fs bug in bugzilla [1] [1] https://bugzil…

linux_kernel | Misconfiguration
Mar 04, 2026 Mar 17, 2026
Mar 04, 2026
Mar 17, 2026
5.5 MEDIUM
CVE-2026-23232 — Revert "f2fs: block cache/dio write during f2fs_enable_checkpoint()"

In the Linux kernel, the following vulnerability has been resolved: Revert "f2fs: block cache/dio write during f2fs_enable_checkpoint()" This reverts commit 196c81fdd438f7ac429d5639090a9816abb9760a…

linux_kernel | Race Condition
Mar 04, 2026 Mar 17, 2026
Mar 04, 2026
Mar 17, 2026
7.8 HIGH
CVE-2025-71238 — scsi: qla2xxx: Fix bsg_done() causing double free

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsg_done() causing double free Kernel panic observed on system, [5353358.825191] BUG: unable to handle page f…

linux_kernel | Memory Corruption
Mar 04, 2026 Mar 17, 2026
Mar 04, 2026
Mar 17, 2026
6.6 MEDIUM
CVE-2025-70342 — Asuswrt SwiftDialog Credential Disclosure

erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials enter…

erase-install | Information Disclosure
Mar 04, 2026 Mar 09, 2026
Mar 04, 2026
Mar 09, 2026
7.8 HIGH
CVE-2025-70341 — App-Auto-Patch File Traversal Vulnerability

Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files.

app-auto-patch | Race Condition
Mar 04, 2026 Mar 05, 2026
Mar 04, 2026
Mar 05, 2026
5.4 MEDIUM
CVE-2026-3103 — Deletion of passwords via RestApi

A logic error in the remove_password() function in Checkmk GmbH's Checkmk versions <2.4.0p23, <2.3.0p43, and 2.2.0 (EOL) allows a low-privileged user to cause data loss.

checkmk | Remote | Information Disclosure
Mar 04, 2026 Mar 05, 2026
Mar 04, 2026
Mar 05, 2026
6.5 MEDIUM
CVE-2025-40896 — Lack of TLS certificate validation when connecting Arc to a Guardian or CMC, in Arc befor…

The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc…

arc arc | Remote | Authentication
Mar 04, 2026 Mar 05, 2026
Mar 04, 2026
Mar 05, 2026
4.8 MEDIUM
CVE-2025-40895 — HTML injection in Sensor Map in CMC before 25.6.0

A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on connected Guardians' properties. A malicious authenticated user with admini…

cmc cmc | Remote | Cross-Site Scripting
Mar 04, 2026 Mar 05, 2026
Mar 04, 2026
Mar 05, 2026
5.4 MEDIUM
CVE-2025-40894 — HTML injection in Alerted Nodes Dashboard in Guardian/CMC before 25.6.0

A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter. A malicious authenticated user with the required…

cmc guardian cmc guardian | Remote | Cross-Site Scripting
Mar 04, 2026 Mar 05, 2026
Mar 04, 2026
Mar 05, 2026
Showing 20 of 6354 Results