Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
5.1 MEDIUM
CVE-2026-42840 — ERPNext 16.16.0 - Stored XSS in POS customer section via unescaped template literals

An authenticated user can persist arbitrary HTML/JavaScript in the email_id or mobile_no fields of a Customer record and trigger unescaped rendering in the Point of Sale (POS) interface for every ope…

erpnext | Remote | Cross-Site Scripting
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
4.8 MEDIUM
CVE-2026-42839 — ERPNext 16.16.0 - Stored XSS in POS cart item rendering

An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the item_name, description, or image fields of an Item and trigger unescaped rendering in the …

erpnext | Remote | Cross-Site Scripting
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-26379 — Koha Z39.50 Arbitrary Code Execution

An issue in Koha v.25.11 and before allows a remote attacker to execute arbitrary code via the Z39.50 configuration module

| Misconfiguration
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-26378 — Koha Cross-Site Scripting via Invoice File Upload

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features

| Cross-Site Scripting
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-46273 — ibmveth: Disable GSO for packets with small MSS

In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do not support segmentation offload when …

| Denial of Service
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-46272 — coresight: tmc-etr: Fix race condition between sysfs and perf mode

In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode When trying to run perf and sysfs mode simultaneously, the WAR…

| Race Condition
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-46271 — wifi: ath12k: do WoW offloads only on primary link

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: do WoW offloads only on primary link In case of multi-link connection, WCN7850 firmware crashes due to WoW offloads…

| Misconfiguration
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-46270 — power: supply: rt9455: Fix use-after-free in power_supply_changed()

In the Linux kernel, the following vulnerability has been resolved: power: supply: rt9455: Fix use-after-free in power_supply_changed() Using the `devm_` variant for requesting IRQ _before_ the `de…

| Race Condition
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-46269 — pinctrl: canaan: k230: Fix NULL pointer dereference when parsing devicetree

In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix NULL pointer dereference when parsing devicetree When probing the k230 pinctrl driver, the kernel trig…

| Memory Corruption
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-46268 — PCI/P2PDMA: Fix p2pmem_alloc_mmap() warning condition

In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Fix p2pmem_alloc_mmap() warning condition Commit b7e282378773 has already changed the initial page refcount of p2pdma…

| Memory Corruption
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-46267 — nfc: hci: shdlc: Stop timers and work before freeing context

In the Linux kernel, the following vulnerability has been resolved: nfc: hci: shdlc: Stop timers and work before freeing context llc_shdlc_deinit() purges SHDLC skb queues and frees the llc_shdlc s…

| Race Condition
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-46266 — inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP

In the Linux kernel, the following vulnerability has been resolved: inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP Yizhou Zhao reported that simply having one RAW socket on protocol IP…

| Injection
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-46265 — RDMA/hns: Fix WQ_MEM_RECLAIM warning

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix WQ_MEM_RECLAIM warning When sunrpc is used, if a reset triggered, our wq may lead the following trace: workqueue: …

Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-46264 — drm/xe/pf: Fix sysfs initialization

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix sysfs initialization In case of devm_add_action_or_reset() failure the provided cleanup action will be run immedia…

| Memory Corruption
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-46263 — drm/amd/display: Fix out-of-bounds stream encoder index v3

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds stream encoder index v3 eng_id can be negative and that stream_enc_regs[] can be indexed out o…

| Memory Corruption
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-46262 — ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr_mode_put()

In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr_mode_put() This reverts commit f51424872760 ("ASoC: fsl_xcvr: fix missing loc…

| Race Condition
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-46261 — spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe()

In the Linux kernel, the following vulnerability has been resolved: spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() platform_get_resource_byname() can return NULL, which w…

| Memory Corruption
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-46260 — ipv6: Fix out-of-bound access in fib6_add_rt2node().

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bound access in fib6_add_rt2node(). syzbot reported out-of-bound read in fib6_add_rt2node(). [0] When IPv6 rout…

| Memory Corruption
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-46259 — procfs: fix missing RCU protection when reading real_parent in do_task_stat()

In the Linux kernel, the following vulnerability has been resolved: procfs: fix missing RCU protection when reading real_parent in do_task_stat() When reading /proc/[pid]/stat, do_task_stat() acces…

| Memory Corruption
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
0.0 NA
CVE-2026-46258 — gpio: cdev: Avoid NULL dereference in linehandle_create()

In the Linux kernel, the following vulnerability has been resolved: gpio: cdev: Avoid NULL dereference in linehandle_create() In linehandle_create(), there is a statement like this: retain_and_nu…

| Memory Corruption
Jun 03, 2026 Jun 03, 2026
Jun 03, 2026
Jun 03, 2026
Showing 20 of 7142 Results