Recent vulnerabilities
Recent vulnerabilities from
Select from 70 available sources using the dropdown above.
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2026-40225 | In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output. | 2026-04-02T00:00:00.000Z | 2026-05-27T01:42:56.000Z |
| msrc_cve-2026-40226 | In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file. | 2026-04-02T00:00:00.000Z | 2026-05-27T01:40:43.000Z |
| msrc_cve-2026-8711 | NGINX JavaScript vulnerability | 2026-05-02T00:00:00.000Z | 2026-05-27T01:40:27.000Z |
| msrc_cve-2026-4890 | CVE-2026-4890 | 2026-05-02T00:00:00.000Z | 2026-05-27T01:40:17.000Z |
| msrc_cve-2026-5172 | CVE-2026-5172 | 2026-05-02T00:00:00.000Z | 2026-05-27T01:40:10.000Z |
| msrc_cve-2026-2291 | CVE-2026-2291 | 2026-05-02T00:00:00.000Z | 2026-05-27T01:40:02.000Z |
| msrc_cve-2026-4893 | CVE-2026-4893 | 2026-05-02T00:00:00.000Z | 2026-05-27T01:39:54.000Z |
| msrc_cve-2026-4891 | CVE-2026-4891 | 2026-05-02T00:00:00.000Z | 2026-05-27T01:39:47.000Z |
| msrc_cve-2026-5222 | Cargo can be coerced to share credentials between registries | 2026-05-02T00:00:00.000Z | 2026-05-27T01:18:44.000Z |
| msrc_cve-2026-5223 | Crates in third party registries can override the cached source of other crates | 2026-05-02T00:00:00.000Z | 2026-05-27T01:18:36.000Z |
| msrc_cve-2026-8466 | Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy | 2026-05-02T00:00:00.000Z | 2026-05-27T01:18:28.000Z |
| msrc_cve-2026-6402 | webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins | 2026-05-02T00:00:00.000Z | 2026-05-27T01:18:22.000Z |
| msrc_cve-2026-9256 | NGINX ngx_http_rewrite_module vulnerability | 2026-05-02T00:00:00.000Z | 2026-05-27T01:18:17.000Z |
| msrc_cve-2026-9149 | Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file | 2026-05-02T00:00:00.000Z | 2026-05-27T01:18:12.000Z |
| msrc_cve-2026-9150 | Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums | 2026-05-02T00:00:00.000Z | 2026-05-27T01:18:07.000Z |
| msrc_cve-2026-42508 | Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts | 2026-05-02T00:00:00.000Z | 2026-05-27T01:18:00.000Z |
| msrc_cve-2026-39833 | Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent | 2026-05-02T00:00:00.000Z | 2026-05-27T01:17:49.000Z |
| msrc_cve-2026-46595 | Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh | 2026-05-02T00:00:00.000Z | 2026-05-27T01:17:33.000Z |
| msrc_cve-2026-46598 | Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent | 2026-05-02T00:00:00.000Z | 2026-05-27T01:17:17.000Z |
| msrc_cve-2026-39832 | Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent | 2026-05-02T00:00:00.000Z | 2026-05-27T01:16:55.000Z |
| msrc_cve-2026-39828 | Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh | 2026-05-02T00:00:00.000Z | 2026-05-27T01:16:38.000Z |
| msrc_cve-2026-39834 | Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh | 2026-05-02T00:00:00.000Z | 2026-05-27T01:15:56.000Z |
| msrc_cve-2026-39835 | Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh | 2026-05-02T00:00:00.000Z | 2026-05-27T01:15:20.000Z |
| msrc_cve-2026-39827 | Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh | 2026-05-02T00:00:00.000Z | 2026-05-27T01:14:45.000Z |
| msrc_cve-2026-39831 | Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh | 2026-05-02T00:00:00.000Z | 2026-05-27T01:14:09.000Z |
| msrc_cve-2026-46597 | Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh | 2026-05-02T00:00:00.000Z | 2026-05-27T01:13:34.000Z |
| msrc_cve-2026-39830 | Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh | 2026-05-02T00:00:00.000Z | 2026-05-27T01:12:59.000Z |
| msrc_cve-2026-39829 | Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh | 2026-05-02T00:00:00.000Z | 2026-05-27T01:12:24.000Z |
| msrc_cve-2026-25681 | Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html | 2026-05-02T00:00:00.000Z | 2026-05-27T01:11:48.000Z |
| msrc_cve-2026-27136 | Invoking duplicate attributes can cause XSS in golang.org/x/net/html | 2026-05-02T00:00:00.000Z | 2026-05-27T01:10:38.000Z |