Recent vulnerabilities
Recent vulnerabilities from
Select from 70 available sources using the dropdown above.
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2026-41054 | Missing exit out of permission check in haveged could lead to root exploit | 2026-05-02T00:00:00.000Z | 2026-05-24T01:42:19.000Z |
| msrc_cve-2026-43619 | Rsync < 3.4.3 Symlink Race Condition via Path-Based Syscalls | 2026-05-02T00:00:00.000Z | 2026-05-23T01:44:58.000Z |
| msrc_cve-2026-7246 | Pallets Click contains a command injection via Unsanitized Filename "click.edit()" | 2026-04-02T00:00:00.000Z | 2026-05-23T01:44:47.000Z |
| msrc_cve-2026-44673 | libyang: lyb_read_string() integer overflow β heap buffer overflow | 2026-05-02T00:00:00.000Z | 2026-05-23T01:44:35.000Z |
| msrc_cve-2025-68768 | inet: frags: flush pending skbs in fqdir_pre_exit() | 2026-01-02T00:00:00.000Z | 2026-05-23T01:42:33.000Z |
| msrc_cve-2026-44390 | Unbounded name compression in certain cases causes degradation of service | 2026-05-02T00:00:00.000Z | 2026-05-23T01:40:45.000Z |
| msrc_cve-2025-51480 | Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing traversal sequences, bypassing intended directory restrictions. | 2025-07-02T00:00:00.000Z | 2026-05-23T01:40:43.000Z |
| msrc_cve-2026-42944 | Heap overflow with multiple NSID, COOKIE, PADDING EDNS options | 2026-05-02T00:00:00.000Z | 2026-05-23T01:40:36.000Z |
| msrc_cve-2026-42923 | Degradation of service with unbounded NSEC3 hash calculations | 2026-05-02T00:00:00.000Z | 2026-05-23T01:40:27.000Z |
| msrc_cve-2025-38096 | wifi: iwlwifi: don't warn when if there is a FW error | 2025-07-02T00:00:00.000Z | 2026-05-23T01:40:23.000Z |
| msrc_cve-2026-40622 | Another 'ghost domain names' attack variant | 2026-05-02T00:00:00.000Z | 2026-05-23T01:40:18.000Z |
| msrc_cve-2025-38140 | dm: limit swapping tables for devices with zone write plugs | 2025-07-02T00:00:00.000Z | 2026-05-23T01:40:16.000Z |
| msrc_cve-2026-42534 | Jostle logic bypass degrades resolution performance | 2026-05-02T00:00:00.000Z | 2026-05-23T01:40:05.000Z |
| msrc_cve-2026-41292 | Long list of incoming EDNS options degrades performance | 2026-05-02T00:00:00.000Z | 2026-05-23T01:39:54.000Z |
| msrc_cve-2026-33278 | Possible arbitrary code execution during DNSSEC validation | 2026-05-02T00:00:00.000Z | 2026-05-23T01:39:45.000Z |
| msrc_cve-2026-41035 | In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable. | 2026-04-02T00:00:00.000Z | 2026-05-23T01:39:39.000Z |
| msrc_cve-2026-44608 | Use after free and crash under special conditions in RPZ code | 2026-05-02T00:00:00.000Z | 2026-05-23T01:39:36.000Z |
| msrc_cve-2026-42959 | Crash during DNSSEC validation of malicious content | 2026-05-02T00:00:00.000Z | 2026-05-23T01:39:27.000Z |
| msrc_cve-2026-42960 | Possible cache poisoning via promiscuous records for the authority section | 2026-05-02T00:00:00.000Z | 2026-05-23T01:39:17.000Z |
| msrc_cve-2026-32792 | Packet of death with DNSCrypt | 2026-05-02T00:00:00.000Z | 2026-05-23T01:39:08.000Z |
| msrc_cve-2026-29518 | Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write | 2026-05-02T00:00:00.000Z | 2026-05-23T01:38:58.000Z |
| msrc_cve-2026-45232 | Rsync < 3.4.3 Off-by-One Stack Write via HTTP Proxy | 2026-05-02T00:00:00.000Z | 2026-05-23T01:38:41.000Z |
| msrc_cve-2026-43617 | Rsync < 3.4.3 Authorization Bypass via Hostname Resolution | 2026-05-02T00:00:00.000Z | 2026-05-23T01:38:32.000Z |
| msrc_cve-2026-43620 | Rsync < 3.4.3 Out-of-Bounds Array Read via recv_files() | 2026-05-02T00:00:00.000Z | 2026-05-23T01:38:23.000Z |
| msrc_cve-2026-43618 | Rsync < 3.4.3 Integer Overflow Information Disclosure | 2026-05-02T00:00:00.000Z | 2026-05-23T01:38:14.000Z |
| msrc_cve-2025-14575 | Uncontrolled Search Path Element in Qt Network OpenSSL TLS backend allows rogue CA certificate loading | 2026-05-02T00:00:00.000Z | 2026-05-23T01:02:20.000Z |
| msrc_cve-2026-8723 | qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnly | 2026-05-02T00:00:00.000Z | 2026-05-23T01:02:15.000Z |
| msrc_cve-2026-8711 | NGINX JavaScript vulnerability | 2026-05-02T00:00:00.000Z | 2026-05-23T01:02:09.000Z |
| msrc_cve-2026-42009 | Gnutls: gnutls: denial of service via dtls packet reordering vulnerability | 2026-05-02T00:00:00.000Z | 2026-05-23T01:01:57.000Z |
| msrc_cve-2026-5950 | Unbounded resend loop in BIND 9 resolver | 2026-05-02T00:00:00.000Z | 2026-05-23T01:01:51.000Z |