| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-14324 | mod | 0.42 | 6.5 | 0.00 | Jul 1, 2026 | pipewire: RAOP RTSP NULL Deref | ||
| CVE-2026-14330 | mod | 0.36 | 5.5 | 0.00 | Jul 1, 2026 | pipewire: Pulse Server alloca Stack Overflow | ||
| CVE-2026-53326 | low | 0.29 | 5.5 | 0.00 | Jul 1, 2026 | kernel: debugobjects: Don't call fill_pool() in early boot hardirq context | ||
| CVE-2026-53327 | low | 0.29 | 5.5 | 0.00 | Jul 1, 2026 | kernel: debugobjects: Do not fill_pool() if pi_blocked_on | ||
| CVE-2026-53328 | 0.00 | — | 0.00 | Jul 1, 2026 | kernel: sched_ext: Don't warn on NULL cgrp_moving_from in scx_cgroup_move_task() | |||
| CVE-2026-53329 | 0.00 | — | 0.00 | Jul 1, 2026 | kernel: drm/amd/display: Use krealloc_array() in dal_vector_reserve() | |||
| CVE-2026-53330 | 0.00 | — | 0.00 | Jul 1, 2026 | kernel: drm/amd/display: Fix out-of-bounds read in dp_get_eq_aux_rd_interval() | |||
| CVE-2026-53331 | — | mod | 0.19 | — | 0.00 | Jul 1, 2026 | kernel: slimbus: qcom-ngd-ctrl: Avoid ABBA on tx_lock/ctrl->lock | |
| CVE-2026-53332 | 0.00 | — | 0.00 | Jul 1, 2026 | kernel: slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd | |||
| CVE-2026-53333 | low | 0.29 | 5.5 | 0.00 | Jul 1, 2026 | kernel: mm/mincore: handle non-swap entries before !CONFIG_SWAP guard | ||
| CVE-2026-53334 | 0.00 | — | 0.00 | Jul 1, 2026 | kernel: mm/damon/reclaim: handle ctx allocation failure | |||
| CVE-2026-53335 | 0.00 | — | 0.00 | Jul 1, 2026 | kernel: mm/damon/lru_sort: handle ctx allocation failure | |||
| CVE-2026-53336 | 0.00 | — | 0.00 | Jul 1, 2026 | kernel: nvmem: layouts: onie-tlv: fix hang on unknown types | |||
| CVE-2026-53337 | low | 0.29 | 5.5 | 0.00 | Jul 1, 2026 | kernel: net: bonding: fix NULL pointer dereference in bond_do_ioctl() | ||
| CVE-2026-53338 | 0.00 | — | 0.00 | Jul 1, 2026 | kernel: net: airoha: Add NULL check for of_reserved_mem_lookup() in airoha_qdma_init_hfwd_queues() | |||
| CVE-2026-53339 | low | 0.29 | 5.5 | 0.00 | Jul 1, 2026 | kernel: i2c: qcom-cci: Fix NULL pointer dereference in cci_remove() | ||
| CVE-2026-53340 | low | 0.29 | 5.5 | 0.00 | Jul 1, 2026 | kernel: i2c: imx: fix clock and pinctrl state inconsistency in runtime PM | ||
| CVE-2026-53341 | mod | 0.39 | 7.0 | 0.00 | Jul 1, 2026 | kernel: fhandle: fix UAF due to unlocked ->mnt_ns read in may_decode_fh() | ||
| CVE-2026-53342 | mod | 0.19 | — | 0.00 | Jul 1, 2026 | kernel: arm64: mm: call pagetable dtor when freeing hot-removed page tables | ||
| CVE-2026-53343 | 0.00 | — | 0.00 | Jul 1, 2026 | kernel: ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow | |||
| CVE-2026-53344 | mod | 0.19 | — | 0.00 | Jul 1, 2026 | kernel: pinctrl: mcp23s08: Initialize mcp->dev and mcp->addr before regmap init | ||
| CVE-2026-53345 | 0.00 | — | 0.00 | Jul 1, 2026 | kernel: KVM: Don't WARN if memory is dirtied without a vCPU when the VM is dying | |||
| CVE-2026-53347 | low | 0.29 | 5.5 | 0.00 | Jul 1, 2026 | kernel: drm/virtio: Fix driver removal with disabled KMS | ||
| CVE-2026-53348 | low | 0.29 | 5.5 | 0.00 | Jul 1, 2026 | kernel: ASoC: SDCA: fix NULL pointer dereference in sdca_dev_unregister_functions | ||
| CVE-2026-53349 | mod | 0.29 | 5.5 | 0.00 | Jul 1, 2026 | kernel: netfilter: nf_conntrack: destroy stale expectfn expectations on unregister | ||
| CVE-2026-53350 | low | 0.29 | 5.5 | 0.00 | Jul 1, 2026 | kernel: ASoC: wm_adsp: Fix NULL dereference when removing firmware controls | ||
| CVE-2026-53351 | 0.00 | — | 0.00 | Jul 1, 2026 | kernel: riscv/ptrace: Use USER_REGSET_NOTE_TYPE for REGSET_CFI | |||
| CVE-2026-53352 | low | 0.29 | 5.5 | 0.00 | Jul 1, 2026 | kernel: signal: clear JOBCTL_PENDING_MASK for caller in zap_other_threads() | ||
| CVE-2026-53353 | low | 0.29 | 5.5 | 0.00 | Jul 1, 2026 | kernel: hsr: Remove WARN_ONCE() in hsr_addr_is_self() | ||
| CVE-2026-53354 | mod | 0.39 | 7.0 | 0.00 | Jul 1, 2026 | kernel: arm64: errata: Mitigate TLBI errata on various Arm CPUs | ||
| CVE-2026-53355 | — | mod | 0.39 | 7.0 | 0.00 | Jul 1, 2026 | kernel: net: rds: clear i_sends on setup unwind | |
| CVE-2026-53356 | 0.00 | — | 0.00 | Jul 1, 2026 | kernel: drm/i915/gem: Fix phys BO pread/pwrite with offset | |||
| CVE-2026-54672 | imp | 0.40 | 7.3 | 0.00 | Jun 30, 2026 | electron-updater: app-builder-lib: Electron-updater: Arbitrary code execution through AppImage library loading vulnerability | ||
| CVE-2026-54673 | mod | 0.35 | 6.5 | 0.00 | Jun 30, 2026 | electron-updater: electron-builder: Electron-updater: Information disclosure via unstripped credential headers during HTTP redirects | ||
| CVE-2026-58371 | low | 0.13 | 3.1 | 0.00 | Jun 30, 2026 | github.com/seaweedfs/seaweedfs: SeaweedFS: Information disclosure via unvalidated JSONP callback parameter | ||
| CVE-2026-13455 | mod | 0.21 | 4.3 | 0.00 | Jun 30, 2026 | postgresql_anonymizer: PostgreSQL Anonymizer: Information Disclosure via brute-force attack on hash function | ||
| CVE-2026-53433 | mod | 0.42 | 7.5 | 0.00 | Jun 30, 2026 | fzf: fzf: Denial of Service via inefficient HTTP body processing | ||
| CVE-2026-53432 | mod | 0.26 | 5.0 | 0.00 | Jun 30, 2026 | github.com/junegunn/fzf: fzf: Denial of Service via Integer Overflow in FuzzyMatchV2 function | ||
| CVE-2026-12388 | mod | 0.42 | 6.5 | 0.00 | Jun 30, 2026 | keycloak-broker: Keycloak: Privilege escalation to realm administrator via improper authorization in identity provider mapper | ||
| CVE-2026-14209 | mod | 0.28 | 4.3 | 0.00 | Jun 30, 2026 | keycloak-admin-ui: keycloak-admin-ui: Keycloak: Admin UI extension brute-force-user endpoint bypasses FGAPv2 user view restrictions | ||
| CVE-2026-49434 | imp | 0.42 | 7.6 | 0.01 | Jun 30, 2026 | org.apache.activemq/activemq-broker: org.apache.activemq/activemq-core: org.apache.activemq/activemq-all: Apache ActiveMQ: Unauthorized broker instantiation via improper input validation in LDAP entries | ||
| CVE-2026-49432 | imp | 0.42 | 7.5 | 0.01 | Jun 30, 2026 | org.apache.activemq/activemq: org.apache.activemq/activemq-all: org.apache.activemq/activemq-stomp: Apache ActiveMQ: Denial of Service via improper input validation in STOMP connector | ||
| CVE-2026-50734 | imp | 0.42 | 7.5 | 0.01 | Jun 30, 2026 | Apache ActiveMQ Client: Apache ActiveMQ: Apache ActiveMQ All: Apache ActiveMQ: Denial of Service via crafted WireFormatInfo frame | ||
| CVE-2026-50750 | imp | 0.49 | 7.5 | 0.01 | Jun 30, 2026 | activemq: Apache ActiveMQ: Denial of Service via repeated BrokerInfo commands | ||
| CVE-2026-53916 | imp | 0.42 | 7.5 | 0.01 | Jun 30, 2026 | Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec | ||
| CVE-2026-53917 | mod | 0.35 | 6.5 | 0.01 | Jun 30, 2026 | activemq: activemq-all: activemq-client: activemq-broker: Apache ActiveMQ: Denial of Service via crafted OpenWire Message | ||
| CVE-2026-54475 | imp | 0.46 | 8.2 | 0.01 | Jun 30, 2026 | org.apache.activemq/activemq-broker: org.apache.activemq/activemq-all: org.apache.activemq/activemq: Apache ActiveMQ: Information disclosure due to broken temporary destination isolation | ||
| CVE-2026-13523 | 0.00 | — | 0.00 | Jun 30, 2026 | A weakness has been identified in GPAC up to 26.02.0. This affects an unknown part of the file src/utils/base_encoding.c of the component ISOBMFF Parser. Executing a manipulation can lead to highly compressed data. The attack needs to be launched locally. The exploit has been… | |||
| CVE-2026-58302 | 0.00 | — | 0.00 | Jun 30, 2026 | rtapi_app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen() by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an… | |||
| CVE-2026-13601 | 0.00 | — | 0.00 | Jun 30, 2026 | A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG… |
- risk 0.42cvss 6.5epss 0.00
pipewire: RAOP RTSP NULL Deref
- risk 0.36cvss 5.5epss 0.00
pipewire: Pulse Server alloca Stack Overflow
- risk 0.29cvss 5.5epss 0.00
kernel: debugobjects: Don't call fill_pool() in early boot hardirq context
- risk 0.29cvss 5.5epss 0.00
kernel: debugobjects: Do not fill_pool() if pi_blocked_on
- CVE-2026-53328Jul 1, 2026risk 0.00cvss —epss 0.00
kernel: sched_ext: Don't warn on NULL cgrp_moving_from in scx_cgroup_move_task()
- CVE-2026-53329Jul 1, 2026risk 0.00cvss —epss 0.00
kernel: drm/amd/display: Use krealloc_array() in dal_vector_reserve()
- CVE-2026-53330Jul 1, 2026risk 0.00cvss —epss 0.00
kernel: drm/amd/display: Fix out-of-bounds read in dp_get_eq_aux_rd_interval()
- risk 0.19cvss —epss 0.00
kernel: slimbus: qcom-ngd-ctrl: Avoid ABBA on tx_lock/ctrl->lock
- CVE-2026-53332Jul 1, 2026risk 0.00cvss —epss 0.00
kernel: slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd
- risk 0.29cvss 5.5epss 0.00
kernel: mm/mincore: handle non-swap entries before !CONFIG_SWAP guard
- CVE-2026-53334Jul 1, 2026risk 0.00cvss —epss 0.00
kernel: mm/damon/reclaim: handle ctx allocation failure
- CVE-2026-53335Jul 1, 2026risk 0.00cvss —epss 0.00
kernel: mm/damon/lru_sort: handle ctx allocation failure
- CVE-2026-53336Jul 1, 2026risk 0.00cvss —epss 0.00
kernel: nvmem: layouts: onie-tlv: fix hang on unknown types
- risk 0.29cvss 5.5epss 0.00
kernel: net: bonding: fix NULL pointer dereference in bond_do_ioctl()
- CVE-2026-53338Jul 1, 2026risk 0.00cvss —epss 0.00
kernel: net: airoha: Add NULL check for of_reserved_mem_lookup() in airoha_qdma_init_hfwd_queues()
- risk 0.29cvss 5.5epss 0.00
kernel: i2c: qcom-cci: Fix NULL pointer dereference in cci_remove()
- risk 0.29cvss 5.5epss 0.00
kernel: i2c: imx: fix clock and pinctrl state inconsistency in runtime PM
- risk 0.39cvss 7.0epss 0.00
kernel: fhandle: fix UAF due to unlocked ->mnt_ns read in may_decode_fh()
- risk 0.19cvss —epss 0.00
kernel: arm64: mm: call pagetable dtor when freeing hot-removed page tables
- CVE-2026-53343Jul 1, 2026risk 0.00cvss —epss 0.00
kernel: ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow
- risk 0.19cvss —epss 0.00
kernel: pinctrl: mcp23s08: Initialize mcp->dev and mcp->addr before regmap init
- CVE-2026-53345Jul 1, 2026risk 0.00cvss —epss 0.00
kernel: KVM: Don't WARN if memory is dirtied without a vCPU when the VM is dying
- risk 0.29cvss 5.5epss 0.00
kernel: drm/virtio: Fix driver removal with disabled KMS
- risk 0.29cvss 5.5epss 0.00
kernel: ASoC: SDCA: fix NULL pointer dereference in sdca_dev_unregister_functions
- risk 0.29cvss 5.5epss 0.00
kernel: netfilter: nf_conntrack: destroy stale expectfn expectations on unregister
- risk 0.29cvss 5.5epss 0.00
kernel: ASoC: wm_adsp: Fix NULL dereference when removing firmware controls
- CVE-2026-53351Jul 1, 2026risk 0.00cvss —epss 0.00
kernel: riscv/ptrace: Use USER_REGSET_NOTE_TYPE for REGSET_CFI
- risk 0.29cvss 5.5epss 0.00
kernel: signal: clear JOBCTL_PENDING_MASK for caller in zap_other_threads()
- risk 0.29cvss 5.5epss 0.00
kernel: hsr: Remove WARN_ONCE() in hsr_addr_is_self()
- risk 0.39cvss 7.0epss 0.00
kernel: arm64: errata: Mitigate TLBI errata on various Arm CPUs
- risk 0.39cvss 7.0epss 0.00
kernel: net: rds: clear i_sends on setup unwind
- CVE-2026-53356Jul 1, 2026risk 0.00cvss —epss 0.00
kernel: drm/i915/gem: Fix phys BO pread/pwrite with offset
- risk 0.40cvss 7.3epss 0.00
electron-updater: app-builder-lib: Electron-updater: Arbitrary code execution through AppImage library loading vulnerability
- risk 0.35cvss 6.5epss 0.00
electron-updater: electron-builder: Electron-updater: Information disclosure via unstripped credential headers during HTTP redirects
- risk 0.13cvss 3.1epss 0.00
github.com/seaweedfs/seaweedfs: SeaweedFS: Information disclosure via unvalidated JSONP callback parameter
- risk 0.21cvss 4.3epss 0.00
postgresql_anonymizer: PostgreSQL Anonymizer: Information Disclosure via brute-force attack on hash function
- risk 0.42cvss 7.5epss 0.00
fzf: fzf: Denial of Service via inefficient HTTP body processing
- risk 0.26cvss 5.0epss 0.00
github.com/junegunn/fzf: fzf: Denial of Service via Integer Overflow in FuzzyMatchV2 function
- risk 0.42cvss 6.5epss 0.00
keycloak-broker: Keycloak: Privilege escalation to realm administrator via improper authorization in identity provider mapper
- risk 0.28cvss 4.3epss 0.00
keycloak-admin-ui: keycloak-admin-ui: Keycloak: Admin UI extension brute-force-user endpoint bypasses FGAPv2 user view restrictions
- risk 0.42cvss 7.6epss 0.01
org.apache.activemq/activemq-broker: org.apache.activemq/activemq-core: org.apache.activemq/activemq-all: Apache ActiveMQ: Unauthorized broker instantiation via improper input validation in LDAP entries
- risk 0.42cvss 7.5epss 0.01
org.apache.activemq/activemq: org.apache.activemq/activemq-all: org.apache.activemq/activemq-stomp: Apache ActiveMQ: Denial of Service via improper input validation in STOMP connector
- risk 0.42cvss 7.5epss 0.01
Apache ActiveMQ Client: Apache ActiveMQ: Apache ActiveMQ All: Apache ActiveMQ: Denial of Service via crafted WireFormatInfo frame
- risk 0.49cvss 7.5epss 0.01
activemq: Apache ActiveMQ: Denial of Service via repeated BrokerInfo commands
- risk 0.42cvss 7.5epss 0.01
Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec
- risk 0.35cvss 6.5epss 0.01
activemq: activemq-all: activemq-client: activemq-broker: Apache ActiveMQ: Denial of Service via crafted OpenWire Message
- risk 0.46cvss 8.2epss 0.01
org.apache.activemq/activemq-broker: org.apache.activemq/activemq-all: org.apache.activemq/activemq: Apache ActiveMQ: Information disclosure due to broken temporary destination isolation
- CVE-2026-13523Jun 30, 2026risk 0.00cvss —epss 0.00
A weakness has been identified in GPAC up to 26.02.0. This affects an unknown part of the file src/utils/base_encoding.c of the component ISOBMFF Parser. Executing a manipulation can lead to highly compressed data. The attack needs to be launched locally. The exploit has been…
- CVE-2026-58302Jun 30, 2026risk 0.00cvss —epss 0.00
rtapi_app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen() by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an…
- CVE-2026-13601Jun 30, 2026risk 0.00cvss —epss 0.00
A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG…