) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2026-43120 - In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix double free related to rereg_user_mr If IB_MR_REREG_TRANS is set during rereg_user_mr, the umem will be released and a new one will be allocated in irdma_rereg_m... read CVE-2026-43120
Published: May 06, 2026; 6:16:25 AM -0400V3.1: 7.8 HIGH
-
CVE-2026-43119 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: annotate data-races around hdev->req_status __hci_cmd_sync_sk() sets hdev->req_status under hdev->req_lock: hdev->req_status = HCI_REQ_PEND; However, ... read CVE-2026-43119
Published: May 06, 2026; 6:16:25 AM -0400V3.1: 5.5 MEDIUM
-
CVE-2025-71272 - In the Linux kernel, the following vulnerability has been resolved: most: core: fix resource leak in most_register_interface error paths The function most_register_interface() did not correctly release resources if it failed early (before regist... read CVE-2025-71272
Published: May 06, 2026; 8:16:27 AM -0400V3.1: 5.5 MEDIUM
-
CVE-2025-71273 - In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band() Simplify the code by using device managed memory allocations. This also fixes a memory leak in rtw_register_hw(). Th... read CVE-2025-71273
Published: May 06, 2026; 8:16:27 AM -0400V3.1: 5.5 MEDIUM
-
CVE-2025-71271 - In the Linux kernel, the following vulnerability has been resolved: hfsplus: ensure sb->s_fs_info is always cleaned up When hfsplus was converted to the new mount api a bug was introduced by changing the allocation pattern of sb->s_fs_info. If s... read CVE-2025-71271
Published: May 06, 2026; 8:16:27 AM -0400V3.1: 5.5 MEDIUM
-
CVE-2025-71274 - In the Linux kernel, the following vulnerability has been resolved: rpmsg: core: fix race in driver_override_show() and use core helper The driver_override_show function reads the driver_override string without holding the device_lock. However, ... read CVE-2025-71274
Published: May 06, 2026; 8:16:27 AM -0400V3.1: 4.7 MEDIUM
-
CVE-2025-71285 - In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels MHI stack offers the 'auto_queue' feature, which allows the MHI stack to auto queue the buffers for the RX path (... read CVE-2025-71285
Published: May 06, 2026; 8:16:27 AM -0400V3.1: 5.5 MEDIUM
-
CVE-2025-71286 - In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls The size of the data behind of scontrol->ipc_control_data for bytes controls is: [1] sizeof(struct sof_i... read CVE-2025-71286
Published: May 06, 2026; 8:16:27 AM -0400V3.1: 5.5 MEDIUM
-
CVE-2025-71294 - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix NULL pointer issue buffer funcs If SDMA block not enabled, buffer_funcs will not initialize, fix the null pointer issue if buffer_funcs not initialized.
Published: May 06, 2026; 8:16:28 AM -0400V3.1: 5.5 MEDIUM
-
CVE-2025-71295 - In the Linux kernel, the following vulnerability has been resolved: fs/buffer: add alert in try_to_free_buffers() for folios without buffers try_to_free_buffers() can be called on folios with no buffers attached when filemap_release_folio() is i... read CVE-2025-71295
Published: May 06, 2026; 8:16:28 AM -0400V3.1: 5.5 MEDIUM
-
CVE-2026-43123 - In the Linux kernel, the following vulnerability has been resolved: fbcon: check return value of con2fb_acquire_newinfo() If fbcon_open() fails when called from con2fb_acquire_newinfo() then info->fbcon_par pointer remains NULL which is later de... read CVE-2026-43123
Published: May 06, 2026; 8:16:29 AM -0400V3.1: 5.5 MEDIUM
-
CVE-2026-43122 - In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Update cpuidle driver check in __acpi_processor_start() Commit 7a8c994cbb2d ("ACPI: processor: idle: Optimize ACPI idle driver registration") moved the ACPI idl... read CVE-2026-43122
Published: May 06, 2026; 8:16:29 AM -0400V3.1: 5.5 MEDIUM
-
CVE-2026-43121 - In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix user_ref race between scrub and refill paths The io_zcrx_put_niov_uref() function uses a non-atomic check-then-decrement pattern (atomic_read followed by sepa... read CVE-2026-43121
Published: May 06, 2026; 8:16:28 AM -0400V3.1: 4.7 MEDIUM
-
CVE-2026-43137 - In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix NULL pointer dereference If there's a mismatch between the DAI links in the machine driver and the topology, it is possible that the playback/capture ... read CVE-2026-43137
Published: May 06, 2026; 8:16:31 AM -0400V3.1: 5.5 MEDIUM
-
CVE-2026-43136 - In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Check maxfield in hidpp_get_report_length() Do not crash when a report has no fields. Fake USB gadgets can send their own HID report descriptors and can de... read CVE-2026-43136
Published: May 06, 2026; 8:16:30 AM -0400V3.1: 5.5 MEDIUM
-
CVE-2026-43138 - In the Linux kernel, the following vulnerability has been resolved: reset: gpio: suppress bind attributes in sysfs This is a special device that's created dynamically and is supposed to stay in memory forever. We also currently don't have a devl... read CVE-2026-43138
Published: May 06, 2026; 8:16:31 AM -0400V3.1: 7.8 HIGH
-
CVE-2026-41575 - In th30d4y/IP from version 1.0.1 to before version 2.0.1, a DOM-Based Cross-Site Scripting (XSS) vulnerability was identified in an IP Reputation Checker application. Unsanitized user input was directly rendered in the browser, allowing attackers ... read CVE-2026-41575
Published: May 08, 2026; 11:16:40 AM -0400 -
CVE-2026-43135 - In the Linux kernel, the following vulnerability has been resolved: media: cx23885: Add missing unmap in snd_cx23885_hw_params() In error path, add cx23885_alsa_dma_unmap() to release the resource acquired by cx23885_alsa_dma_map().
Published: May 06, 2026; 8:16:30 AM -0400V3.1: 5.5 MEDIUM
-
CVE-2026-43134 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ This adds a check for encryption key size upon receiving L2CAP_LE_CONN_REQ which is required by L2CAP/LE/CFC/B... read CVE-2026-43134
Published: May 06, 2026; 8:16:30 AM -0400 -
CVE-2026-41588 - RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — check_sign_in_key(). This issue has been patched via commit 2f68e16.
Published: May 08, 2026; 11:16:43 AM -0400V3.1: 8.1 HIGH