CVE search
361,645 resultsCVE-2026-53288—arm64: Reserve an extra page for early kernel mappingEPSS 0.2%CVE-2026-53287—audit: fix incorrect inheritable capability in CAPSET recordsEPSS 0.2%CVE-2026-53286—idpf: fix double free and use-after-free in aux device error pathsEPSS 0.2%CVE-2026-53285—drm/amd/display: Wrap DCN32 phantom-plane allocation in DC_RUN_WITH_PREEMPTION_ENABLEDEPSS 0.2%CVE-2026-53284HIGHbtrfs: only release the dirty pages io tree after successful writesEPSS 0.4%CVE-2026-53283—iommu/amd: Bounds-check devid in __rlookup_amd_iommu()EPSS 0.2%CVE-2026-53282—x86/kexec: Push kjump return address even for non-kjump kexecEPSS 0.2%CVE-2026-53281HIGHiommu/vt-d: Avoid NULL pointer dereference or refcount corruptionEPSS 0.1%CVE-2026-53280—iommu: Fix NULL group->domain dereference in pci_dev_reset_iommu_done()EPSS 0.2%CVE-2026-53279—drm/gma500/oaktrail_lvds: fix hang on init failureEPSS 0.2%CVE-2026-53278—arm_mpam: Check whether the config array is allocated before destroying itEPSS 0.2%CVE-2026-44732MEDIUMOpenProject: IDOR on OpenProject through /api/v3/documents/{id} via PATCH parameter "project_id" leads to Unauthorized Modification of ResourcesEPSS 0.2%CVE-2026-44734MEDIUMOpenProject: Improper Access Control on OpenProject through the POST request to /projects/[PROJECT_NAME]/cost_reports/[REPORT_ID]/renameEPSS 0.2%CVE-2026-44735MEDIUMOpenProject: Shares API Information DisclosureEPSS 0.3%CVE-2026-29509MEDIUMPatool < 4.0.5 Path Traversal via safe_extract() FunctionEPSS 0.3%CVE-2026-44696MEDIUMOpenProject: Stored CSS injection via Sanitize::Config::RELAXED[:css] enables phishing overlays and data exfiltrationEPSS 0.2%CVE-2026-49355MEDIUMOpenProject: Private work package data disclosure through single meeting agenda item APIEPSS 0.2%CVE-2026-44736MEDIUMOpenProject: Relations API Filter Bypasses Visibility Scope, Leaking Cross-Project Work Package SubjectsEPSS 0.3%CVE-2026-46386CRITICALOpenProject: Pre-authentication RCE in openproject/openproject Docker image via default `SECRET_KEY_BASE=OVERWRITE_ME` and `cookies_serializer = :marshal`EPSS 0.3%CVE-2026-52780CRITICALOpenProject: Cache store poisoning leads to Remote Code Execution (RCE)EPSS 0.2%