2026-04-22
2026-04-22 14:16Z
HIGH

CVE-2026-31476 — Linux: This allows a remote attacker to invalidate any active session by simply sending a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31476

In the Linux kernel, the following vulnerability has been resolved: ksmbd: do not expire session on binding failure When a multichannel session binding request fails (e.g. wrong password), the error path unconditionally sets sess->state = SMB2_SESSION_EXPIRED. However, during binding, sess points to the target session looked up via ksmbd_session_lookup_slowpath() -- which belongs to another connection's user. This allows a remote attacker to invalidate any active session by CVSSv3.1 8.2 (HIGH) · EPSS 23th percentile

TYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-22
2026-04-22 14:16Z
HIGH

CVE-2026-31464 — Linux: The out-of-bounds data is subsequently embedded in Implicit Logout and PLOGI MADs that are

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31464

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done() A malicious or compromised VIO server can return a num_written value in the discover targets MAD response that exceeds max_targets. This value is stored directly in vhost->num_targets without validation, and is then used as the loop bound in ibmvfc_alloc_targets() to index into disc_buf[], which is only allocated for max_targets entries. Indices CVSSv3.1 8.1 (HIGH) · EPSS 7th percentile

TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-22
2026-04-22 14:16Z
CRIT

CVE-2026-31463 — Linux: In the Linux kernel, the following vulnerability has been resolved: iomap: fix invalid folio

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31463

In the Linux kernel, the following vulnerability has been resolved: iomap: fix invalid folio access when i_blkbits differs from I/O granularity Commit aa35dd5cbc06 ("iomap: fix invalid folio access after folio_end_read()") partially addressed invalid folio access for folios without an ifs attached, but it did not handle the case where 1 << inode->i_blkbits matches the folio size but is different from the granularity used for the IO, which means IO can be submitted for less CVSSv3.1 9.8 (CRITICAL) · EPSS 5th percentile

TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-22
2026-04-22 14:16Z
HIGH

CVE-2026-31450 — Linux: In the Linux kernel, the following vulnerability has been resolved: ext4: publish jinode after

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31450

In the Linux kernel, the following vulnerability has been resolved: ext4: publish jinode after initialization ext4_inode_attach_jinode() publishes ei->jinode to concurrent users. It used to set ei->jinode before jbd2_journal_init_jbd_inode(), allowing a reader to observe a non-NULL jinode with i_vfs_inode still unset. The fast commit flush path can then pass this jinode to jbd2_wait_inode_data(), which dereferences i_vfs_inode->i_mapping and may crash. Below is the crash CVSSv3.1 8.8 (HIGH) · EPSS 7th percentile

TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-22
2026-04-22 14:16Z
CRIT

CVE-2026-31448 — Linux: In the Linux kernel, the following vulnerability has been resolved: ext4: avoid infinite loops

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31448

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid infinite loops caused by residual data On the mkdir/mknod path, when mapping logical blocks to physical blocks, if inserting a new extent into the extent tree fails (in this example, because the file system disabled the huge file feature when marking the inode as dirty), ext4_ext_map_blocks() only calls ext4_free_blocks() to reclaim the physical block without deleting the corresponding data in t CVSSv3.1 9.4 (CRITICAL) · EPSS 7th percentile

TYPVulnerability
9.4
CVSS v3.1
97
Edit Score
2026-04-22
2026-04-22 14:16Z
CRIT

CVE-2026-31444 — Linux: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31444

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free and NULL deref in smb_grant_oplock() smb_grant_oplock() has two issues in the oplock publication sequence: 1) opinfo is linked into ci->m_op_list (via opinfo_add) before add_lease_global_list() is called. If add_lease_global_list() fails (kmalloc returns NULL), the error path frees the opinfo via __free_opinfo() while it is still linked in ci->m_op_list. Concurrent m_ CVSSv3.1 9.8 (CRITICAL) · EPSS 5th percentile

TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-22
2026-04-22 14:16Z
CRIT

CVE-2026-31436 — Linux: This can lead to issues such as NULL pointer dereferences, double completion, or descriptor

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31436

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() At the end of this function, d is the traversal cursor of flist, but the code completes found instead. This can lead to issues such as NULL pointer dereferences, double completion, or descriptor leaks. Fix this by completing d instead of found in the final list_for_each_entry_safe() loop. CVSSv3.1 9.8 (CRITICAL) · EPSS 5th percentile

TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-04-22
2026-04-22 14:16Z
HIGH

CVE-2026-31435 — Linux: In the Linux kernel, the following vulnerability has been resolved: netfs: Fix read abandonment

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31435

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix read abandonment during retry Under certain circumstances, all the remaining subrequests from a read request will get abandoned during retry. The abandonment process expects the 'subreq' variable to be set to the place to start abandonment from, but it doesn't always have a useful value (it will be uninitialised on the first pass through the loop and it may point to a deleted subrequest on later CVSSv3.1 8.8 (HIGH) · EPSS 4th percentile

TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-22
2026-04-22 13:00Z
MED

Understanding the CVE Ecosystem and NIST’s Changing Role

Bishop Fox Labs·bishopfox.com

Bishop Fox analyzes NIST's April 2026 policy shift to prioritize CVE enrichment only for CISA's Known Exploited Vulnerabilities, federal government software, and Executive Order 14028 critical software, deprioritizing all other CVEs. The change formalizes what experienced security teams have practiced informally: risk-based triage rather than attempting to process all CVEs equally. The underlying problem is unsustainable CVE volume growth (263% increase 2020-2025, 48,244 new CVEs in 2025 alone) that has created a widening gap between CVE issuance and NIST enrichment capacity.

TACTA0001TYPResearchTYPThreat IntelTYPNewsSTGDiscovery
72
Edit Score
2026-04-22
2026-04-22 09:16Z
HIGH

CVE-2026-31433 — Linux: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial OOB

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31433

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial OOB in get_file_all_info() for compound requests When a compound request consists of QUERY_DIRECTORY + QUERY_INFO (FILE_ALL_INFORMATION) and the first command consumes nearly the entire max_trans_size, get_file_all_info() would blindly call smbConvertToUTF16() with PATH_MAX, causing out-of-bounds write beyond the response buffer. In get_file_all_info(), there was a missing validation ch CVSSv3.1 8.8 (HIGH) · EPSS 2th percentile

TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-22
2026-04-22 09:16Z
HIGH

CVE-2026-31432 — Linux: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix OOB write

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31432

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix OOB write in QUERY_INFO for compound requests When a compound request such as READ + QUERY_INFO(Security) is received, and the first command (READ) consumes most of the response buffer, ksmbd could write beyond the allocated buffer while building a security descriptor. The root cause was that smb2_get_info_sec() checked buffer space using ppntsd_size from xattr, while build_sec_desc() often synt CVSSv3.1 8.8 (HIGH) · EPSS 1th percentile

TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-22
2026-04-22 09:16Z
HIGH

CVE-2026-31431 — Linux Linux_kernel: In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31431in the wild

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly. CVSSv3.1 7.8 (HIGH) · EPSS 86th percentile

CWECWE 669TYPVulnerabilitySTAitw exploited
7.8
CVSS v3.1
90
Edit Score
2026-04-22
2026-04-22 08:16Z
HIGH

CVE-2026-6023 — Progress Telerik_ui_for_asp.net_ajax: In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6023

In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible. CVSSv3.1 8.1 (HIGH) · EPSS 64th percentile

CWECWE 502VNDProgressVNDAjaxTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-22
2026-04-22 03:16Z
HIGH

CVE-2026-5398 — Freebsd Freebsd: The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5398

The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the calling process' session. If the invoking process then exits, the terminal structure may end up containing a pointer to freed memory. A malicious process can abuse the dangling pointer to grant itself root privileges. CVSSv3.1 8.4 (HIGH) · EPSS 4th percentile

CWECWE 416VNDTiocnottyTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-04-22
2026-04-22 01:16Z
HIGH

CVE-2026-41145 — Minio Minio: Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's `STREAMING-UNSIGNED-PAYLOAD-TRAILER`

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-41145

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's `STREAMING-UNSIGNED-PAYLOAD-TRAILER` code path allows any user who knows a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid cryptographic signature. Any MinIO deployment is impacted. The attack requires only a valid access key (the we CVSSv3.1 8.2 (HIGH) · EPSS 30th percentile

CWECWE 287VNDMinioTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-22
2026-04-22 01:16Z
HIGH

CVE-2026-40344 — Minio Minio: Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40344

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler (`PutObjectExtractHandler`) allows any user who knows a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid cryptographic signature. Any MinIO deployment is impacted. The attack requires only a valid access CVSSv3.1 8.2 (HIGH) · EPSS 36th percentile

CWECWE 306CWECWE 287VNDMinioTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-22
2026-04-22 00:16Z
CRIT

CVE-2026-41304 — Wwbn Avideo: The input is directly concatenated into a `wget` command executed via `exec()`, allowing command

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-41304

WWBN AVideo is an open source video platform. In versions 29.0 and below, the `cloneServer.json.php` endpoint in the CloneSite plugin constructs shell commands using user-controlled input (`url` parameter) without proper sanitization. The input is directly concatenated into a `wget` command executed via `exec()`, allowing command injection. An attacker can inject arbitrary shell commands by breaking out of the intended URL context using shell metacharacters (e.g., `;`). This CVSSv3.1 9.8 (CRITICAL)

CWECWE 77VNDWwbnTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-22
2026-04-22 00:16Z
HIGH

CVE-2026-41133 — Pyload Pyload: is a free and open-source download manager written in Python.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-41133

pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.5.0b3.dev97 cache `role` and `permission` in the session at login and continues to authorize requests using these cached values, even after an admin changes the user's role/permissions in the database. As a result, an already logged-in user can keep old (revoked) privileges until logout/session expiry, enabling continued privileged actions. This is a core authorization/session- CVSSv3.1 8.8 (HIGH) · EPSS 9th percentile

CWECWE 613VNDPyloadTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-22
2026-04-22 00:16Z
CRIT

CVE-2026-41064 — Wwbn Avideo: In versions up to and including 29.0, an incomplete fix for AVideo's `test.php` adds

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-41064

WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fix for AVideo's `test.php` adds `escapeshellarg` for wget but leaves the `file_get_contents` and `curl` code paths unsanitized, and the URL validation regex `/^http/` accepts strings like `httpevil[.]com`. Commit 78bccae74634ead68aa6528d631c9ec4fd7aa536 contains an updated fix. CVSSv3.1 9.3 (CRITICAL)

CWECWE 78VNDWwbnTYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2026-04-22
2026-04-22 00:16Z
HIGH

CVE-2026-41059 — Oauth2_proxy_project Oauth2_proxy: Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-41059

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when all of the following are true: Use of `skip_auth_routes` or the legacy `skip_auth_regex`; use of patterns that can be widened by attacker-controlled suffixes, such as `^/foo/.*/bar$` causing potential exposure of `/foo/secret`; and protected upstream applications that interpret `# CVSSv3.1 8.2 (HIGH) · EPSS 33th percentile

CWECWE 288VNDOauth2VNDOauth2 Proxy ProjectTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-22
2026-04-22 00:16Z
CRIT

CVE-2026-40575 — Oauth2_proxy_project Oauth2_proxy: This can result in an unauthenticated remote attacker bypassing authentication and accessing protected routes

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40575

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied `X-Forwarded-Uri` header when `--reverse-proxy` is enabled and `--skip-auth-regex` or `--skip-auth-route` is configured. An attacker can spoof this header so OAuth2 Proxy evaluates authentication and skip-auth rules against a different path than the one actually sent to the upstream application. This can result in an unauthenticated re CVSSv3.1 9.1 (CRITICAL) · EPSS 23th percentile

CWECWE 290VNDOauth2VNDOauth2 Proxy ProjectTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-21
2026-04-21 23:16Z
HIGH

CVE-2026-5921 — Github Enterprise_server: A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5921

A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing side-channel attack against the notebook rendering service. When private mode was disabled, the notebook viewer followed HTTP redirects without revalidating the destination host, enabling an unauthenticated SSRF to internal services. By chaining this with regex filter queries agains CVSSv3.1 8.9 (HIGH) · EPSS 20th percentile

CWECWE 918VNDGithubVNDSsrfTYPVulnerability
8.9
CVSS v3.1
95
Edit Score
2026-04-21
2026-04-21 23:16Z
CRIT

CVE-2026-5845 — Github Enterprise_server: An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHub Enterprise Server

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5845

An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write operations, via an authorization fallback that treated a revoked/deleted installation as a global installation context, which could be chained with token revocation timing and SSH push attribution to obtain and reuse a victim-scope CVSSv3.1 9.6 (CRITICAL) · EPSS 3th percentile

CWECWE 639VNDGithubTYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2026-04-21
2026-04-21 23:16Z
HIGH

CVE-2026-4296 — Github Enterprise_server: An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4296

An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An attacker with knowledge of a first-party OAuth application's registered callback URL could craft a malicious authorization link that, when clicked by a victim, would redirect the OAuth authorization code to an attacker-controlled domain. This could allow the attacker to gain unauthorized access to the victim's account wi CVSSv3.1 8.8 (HIGH) · EPSS 17th percentile

CWECWE 185VNDGithubTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-21
2026-04-21 23:16Z
HIGH

CVE-2026-41058 — Wwbn Avideo: In versions 29.0 and below, the incomplete fix for AVideo's CloneSite `deleteDump` parameter does

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-41058

WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVideo's CloneSite `deleteDump` parameter does not apply path traversal filtering, allowing `unlink()` of arbitrary files via `../../` sequences in the GET parameter. Commit 3c729717c26f160014a5c86b0b6accdbd613e7b2 contains an updated fix. CVSSv3.1 8.1 (HIGH)

CWECWE 22VNDWwbnTYPVulnerability
8.1
CVSS v3.1
91
Edit Score