|
251
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
EFI/CPER: don't go past the ARM processor CPER record buffer
There's a logic inside GHES/CPER to detect if the section_length
is …
Update
|
NVD-CWE-noinfo
|
CVE-2026-43266
|
2026-05-9 05:46 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
gfs2: fiemap page fault fix
In gfs2_fiemap(), we are calling iomap_fiemap() while holding the inode
glock. This can lead to recu…
Update
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-43262
|
2026-05-9 05:41 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
arm64: Add support for TSV110 Spectre-BHB mitigation
The TSV110 processor is vulnerable to the Spectre-BHB (Branch History
Buffer…
Update
|
NVD-CWE-noinfo
|
CVE-2026-43261
|
2026-05-9 05:37 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Ignore -EBUSY when checking nested events from vcpu_block()
Ignore -EBUSY when checking nested events after exiting a b…
Update
|
NVD-CWE-noinfo
|
CVE-2026-43265
|
2026-05-9 05:33 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
fbdev: of: display_timing: fix refcount leak in of_get_display_timings()
of_parse_phandle() returns a device_node with refcount i…
Update
|
NVD-CWE-Other
|
CVE-2026-43264
|
2026-05-9 05:33 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
bnxt_en: Fix RSS context delete logic
We need to free the corresponding RSS context VNIC
in FW everytime an RSS context is delete…
Update
|
CWE-415
Double Free
|
CVE-2026-43260
|
2026-05-9 05:31 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
phy: fsl-imx8mq-usb: set platform driver data
Add missing platform_set_drvdata() as the data will be used in remove().
Update
|
NVD-CWE-noinfo
|
CVE-2026-43259
|
2026-05-9 05:31 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258
|
8.1 |
HIGH
Network
|
google
|
chrome
|
Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via malicious network traffic. (Chromium security…
New
|
NVD-CWE-noinfo
CWE-693
Protection Mechanism Failure
|
CVE-2026-8018
|
2026-05-9 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259
|
4.2 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient data validation in DataTransfer in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted H…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-7989
|
2026-05-9 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260
|
3.1 |
LOW
Network
|
google
|
chrome
|
Inappropriate implementation in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.…
New
|
NVD-CWE-noinfo
CWE-284
CWE-693
Improper Access Control
Protection Mechanism Failure
|
CVE-2026-7959
|
2026-05-9 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
