StackPatch is liveSee product

Back to StackPatch
Public CVE digest — updated every 30 min

Recent CVEs — the feed our matcher runs against your servers

Live data from the StackPatch CVE poller. Same Ubuntu USN + NVD feeds, same parser, same recommended-action playbook engine. No signup, no auth — if you find one that affects your stack, you already know what we'd tell a paying customer.

100 CVEs cached · Ubuntu USN: 50· NVD: 50 · Generated Sat, 02 May 2026

Cross-distro fix matrix · 41k+ indexed

All CVEs ever for this package · 3,900+ tracked

We index 41,000+ unique CVEs across 5 distros (Ubuntu, Debian, Alpine, AlmaLinux, Rocky Linux) and 3,900+ distinct packages. Search above, browse the recent feed below, or hit the public API programmatically.

Most-tracked packages

linuxchromiumfirefox-esrthunderbirdwiresharkopenssh-serveropensslcurlsudopython3nginxpostgresql
  1. USN-8226-2Ubuntu USNThu, 30 Apr 2026CVE-2026-31431

    kmod update

    kmod has been updated to block loading of the algif_aead kernel module.

  2. USN-8226-1Ubuntu USNThu, 30 Apr 2026CVE-2026-31431

    kmod update

    kmod has been updated to block loading of the algif_aead kernel module.

    Affects (Ubuntu noble): kmodkmodlibkmod-devlibkmod2

  3. USN-8218-1Ubuntu USNThu, 30 Apr 2026CVE-2025-53391

    zuluCrypt vulnerability

    zuluCrypt could be made to run programs as an administrator.

    Affects (Ubuntu noble): zulucryptlibzulucrypt-devlibzulucrypt-exe-devlibzulucrypt-exe1.2.0libzulucrypt-plugins

  4. USN-8225-1Ubuntu USNThu, 30 Apr 2026CVE-2025-68480CVE-2018-17175

    Python marshmallow vulnerabilities

    Several security issues were fixed in Python marshmallow.

    Affects (Ubuntu noble): python-marshmallowpython3-marshmallowpython3-marshmallow-doc

  5. USN-8223-1Ubuntu USNWed, 29 Apr 2026CVE-2024-42010CVE-2024-42008CVE-2019-15237

    Roundcube Webmail vulnerabilities

    Several security issues were fixed in Roundcube Webmail.

    Affects (Ubuntu noble): roundcuberoundcuberoundcube-coreroundcube-mysqlroundcube-pgsql

  6. USN-8224-1Ubuntu USNWed, 29 Apr 2026CVE-2022-48875CVE-2026-23268CVE-2022-49046

    Linux kernel (BlueField) vulnerabilities

    Several security issues were fixed in the Linux kernel.

  7. USN-8222-1Ubuntu USNWed, 29 Apr 2026CVE-2026-35414CVE-2026-35387CVE-2026-35386

    OpenSSH vulnerabilities

    Several security issues were fixed in OpenSSH.

    Affects (Ubuntu noble): opensshopenssh-clientopenssh-serveropenssh-sftp-serveropenssh-tests

  8. USN-8195-3Ubuntu USNWed, 29 Apr 2026CVE-2026-41651

    PackageKit vulnerability

    PackageKit could be made to install packages as the administrator.

  9. USN-8221-1Ubuntu USNWed, 29 Apr 2026CVE-2026-24049

    wheel vulnerability

    wheel could be made to crash or run programs as your login if it opened a specially crafted file.

    Affects (Ubuntu noble): wheelpython-wheel-commonpython3-wheelpython3-wheel-whl

  10. USN-8198-2Ubuntu USNTue, 28 Apr 2026CVE-2026-35536CVE-2026-31958

    Tornado vulnerabilities

    Several security issues were fixed in Tornado.

  11. USN-8219-1Ubuntu USNTue, 28 Apr 2026CVE-2026-32875CVE-2026-32874

    UltraJSON vulnerabilities

    Several security issues were fixed in UltraJSON.

    Affects (Ubuntu noble): ujsonpython3-ujson

  12. USN-8185-2Ubuntu USNTue, 28 Apr 2026CVE-2025-68256CVE-2025-68785CVE-2025-71121

    Linux kernel (Low Latency NVIDIA) vulnerabilities

    Several security issues were fixed in the Linux kernel.

    Affects (Ubuntu noble): linux-nvidia-lowlatencylinux-buildinfo-6.8.0-1051-nvidia-lowlatencylinux-buildinfo-6.8.0-1051-nvidia-lowlatency-64klinux-cloud-tools-nvidia-lowlatencylinux-cloud-tools-nvidia-lowlatency-6.8

  13. USN-8217-1Ubuntu USNTue, 28 Apr 2026CVE-2024-28849CVE-2023-26159CVE-2022-0536

    follow-redirects vulnerabilities

    Several security issues were fixed in follow-redirects.

  14. USN-8190-2Ubuntu USNTue, 28 Apr 2026CVE-2026-39324

    Rack::Session vulnerability

    Rack::Session could allow unintended access to network services.

  15. USN-8136-2Ubuntu USNTue, 28 Apr 2026CVE-2026-0394

    Dovecot regression

    USN-8136-1 introduced a regression in Dovecot

    Affects (Ubuntu noble): dovecotdovecot-auth-luadovecot-coredovecot-devdovecot-gssapi

  16. USN-8087-3Ubuntu USNTue, 28 Apr 2026CVE-2026-26007

    python-cryptography vulnerability

    python-cryptography could be made to expose sensitive information over the network.

  17. USN-8214-1Ubuntu USNTue, 28 Apr 2026CVE-2025-14009

    NLTK vulnerability

    NLTK could be made to crash or run programs as your login if it opened a specially crafted zip file.

    Affects (Ubuntu noble): nltkpython3-nltk

  18. USN-8216-1Ubuntu USNTue, 28 Apr 2026CVE-2026-33116CVE-2026-32178CVE-2026-26171

    .NET vulnerabilities

    Several security issues were fixed in .NET.

  19. USN-8215-1Ubuntu USNTue, 28 Apr 2026CVE-2026-40372

    .NET vulnerability

    .NET could be made to crash or run programs as an administrator.

    Affects (Ubuntu noble): dotnet10aspnetcore-runtime-10.0aspnetcore-runtime-dbg-10.0aspnetcore-targeting-pack-10.0dotnet-apphost-pack-10.0

  20. USN-8202-2Ubuntu USNTue, 28 Apr 2026CVE-2026-33948CVE-2026-40164CVE-2026-32316

    jq vulnerabilities

    Several security issues were fixed in jq.

  21. USN-8213-1Ubuntu USNMon, 27 Apr 2026CVE-2026-35177CVE-2026-39881

    Vim vulnerabilities

    Several security issues were fixed in Vim.

    Affects (Ubuntu noble): vimvimvim-athenavim-commonvim-doc

  22. USN-8212-1Ubuntu USNMon, 27 Apr 2026CVE-2026-6970

    authd vulnerability

    authd could be made to escalate privileges.

  23. CVE-2026-6337NVDMon, 27 Apr 2026CVE-2026-6337

    CVE-2026-6337

    Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide

  24. CVE-2026-40514NVDMon, 27 Apr 2026CVE-2026-40514

    CVE-2026-40514

    SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from Sys

  25. CVE-2026-30350NVDMon, 27 Apr 2026CVE-2026-30350

    CVE-2026-30350

    An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

  26. CVE-2026-7130NVDMon, 27 Apr 2026CVE-2026-7130

    CVE-2026-7130

    A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=delete_category. Executing a manipulation of t

  27. CVE-2026-7129NVDMon, 27 Apr 2026CVE-2026-7129

    CVE-2026-7129

    A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /index.php?page=categories. Performing a manipulation of the argumen

  28. CVE-2026-7128NVDMon, 27 Apr 2026CVE-2026-7128

    CVE-2026-7128

    A security vulnerability has been detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=save_type. Such manipulati

  29. CVE-2026-7127NVDMon, 27 Apr 2026CVE-2026-7127

    CVE-2026-7127

    A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=delete_receiving. This manipulation of th

  30. CVE-2026-7126NVDMon, 27 Apr 2026CVE-2026-7126

    CVE-2026-7126

    A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save_category. The manipulation of the argument

  31. CVE-2026-6265NVDMon, 27 Apr 2026CVE-2026-6265

    CVE-2026-6265

    Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1

  32. CVE-2026-41081NVDMon, 27 Apr 2026CVE-2026-41081

    CVE-2026-41081

    Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is enabled in Apache S

  33. CVE-2026-40557NVDMon, 27 Apr 2026CVE-2026-40557

    CVE-2026-40557

    Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter Versions Affected: from 2.6.3 to 2.8.6 Description:  In production deployments where an admini

  34. CVE-2026-32688NVDMon, 27 Apr 2026CVE-2026-32688

    CVE-2026-32688

    Allocation of Resources Without Limits or Throttling vulnerability in elixir-plug plug_cowboy allows unauthenticated remote denial of service via atom table exhaustion. Plug.Cowboy.Conn.conn/1 in lib

  35. CVE-2025-15626NVDMon, 27 Apr 2026CVE-2025-15626

    CVE-2025-15626

    Authenticated user can bypass authorization in Ribblr - Crochet & Knitting iOS application

  36. CVE-2026-7125NVDMon, 27 Apr 2026CVE-2026-7125

    CVE-2026-7125

    A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipul

  37. CVE-2026-7124NVDMon, 27 Apr 2026CVE-2026-7124

    CVE-2026-7124

    A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Exec

  38. CVE-2026-7123NVDMon, 27 Apr 2026CVE-2026-7123

    CVE-2026-7123

    A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the a

  39. CVE-2026-7040NVDMon, 27 Apr 2026CVE-2026-7040

    CVE-2026-7040

    Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 characters, leadi

  40. CVE-2026-7122NVDMon, 27 Apr 2026CVE-2026-7122

    CVE-2026-7122

    A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the arg

  41. CVE-2026-7121NVDMon, 27 Apr 2026CVE-2026-7121

    CVE-2026-7121

    A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument w

  42. CVE-2026-7119NVDMon, 27 Apr 2026CVE-2026-7119

    CVE-2026-7119

    A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command inject

  43. CVE-2026-7118NVDMon, 27 Apr 2026CVE-2026-7118

    CVE-2026-7118

    A security vulnerability has been detected in code-projects Employee Management System 1.0. The affected element is an unknown function of the file 370project/cancel.php. The manipulation of the argum

  44. CVE-2026-7117NVDMon, 27 Apr 2026CVE-2026-7117

    CVE-2026-7117

    A weakness has been identified in code-projects Employee Management System 1.0. Impacted is an unknown function of the file 370project/approve.php. Executing a manipulation of the argument id/token ca

  45. CVE-2026-7116NVDMon, 27 Apr 2026CVE-2026-7116

    CVE-2026-7116

    A security flaw has been discovered in code-projects Employee Management System 1.0. This issue affects some unknown processing of the file 370project/mark.php. Performing a manipulation results in cr

  46. CVE-2026-5943NVDMon, 27 Apr 2026CVE-2026-5943

    CVE-2026-5943

    Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not prop

  47. CVE-2026-5942NVDMon, 27 Apr 2026CVE-2026-5942

    CVE-2026-5942

    Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program.

  48. CVE-2026-5941NVDMon, 27 Apr 2026CVE-2026-5941

    CVE-2026-5941

    Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during inter

  49. CVE-2026-5940NVDMon, 27 Apr 2026CVE-2026-5940

    CVE-2026-5940

    Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes.

  50. CVE-2026-5939NVDMon, 27 Apr 2026CVE-2026-5939

    CVE-2026-5939

    A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution.

See if these affect YOUR stack

Reading CVE summaries one-by-one is the manual version of what StackPatch does for you every hour. Indie pricing, $99 lifetime founder seats (50 only).

Buy lifetime

Or see how we run it on our own VPS

Live audit URL of MindSparkStack's production VPS. 4 CVEs found this morning, 3 patched in real time.

Live audit