Our team has found 2k+ vulnerabilities in various top-tier projects. This page lists some featured and important vulnerabilities we found. You may try our security tools through Nebusec.

Linux Kernel

• CVE-2026-31637

  • Component: net/rxrpc/rxkad.c
  • Severity: Critical
  • Type: Improper input validation
  • References: CVE.org, NVD

• CVE-2026-31657

  • Component: net/batman-adv/bridge_loop_avoidance.c
  • Severity: Critical
  • Type: Vulnerability
  • References: CVE.org, NVD

• CVE-2026-31659

  • Component: net/batman-adv/translation-table.c
  • Severity: Critical
  • Type: Improper input validation
  • References: CVE.org, NVD

• CVE-2026-31682

  • Component: net/bridge/br_arp_nd_proxy.c
  • Severity: Critical
  • Type: Vulnerability
  • References: CVE.org, NVD

• CVE-2026-31685

  • Component: net/ipv6/netfilter/ip6t_eui64.c
  • Severity: Critical
  • Type: Improper input validation
  • References: CVE.org, NVD

• CVE-2026-43501

  • Component: net/ipv6/exthdrs.c
  • Severity: Critical
  • Type: Out-of-bounds write
  • References: CVE.org, NVD

• CVE-2026-23274

  • Component: net/netfilter/xt_IDLETIMER.c
  • Severity: High
  • Type: Uninitialized memory/object use
  • References: CVE.org, NVD

• CVE-2026-31638

  • Component: net/rxrpc/io_thread.c
  • Severity: High
  • Type: Improper input validation
  • References: CVE.org, NVD

• CVE-2026-31673

  • Component: net/unix/diag.c
  • Severity: High
  • Type: Vulnerability
  • References: CVE.org, NVD

• CVE-2026-31674

  • Component: net/ipv6/netfilter/ip6t_rt.c
  • Severity: High
  • Type: Improper input validation
  • References: CVE.org, NVD

• CVE-2026-31675

  • Component: net/sched/sch_netem.c
  • Severity: High
  • Type: Out-of-bounds access
  • References: CVE.org, NVD

• CVE-2026-31676

  • Component: net/rxrpc/conn_event.c
  • Severity: High
  • Type: Vulnerability
  • References: CVE.org, NVD

• CVE-2026-31678

  • Component: net/openvswitch/vport-netdev.c
  • Severity: High
  • Type: Race condition
  • References: CVE.org, NVD

• CVE-2026-31679

  • Component: net/openvswitch/flow_netlink.c
  • Severity: High
  • Type: Improper input validation
  • References: CVE.org, NVD

• CVE-2026-31680

  • Component: net/ipv6/ip6_flowlabel.c
  • Severity: High
  • Type: Race condition
  • References: CVE.org, NVD

• CVE-2026-31683

  • Component: net/batman-adv/bat_iv_ogm.c
  • Severity: High
  • Type: Overflow
  • References: CVE.org, NVD

• CVE-2026-43042

  • Component: include/net/netns/mpls.h, net/mpls/af_mpls.c
  • Severity: High
  • Type: Lifetime/race condition
  • References: CVE.org, NVD

• CVE-2026-43499

  • Component: kernel/locking/rtmutex.c
  • Severity: High
  • Type: Use-after-free
  • References: CVE.org, NVD

• CVE-2026-43502

  • Component: net/rds/message.c
  • Severity: High
  • Type: Cleanup/lifetime issue
  • References: CVE.org, NVD

• CVE-2026-46027

  • Component: net/smc/smc_clc.c
  • Severity: High
  • Type: Vulnerability
  • References: CVE.org, NVD

• CVE-2026-46037

  • Component: net/ipv4/icmp.c
  • Severity: High
  • Type: Improper input validation
  • References: CVE.org, NVD

• CVE-2026-46053

  • Component: net/rds/rdma.c
  • Severity: High
  • Type: Lifetime management
  • References: CVE.org, NVD

• CVE-2026-46102

  • Component: net/strparser/strparser.c
  • Severity: High
  • Type: Resource leak
  • References: CVE.org, NVD

• CVE-2026-46208

  • Component: net/batman-adv/main.c
  • Severity: High
  • Type: Lifetime management
  • References: CVE.org, NVD

• CVE-2026-46238

  • Component: net/batman-adv/bat_iv_ogm.c
  • Severity: High
  • Type: Vulnerability
  • References: CVE.org, NVD

Open-Source Foundational Projects (User Mode)

• CVE-2026-3298

  • Component: Python Software Foundation / CPython
  • Severity: High
  • Type: Out-of-bounds write
  • References: CVE.org, NVD

• CVE-2026-42530

  • Component: F5 / NGINX Open Source
  • Severity: High
  • Type: Use-after-free
  • References: CVE.org, NVD

• CVE-2026-5865

  • Component: Google / Chrome
  • Severity: High
  • Type: Type confusion
  • References: CVE.org, NVD

• CVE-2026-6307

  • Component: Google / Chrome
  • Severity: High
  • Type: Type confusion
  • References: CVE.org, NVD

• CVE-2026-7899

  • Component: Google / Chrome
  • Severity: High
  • Type: Out-of-bounds read/write
  • References: CVE.org, NVD

• CVE-2026-9256

  • Component: F5 / NGINX Plus
  • Severity: High
  • Type: Heap-based buffer overflow
  • References: CVE.org, NVD

Key Closed-Source Foundational Projects

• CVE-2026-7248

  • Component: D-Link / DI-8100
  • Severity: Critical
  • Type: Buffer overflow
  • References: CVE.org, NVD

• CVE-2026-7853

  • Component: D-Link / DI-8100
  • Severity: Critical
  • Type: Buffer overflow
  • References: CVE.org, NVD

• CVE-2026-7854

  • Component: D-Link / DI-8100
  • Severity: Critical
  • Type: Buffer overflow
  • References: CVE.org, NVD

• CVE-2026-49161

  • Component: Microsoft / Microsoft PC Manager
  • Severity: High
  • Type: Improper access control
  • References: CVE.org, NVD

• CVE-2026-50511

  • Component: Microsoft / Microsoft PC Manager
  • Severity: High
  • Type: Improper link resolution before file access
  • References: CVE.org, NVD

• CVE-2026-50512

  • Component: Microsoft / Microsoft PC Manager
  • Severity: High
  • Type: Missing authentication for critical function
  • References: CVE.org, NVD

• CVE-2026-7247

  • Component: D-Link / DI-8100
  • Severity: High
  • Type: Buffer overflow
  • References: CVE.org, NVD

• CVE-2026-7851

  • Component: D-Link / DI-8100
  • Severity: High
  • Type: Stack-based buffer overflow
  • References: CVE.org, NVD

• CVE-2026-7855

  • Component: D-Link / DI-8100
  • Severity: High
  • Type: Buffer overflow
  • References: CVE.org, NVD

• CVE-2026-7857

  • Component: D-Link / DI-8100
  • Severity: High
  • Type: Buffer overflow
  • References: CVE.org, NVD