2
CVEs
1
Critical
0
High
0
KEV
0
PoC
0
Unpatched C/H
100.0%
Patch Rate
0.2%
Avg EPSS
Severity Breakdown
CRITICAL
1
HIGH
0
MEDIUM
0
LOW
0
Monthly CVE Trend
Affected Products (30)
Android
380
Qcs605 Firmware
325
Msm8996au Firmware
302
Sdm630 Firmware
278
Mdm9607 Firmware
274
Mdm9650 Firmware
268
Sdx55 Firmware
266
Mdm9206 Firmware
258
Qca6574au Firmware
247
Qcs405 Firmware
238
Msm8909W Firmware
233
Sdx20 Firmware
229
Sdm660 Firmware
222
Sd 675 Firmware
217
Apq8053 Firmware
215
Sa6155p Firmware
202
Wcd9380 Firmware
200
Sda660 Firmware
199
Sdx24 Firmware
197
Qca6390 Firmware
194
Apq8096Au Firmware
192
Sdx55M Firmware
192
Wcn3998 Firmware
191
Wcd9370 Firmware
188
Wsa8835 Firmware
187
Sa8155p Firmware
187
Wsa8830 Firmware
187
Wsa8815 Firmware
183
Wcn6856 Firmware
181
Msm8953 Firmware
181
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-53046 | Denial-of-service (NULL-pointer dereference / use-after-free) in the Linux kernel's in-kernel SMB3 server (ksmbd) affects systems that offload SMB3 message encryption to asynchronous hardware crypto engines such as the Qualcomm Crypto Engine (QCE). ksmbd_crypt_message() installs a NULL completion callback and misinterprets the -EINPROGRESS return from async AEAD requests as a fatal error, freeing the request while the hardware DMA is still running so the later qce_skcipher_done() callback dereferences freed memory and crashes the kernel. There is no public exploit identified at time of analysis, it is not in CISA KEV, and EPSS is low (0.18%, 8th percentile), consistent with the narrow hardware/configuration prerequisites despite the NVD CVSS of 9.8. | CRITICAL | 9.8 | 0.2% | 49 |
|
| CVE-2026-53339 | In the Linux kernel, the following vulnerability has been resolved: i2c: qcom-cci: Fix NULL pointer dereference in cci_remove() On all modern platfo | – | 0.2% | 0 |
|