Skip to main content
CVE-2026-31702 HIGH PATCH This Week

Use-after-free in Linux kernel f2fs compressed writeback allows local authenticated users to trigger memory corruption, potentially executing arbitrary code or causing system crashes. Affects f2fs-compressed filesystems in Linux kernel 5.6 through 7.1-rc2, with patches available in 6.6.136, 6.12.84, 7.0.2, and 7.1-rc1. EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability despite CVSS 7.8 rating. This mirrors CVE-2026-23234's race condition pattern but in the compression code path that was missed by the earlier fix. No active exploitation confirmed (not in CISA KEV) and no public POC identified at time of analysis.

Information Disclosure Use After Free Memory Corruption Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31700 HIGH PATCH This Week

Time-of-check-time-of-use (TOCTOU) race condition in Linux kernel's TPACKET transmission path allows local authenticated attackers with low privileges to bypass vnet_hdr validation checks and potentially achieve privilege escalation, code execution, or system compromise. The vulnerability affects packet socket implementations when PACKET_VNET_HDR is enabled, where concurrent userspace threads can modify mmap'd ring buffer data between kernel validation and use. Vendor-released patches are available for stable kernel branches (6.6.136, 6.12.84, 7.0.2, 7.1-rc1). EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability, and no active exploitation is confirmed (not in CISA KEV), though the high CVSS 7.8 reflects significant local impact potential.

Race Condition Authentication Bypass Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31694 HIGH PATCH This Week

A malicious FUSE server can trigger a 24-byte buffer overflow in the Linux kernel's FUSE directory cache implementation on 4 KiB page systems. The fuse_add_dirent_to_cache() function fails to validate that directory entries fit within PAGE_SIZE before copying them to page cache, allowing a server-controlled namelen value of 4095 to produce a 4120-byte serialized record that overflows into adjacent kernel memory. This enables local attackers with FUSE mount privileges to achieve high-severity impacts including arbitrary kernel memory corruption. EPSS exploitation probability is notably low (0.02%, 5th percentile) despite the 7.8 CVSS score, and no public exploit has been identified. Patches are available across multiple stable kernel versions (6.6.136, 6.12.84, 7.0.2, 7.1-rc1, 6.18.25).

Buffer Overflow Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43056 HIGH PATCH This Week

Use-after-free in Linux kernel's MANA network driver allows local authenticated attackers to corrupt memory and potentially execute code with kernel privileges. The flaw occurs when auxiliary_device_add() fails in add_adev(), triggering cleanup that frees memory still referenced by subsequent error-handling code. Patches available across stable kernel branches (6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). EPSS score of 0.02% (5th percentile) indicates low probability of widespread exploitation. No CISA KEV listing or public exploit identified at time of analysis.

Information Disclosure Linux Use After Free Memory Corruption Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43049 HIGH PATCH This Week

Use-after-free in Linux kernel HID subsystem allows local attackers with low privileges to achieve arbitrary code execution, privilege escalation, or denial of service when force feedback initialization fails on Logitech G920 racing wheels. The vulnerability occurs when userspace continues accessing freed memory structures (sysfs and /dev/input) after initialization errors. Vendor patches available across multiple stable kernel branches (6.12.81, 6.18.22, 6.19.12, 7.0). EPSS score of 0.02% (5th percentile) indicates very low probability of mass exploitation, consistent with hardware-specific local attack surface requiring physical device presence.

Information Disclosure Use After Free Memory Corruption Linux Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43044 HIGH PATCH This Week

Memory corruption in the Linux kernel CAAM (Cryptographic Acceleration and Assurance Module) crypto driver allows local authenticated users to corrupt kernel memory and potentially escalate privileges. The vulnerability occurs when HMAC keys longer than the hash block size are processed - the driver allocates a DMA-aligned buffer size but fails to use it, causing the hashed key to overwrite adjacent memory. Vendor patches are available for stable kernel versions 6.6.134, 6.12.81, 6.18.22, 6.19.12, and 7.0. EPSS score of 0.02% (5th percentile) indicates very low observed exploitation probability, and no public exploit code or CISA KEV listing exists at time of analysis.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43019 HIGH PATCH This Week

Use-after-free in Linux kernel Bluetooth subsystem allows local authenticated attackers to achieve arbitrary code execution with high privileges. The vulnerability exists in set_cig_params_sync where hci_conn objects can be freed or modified concurrently during lookup and field access due to inadequate locking. Vendor patches are available across multiple stable kernel branches (6.6, 6.12.81, 6.18.22, 6.19.12, 7.0). EPSS score of 0.02% indicates low observed exploitation probability, no CISA KEV listing, and no public exploit identified at time of analysis.

Information Disclosure Linux Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43016 HIGH PATCH This Week

Use-after-free in Linux kernel's BPF sockmap implementation allows local authenticated attackers to corrupt memory and potentially execute arbitrary code with kernel privileges. The vulnerability occurs in sk_psock_verdict_data_ready() when handling AF_UNIX sockets, where sk->sk_socket can be accessed after being freed following sock_orphan(). This affects Linux kernel versions 5.15 through 6.19.12, with patches available for stable branches 6.6.134, 6.12.81, 6.18.22, 6.19.12, and mainline 7.0. EPSS score of 0.02% indicates very low observed exploitation probability in the wild, and no active exploitation or public exploit code has been identified at time of analysis.

Google Information Disclosure Linux Use After Free Memory Corruption +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43009 HIGH PATCH This Week

Linux kernel BPF verifier incorrectly prunes execution paths due to imprecise state tracking in atomic fetch operations, allowing local attackers to bypass security checks in eBPF programs. The verifier's backtracking logic fails to mark stack slots as precise when BPF_ATOMIC instructions with BPF_FETCH modify both memory and destination registers, causing two legitimately different program states to be incorrectly considered equivalent during path pruning. Vendor patches available in kernel versions 6.19.12 and 7.0. EPSS score of 0.02% (5th percentile) indicates low probability of mass exploitation, though successful exploitation grants high confidentiality, integrity, and availability impact per CVSS 7.8.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43007 HIGH PATCH This Week

A use-after-free resource management flaw in the Linux kernel's Qualcomm AI accelerator (QAIC) driver allows local authenticated users to cause denial of service and potentially escalate privileges. When a DBC (Device Binding Context) owner process terminates before handling device-initiated deactivation messages, the kernel fails to release DBC resources, causing subsequent activation attempts to hang indefinitely and creating exploitable resource state inconsistencies. The vulnerability affects Linux kernel versions 6.4 through 6.19.12, with vendor patches available across multiple stable branches (6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). EPSS score of 0.02% indicates low observed exploitation probability, and no active exploitation or public POC has been identified.

Information Disclosure Linux Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31776 HIGH PATCH This Week

Out-of-bounds array access in Linux kernel ALSA ctxfi driver allows local authenticated users to achieve arbitrary code execution with high integrity and confidentiality impact. The flaw stems from improper SPDIF1 DAIO type handling in daio_device_index() for hw20k2 hardware, which returns -EINVAL instead of a valid index, leading to buffer overflow conditions (CWE-129). Vendor patches available across multiple stable kernel branches (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). EPSS score of 0.02% (5th percentile) indicates minimal observed exploitation activity; no CISA KEV listing or public POC identified at time of analysis.

Red Hat Suse Buffer Overflow Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31772 HIGH PATCH This Week

Stack buffer overflow in Linux kernel Bluetooth subsystem allows local authenticated attackers to achieve code execution, privilege escalation, or denial of service through malformed ISO socket parameters. The vulnerability occurs when binding an ISO Bluetooth socket with up to 31 BIS entries while the hci_le_big_create_sync() function only allocates stack space for 17 entries, resulting in a 14-byte overflow that corrupts adjacent stack memory. Patches are available across multiple kernel versions (6.12.81, 6.18.22, 6.19.12, 7.0), with EPSS indicating 0.02% exploitation probability and no active exploitation confirmed.

Red Hat Suse Buffer Overflow Linux Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31764 HIGH PATCH This Week

Out-of-bounds array access in the st_lsm6dsx IMU driver allows local authenticated users with low privileges to achieve high-impact code execution, data disclosure, or denial of service. The vulnerability exists in the buffer sampling frequency sysfs handler, which fails to validate sensor type before indexing a 2-entry array with sensor IDs beyond accelerometer and gyroscope. Exploitation requires write access to sysfs attributes for non-standard sensor types in the driver. EPSS exploitation probability is very low (0.02%, 5th percentile), no active exploitation confirmed, and vendor patches are available for Linux 6.19.12 and 7.0.

Red Hat Suse Buffer Overflow Linux
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31745 HIGH PATCH This Week

Double-free memory corruption in the Linux kernel reset-gpio subsystem allows local authenticated users to escalate privileges or crash the system. The vulnerability exists in reset_add_gpio_aux_device() error handling since commit 5fc4e4cf7a22, where auxiliary_device_uninit() triggers a release callback that frees memory, but the error path then calls kfree() on the same pointer. Patches available for kernel versions 6.19.12+ and 7.0+. EPSS score of 0.02% (5th percentile) indicates low probability of widespread exploitation. Not listed in CISA KEV; no public exploit identified at time of analysis.

Red Hat Suse Information Disclosure Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31743 HIGH PATCH This Week

Memory corruption in the Linux kernel zynqmp_nvmem driver allows local authenticated users to achieve privilege escalation through undersized DMA buffer exploitation. The vulnerability stems from incorrect buffer size calculations in dma_alloc_coherent and memcpy operations, enabling heap or memory corruption that can lead to complete system compromise. With a 7.8 CVSS score but only 0.02% EPSS (5th percentile), this represents a high-severity issue affecting specific Xilinx Zynq UltraScale+ deployments rather than a widespread exploitation target. Patches available across multiple stable kernel branches (6.12.81, 6.18.22, 6.19.12, 7.0) with upstream fixes confirmed in git commits.

Red Hat Suse Buffer Overflow Linux Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31731 HIGH PATCH This Week

Use-after-free in Linux kernel thermal subsystem allows local attackers with low privileges to execute arbitrary code, escalate privileges, or crash the system. The vulnerability stems from race conditions between thermal zone removal and power management resume operations, where delayed work items can continue executing after thermal zone objects are freed. EPSS score of 0.02% (5th percentile) suggests low probability of mass exploitation despite high CVSS severity. Vendor patches available across multiple stable kernel branches (6.12.83, 6.18.22, 6.19.12, 7.0) via upstream commits. No active exploitation confirmed in CISA KEV at time of analysis.

Red Hat Suse Information Disclosure Use After Free Memory Corruption +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31730 HIGH PATCH This Week

Double-free memory corruption in the Linux kernel's fastrpc driver allows local attackers with low privileges to achieve high-impact code execution, privilege escalation, or denial of service. The vulnerability occurs when fastrpc_init_create_static_process() fails to nullify a freed heap pointer (cctx->remote_heap) in its error path, enabling fastrpc_rpmsg_remove() to free the same memory twice during device removal. Patches available across kernel versions 6.6.134, 6.12.81, 6.18.22, 6.19.12, and mainline 7.0. EPSS score of 0.02% indicates low observed exploitation probability, with no active exploitation confirmed at time of analysis.

Red Hat Suse Information Disclosure Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31729 HIGH PATCH This Week

Out-of-bounds array access in Linux kernel UCSI (USB Type-C Connector System Software Interface) driver allows local authenticated attackers to achieve arbitrary code execution or system crash. A malicious USB-C device or compromised firmware can send a crafted CCI (Connector Change Indicator) message with an invalid connector number (0-127) that exceeds the allocated connector array bounds (typically 2-4 entries), triggering memory corruption in ucsi_connector_change(). Vendor patches available for kernel 6.12.81, 6.18.22, 6.19.12, and mainline 7.0. EPSS score of 0.02% (5th percentile) indicates very low observed exploitation probability, and no active exploitation or public POC currently identified.

Red Hat Suse Buffer Overflow Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31715 HIGH PATCH This Week

Use-after-free in Linux kernel F2FS filesystem allows local authenticated attackers to trigger kernel panic or potentially achieve code execution. The vulnerability (CWE-416) occurs during concurrent write callback and unmount operations when f2fs_write_end_io() decrements page count before checking node inode validity, leading to NULL pointer dereference. Discovered via xfstests generic/107 and syzbot fuzzing. EPSS exploitation probability is low (0.02%, 4th percentile), no active exploitation confirmed. Vendor patches available across stable kernel branches 6.18.25, 7.0.2, and 7.1-rc1.

Information Disclosure Use After Free Memory Corruption Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31703 HIGH PATCH This Week

Use-after-free condition in Linux kernel writeback subsystem allows local authenticated attackers to potentially execute arbitrary code, escalate privileges, or trigger kernel crashes. The vulnerability affects Linux kernel versions 6.18.x through 7.1-rc1 and arises from improper synchronization between work queue processing and memory deallocation in inode_switch_wbs_work_fn(). Vendor patches are available across stable kernel branches (6.18.25, 7.0.2, 7.1-rc1) with low EPSS score (0.02%) indicating minimal observed exploitation activity, though the CVSS 7.8 score reflects significant impact if successfully exploited by authenticated local users.

Denial Of Service Linux Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31782 HIGH PATCH This Week

Out-of-bounds memory read in Linux kernel's Intel PMU (Performance Monitoring Unit) handling allows local authenticated attackers with low privileges to potentially access sensitive kernel memory, modify data, or cause system crashes. The flaw occurs when perf auto counter reload groups contain software events, triggering an unsafe container_of operation that can dereference memory outside valid bounds. EPSS exploitation probability is very low (0.02%, 4th percentile), and no public exploit or active exploitation has been identified at time of analysis. Patches available for kernel versions 6.18.22, 6.19.12, and 7.0.

Red Hat Suse Information Disclosure Linux Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31769 HIGH PATCH This Week

Use-after-free in Linux kernel GPIB subsystem allows local authenticated attackers with low privileges to execute arbitrary code, escalate privileges, or crash the system. The vulnerability occurs in IBRD, IBWRT, IBCMD, and IBWAIT ioctl handlers when concurrent IBCLOSEDEV calls free descriptors still in use by I/O operations. EPSS probability is very low (0.02%, 4th percentile), indicating minimal observed exploitation activity. Vendor patches available for stable branches 6.18.22, 6.19.12, and mainline 7.0 via commits cae26eff, 28c75dd1, and d1857f82.

Red Hat Suse Authentication Bypass Linux Use After Free +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31742 HIGH PATCH This Week

Memory corruption in the Linux kernel virtual terminal (vt) subsystem allows local authenticated users to trigger kernel crashes and potentially escalate privileges. When a console switches to an alternate screen and then gets resized, the saved Unicode buffer retains stale dimensions. Upon returning to the primary screen, operations like screen clearing (csi_J) access memory out of bounds using current dimensions against the old buffer, causing kernel oops. EPSS exploitation probability is low (0.02%, 4th percentile), no active exploitation confirmed, but vendor patches are available across multiple stable kernel branches (5.x, 6.18.x, 6.19.x).

Red Hat Suse Information Disclosure Linux Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-52347 HIGH This Week

Kernel memory access and privilege escalation in PassMark DirectIo64.sys driver affect BurnInTest 11.0 Build 1011, OSForensics 11.1 Build 1007, and PerformanceTest 11.1 Build 1004. Local authenticated attackers can send crafted IOCTL 0x8011E044 calls to the vulnerable driver to read arbitrary kernel memory and elevate privileges to SYSTEM level. Public exploit code is available in the researcher's GitHub repository. EPSS data not available; no CISA KEV listing indicates no confirmed widespread exploitation, though POC availability lowers the barrier for local attacks.

Privilege Escalation
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-22167 HIGH This Week

Local privilege escalation in Imagination Technologies Graphics DDK allows low-privileged users to corrupt kernel memory and driver data structures through malicious GPU system calls. The vulnerability affects DDK versions 1.18 RTM, 23.2 RTM, 24.1-24.2 RTM, and 25.1-25.3 RTM. Attackers with local access can force the GPU to write to arbitrary physical memory pages, including restricted internal GPU buffers and kernel memory regions, achieving complete system compromise (CVSS 7.8). EPSS data not available; no active exploitation confirmed per CISA SSVC framework (exploitation status: none), but the local attack vector and total technical impact make this critical for systems with untrusted local users.

Buffer Overflow Ddk
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-37525 HIGH This Week

Local privilege escalation in Automotive Grade Linux (AGL) app-framework-binder (afb-daemon) through v19.90.0 allows authenticated users to execute arbitrary registered APIs with nullified credentials. The supervision Do command in src/afb-supervision.c explicitly zeroes request credentials before dispatching attacker-controlled API calls, causing authorization checks to fail open when encountering NULL credential contexts. This enables low-privileged users to bypass access controls and execute privileged operations. EPSS data not available; no public exploit code or active exploitation confirmed at time of analysis.

Privilege Escalation
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-7548 HIGH This Week

Command injection in Totolink NR1800X router firmware 9.1.0u.6279_B20210910 allows authenticated remote attackers to execute arbitrary system commands via the setUssd parameter in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists (POC confirmed via GitHub). EPSS data not provided, but CVSS v4.0 base score of 7.4 with low attack complexity (AC:L) and network attack vector (AV:N) indicates moderate-to-high severity for internet-facing devices with default credentials or weak authentication.

Command Injection
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
1.2%
CVE-2026-31711 HIGH PATCH This Week

Resource exhaustion in Linux kernel ksmbd server allows remote unauthenticated attackers to permanently deny SMB service by consuming connection slots through forced allocation failures. The vulnerability leaks active_num_conn counter values when alloc_transport() fails during TCP connection setup on port 445, permanently consuming slots from the max_connections pool until module reload. Attackers can accelerate exhaustion by holding open connections with large RFC1002 lengths (up to 16MB) to trigger memory pressure. EPSS score of 0.11% suggests low observed exploitation probability, and no public exploit or CISA KEV listing exists. Vendor patches available for kernel versions 6.6.136, 6.12.84, 7.0.2, and 7.1-rc1.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-63548 HIGH This Week

Remote denial of service in Eprosima Micro-XRCE-DDS Agent 3.0.1 allows unauthenticated network attackers to crash the DDS agent by sending malformed packets containing invalid boolean field values. The vulnerability is automatable (per SSVC) with proof-of-concept code publicly available, requiring no privileges or user interaction (CVSS AV:N/AC:L/PR:N/UI:N), making it trivial to exploit against internet-exposed DDS deployments. EPSS data not available but SSVC classifies as automatable with partial technical impact.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-63547 HIGH This Week

Remote denial of service in Eprosima Micro-XRCE-DDS Agent 3.0.1 allows unauthenticated network attackers to crash the agent via malformed packets targeting the MTU length field. The vulnerability is remotely exploitable with no authentication required (CVSS AV:N/AC:L/PR:N/UI:N) and is classified as automatable by SSVC analysis. No active exploitation confirmed at time of analysis, but GitHub issue and researcher documentation provide technical details. EPSS data not available; CVSS 7.5 reflects high availability impact suitable for targeting DDS middleware deployments.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-37554 HIGH POC This Week

Remote unauthenticated denial of service crashes Vanetza V2X v26.02 receivers via malformed GeoNetworking packets containing invalid ECC points. Uncaught OpenSSL exceptions from elliptic curve point validation (invalid compressed points, points not on curve) in the security layer escape through the Router::indicate() call chain, triggering std::terminate and process termination. No public exploit identified at time of analysis, though EPSS risk assessment unavailable. Attack requires only network access to the V2X receiver endpoint with no authentication or user interaction (CVSS AV:N/AC:L/PR:N/UI:N), making this a significant operational risk for deployed V2X infrastructure relying on continuous availability for vehicle safety communications.

OpenSSL Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-37538 HIGH This Week

Remote unauthenticated attackers can crash socketcand 0.4.2 daemon by sending a malformed CAN bus name that triggers a stack-based buffer overflow in the main function's socketcand.c implementation. The CVSS vector indicates network-accessible denial of service with no authentication required. A publicly available proof-of-concept exists (GitHub Gist reference), but CISA KEV status is not confirmed, and EPSS data is unavailable. The low attack complexity (AC:L) and network attack vector (AV:N) make this readily exploitable against exposed instances, though the impact is currently limited to availability (A:H) with no confirmed confidentiality or integrity impacts.

Stack Overflow Denial Of Service Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-37457 HIGH PATCH This Week

Remote denial of service in FRRouting stable/10.0 allows unauthenticated attackers to crash the BGP daemon via malformed FlowSpec NLRI messages. The off-by-one vulnerability in bgp_flowspec_op_decode() enables out-of-bounds writes when parsing crafted BGP FlowSpec components, causing process termination. EPSS exploitation probability data not available, but SSVC marks this as automatable with partial technical impact. No public exploit code identified at time of analysis, and not listed in CISA KEV, suggesting theoretical rather than actively exploited risk.

Denial Of Service Buffer Overflow Memory Corruption N A
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-42485 HIGH This Week

Stack buffer overflow in AGL agl-service-can-low-level's uds-c library enables remote code execution on vulnerable automotive ECUs. The send_diagnostic_request function copies up to 7 bytes into a 6-byte stack buffer without bounds checking, allowing 1-4 bytes of controlled stack corruption. On 32-bit ARM ECUs without stack canaries (common in automotive deployments), attackers can overwrite return addresses to achieve arbitrary code execution. CVSS 7.5 with network attack vector and no authentication required indicates critical exposure, though CVSS impact vector (C:N/I:N/A:H) appears inconsistent with RCE capability described - vendor assessment may undervalue confidentiality/integrity impact of code execution.

Stack Overflow Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-42467 HIGH This Week

Remote denial of service in Open-SAE-J1939 library (commit b6caf884 and prior, November 2025) allows unauthenticated attackers to crash SAE J1939 protocol implementations by sending malformed CAN frames to the J1939 bus. Exploitation is straightforward (CVSS AC:L, SSVC automatable:yes) and requires only network access to the CAN bus. No public exploit code confirmed, but GIST reference suggests proof-of-concept research exists. EPSS data unavailable; not in CISA KEV.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-43057 HIGH PATCH This Week

A denial-of-service vulnerability in the Linux kernel's IPv6 checksum GSO fallback logic allows remote unauthenticated attackers to trigger system instability via specially crafted tunneled IPv6 packets with extension headers. The flaw affects network packet processing when NETIF_F_IPV6_CSUM offload is enabled, causing incorrect handling of tunneled traffic that requires software checksumming. EPSS score is low (0.02%, 7th percentile), indicating minimal observed exploitation activity. Vendor-released patches are available across multiple kernel version branches (6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0), confirmed by upstream Linux kernel commits. No public exploit identified at time of analysis, though CVSS vector indicates straightforward network-based exploitation (AV:N/AC:L/PR:N/UI:N).

Information Disclosure Linux
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-31719 HIGH PATCH This Week

Integrity verification bypass in Linux kernel crypto subsystem's Kerberos 5 encryption module allows remote unauthenticated attackers to bypass cryptographic hash checks when asynchronous decryption completes. The vulnerability stems from incorrect callback chaining that skips krb5enc_dispatch_decrypt_hash() verification entirely during async operations. Exploitation likelihood is low (EPSS 2%, percentile 4%) despite high CVSS severity, though EUVD classifies this as an authentication bypass affecting Linux 6.15+ with patches available for stable branches 6.18.25, 7.0.2, and mainline 7.1-rc1.

Red Hat Suse Authentication Bypass Linux
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-43055 HIGH PATCH This Week

Uninitialized memory in the Linux kernel SCSI target subsystem (target_core_file) causes write operations to fail unpredictably when bogus ki_write_stream values trigger block device validation checks. Affected versions span Linux kernel 6.16 through development branches, with stable patches released for 6.18.22, 6.19.12, and 7.0. While CVSS scores this as 7.5 High with network vector (AV:N), the description indicates a local kernel subsystem issue affecting SCSI target configurations, suggesting a vector/impact mismatch. EPSS probability is very low (0.02%, 4th percentile) with no evidence of active exploitation or public POC, indicating minimal real-world targeting despite the high CVSS score.

Information Disclosure Linux Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-43031 HIGH PATCH This Week

Linux kernel axienet driver can permanently stall network transmit queues due to incorrect Byte Queue Limits (BQL) accounting when scatter-gather TX packets span multiple NAPI polls. When a multi-buffer-descriptor packet completes across different polling cycles, only partial byte counts are credited to BQL, causing the subsystem to incorrectly believe bytes remain in-flight indefinitely and halting transmission. Vendor patches available for stable branches (6.18.22, 6.19.12, 7.0). EPSS exploitation probability is 2% (4th percentile), no active exploitation confirmed, indicating low real-world targeting despite the 7.5 CVSS score.

Information Disclosure Linux Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-43029 HIGH PATCH This Week

Denial of service via soft lockup in Linux kernel MPTCP (Multipath TCP) receive function allows remote unauthenticated attackers to lock up a CPU core indefinitely when applications use MSG_PEEK with MSG_WAITALL flags. The vulnerability stems from improper handling of peeked socket buffers that remain in the receive queue, causing sk_wait_data() to never actually wait and spinning in an infinite loop. EPSS score is low (0.02%, 4th percentile) indicating minimal observed exploitation probability. Vendor patches available for kernel versions 6.18.x and 6.19.x series.

Information Disclosure Linux Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-42402 HIGH PATCH GHSA This Week

Algorithmic complexity denial of service in Apache Neethi allows remote unauthenticated attackers to exhaust JVM heap memory via malicious WS-Policy documents. Specially crafted policy documents trigger exponential Cartesian cross-product expansion during normalization, generating unbounded policy alternatives that consume all available memory. Apache has released version 3.2.2 with normalization limits to prevent exploitation. EPSS data not available; no CISA KEV listing identified at time of analysis.

Denial Of Service Apache Red Hat
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-42403 HIGH PATCH GHSA This Week

Denial of Service in Apache Neethi WS-Policy processor allows remote unauthenticated attackers to crash applications or cause resource exhaustion by sending crafted policy documents with circular references. The vulnerability (CVSS 7.5) triggers infinite loops or stack overflow during policy normalization when Policy A references Policy B which references Policy A. Apache released version 3.2.2 to address this flaw. With network vector, low complexity, and no authentication required (AV:N/AC:L/PR:N), this represents a readily exploitable attack surface for applications parsing untrusted WS-Policy documents, though no public exploit or active exploitation (KEV) has been identified at time of analysis.

Denial Of Service Apache Red Hat
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-37530 HIGH This Week

Stack buffer overflow in AGL agl-service-can-low-level through version 17.1.12 enables remote code execution on automotive ECUs. The vulnerability exists in the uds-c library's send_diagnostic_request function, where a miscalculation between buffer size (6 bytes) and copy length (7 bytes) allows 1-4 bytes of controlled stack overflow. On 32-bit ARM automotive systems without stack protection, attackers can overwrite return addresses to achieve arbitrary code execution. CVSS 7.5 High severity with network attack vector and no authentication required, though CVSS impact ratings (C:N/I:N/A:H) appear inconsistent with the RCE capability described. No public exploit identified at time of analysis, EPSS data unavailable.

Stack Overflow Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-43003 HIGH PATCH GHSA This Week

Arbitrary code execution in OpenStack ironic-python-agent (IPA) versions 1.0.0 through 11.5.0 occurs because IPA runs grub-install from inside a chroot of the partition image it is deploying, so binaries supplied by a malicious image execute on the provisioning ramdisk. An attacker able to have a crafted partition image deployed can run code in the IPA context (typically root on the bare-metal node being provisioned). No public exploit identified at time of analysis; EPSS is negligible (0.01%) and CISA SSVC records exploitation status as none, but the technical impact is rated total.

Python RCE Ironic Python Agent
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-42478 HIGH This Week

Denial of service in Open CASCADE Technology (OCCT) V8_0_0_rc5 occurs when a crafted VRML V2.0 file triggers null pointer dereference during shape construction in the VrmlData_IndexedFaceSet::TShape parser. Remote unauthenticated attackers can crash applications using libTKDEVRML.so by delivering malformed VRML files, requiring no user interaction (CVSS AV:N/AC:L/PR:N/UI:N). EPSS score not available; no public exploit identified at time of analysis. Affects 3D CAD/visualization applications integrating OCCT for VRML import.

Null Pointer Dereference Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-7513 HIGH This Week

Buffer overflow in UTT HiPER 1200GW routers (versions up to 2.5.3-170306) allows authenticated remote attackers to execute arbitrary code or cause denial of service through the strcpy function in the /goform/formRemoteControl endpoint. Public exploit code exists (CVSS 7.4, E:P modifier). EPSS data not available, but low-privilege authenticated requirement and IoT router context suggest targeted attacks against exposed management interfaces rather than mass exploitation.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-7512 HIGH This Week

Buffer overflow in UTT HiPER 1200GW router (versions up to 2.5.3-1703) allows authenticated remote attackers to execute arbitrary code with elevated privileges via crafted input to the strcpy function in the /goform/formUser endpoint. Public exploit code exists on GitHub, significantly lowering the barrier to exploitation. While requiring low-privilege authentication (CVSS PR:L), the vulnerability enables full system compromise (VC:H/VI:H/VA:H) and has been assigned an E:P (Proof-of-concept) exploit maturity rating, indicating working demonstration code is available.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-43025 HIGH PATCH This Week

A buffer overflow in the Linux kernel netfilter ctnetlink subsystem allows authenticated local attackers to read arbitrary kernel memory. The vulnerability arises when userspace provides a helper name for a new expectation that differs from the master conntrack helper, causing the kernel to read 4 bytes beyond the expectation boundary. Vendor-released patches are available across multiple stable kernel branches (6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). Despite a CVSS base score of 7.3, the EPSS score is exceptionally low (0.02%, 7th percentile), indicating minimal observed exploitation attempts, and the vulnerability is not listed in CISA KEV, suggesting no confirmed active exploitation.

Buffer Overflow Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-43040 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak When processing Router Advertisements with user options the kernel builds an RTM_NEWNDUSEROPT netlink message. The nduseroptmsg struct has three padding fields that are never zeroed and can leak kernel data The fix is simple, just zeroes the padding fields.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-43028 HIGH PATCH This Week

Local privilege escalation and information disclosure in Linux kernel netfilter x_tables subsystem allows authenticated local users to leak memory contents or crash the system due to improper null-termination validation of string names passed to c-string functions. CVSS 7.1 (High/Confidentiality, High/Availability impact) but low real-world priority: EPSS 0.02% (7th percentile) indicates minimal observed exploitation likelihood. Patches available across multiple stable kernel branches (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). No active exploitation confirmed, no POC identified, requires local authenticated access with low privileges.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy