Monthly
Remote denial-of-service in 9front (a fork of Plan 9 from Bell Labs) allows unauthenticated network attackers to trigger a kernel panic by sending malformed TCP, IL, RUDP, or GRE packets whose total length is shorter than the protocol header size. The flaw affects 9front Plan 9 4e prior to commit 70c97c334171c715df82774d1a47638abaca2db4 and carries a CVSS 4.0 score of 9.2 driven by high availability impact and automatable exploitation; no public exploit identified at time of analysis.
Django 6.0 before 6.0.5 and 5.2 before 5.2.14 allow remote attackers to bypass the FILE_UPLOAD_MAX_MEMORY_SIZE limit by submitting ASGI requests with missing or understated Content-Length headers, potentially loading large files into memory and causing denial of service through resource exhaustion. No active exploitation confirmed, but the vulnerability requires only network access and no authentication, making it trivially exploitable once the bypass is understood.
Heap buffer overflow in GnuTLS DTLS handshake allows remote unauthenticated attackers to crash applications or corrupt memory. The vulnerability stems from inconsistent fragment validation in merge_handshake_packet(), where attackers can send crafted DTLS fragments with conflicting message_length values to trigger out-of-bounds writes. Red Hat reported this affecting RHEL 6-10 and OpenShift Container Platform 4. CVSS 7.5 (High) reflects network-accessible denial of service, though memory corruption may enable further exploitation. No EPSS data, KEV status, or POC availability reported at time of analysis, but the remote unauthenticated attack vector (AV:N/PR:N) and low complexity (AC:L) make this a priority for systems using DTLS.
Buffer overflow in Moxa Secure Router's HTTPS management interface allows unauthenticated remote attackers to crash the web service via specially crafted requests with malformed length parameters. Exploitation causes denial-of-service requiring device reboot, with no confidentiality or integrity impact. CVSS 8.7 reflects high availability impact to the vulnerable component only. No public exploit code identified at time of analysis, and no evidence of active exploitation (not in CISA KEV).
Remote denial of service in Linux kernel rxrpc subsystem allows unauthenticated network attackers to trigger kernel crash via malformed rxgk RESPONSE packets. An inverted length check in rxgk_verify_response() accepts oversized authenticators, causing skb_to_sgvec() to hit BUG_ON() and panic the kernel. EPSS exploitation probability is very low (0.02%, 4th percentile), no active exploitation confirmed, and patches are available across stable kernel branches 6.18.23, 6.19.13, and 7.0.
Heap over-read in Open Virtual Network (OVN) DHCPv6 client ID processing allows remote unauthenticated attackers to extract sensitive memory contents across network boundaries. The vulnerability affects OVN's DHCPv6 implementation and carries a CVSS score of 8.6 with scope change, enabling cross-tenant information disclosure in multi-tenant virtualized environments. Public advisory released via oss-security mailing list on 2026-04-20, though no confirmed active exploitation or public POC identified at time of analysis.
Heap over-read in OVN's ICMP error response generation allows remote attackers to leak sensitive memory contents, causing information disclosure and potential denial of service. The vulnerability affects OVN versions prior to the 2026 security update, exploitable over the network without authentication or user interaction via crafted ICMP packets. No public exploit code has been identified, but the attack vector is network-accessible with high complexity requirements.
Use-after-free in rsync 3.0.1 through 3.4.1 allows authenticated remote attackers to compromise confidentiality, integrity, and availability when the victim runs rsync with extended attribute support (-X/--xattrs) enabled. The vulnerability stems from qsort operations on untrusted length values during extended attribute processing, with Linux systems in common configurations being widely vulnerable, and non-Linux platforms facing even broader exposure. EPSS probability is negligible (0.01%, 3rd percentile) with no confirmed active exploitation (SSVC: none) and publicly available exploit code not identified, suggesting this is a patch-now-but-not-emergency priority despite the 7.4 CVSS score.
HAProxy versions 2.6 through 3.3.5 fail to validate that received HTTP/3 message body lengths match the announced Content-Length header when streams close via empty-payload frames, enabling request smuggling and backend desynchronization attacks. An unauthenticated remote attacker can exploit this via network-level HTTP/3 traffic to cause integrity violations (integrity impact rated low by CVSS), though practical exploitation requires high attack complexity. No public exploit code or active CISA KEV designation has been confirmed; the moderate CVSS 4.0 and high attack complexity suggest this is a specialized HTTP/3 protocol abuse requiring precise crafting.
Net::CIDR::Lite before version 0.23 for Perl incorrectly handles RFC 4291 IPv4-mapped IPv6 addresses (::ffff:x.x.x.x) by including an extra sentinel byte during packing, resulting in 18-byte instead of 17-byte representations. This misalignment causes the find() and bin_find() functions to return incorrect matching results during IP address lookup operations, enabling attackers to bypass IP-based access control lists by crafting addresses that fall outside intended CIDR ranges. No active exploitation has been identified, but the low EPSS score (0.02%) masks the authentication bypass tag, suggesting limited real-world triggering conditions despite the 6.5 CVSS score.
Remote denial-of-service in 9front (a fork of Plan 9 from Bell Labs) allows unauthenticated network attackers to trigger a kernel panic by sending malformed TCP, IL, RUDP, or GRE packets whose total length is shorter than the protocol header size. The flaw affects 9front Plan 9 4e prior to commit 70c97c334171c715df82774d1a47638abaca2db4 and carries a CVSS 4.0 score of 9.2 driven by high availability impact and automatable exploitation; no public exploit identified at time of analysis.
Django 6.0 before 6.0.5 and 5.2 before 5.2.14 allow remote attackers to bypass the FILE_UPLOAD_MAX_MEMORY_SIZE limit by submitting ASGI requests with missing or understated Content-Length headers, potentially loading large files into memory and causing denial of service through resource exhaustion. No active exploitation confirmed, but the vulnerability requires only network access and no authentication, making it trivially exploitable once the bypass is understood.
Heap buffer overflow in GnuTLS DTLS handshake allows remote unauthenticated attackers to crash applications or corrupt memory. The vulnerability stems from inconsistent fragment validation in merge_handshake_packet(), where attackers can send crafted DTLS fragments with conflicting message_length values to trigger out-of-bounds writes. Red Hat reported this affecting RHEL 6-10 and OpenShift Container Platform 4. CVSS 7.5 (High) reflects network-accessible denial of service, though memory corruption may enable further exploitation. No EPSS data, KEV status, or POC availability reported at time of analysis, but the remote unauthenticated attack vector (AV:N/PR:N) and low complexity (AC:L) make this a priority for systems using DTLS.
Buffer overflow in Moxa Secure Router's HTTPS management interface allows unauthenticated remote attackers to crash the web service via specially crafted requests with malformed length parameters. Exploitation causes denial-of-service requiring device reboot, with no confidentiality or integrity impact. CVSS 8.7 reflects high availability impact to the vulnerable component only. No public exploit code identified at time of analysis, and no evidence of active exploitation (not in CISA KEV).
Remote denial of service in Linux kernel rxrpc subsystem allows unauthenticated network attackers to trigger kernel crash via malformed rxgk RESPONSE packets. An inverted length check in rxgk_verify_response() accepts oversized authenticators, causing skb_to_sgvec() to hit BUG_ON() and panic the kernel. EPSS exploitation probability is very low (0.02%, 4th percentile), no active exploitation confirmed, and patches are available across stable kernel branches 6.18.23, 6.19.13, and 7.0.
Heap over-read in Open Virtual Network (OVN) DHCPv6 client ID processing allows remote unauthenticated attackers to extract sensitive memory contents across network boundaries. The vulnerability affects OVN's DHCPv6 implementation and carries a CVSS score of 8.6 with scope change, enabling cross-tenant information disclosure in multi-tenant virtualized environments. Public advisory released via oss-security mailing list on 2026-04-20, though no confirmed active exploitation or public POC identified at time of analysis.
Heap over-read in OVN's ICMP error response generation allows remote attackers to leak sensitive memory contents, causing information disclosure and potential denial of service. The vulnerability affects OVN versions prior to the 2026 security update, exploitable over the network without authentication or user interaction via crafted ICMP packets. No public exploit code has been identified, but the attack vector is network-accessible with high complexity requirements.
Use-after-free in rsync 3.0.1 through 3.4.1 allows authenticated remote attackers to compromise confidentiality, integrity, and availability when the victim runs rsync with extended attribute support (-X/--xattrs) enabled. The vulnerability stems from qsort operations on untrusted length values during extended attribute processing, with Linux systems in common configurations being widely vulnerable, and non-Linux platforms facing even broader exposure. EPSS probability is negligible (0.01%, 3rd percentile) with no confirmed active exploitation (SSVC: none) and publicly available exploit code not identified, suggesting this is a patch-now-but-not-emergency priority despite the 7.4 CVSS score.
HAProxy versions 2.6 through 3.3.5 fail to validate that received HTTP/3 message body lengths match the announced Content-Length header when streams close via empty-payload frames, enabling request smuggling and backend desynchronization attacks. An unauthenticated remote attacker can exploit this via network-level HTTP/3 traffic to cause integrity violations (integrity impact rated low by CVSS), though practical exploitation requires high attack complexity. No public exploit code or active CISA KEV designation has been confirmed; the moderate CVSS 4.0 and high attack complexity suggest this is a specialized HTTP/3 protocol abuse requiring precise crafting.
Net::CIDR::Lite before version 0.23 for Perl incorrectly handles RFC 4291 IPv4-mapped IPv6 addresses (::ffff:x.x.x.x) by including an extra sentinel byte during packing, resulting in 18-byte instead of 17-byte representations. This misalignment causes the find() and bin_find() functions to return incorrect matching results during IP address lookup operations, enabling attackers to bypass IP-based access control lists by crafting addresses that fall outside intended CIDR ranges. No active exploitation has been identified, but the low EPSS score (0.02%) masks the authentication bypass tag, suggesting limited real-world triggering conditions despite the 6.5 CVSS score.