Monthly
Stack-based buffer overflow in musl libc 0.7.10 through 1.2.6 allows local attackers with high complexity requirements to corrupt memory during qsort operations on exceptionally large arrays (exceeding ~7 million elements on 32-bit systems, corresponding to the 32nd Leonardo number). Exploitation requires sorting arrays approaching billion-element scale on 64-bit platforms. Vulnerability stems from incorrect double-word primitive implementation in smoothsort algorithm. Successful exploitation enables arbitrary code execution with scope change, impacting confidentiality, integrity, and availability. No public exploit identified at time of analysis.
Wasmtime's Winch compiler (versions 25.0.0 through 36.0.6, 42.0.0-42.0.1, and 43.0.0) contains a table indexing vulnerability in the table.fill instruction that causes host panic when compiled by Winch on any architecture. A valid WebAssembly guest can trigger this denial-of-service condition due to incorrect table reference indexing left behind after a historical refactoring. EPSS score of 5.9 reflects medium exploitability, and the vulnerability is patched in Wasmtime 36.0.7, 42.0.2, and 43.0.1.
OpenSSH before 10.3 incorrectly interprets ECDSA algorithm specifications in PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms configuration options, allowing authenticated users to authenticate using unintended ECDSA variants. The vulnerability requires authenticated network access and high attack complexity, resulting in a low CVSS score of 3.1 with integrity impact but no confidentiality or availability loss. No public exploit code or active exploitation has been documented.
OpenSSH before version 10.3 mishandles the authorized_keys principals option when a principals list is combined with a Certificate Authority that uses certain comma character patterns, allowing authenticated local or remote users to disclose sensitive authorization information or manipulate authentication decisions. This vulnerability affects all OpenSSH versions prior to 10.3p1 and requires authenticated access (PR:L) with non-trivial attack complexity (AC:H), resulting in partial confidentiality and integrity impact. No public exploit code or active exploitation has been identified at time of analysis.
Denial of service in Apache Traffic Server 9.0.0-9.2.12 and 10.0.0-10.1.1 caused by improper handling of POST requests that triggers a server crash under specific conditions. The vulnerability affects all instances of the affected versions and requires no authentication or special privileges to exploit. Vendor-released patches are available in versions 9.2.13 and 10.1.2.
CVE-2026-33011 is a security vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation. Vendor patch is available.
PX4 Autopilot prior to version 1.17.0-rc2 contains a boolean logic error in MAVLink FTP session validation that uses AND (&&) instead of OR (||) operators, allowing attackers to bypass session isolation checks and execute file operations on invalid or closed file descriptors. An unauthenticated attacker on the adjacent network can exploit this vulnerability to destabilize the FTP subsystem, trigger denial-of-service conditions through invalid file descriptor operations, and potentially compromise the integrity of drone flight control systems. While the CVSS score of 4.3 indicates low to moderate severity with availability impact, the safety-critical nature of autopilot systems and the unauthenticated attack vector warrant immediate attention.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP is affected by always-incorrect control flow implementation.
Function name collision in Rs Soroban SDK versions prior to 22.0.10, 23.5.2, and 25.1.1 causes the #[contractimpl] macro to invoke incorrect functions when both trait and inherent implementations share identical function names, allowing attackers to exploit logic flaws through public exploit code. Smart contract developers using affected versions risk silent execution of unintended code paths that could compromise contract integrity and security guarantees. Patches are available for all vulnerable versions.
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.
Stack-based buffer overflow in musl libc 0.7.10 through 1.2.6 allows local attackers with high complexity requirements to corrupt memory during qsort operations on exceptionally large arrays (exceeding ~7 million elements on 32-bit systems, corresponding to the 32nd Leonardo number). Exploitation requires sorting arrays approaching billion-element scale on 64-bit platforms. Vulnerability stems from incorrect double-word primitive implementation in smoothsort algorithm. Successful exploitation enables arbitrary code execution with scope change, impacting confidentiality, integrity, and availability. No public exploit identified at time of analysis.
Wasmtime's Winch compiler (versions 25.0.0 through 36.0.6, 42.0.0-42.0.1, and 43.0.0) contains a table indexing vulnerability in the table.fill instruction that causes host panic when compiled by Winch on any architecture. A valid WebAssembly guest can trigger this denial-of-service condition due to incorrect table reference indexing left behind after a historical refactoring. EPSS score of 5.9 reflects medium exploitability, and the vulnerability is patched in Wasmtime 36.0.7, 42.0.2, and 43.0.1.
OpenSSH before 10.3 incorrectly interprets ECDSA algorithm specifications in PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms configuration options, allowing authenticated users to authenticate using unintended ECDSA variants. The vulnerability requires authenticated network access and high attack complexity, resulting in a low CVSS score of 3.1 with integrity impact but no confidentiality or availability loss. No public exploit code or active exploitation has been documented.
OpenSSH before version 10.3 mishandles the authorized_keys principals option when a principals list is combined with a Certificate Authority that uses certain comma character patterns, allowing authenticated local or remote users to disclose sensitive authorization information or manipulate authentication decisions. This vulnerability affects all OpenSSH versions prior to 10.3p1 and requires authenticated access (PR:L) with non-trivial attack complexity (AC:H), resulting in partial confidentiality and integrity impact. No public exploit code or active exploitation has been identified at time of analysis.
Denial of service in Apache Traffic Server 9.0.0-9.2.12 and 10.0.0-10.1.1 caused by improper handling of POST requests that triggers a server crash under specific conditions. The vulnerability affects all instances of the affected versions and requires no authentication or special privileges to exploit. Vendor-released patches are available in versions 9.2.13 and 10.1.2.
CVE-2026-33011 is a security vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation. Vendor patch is available.
PX4 Autopilot prior to version 1.17.0-rc2 contains a boolean logic error in MAVLink FTP session validation that uses AND (&&) instead of OR (||) operators, allowing attackers to bypass session isolation checks and execute file operations on invalid or closed file descriptors. An unauthenticated attacker on the adjacent network can exploit this vulnerability to destabilize the FTP subsystem, trigger denial-of-service conditions through invalid file descriptor operations, and potentially compromise the integrity of drone flight control systems. While the CVSS score of 4.3 indicates low to moderate severity with availability impact, the safety-critical nature of autopilot systems and the unauthenticated attack vector warrant immediate attention.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP is affected by always-incorrect control flow implementation.
Function name collision in Rs Soroban SDK versions prior to 22.0.10, 23.5.2, and 25.1.1 causes the #[contractimpl] macro to invoke incorrect functions when both trait and inherent implementations share identical function names, allowing attackers to exploit logic flaws through public exploit code. Smart contract developers using affected versions risk silent execution of unintended code paths that could compromise contract integrity and security guarantees. Patches are available for all vulnerable versions.
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.