Monthly
Local privilege escalation / memory corruption in the Linux kernel's netfilter NAT subsystem (introduced in v5.14) arises because nf_nat_register_fn() freed nf_hook_ops structures immediately rather than deferring the release via RCU. Because the v5.14-era nfnetlink_hook feature lets userspace dump active netfilter hooks by peeking into the ops blob, a concurrent dump racing the NAT (un)register error path can access ops memory after it is freed. No public exploit has been identified at time of analysis and EPSS is low (0.17%), but the high-impact CVSS vector reflects a use-after-free class flaw in a core kernel subsystem.
Memory corruption in the Linux kernel's TIPC (Transparent Inter-Process Communication) protocol stack allows remote attackers to trigger a double-free in tipc_buf_append() during message reassembly, where tipc_msg_validate() may reallocate and free the working skb while the error path frees a now-stale pointer. Affected systems are those running a vulnerable kernel (introduced around 4.15-era code, present across 5.10-7.0 branches) with the TIPC subsystem in use; successful exploitation can crash the kernel and, depending on heap conditions, potentially lead to privilege escalation. There is no public exploit identified at time of analysis, EPSS risk is low (0.18%, 7th percentile), and it is not listed in CISA KEV.
Denial of service in the Cpanel::JSON::XS Perl module before version 4.41 allows remote attackers to crash any caller that decodes a UTF-8 BOM prefixed JSON document with a throwing filter callback. The flaw arises from a missed pointer restoration when decode_json aborts via a Perl exception, leaving the input scalar with a corrupted SvPVX pointer that fatally aborts the interpreter on later free. No public exploit identified at time of analysis, and EPSS is very low (0.02%), but CISA SSVC marks the issue as automatable with partial technical impact.
Denial-of-service via invalid pointer dereference in Samsung Open Source Escargot JavaScript engine affects the specific commit 590345cc6258317c5da850d846ce6baaf2afc2d3, allowing a locally-present attacker to crash the runtime through crafted JavaScript. The root cause (CWE-763) involves unconditional dereference of a potentially invalid or null error pointer in the resultOrErrorToString path, triggerable via nested eval/throw/finally patterns that induce GC allocation during exception handling. No public exploit code exists and no CISA KEV listing is present at time of analysis.
Buffer overflow in Hitachi JP1/IT Desktop Management suite and Job Management Partner 1 software on Windows allows local authenticated users to cause denial of service by triggering memory corruption in affected manager and client components. The vulnerability spans multiple product lines and versions, with CVSS 5.5 indicating moderate local attack surface; active exploitation status not confirmed.
ImageMagick versions prior to 7.1.2-13 fail to properly initialize buffer elements in the BilateralBlurImage method, leading to invalid pointer dereference and potential denial of service when memory allocation fails. An attacker can exploit this through network vectors to crash affected applications or trigger undefined behavior with high complexity requirements. A patch is available in version 7.1.2-13 and later.
Canon printers contain an invalid free vulnerability in CPCA file deletion processing that allows network-based attackers to execute arbitrary code or crash the device.
Release of Invalid Pointer or Reference vulnerability was discovered in fs/inode/fs_inoderemove code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger (that is disabled by default), NULL pointer dereference (handled differently depending on the target architecture), or in general, a Denial of Service. [CVSS 6.5 MEDIUM]
A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service (DoS) condition in the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. This vulnerability affects Fireware OS 12.6.1 up to and including 12.11.4 and 2025.1 up to and including 2025.1.2.
An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Local privilege escalation / memory corruption in the Linux kernel's netfilter NAT subsystem (introduced in v5.14) arises because nf_nat_register_fn() freed nf_hook_ops structures immediately rather than deferring the release via RCU. Because the v5.14-era nfnetlink_hook feature lets userspace dump active netfilter hooks by peeking into the ops blob, a concurrent dump racing the NAT (un)register error path can access ops memory after it is freed. No public exploit has been identified at time of analysis and EPSS is low (0.17%), but the high-impact CVSS vector reflects a use-after-free class flaw in a core kernel subsystem.
Memory corruption in the Linux kernel's TIPC (Transparent Inter-Process Communication) protocol stack allows remote attackers to trigger a double-free in tipc_buf_append() during message reassembly, where tipc_msg_validate() may reallocate and free the working skb while the error path frees a now-stale pointer. Affected systems are those running a vulnerable kernel (introduced around 4.15-era code, present across 5.10-7.0 branches) with the TIPC subsystem in use; successful exploitation can crash the kernel and, depending on heap conditions, potentially lead to privilege escalation. There is no public exploit identified at time of analysis, EPSS risk is low (0.18%, 7th percentile), and it is not listed in CISA KEV.
Denial of service in the Cpanel::JSON::XS Perl module before version 4.41 allows remote attackers to crash any caller that decodes a UTF-8 BOM prefixed JSON document with a throwing filter callback. The flaw arises from a missed pointer restoration when decode_json aborts via a Perl exception, leaving the input scalar with a corrupted SvPVX pointer that fatally aborts the interpreter on later free. No public exploit identified at time of analysis, and EPSS is very low (0.02%), but CISA SSVC marks the issue as automatable with partial technical impact.
Denial-of-service via invalid pointer dereference in Samsung Open Source Escargot JavaScript engine affects the specific commit 590345cc6258317c5da850d846ce6baaf2afc2d3, allowing a locally-present attacker to crash the runtime through crafted JavaScript. The root cause (CWE-763) involves unconditional dereference of a potentially invalid or null error pointer in the resultOrErrorToString path, triggerable via nested eval/throw/finally patterns that induce GC allocation during exception handling. No public exploit code exists and no CISA KEV listing is present at time of analysis.
Buffer overflow in Hitachi JP1/IT Desktop Management suite and Job Management Partner 1 software on Windows allows local authenticated users to cause denial of service by triggering memory corruption in affected manager and client components. The vulnerability spans multiple product lines and versions, with CVSS 5.5 indicating moderate local attack surface; active exploitation status not confirmed.
ImageMagick versions prior to 7.1.2-13 fail to properly initialize buffer elements in the BilateralBlurImage method, leading to invalid pointer dereference and potential denial of service when memory allocation fails. An attacker can exploit this through network vectors to crash affected applications or trigger undefined behavior with high complexity requirements. A patch is available in version 7.1.2-13 and later.
Canon printers contain an invalid free vulnerability in CPCA file deletion processing that allows network-based attackers to execute arbitrary code or crash the device.
Release of Invalid Pointer or Reference vulnerability was discovered in fs/inode/fs_inoderemove code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger (that is disabled by default), NULL pointer dereference (handled differently depending on the target architecture), or in general, a Denial of Service. [CVSS 6.5 MEDIUM]
A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service (DoS) condition in the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. This vulnerability affects Fireware OS 12.6.1 up to and including 12.11.4 and 2025.1 up to and including 2025.1.2.
An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.