Monthly
Out-of-bounds write in Imagination Technologies' Graphics DDK GPU shader compiler lets a crafted web page containing unusual or edge-case shader code (e.g. WebGL/compute shaders using a very small value) corrupt memory and crash the GPU compiler process. On platforms where that compiler process runs with system privileges, the memory corruption could be chained toward privilege escalation or further device exploitation. No public exploit identified at time of analysis and the issue is not listed in CISA KEV; impact is integrity and availability (CVSS 7.7, CWE-823).
Firewall bypass in the Linux kernel's netfilter nft_inner module (versions 6.2 and later) allows remote attackers to forge transport headers in tunneled IPv6 packets due to a desynchronization between the computed inner transport header offset and the parsed L4 protocol. The flaw enables crafted IPv6 packets carrying extension headers to evade nftables inner-payload matching rules, with no public exploit identified at time of analysis and an EPSS score of 0.02% indicating negligible observed exploitation activity.
Arbitrary firmware memory writes in Imagination Technologies Graphics DDK affect multiple DDK versions across Guest/Host VM deployments. A logic error in GPU driver address translation permits kernel-level software within a VM to issue malformed commands to GPU firmware, causing writes to memory regions outside the intended GPU memory boundary. The Chrome OS stable channel advisory reference confirms real-world platform-level impact, and a vendor patch is available. No public exploit has been identified at time of analysis, and this vulnerability is not listed in CISA KEV.
Heap-based buffer overflow in MediaArea MediaInfoLib's LXF (Leitch eXchange Format) element parser allows attackers to achieve arbitrary code execution when a victim opens a maliciously crafted LXF media file. The flaw, disclosed by Cisco Talos as TALOS-2026-2371 and assigned CWE-823, requires user interaction and local file access but no privileges, and at the time of analysis there is no public exploit identified and the issue is not listed in CISA KEV.
Buffer overwrite vulnerability in uuid JavaScript library versions prior to 14.0.0 enables remote attackers to corrupt memory and potentially disclose sensitive information through out-of-range writes when applications use v3, v5, or v6 UUID generation functions with caller-provided output buffers. The library fails to validate buffer boundaries, allowing partial writes beyond allocated memory regions. Vendor patch available in version 14.0.0 per GitHub security advisory GHSA-w5hq-g745-h8pq. No confirmed active exploitation (not in CISA KEV), and CVSS 4.0 Environmental Score suggests exploitation status is unproven (E:U).
NVIDIA SNAP-4 Container contains a use-of-out-of-range pointer offset vulnerability in the VIRTIO-BLK component that allows a malicious guest VM to trigger memory corruption and denial of service. The vulnerability affects NVIDIA SNAP-4 Container across all versions as indicated by the CPE string. A successful exploit results in denial of service to the DPA (Data Processing Appliance) and impacts storage availability to other VMs, though no code execution or information disclosure is possible. There is no evidence of active exploitation in the wild (KEV status indicates none), and the CVSS score of 6.8 reflects moderate severity with high availability impact but limited exploitability due to requiring adjacent network access and user privileges.
GPU shader compiler memory corruption via malicious shader code allows remote code execution when the compiler runs with elevated privileges, affecting multiple platforms through crafted switch statements that trigger out-of-bounds writes. An attacker can exploit this vulnerability by delivering specially-crafted GPU shader code through a web page, potentially gaining system-level control on vulnerable devices. No patch is currently available for this critical vulnerability.
Device denial of service in Cisco Secure Firewall ASA and Secure FTD Software occurs when an unauthenticated adjacent attacker sends specially crafted OSPF packets to trigger out-of-bounds memory writes during packet canonicalization processing. An attacker can exploit this by sending malicious OSPF LSU packets when debug logging is enabled, forcing the affected device to reload and become unavailable. No patch is currently available for this medium-severity vulnerability.
A use of out-of-range pointer offset vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read sensitive portions of memory. [CVSS 6.5 MEDIUM]
VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys).
Out-of-bounds write in Imagination Technologies' Graphics DDK GPU shader compiler lets a crafted web page containing unusual or edge-case shader code (e.g. WebGL/compute shaders using a very small value) corrupt memory and crash the GPU compiler process. On platforms where that compiler process runs with system privileges, the memory corruption could be chained toward privilege escalation or further device exploitation. No public exploit identified at time of analysis and the issue is not listed in CISA KEV; impact is integrity and availability (CVSS 7.7, CWE-823).
Firewall bypass in the Linux kernel's netfilter nft_inner module (versions 6.2 and later) allows remote attackers to forge transport headers in tunneled IPv6 packets due to a desynchronization between the computed inner transport header offset and the parsed L4 protocol. The flaw enables crafted IPv6 packets carrying extension headers to evade nftables inner-payload matching rules, with no public exploit identified at time of analysis and an EPSS score of 0.02% indicating negligible observed exploitation activity.
Arbitrary firmware memory writes in Imagination Technologies Graphics DDK affect multiple DDK versions across Guest/Host VM deployments. A logic error in GPU driver address translation permits kernel-level software within a VM to issue malformed commands to GPU firmware, causing writes to memory regions outside the intended GPU memory boundary. The Chrome OS stable channel advisory reference confirms real-world platform-level impact, and a vendor patch is available. No public exploit has been identified at time of analysis, and this vulnerability is not listed in CISA KEV.
Heap-based buffer overflow in MediaArea MediaInfoLib's LXF (Leitch eXchange Format) element parser allows attackers to achieve arbitrary code execution when a victim opens a maliciously crafted LXF media file. The flaw, disclosed by Cisco Talos as TALOS-2026-2371 and assigned CWE-823, requires user interaction and local file access but no privileges, and at the time of analysis there is no public exploit identified and the issue is not listed in CISA KEV.
Buffer overwrite vulnerability in uuid JavaScript library versions prior to 14.0.0 enables remote attackers to corrupt memory and potentially disclose sensitive information through out-of-range writes when applications use v3, v5, or v6 UUID generation functions with caller-provided output buffers. The library fails to validate buffer boundaries, allowing partial writes beyond allocated memory regions. Vendor patch available in version 14.0.0 per GitHub security advisory GHSA-w5hq-g745-h8pq. No confirmed active exploitation (not in CISA KEV), and CVSS 4.0 Environmental Score suggests exploitation status is unproven (E:U).
NVIDIA SNAP-4 Container contains a use-of-out-of-range pointer offset vulnerability in the VIRTIO-BLK component that allows a malicious guest VM to trigger memory corruption and denial of service. The vulnerability affects NVIDIA SNAP-4 Container across all versions as indicated by the CPE string. A successful exploit results in denial of service to the DPA (Data Processing Appliance) and impacts storage availability to other VMs, though no code execution or information disclosure is possible. There is no evidence of active exploitation in the wild (KEV status indicates none), and the CVSS score of 6.8 reflects moderate severity with high availability impact but limited exploitability due to requiring adjacent network access and user privileges.
GPU shader compiler memory corruption via malicious shader code allows remote code execution when the compiler runs with elevated privileges, affecting multiple platforms through crafted switch statements that trigger out-of-bounds writes. An attacker can exploit this vulnerability by delivering specially-crafted GPU shader code through a web page, potentially gaining system-level control on vulnerable devices. No patch is currently available for this critical vulnerability.
Device denial of service in Cisco Secure Firewall ASA and Secure FTD Software occurs when an unauthenticated adjacent attacker sends specially crafted OSPF packets to trigger out-of-bounds memory writes during packet canonicalization processing. An attacker can exploit this by sending malicious OSPF LSU packets when debug logging is enabled, forcing the affected device to reload and become unavailable. No patch is currently available for this medium-severity vulnerability.
A use of out-of-range pointer offset vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read sensitive portions of memory. [CVSS 6.5 MEDIUM]
VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys).