Skip to main content

Memory Corruption

15288 CVEs technique

Monthly

CVE-2026-43206 HIGH PATCH This Week

Out-of-bounds kernel memory write in Linux kernel's AMD KFD (Kernel Fusion Driver) allows local authenticated attackers with low privileges to escalate to root privileges. The kfd_event_page_set() function performs unchecked memset operations of fixed size (KFD_SIGNAL_EVENT_LIMIT * 8 bytes) regardless of user-supplied buffer size, enabling unprivileged userspace processes to corrupt kernel memory. Patches are available across multiple stable kernel branches (5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0). EPSS score of 0.02% (7th percentile) indicates low observed exploitation probability despite high CVSS severity, likely due to the local attack vector and requirement for systems with AMD GPU hardware running the amdkfd driver.

Buffer Overflow Linux Memory Corruption Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43205 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: validate num_ifs to prevent out-of-bounds write The driver obtains sw_attr.num_ifs from firmware via dpsw_get_attributes() but never validates it against DPSW_MAX_IF (64). This value controls iteration in dpaa2_switch_fdb_get_flood_cfg(), which writes port indices into the fixed-size cfg->if_id[DPSW_MAX_IF] array. When firmware reports num_ifs >= 64, the loop can write past the array bounds. Add a bound check for num_ifs in dpaa2_switch_init(). dpaa2_switch_fdb_get_flood_cfg() appends the control interface (port num_ifs) after all matched ports. When num_ifs == DPSW_MAX_IF and all ports match the flood filter, the loop fills all 64 slots and the control interface write overflows by one entry. The check uses >= because num_ifs == DPSW_MAX_IF is also functionally broken. build_if_id_bitmap() silently drops any ID >= 64: if (id[i] < DPSW_MAX_IF) bmap[id[i] / 64] |= ...

Memory Corruption Buffer Overflow Linux Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43203 HIGH PATCH This Week

Use-after-free in Linux kernel fore200e ATM driver allows local attackers to achieve high-severity impacts during PCA-200E or SBA-200E adapter removal. When the device is detached, tx_tasklet or rx_tasklet may still be running and access already-freed memory in fore200e_tx_tasklet() or fore200e_rx_tasklet(), potentially leading to code execution, information disclosure, or denial of service. Patches available across stable kernel branches (5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0). EPSS score of 0.02% (7th percentile) indicates low observed exploitation probability. Not listed in CISA KEV. Identified through static analysis, suggesting no active in-the-wild exploitation at time of disclosure.

Information Disclosure Linux Use After Free Memory Corruption Red Hat +1
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-43186 CRITICAL PATCH Act Now

Heap buffer overflow in Linux kernel's IPv6 IOAM (In-situ Operations, Administration, and Maintenance) packet processing allows remote unauthenticated attackers to corrupt kernel memory and trigger system crashes. Attackers send crafted IPv6 packets with inconsistent IOAM trace headers (nodelen=0 with type bits set), causing __ioam6_fill_trace_data() to write ~100 bytes beyond allocated memory into skb_shared_info structures. Despite CVSS 9.8 critical rating, EPSS exploitation probability is low (0.05%, 16th percentile) and no active exploitation or public POC has been identified. Vendor patches available across multiple stable kernel branches (5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0).

Buffer Overflow Linux Memory Corruption Red Hat Suse
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-43166 HIGH PATCH This Week

Out-of-bounds read in Linux kernel EROFS filesystem allows local attackers with user interaction to read kernel memory and cause denial of service via crafted compressed images. The vulnerability stems from incorrect classification of unaligned plain extents, triggering OOB access in z_erofs_transform_plain(). Vendor patches are available across multiple stable kernel branches (6.15, 6.18.16, 6.19.6, 7.0). EPSS score of 0.02% (4th percentile) indicates very low observed exploitation probability, with no active exploitation confirmed at time of analysis.

Linux Memory Corruption Buffer Overflow
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-43158 HIGH PATCH This Week

Memory corruption in Linux kernel XFS filesystem allows authenticated users with write access to trigger kernel assertion failures and system shutdowns via crafted extended attribute operations. The vulnerability stems from incorrect freemap adjustment logic when adding xattrs to leaf blocks, causing the entries array and free space tracking to claim overlapping memory regions. This results in firstused pointer corruption where the name area starts below the end of the entries array. Vendor-released patches are available across multiple stable kernel branches (5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0). Low EPSS score (0.02%, 7th percentile) and no CISA KEV listing indicate no widespread exploitation observed, though the high CVSS 8.8 reflects severe impact on availability and potential for data corruption in XFS filesystems.

Linux Memory Corruption Buffer Overflow
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-43150 HIGH PATCH This Week

Buffer overflow in Linux kernel's ARM CMN performance monitoring driver allows local attackers with low privileges to execute arbitrary code and gain elevated access. The perf/arm-cmn driver fails to validate hardware configuration parameters against assumed maximum sizes, enabling memory corruption through crafted CMN device configurations. While EPSS indicates low exploitation probability (0.02%), patches are available across all maintained kernel branches (6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0) per vendor advisories. The local attack vector and requirement for low-privileged user access limit remote exploitation scenarios.

Buffer Overflow Linux Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43138 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: reset: gpio: suppress bind attributes in sysfs This is a special device that's created dynamically and is supposed to stay in memory forever. We also currently don't have a devlink between it and the actual reset consumer. Suppress sysfs bind attributes so that user-space can't unbind the device because - as of now - it will cause a use-after-free splat from any user that puts the reset control handle.

Information Disclosure Use After Free Memory Corruption Linux Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43125 CRITICAL PATCH Act Now

Remote unauthenticated attackers can cause critical out-of-bounds writes in the Linux kernel's Distributed Lock Manager (DLM) subsystem by sending malformed network messages with unvalidated length parameters to dlm_dump_rsb_name(). When the length exceeds DLM_RESNAME_MAXLEN, dlm_search_rsb_tree() writes beyond allocated buffers, enabling arbitrary code execution, denial of service, or information disclosure. Patches available for kernel versions 6.12.75, 6.18.16, 6.19.6, and 7.0. EPSS exploitation probability is very low (0.02%, 5th percentile), and no public exploit or active exploitation has been identified at time of analysis, despite the critical CVSS 9.8 score.

Buffer Overflow Linux Memory Corruption
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-43111 HIGH PATCH This Week

Race condition in Linux kernel HID roccat driver enables local privilege escalation through use-after-free memory corruption. Local authenticated attackers can exploit concurrent access to device reader lists during roccat_report_event() operations, achieving arbitrary code execution with high integrity impact (CVSS 7.8). Vendor-released patches available across multiple kernel branches (6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0). EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability despite moderate severity, suggesting limited weaponization in current threat landscape.

Information Disclosure Linux Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43084 HIGH PATCH This Week

Local privilege escalation in Linux kernel netfilter nfnetlink_queue allows authenticated users with low privileges to execute arbitrary code with high integrity and availability impact via race condition in shared hash table. The vulnerability stems from a use-after-free condition when multiple queues share a global hash table, enabling parallel CPU operations to access freed nf_queue_entry structures. EPSS score is low (0.02%, 5th percentile) indicating minimal observed exploitation activity. Vendor patches available across multiple stable kernel branches (6.12.83, 6.18.24, 6.19.14) with upstream commits confirmed.

Denial Of Service Linux Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43078 HIGH PATCH This Week

Memory corruption in the Linux kernel's AF_ALG crypto subsystem allows local authenticated users to execute arbitrary code or cause denial of service through a page reassignment overflow in af_alg_pull_tsgl. The vulnerability affects multiple stable kernel branches (4.14 through 7.0) and has been patched across all maintained versions. With CVSS 7.8 and low attack complexity (AC:L), this presents a realistic privilege escalation path for local attackers, though EPSS exploitation probability remains low at 0.02% and no public exploit or KEV listing exists at time of analysis.

Buffer Overflow Linux Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43076 HIGH PATCH This Week

Use-after-free in Linux kernel's OCFS2 filesystem allows local attackers with user interaction to achieve arbitrary code execution, privilege escalation, or denial of service via crafted filesystem images. Affects kernels since initial OCFS2 implementation (2.6.16+) through 6.19.13. Vendor patches available across all supported stable branches (6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0). EPSS score of 0.02% (5th percentile) suggests low probability of mass exploitation, though CVSS 7.8 reflects high impact if triggered. No active exploitation confirmed (not in CISA KEV) and no public POC identified at time of analysis.

Information Disclosure Linux Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43075 HIGH PATCH This Week

Out-of-bounds write in Linux kernel's ocfs2 filesystem driver allows local attackers with low privileges to achieve arbitrary code execution or system crash via a corrupted ocfs2 filesystem image. Exploitation occurs during copy_file_range operations when the malicious id_count field in the inode block exceeds physical inline data capacity, causing a buffer overflow past the inode block buffer. Vendor patches are available across multiple stable kernel versions (6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0). EPSS exploitation probability is low (0.02%, 5th percentile), and no active exploitation or public POC is currently identified.

Buffer Overflow Linux Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23631 MEDIUM PATCH This Month

Redis-server with Lua scripting allows authenticated attackers to trigger a use-after-free vulnerability on replicas where replica-read-only is disabled, potentially leading to remote code execution. The vulnerability exploits the master-replica synchronization mechanism and is present in all versions prior to 8.6.3. Patch vendor-released patch: 8.6.3.

Redis Use After Free Memory Corruption RCE
NVD GitHub VulDB
CVSS 4.0
6.1
EPSS
0.1%
CVE-2026-23479 HIGH POC PATCH This Week

Use-after-free in Redis 7.2.0 through 8.6.2 allows authenticated attackers to achieve remote code execution by exploiting error handling in the unblock client flow. When a blocked client is evicted during command re-execution, the server fails to handle the error return from processCommandAndResetClient, triggering memory corruption. Redis has released version 8.6.3 with a security fix. No public exploit code or CISA KEV listing identified at time of analysis, suggesting limited observed exploitation despite the critical RCE impact.

Redis Use After Free Memory Corruption RCE
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.1%
CVE-2026-24082 HIGH This Week

Use-after-free vulnerability in Qualcomm Snapdragon chipsets enables local privilege escalation to achieve full device compromise. Low-privilege authenticated users can trigger memory corruption during performance counter deselect operations, gaining high-integrity code execution with kernel-level access. Qualcomm has released patches in their May 2026 security bulletin. EPSS data not yet available for this future-dated CVE; no confirmed active exploitation or public exploit code identified at time of analysis.

Buffer Overflow Use After Free Memory Corruption Snapdragon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43862 LOW PATCH Monitor

Mutt before 2.3.2 mishandles the IMAP GSS security level due to improper integer casting and insufficient bounds checking, allowing remote attackers to trigger memory corruption and information disclosure via a crafted IMAP server response during GSS-API authentication. The vulnerability requires high attack complexity (malicious IMAP server) but affects all versions prior to 2.3.2.

Information Disclosure Memory Corruption Mutt
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-20451 MEDIUM This Month

Out-of-bounds write in MediaTek's slbc (secure local buffer component) due to type confusion allows local privilege escalation to full system compromise when an attacker already holds System privilege. The vulnerability requires no user interaction and affects 32 MediaTek chipset models. CISA SSVC framework rates technical impact as total; however, EPSS score of 0.02% suggests limited real-world exploitation despite the high CVSS score of 6.7, likely due to the requirement for pre-existing System privilege.

Privilege Escalation Buffer Overflow Memory Corruption Mediatek Chipset
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-42370 CRITICAL Act Now

Remote code execution in GeoVision GV-VMS V20 (version 20.0.2) allows unauthenticated attackers to corrupt stack memory via a crafted HTTP request to the WebCam Server Login functionality, leading to arbitrary code execution on the video management system. The flaw is a CWE-787 out-of-bounds write (stack buffer overflow) carrying a CVSS 9.8 score, and no public exploit identified at time of analysis, though Talos has published a vulnerability report (TALOS-2026-2369). EPSS is currently low at 0.12%, but the unauthenticated network attack surface on a video surveillance product makes this a high-priority patching target.

RCE Buffer Overflow Memory Corruption Gv Vms V20 0 2
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-7372 CRITICAL Act Now

Remote code execution in GeoVision GV-VMS V20 20.0.2 allows unauthenticated attackers to execute arbitrary code as SYSTEM via stack overflow in WebCam Server Login functionality. A specially crafted HTTP request with oversized username or password fields (exceeding 40 characters) triggers unconstrained sscanf buffer handling. CVSS 9.0 with high attack complexity reflects exploitation constraints (no null bytes allowed in payload), though network vector and lack of authentication requirements present significant risk. No active exploitation confirmed (not in CISA KEV); EPSS data unavailable for final risk assessment.

RCE Buffer Overflow Memory Corruption Gv Vms V20 0 2
NVD
CVSS 3.1
9.0
EPSS
0.1%
CVE-2026-42369 CRITICAL Act Now

Remote unauthenticated code execution in GeoVision GV-VMS V20 WebCam Server allows attackers to execute arbitrary code as SYSTEM via stack buffer overflow. The `gvapi` endpoint bypasses standard authentication and copies base64-decoded HTTP Authorization headers into a 256-byte stack buffer without bounds checking, enabling full stack control. The WebCam Server binary is compiled without ASLR, significantly lowering exploitation complexity. CVSS 10.0 with network vector, no prerequisites, and changed scope reflecting system-level compromise. Publicly disclosed by Cisco Talos and vendor advisory available from GeoVision.

RCE Buffer Overflow Memory Corruption Gv Vms V20 0 2
NVD
CVSS 3.1
10.0
EPSS
0.2%
CVE-2026-22166 HIGH This Week

Use-after-free in Imagination Graphics DDK GPU GLES user-space library allows authenticated remote attackers to crash the GPU render process via crafted WebGPU content. CVSS 8.1 (High) with network vector and low complexity. On platforms where the GPU process runs with elevated system privileges, successful exploitation could enable system-level compromise beyond the initial crash. EPSS and KEV data not provided; SSVC framework indicates no confirmed exploitation, non-automatable attack, but total technical impact. Vendor patches available across affected DDK versions 1.18, 23.2, 24.1-24.2, and 25.1-25.3.

Denial Of Service Use After Free Memory Corruption Ddk
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-22165 HIGH This Week

Remote authenticated attackers can execute code or cause persistent denial-of-service in Imagination Technologies Graphics DDK by triggering a use-after-free in the GPU GLES render process via specially crafted WebGPU content. On platforms where the GPU driver runs with elevated system privileges, successful exploitation enables device-level compromise beyond the browser sandbox. EPSS data not available, no CISA KEV listing identified, no public POC confirmed. SSVC framework indicates no active exploitation and non-automatable attack requiring authenticated interaction.

Denial Of Service Use After Free Memory Corruption Ddk
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-42484 CRITICAL Act Now

Heap-based buffer overflow in hashcat 7.1.2 enables remote code execution or denial of service through maliciously crafted PKZIP hash files. Attackers can exploit inadequate input validation in the hex_to_binary function affecting PKZIP hash parser modules (17200, 17210, 17220, 17225, 17230) to overflow fixed-size buffers with arbitrary hex data. CVSS 9.8 reflects network-accessible attack vector requiring no authentication or user interaction, though real-world exploitation requires victim to process attacker-supplied hash files. EPSS data not available; no CISA KEV listing indicates no confirmed widespread exploitation. Public proof-of-concept exists (GitHub Gist), elevating exploitation risk for environments processing untrusted hash files.

RCE Denial Of Service Buffer Overflow Memory Corruption Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-42483 CRITICAL Act Now

Heap-based buffer overflow in hashcat 7.1.2's Kerberos hash parser enables remote code execution without authentication. Attacker supplies a maliciously crafted Kerberos hash file with manipulated delimiter positions to overflow the fixed-size account_info buffer during memcpy operations in module_hash_decode. The vulnerability affects multiple Kerberos-related hashcat modules due to missing upper-bound validation on account_info_len before memory copy. CVSS 9.8 with network attack vector, but real-world exploitation requires user processing the malicious file. EPSS data not available; no active exploitation confirmed in CISA KEV at time of analysis.

RCE Denial Of Service Buffer Overflow Memory Corruption Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-42482 CRITICAL Act Now

Stack-based buffer overflow in hashcat 7.1.2's rule processing functions enables remote code execution when processing password candidates of 128+ characters. The vulnerability stems from inadequate bounds checking in mangle_to_hex_lower() and mangle_to_hex_upper() functions that fail to account for 2x memory expansion during byte-to-hex conversion. CVSS 9.8 (critical) with network attack vector and no authentication required. Public proof-of-concept code available via GitHub gist. No CISA KEV listing suggests targeted rather than widespread exploitation despite theoretical network exploitability.

RCE Denial Of Service Buffer Overflow Memory Corruption Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-31718 CRITICAL PATCH NEWS Act Now

Use-after-free in Linux kernel ksmbd (SMB server) during durable file handle scavenging allows memory corruption and potential remote code execution. When a durable SMB2 file handle survives session disconnect, the cleanup path dereferences a freed connection object via NULL fp->conn pointer during lock cleanup, causing a slab use-after-free. Exploitation probability is extremely low (EPSS 0.02%, 5th percentile) with no active exploitation confirmed. Vendor patches available across multiple stable kernel branches (6.12.84, 6.18.25, 7.0.2, 7.1-rc1) address the asymmetric cleanup by properly managing byte-range lock lifetimes during durable handle reconnection.

Use After Free Memory Corruption Information Disclosure Linux
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-31716 HIGH PATCH This Week

Integer underflow in Linux kernel NTFS3 driver during journal replay allows local attackers to trigger massive out-of-bounds memory copies into a 4KB buffer when processing corrupted filesystems. The check_file_record() function fails to validate rec->used field before using it in memmove() length calculations across DeleteAttribute, CreateAttribute, and change_attr_size handlers, enabling slab-out-of-bounds writes. No public exploit identified at time of analysis. EPSS score of 0.02% (5th percentile) indicates low exploitation probability. Vendor-released patches available across kernel versions 6.6.136, 6.12.84, 6.18.25, 7.0.2, and 7.1-rc1.

Memory Corruption Buffer Overflow Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31715 HIGH PATCH This Week

Use-after-free in Linux kernel F2FS filesystem allows local authenticated attackers to trigger kernel panic or potentially achieve code execution. The vulnerability (CWE-416) occurs during concurrent write callback and unmount operations when f2fs_write_end_io() decrements page count before checking node inode validity, leading to NULL pointer dereference. Discovered via xfstests generic/107 and syzbot fuzzing. EPSS exploitation probability is low (0.02%, 4th percentile), no active exploitation confirmed. Vendor patches available across stable kernel branches 6.18.25, 7.0.2, and 7.1-rc1.

Information Disclosure Use After Free Memory Corruption Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31712 HIGH PATCH This Week

Out-of-bounds read in Linux kernel ksmbd allows authenticated SMB clients to trigger memory corruption by crafting malicious DACL ACEs with undersized headers. Attackers with permission to set ACLs on files can cause kernel KASAN reports and state corruption when subsequent CREATE operations walk the stored DACL via smb_check_perm_dacl(). Vendor patches available for kernel versions 6.12.84, 6.18.25, 7.0.2, and 7.1-rc1. EPSS score of 0.02% (5th percentile) indicates low likelihood of mass exploitation despite network attack vector, consistent with the requirement for authenticated access and specific file permission prerequisites.

Linux Memory Corruption Buffer Overflow
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-31707 HIGH PATCH This Week

Integer overflow in Linux kernel's ksmbd (SMB server) allows local authenticated attackers to bypass size validation and trigger memory corruption via crafted daemon responses. The vulnerability affects three IPC message handlers that fail to detect arithmetic overflow when computing expected message sizes from attacker-controlled fields (payload_sz, ngroups), enabling out-of-bounds memcpy operations. Vendor patches available for affected 5.15+ kernels. EPSS score 0.02% (5th percentile) indicates low observed exploitation probability. No CISA KEV listing or public exploit identified at time of analysis.

Red Hat Suse Memory Corruption Buffer Overflow Linux
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-31705 CRITICAL PATCH NEWS Act Now

Out-of-bounds write in Linux kernel's ksmbd SMB server allows memory corruption when processing extended attributes (EA) in QUERY_INFO responses. The smb2_get_ea() function performs 4-byte alignment padding without checking remaining buffer space, causing 1-3 bytes to write past allocation boundaries when EA values exactly fill the response buffer. This occurs in compound SMB2 requests where shared response buffers are tightly constrained. EPSS score of 0.02% suggests minimal observed exploitation activity, though the CVSS 9.8 critical rating reflects the theoretical network-accessible, unauthenticated attack surface. Vendor patches available across multiple stable kernel branches (6.6.136, 6.12.84, 7.0.2, 7.1-rc1). Not listed in CISA KEV. This represents the third instance of the same vulnerability pattern in ksmbd QUERY_INFO handlers, following fixes in commits beef2634f81f and fda9522ed6af.

Memory Corruption Buffer Overflow Linux
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-31703 HIGH PATCH This Week

Use-after-free condition in Linux kernel writeback subsystem allows local authenticated attackers to potentially execute arbitrary code, escalate privileges, or trigger kernel crashes. The vulnerability affects Linux kernel versions 6.18.x through 7.1-rc1 and arises from improper synchronization between work queue processing and memory deallocation in inode_switch_wbs_work_fn(). Vendor patches are available across stable kernel branches (6.18.25, 7.0.2, 7.1-rc1) with low EPSS score (0.02%) indicating minimal observed exploitation activity, though the CVSS 7.8 score reflects significant impact if successfully exploited by authenticated local users.

Denial Of Service Linux Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31702 HIGH PATCH This Week

Use-after-free in Linux kernel f2fs compressed writeback allows local authenticated users to trigger memory corruption, potentially executing arbitrary code or causing system crashes. Affects f2fs-compressed filesystems in Linux kernel 5.6 through 7.1-rc2, with patches available in 6.6.136, 6.12.84, 7.0.2, and 7.1-rc1. EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability despite CVSS 7.8 rating. This mirrors CVE-2026-23234's race condition pattern but in the compression code path that was missed by the earlier fix. No active exploitation confirmed (not in CISA KEV) and no public POC identified at time of analysis.

Information Disclosure Use After Free Memory Corruption Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31699 HIGH PATCH This Week

Buffer overflow in Linux kernel's AMD CCP (Cryptographic Coprocessor) driver leaks kernel memory to userspace when retrieving PEK CSR (Platform Endorsement Key Certificate Signing Request). Affecting Linux kernel 4.16+ through 7.0.x, the vulnerability allows local authenticated users to read arbitrary kernel memory due to improper error handling when firmware returns invalid buffer length requirements. Patches available across stable branches (6.6.136, 6.12.84, 6.18.25, 7.0.2, 7.1-rc1). EPSS score of 0.02% indicates minimal observed exploitation probability, though the CVSS 7.1 reflects significant confidentiality impact. No CISA KEV listing or public exploit identified at time of analysis.

Memory Corruption Buffer Overflow Google Linux
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-31698 HIGH PATCH This Week

Information disclosure in Linux kernel's AMD Cryptographic Coprocessor (CCP) driver allows local authenticated attackers to leak kernel memory to userspace via out-of-bounds read. When retrieving PDH certificates through SEV ioctl, the driver incorrectly copies data to userspace even after firmware command failures, potentially reading 2084+ bytes beyond allocated buffer boundaries. EPSS score of 0.02% (5th percentile) indicates minimal observed exploitation probability. Vendor patches available across multiple stable kernel branches (6.6.136, 6.12.84, 6.18.25, 7.0.2, 7.1-rc1) per upstream commits.

Memory Corruption Buffer Overflow Google Linux
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-31697 HIGH PATCH This Week

Buffer overflow in Linux kernel CCP SEV driver allows local authenticated users to leak kernel memory to userspace. When the PSP firmware command to retrieve SEV CPU ID fails due to insufficient buffer size, the driver attempts to copy data beyond the allocated kernel buffer boundary, exposing up to 64 bytes of kernel memory. Exploitation requires local access with low privileges (CVSS PR:L) to invoke the SEV ioctl interface. EPSS score is very low (0.02%, 5th percentile) indicating minimal real-world exploitation observed. No public exploit identified at time of analysis, though the KASAN stack trace in the CVE description provides a clear exploitation path. Patches available across multiple stable kernel branches (6.6.136, 6.12.84, 6.18.25, 7.0.2, 7.1-rc1).

Memory Corruption Buffer Overflow Google Linux
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-31696 HIGH PATCH This Week

Buffer overflow in Linux kernel rxrpc subsystem allows local authenticated users to trigger memory corruption via malformed key payloads. The non-XDR parsing path in rxrpc_preparse() fails to validate ticket length against AFSTOKEN_RK_TIX_MAX, enabling unprivileged users to supply oversized tickets that cause WARN_ON() triggers and potential memory corruption when keys are read. Vendor patches available for kernel versions 6.6.136, 6.12.84, 6.18.25, 7.0.2, and 7.1-rc1. EPSS score of 0.02% indicates low observed exploitation probability, with no public exploit identified at time of analysis.

Memory Corruption Buffer Overflow Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31695 HIGH PATCH This Week

Use-after-free in Linux kernel virt_wifi driver allows local authenticated users to trigger memory corruption during ethtool operations on virtual WiFi devices being unregistered. The vulnerability stems from improper device parent reference handling via SET_NETDEV_DEV, where ethnl_ops_begin() calls pm_runtime_get_sync() on already-freed memory when a virt_wifi device unregisters concurrently with ethtool operations. Patches are available across multiple stable kernel branches (5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). EPSS exploitation probability is low (0.02%, 7th percentile), and no public exploit identified at time of analysis, though CVSS 7.8 reflects potential for complete system compromise if successfully triggered.

Red Hat Suse Memory Corruption Use After Free Information Disclosure +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43056 HIGH PATCH This Week

Use-after-free in Linux kernel's MANA network driver allows local authenticated attackers to corrupt memory and potentially execute code with kernel privileges. The flaw occurs when auxiliary_device_add() fails in add_adev(), triggering cleanup that frees memory still referenced by subsequent error-handling code. Patches available across stable kernel branches (6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). EPSS score of 0.02% (5th percentile) indicates low probability of widespread exploitation. No CISA KEV listing or public exploit identified at time of analysis.

Information Disclosure Linux Use After Free Memory Corruption Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43050 HIGH PATCH This Week

Race condition in Linux kernel ATM LEC driver allows local attackers with low privileges to trigger use-after-free memory corruption in sock_def_readable(), potentially achieving arbitrary code execution, privilege escalation, or denial of service. The flaw affects systems using ATM (Asynchronous Transfer Mode) LAN Emulation Client functionality, present since Linux kernel version 2.4 (commit 1da177e4c3f4). EPSS score of 0.02% (7th percentile) suggests low probability of mass exploitation. Vendor patches available across all maintained stable branches (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). Not listed in CISA KEV; no public exploit code identified at time of analysis.

Authentication Bypass Use After Free Memory Corruption Linux Red Hat +1
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-43049 HIGH PATCH This Week

Use-after-free in Linux kernel HID subsystem allows local attackers with low privileges to achieve arbitrary code execution, privilege escalation, or denial of service when force feedback initialization fails on Logitech G920 racing wheels. The vulnerability occurs when userspace continues accessing freed memory structures (sysfs and /dev/input) after initialization errors. Vendor patches available across multiple stable kernel branches (6.12.81, 6.18.22, 6.19.12, 7.0). EPSS score of 0.02% (5th percentile) indicates very low probability of mass exploitation, consistent with hardware-specific local attack surface requiring physical device presence.

Information Disclosure Use After Free Memory Corruption Linux Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43047 HIGH PATCH This Week

Out-of-bounds memory writes in Linux kernel HID multitouch driver allow local authenticated users to achieve code execution or crash systems via malicious USB/HID devices. The vulnerability exists in the HID multitouch report parsing logic where mismatched report IDs in feature requests can confuse the HID core. Vendor-released patches are available across multiple kernel versions (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). EPSS score is low (0.02%, 7th percentile), indicating minimal observed exploitation attempts. No public exploit code identified at time of analysis.

Linux Memory Corruption Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43038 CRITICAL PATCH Act Now

Memory corruption in Linux kernel IPv6 ICMP error handling allows remote unauthenticated attackers to potentially achieve code execution or information disclosure. The vulnerability arises from incomplete control block (CB) sanitization when converting IPv4 ICMP errors to ICMPv6, enabling forged CIPSO options in outer IPv4 packets to manipulate inner IPv6 packet parsing. This can trigger out-of-bounds memory access extending into skb_shared_info structures. Despite CVSS 9.8 critical rating, EPSS exploitation probability is extremely low (0.02%, 7th percentile), no public exploit code exists, and CISA has not listed this as actively exploited. Patches are available across all supported kernel branches (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0).

Information Disclosure Linux Memory Corruption
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-43037 CRITICAL PATCH Act Now

A stack-based buffer overflow in the Linux kernel's IPv6-to-IPv4 tunneling (ip6_tunnel) code allows remote unauthenticated attackers to achieve arbitrary code execution. The vulnerability occurs when ip4ip6_err() passes a cloned skb with IPv6-formatted control buffer data to icmp_send(), which misinterprets it as IPv4 control buffer data. This type confusion causes __ip_options_echo() to read attacker-controlled packet data as a length value and copy up to that many bytes into a fixed 40-byte stack buffer, enabling remote exploitation with no prerequisites. EPSS score of 0.02% suggests limited exploitation probability despite critical CVSS 9.8 rating. Vendor-released patches are available across all maintained kernel branches (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, and mainline 7.0).

Linux Memory Corruption Buffer Overflow
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-43027 HIGH PATCH This Week

Use-after-free in Linux kernel netfilter subsystem allows local authenticated attackers to corrupt memory and potentially execute arbitrary code with kernel privileges. The vulnerability occurs when unregistering connection tracking helpers - expectations referencing the helper survive cleanup and later dereference the freed helper object during expectation dumps or new connection establishment. Vendor-released patches are available across multiple stable kernel branches (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). EPSS score of 0.02% indicates low observed exploitation probability; no active exploitation confirmed (not in CISA KEV), and no public exploit code identified at time of analysis.

Information Disclosure Use After Free Memory Corruption Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43020 HIGH PATCH This Week

Stack buffer overflow in Linux kernel Bluetooth MGMT subsystem allows local authenticated attackers to execute arbitrary code with elevated privileges. The vulnerability stems from insufficient validation of the encryption key size (enc_size) parameter when loading Long Term Keys (LTKs) via the Bluetooth management interface. When processing LE LTK requests, the kernel uses the attacker-controlled enc_size value to perform stack operations against a fixed 16-byte buffer, enabling stack corruption through oversized values. Vendor-released patches are available across all active kernel branches. EPSS exploitation probability is low (0.02%, 7th percentile), and no public exploit has been identified at time of analysis, though the attack complexity is low once local authenticated access is obtained.

Memory Corruption Buffer Overflow Linux Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43019 HIGH PATCH This Week

Use-after-free in Linux kernel Bluetooth subsystem allows local authenticated attackers to achieve arbitrary code execution with high privileges. The vulnerability exists in set_cig_params_sync where hci_conn objects can be freed or modified concurrently during lookup and field access due to inadequate locking. Vendor patches are available across multiple stable kernel branches (6.6, 6.12.81, 6.18.22, 6.19.12, 7.0). EPSS score of 0.02% indicates low observed exploitation probability, no CISA KEV listing, and no public exploit identified at time of analysis.

Information Disclosure Linux Memory Corruption Use After Free
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43018 HIGH PATCH This Week

Use-after-free in Linux Kernel Bluetooth stack allows adjacent network attackers to execute arbitrary code, escalate privileges, or cause denial of service without authentication. The vulnerability exists in hci_le_remote_conn_param_req_evt where hci_conn lookup and field access occurs outside the hdev lock protection, enabling concurrent memory corruption. Patches are available across multiple stable kernel branches (6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, and mainline 7.0). EPSS score of 0.02% indicates low observed exploitation probability, and no public exploit code or CISA KEV listing exists at time of analysis.

Information Disclosure Linux Memory Corruption Use After Free Red Hat +1
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-43016 HIGH PATCH This Week

Use-after-free in Linux kernel's BPF sockmap implementation allows local authenticated attackers to corrupt memory and potentially execute arbitrary code with kernel privileges. The vulnerability occurs in sk_psock_verdict_data_ready() when handling AF_UNIX sockets, where sk->sk_socket can be accessed after being freed following sock_orphan(). This affects Linux kernel versions 5.15 through 6.19.12, with patches available for stable branches 6.6.134, 6.12.81, 6.18.22, 6.19.12, and mainline 7.0. EPSS score of 0.02% indicates very low observed exploitation probability in the wild, and no active exploitation or public exploit code has been identified at time of analysis.

Google Information Disclosure Linux Use After Free Memory Corruption +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43015 HIGH PATCH This Week

Use-after-free in Linux kernel macb driver allows local authenticated attackers to cause denial of service or potentially escalate privileges during module removal. The vulnerability occurs in the PCI glue driver when platform_device_unregister() triggers a runtime resume callback that attempts to access already-freed clock structures. EPSS score is low (0.02%) with no evidence of active exploitation. Vendor patches are available across multiple stable kernel branches (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, and mainline 7.0).

Denial Of Service Use After Free Memory Corruption Linux Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31780 HIGH PATCH This Week

A heap buffer overflow in the Linux kernel's wilc1000 WiFi driver allows local authenticated users to trigger memory corruption via crafted SSID scan requests. The driver miscalculates buffer size due to u8 integer overflow (330 bytes wrapping to 74), causing kmalloc to allocate 75 bytes while memcpy writes up to 331 bytes - a 256-byte overflow. Patches are available across multiple stable kernel branches (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). EPSS score of 0.03% (9th percentile) suggests low likelihood of widespread exploitation, and CISA KEV does not list this CVE, indicating no confirmed active exploitation at time of analysis.

Red Hat Suse Buffer Overflow Linux Memory Corruption
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31772 HIGH PATCH This Week

Stack buffer overflow in Linux kernel Bluetooth subsystem allows local authenticated attackers to achieve code execution, privilege escalation, or denial of service through malformed ISO socket parameters. The vulnerability occurs when binding an ISO Bluetooth socket with up to 31 BIS entries while the hci_le_big_create_sync() function only allocates stack space for 17 entries, resulting in a 14-byte overflow that corrupts adjacent stack memory. Patches are available across multiple kernel versions (6.12.81, 6.18.22, 6.19.12, 7.0), with EPSS indicating 0.02% exploitation probability and no active exploitation confirmed.

Red Hat Suse Buffer Overflow Linux Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31769 HIGH PATCH This Week

Use-after-free in Linux kernel GPIB subsystem allows local authenticated attackers with low privileges to execute arbitrary code, escalate privileges, or crash the system. The vulnerability occurs in IBRD, IBWRT, IBCMD, and IBWAIT ioctl handlers when concurrent IBCLOSEDEV calls free descriptors still in use by I/O operations. EPSS probability is very low (0.02%, 4th percentile), indicating minimal observed exploitation activity. Vendor patches available for stable branches 6.18.22, 6.19.12, and mainline 7.0 via commits cae26eff, 28c75dd1, and d1857f82.

Red Hat Suse Authentication Bypass Linux Use After Free +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31758 HIGH PATCH This Week

Use-after-free condition in Linux kernel USB Test and Measurement Class (USBTMC) driver allows local authenticated attackers to execute arbitrary code with elevated privileges. The vulnerability occurs when the usbtmc_release function fails to properly flush pending anchored URBs, leaving dangling references that can be exploited in the HCD giveback path. Vendor patches are available across multiple stable kernel versions (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, and 7.0). Despite the high CVSS score of 7.8, the EPSS exploitation probability is very low at 0.02% (7th percentile), indicating limited real-world targeting, and no active exploitation or public POC has been identified.

Red Hat Suse Information Disclosure Linux Use After Free +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31748 HIGH PATCH This Week

Buffer overflow in Linux kernel COMEDI me_daq driver allows local authenticated users to achieve arbitrary code execution with kernel privileges. The me2600_xilinx_download() function fails to validate firmware file length before reading data streams, enabling out-of-bounds memory access during firmware loading operations. Patches available across multiple stable kernel versions (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). EPSS score of 0.02% (7th percentile) indicates low probability of widespread exploitation despite high CVSS 7.8 rating, and no active exploitation or public exploit code identified at time of analysis.

Red Hat Suse Memory Corruption Buffer Overflow Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31747 HIGH PATCH This Week

Out-of-bounds write in Linux kernel comedi me4000 driver firmware loader allows local authenticated users to achieve high-impact code execution, data corruption, or system crash. The me4000_xilinx_download() function blindly trusts firmware file format headers without validating buffer boundaries, reading a length field from the first 4 bytes and then reading that many bytes from offset 16 without checking total file size. Patch available across multiple stable kernel branches (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). EPSS score of 0.02% (7th percentile) indicates very low observed exploitation probability despite CVSS 7.8 rating. No public exploit code or active exploitation confirmed.

Red Hat Suse Memory Corruption Buffer Overflow Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31743 HIGH PATCH This Week

Memory corruption in the Linux kernel zynqmp_nvmem driver allows local authenticated users to achieve privilege escalation through undersized DMA buffer exploitation. The vulnerability stems from incorrect buffer size calculations in dma_alloc_coherent and memcpy operations, enabling heap or memory corruption that can lead to complete system compromise. With a 7.8 CVSS score but only 0.02% EPSS (5th percentile), this represents a high-severity issue affecting specific Xilinx Zynq UltraScale+ deployments rather than a widespread exploitation target. Patches available across multiple stable kernel branches (6.12.81, 6.18.22, 6.19.12, 7.0) with upstream fixes confirmed in git commits.

Red Hat Suse Buffer Overflow Linux Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31731 HIGH PATCH This Week

Use-after-free in Linux kernel thermal subsystem allows local attackers with low privileges to execute arbitrary code, escalate privileges, or crash the system. The vulnerability stems from race conditions between thermal zone removal and power management resume operations, where delayed work items can continue executing after thermal zone objects are freed. EPSS score of 0.02% (5th percentile) suggests low probability of mass exploitation despite high CVSS severity. Vendor patches available across multiple stable kernel branches (6.12.83, 6.18.22, 6.19.12, 7.0) via upstream commits. No active exploitation confirmed in CISA KEV at time of analysis.

Red Hat Suse Information Disclosure Use After Free Memory Corruption +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31720 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_uac1_legacy: validate control request size f_audio_complete() copies req->length bytes into a 4-byte stack variable: u32 data = 0; memcpy(&data, req->buf, req->length); req->length is derived from the host-controlled USB request path, which can lead to a stack out-of-bounds write. Validate req->actual against the expected payload size for the supported control selectors and decode only the expected amount of data. This avoids copying a host-influenced length into a fixed-size stack object.

Red Hat Suse Memory Corruption Buffer Overflow Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-37457 HIGH PATCH This Week

Remote denial of service in FRRouting stable/10.0 allows unauthenticated attackers to crash the BGP daemon via malformed FlowSpec NLRI messages. The off-by-one vulnerability in bgp_flowspec_op_decode() enables out-of-bounds writes when parsing crafted BGP FlowSpec components, causing process termination. EPSS exploitation probability data not available, but SSVC marks this as automatable with partial technical impact. No public exploit code identified at time of analysis, and not listed in CISA KEV, suggesting theoretical rather than actively exploited risk.

Denial Of Service Buffer Overflow Memory Corruption N A
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-31786 HIGH PATCH This Week

Buffer overflow in Linux kernel Xen hypervisor interface allows local authenticated users to achieve arbitrary code execution with high privilege escalation impact. The vulnerability stems from improper handling of non-NUL-terminated build ID data from HYPERVISOR_xen_version(XENVER_build_id) in drivers/xen/sys-hypervisor.c, where sprintf reads past buffer boundaries seeking a NUL terminator. Affects Linux kernel versions from 5.10 through 7.0 series when running as Xen domain. Vendor-released patches available across all affected stable branches (5.10.254, 5.15.204, 6.1.170, 6.6.137, 6.12.85, 6.18.26, 7.0.3). EPSS score of 0.08% (23rd percentile) indicates low probability of mass exploitation despite high CVSS 7.8, reflecting specialized Xen-only attack surface. No public exploit identified at time of analysis.

Red Hat Suse Buffer Overflow Linux Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-5655 MEDIUM PATCH This Month

Denial of service in Wireshark 4.6.0 through 4.6.4 via crafted SDP protocol packets allows local attackers with user interaction to crash the application through a use-after-free memory corruption vulnerability in the SDP protocol dissector. EPSS and KEV status not available at analysis time; no public exploit code identified.

Denial Of Service Memory Corruption Use After Free Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-6524 MEDIUM PATCH This Month

Denial of service via MySQL protocol dissector crash in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 allows local users with no privileges to crash the application through a crafted malicious pcap file or network capture, requiring only user interaction to open the file. The vulnerability stems from improper memory access in the MySQL dissector parser (CWE-824: Access of Uninitialized Pointer), resulting in application termination and loss of packet analysis capability. No public exploit code or active exploitation has been identified at time of analysis.

Memory Corruption Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-6870 MEDIUM PATCH This Month

Denial of service via crash in the GSM RP protocol dissector affects Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14. A local attacker with user privileges can trigger a dissector crash by crafting a malicious GSM RP packet and inducing a user to open it, causing application termination and loss of packet capture session. CVSS 5.5 reflects local attack vector and user interaction requirement; no remote exploitation path identified.

Memory Corruption Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-7426 MEDIUM PATCH This Month

Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by sending a crafted Router Advertisement with a prefix length value exceeding the maximum valid length, resulting in a heap buffer overflow. Users processing IPv4 RA only are not impacted. To mitigate this issue, users should upgrade to the fixed version when available.

Buffer Overflow Memory Corruption Freertos Plus Tcp
NVD GitHub VulDB
CVSS 4.0
6.1
EPSS
0.0%
CVE-2026-41220 HIGH PATCH This Week

Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) before build 42183.

Buffer Overflow Memory Corruption Microsoft Privilege Escalation
NVD VulDB
CVSS 3.0
7.8
EPSS
0.0%
CVE-2026-7355 HIGH PATCH This Week

Use after free in Media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-7341 HIGH PATCH This Week

Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-7342 HIGH PATCH This Week

Use after free in WebView in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-7338 HIGH PATCH This Week

Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High)

Memory Corruption Use After Free Google Denial Of Service Red Hat +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-7347 HIGH PATCH This Week

Use after free in Chromoting in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: High)

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-7337 HIGH PATCH This Week

Type Confusion in V8 in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Google RCE Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-7336 HIGH PATCH This Week

Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-7335 HIGH PATCH This Week

Use after free in media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-7348 HIGH PATCH This Week

Use after free in Codecs in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-7349 HIGH PATCH This Week

Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: High)

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-7350 HIGH PATCH This Week

Use after free in WebMIDI in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Use After Free Google Denial Of Service Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-7352 HIGH PATCH This Week

Use after free in Media in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Use After Free Google Denial Of Service Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-7356 HIGH PATCH This Week

Use after free in Navigation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-7357 HIGH PATCH This Week

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Use After Free Google Denial Of Service Red Hat +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-7334 HIGH PATCH This Week

Use after free in Views in Google Chrome on Mac prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Use After Free Google Denial Of Service Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-7358 HIGH PATCH This Week

Use after free in Animation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-7359 HIGH PATCH This Week

Use after free in ANGLE in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Use After Free Google Denial Of Service Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-7333 CRITICAL PATCH Act Now

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Use After Free Google Denial Of Service Red Hat +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-7343 HIGH PATCH This Week

Use after free in Views in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Use After Free Microsoft Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-7344 HIGH PATCH This Week

Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Use After Free Microsoft Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-7361 HIGH PATCH This Week

Use after free in iOS in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Use After Free Memory Corruption Apple Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-7363 HIGH PATCH This Week

Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out-of-bounds kernel memory write in Linux kernel's AMD KFD (Kernel Fusion Driver) allows local authenticated attackers with low privileges to escalate to root privileges. The kfd_event_page_set() function performs unchecked memset operations of fixed size (KFD_SIGNAL_EVENT_LIMIT * 8 bytes) regardless of user-supplied buffer size, enabling unprivileged userspace processes to corrupt kernel memory. Patches are available across multiple stable kernel branches (5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0). EPSS score of 0.02% (7th percentile) indicates low observed exploitation probability despite high CVSS severity, likely due to the local attack vector and requirement for systems with AMD GPU hardware running the amdkfd driver.

Buffer Overflow Linux Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: validate num_ifs to prevent out-of-bounds write The driver obtains sw_attr.num_ifs from firmware via dpsw_get_attributes() but never validates it against DPSW_MAX_IF (64). This value controls iteration in dpaa2_switch_fdb_get_flood_cfg(), which writes port indices into the fixed-size cfg->if_id[DPSW_MAX_IF] array. When firmware reports num_ifs >= 64, the loop can write past the array bounds. Add a bound check for num_ifs in dpaa2_switch_init(). dpaa2_switch_fdb_get_flood_cfg() appends the control interface (port num_ifs) after all matched ports. When num_ifs == DPSW_MAX_IF and all ports match the flood filter, the loop fills all 64 slots and the control interface write overflows by one entry. The check uses >= because num_ifs == DPSW_MAX_IF is also functionally broken. build_if_id_bitmap() silently drops any ID >= 64: if (id[i] < DPSW_MAX_IF) bmap[id[i] / 64] |= ...

Memory Corruption Buffer Overflow Linux +2
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use-after-free in Linux kernel fore200e ATM driver allows local attackers to achieve high-severity impacts during PCA-200E or SBA-200E adapter removal. When the device is detached, tx_tasklet or rx_tasklet may still be running and access already-freed memory in fore200e_tx_tasklet() or fore200e_rx_tasklet(), potentially leading to code execution, information disclosure, or denial of service. Patches available across stable kernel branches (5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0). EPSS score of 0.02% (7th percentile) indicates low observed exploitation probability. Not listed in CISA KEV. Identified through static analysis, suggesting no active in-the-wild exploitation at time of disclosure.

Information Disclosure Linux Use After Free +3
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Heap buffer overflow in Linux kernel's IPv6 IOAM (In-situ Operations, Administration, and Maintenance) packet processing allows remote unauthenticated attackers to corrupt kernel memory and trigger system crashes. Attackers send crafted IPv6 packets with inconsistent IOAM trace headers (nodelen=0 with type bits set), causing __ioam6_fill_trace_data() to write ~100 bytes beyond allocated memory into skb_shared_info structures. Despite CVSS 9.8 critical rating, EPSS exploitation probability is low (0.05%, 16th percentile) and no active exploitation or public POC has been identified. Vendor patches available across multiple stable kernel branches (5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0).

Buffer Overflow Linux Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Out-of-bounds read in Linux kernel EROFS filesystem allows local attackers with user interaction to read kernel memory and cause denial of service via crafted compressed images. The vulnerability stems from incorrect classification of unaligned plain extents, triggering OOB access in z_erofs_transform_plain(). Vendor patches are available across multiple stable kernel branches (6.15, 6.18.16, 6.19.6, 7.0). EPSS score of 0.02% (4th percentile) indicates very low observed exploitation probability, with no active exploitation confirmed at time of analysis.

Linux Memory Corruption Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Memory corruption in Linux kernel XFS filesystem allows authenticated users with write access to trigger kernel assertion failures and system shutdowns via crafted extended attribute operations. The vulnerability stems from incorrect freemap adjustment logic when adding xattrs to leaf blocks, causing the entries array and free space tracking to claim overlapping memory regions. This results in firstused pointer corruption where the name area starts below the end of the entries array. Vendor-released patches are available across multiple stable kernel branches (5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0). Low EPSS score (0.02%, 7th percentile) and no CISA KEV listing indicate no widespread exploitation observed, though the high CVSS 8.8 reflects severe impact on availability and potential for data corruption in XFS filesystems.

Linux Memory Corruption Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer overflow in Linux kernel's ARM CMN performance monitoring driver allows local attackers with low privileges to execute arbitrary code and gain elevated access. The perf/arm-cmn driver fails to validate hardware configuration parameters against assumed maximum sizes, enabling memory corruption through crafted CMN device configurations. While EPSS indicates low exploitation probability (0.02%), patches are available across all maintained kernel branches (6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0) per vendor advisories. The local attack vector and requirement for low-privileged user access limit remote exploitation scenarios.

Buffer Overflow Linux Memory Corruption
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: reset: gpio: suppress bind attributes in sysfs This is a special device that's created dynamically and is supposed to stay in memory forever. We also currently don't have a devlink between it and the actual reset consumer. Suppress sysfs bind attributes so that user-space can't unbind the device because - as of now - it will cause a use-after-free splat from any user that puts the reset control handle.

Information Disclosure Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote unauthenticated attackers can cause critical out-of-bounds writes in the Linux kernel's Distributed Lock Manager (DLM) subsystem by sending malformed network messages with unvalidated length parameters to dlm_dump_rsb_name(). When the length exceeds DLM_RESNAME_MAXLEN, dlm_search_rsb_tree() writes beyond allocated buffers, enabling arbitrary code execution, denial of service, or information disclosure. Patches available for kernel versions 6.12.75, 6.18.16, 6.19.6, and 7.0. EPSS exploitation probability is very low (0.02%, 5th percentile), and no public exploit or active exploitation has been identified at time of analysis, despite the critical CVSS 9.8 score.

Buffer Overflow Linux Memory Corruption
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Race condition in Linux kernel HID roccat driver enables local privilege escalation through use-after-free memory corruption. Local authenticated attackers can exploit concurrent access to device reader lists during roccat_report_event() operations, achieving arbitrary code execution with high integrity impact (CVSS 7.8). Vendor-released patches available across multiple kernel branches (6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0). EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability despite moderate severity, suggesting limited weaponization in current threat landscape.

Information Disclosure Linux Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Linux kernel netfilter nfnetlink_queue allows authenticated users with low privileges to execute arbitrary code with high integrity and availability impact via race condition in shared hash table. The vulnerability stems from a use-after-free condition when multiple queues share a global hash table, enabling parallel CPU operations to access freed nf_queue_entry structures. EPSS score is low (0.02%, 5th percentile) indicating minimal observed exploitation activity. Vendor patches available across multiple stable kernel branches (6.12.83, 6.18.24, 6.19.14) with upstream commits confirmed.

Denial Of Service Linux Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption in the Linux kernel's AF_ALG crypto subsystem allows local authenticated users to execute arbitrary code or cause denial of service through a page reassignment overflow in af_alg_pull_tsgl. The vulnerability affects multiple stable kernel branches (4.14 through 7.0) and has been patched across all maintained versions. With CVSS 7.8 and low attack complexity (AC:L), this presents a realistic privilege escalation path for local attackers, though EPSS exploitation probability remains low at 0.02% and no public exploit or KEV listing exists at time of analysis.

Buffer Overflow Linux Memory Corruption
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel's OCFS2 filesystem allows local attackers with user interaction to achieve arbitrary code execution, privilege escalation, or denial of service via crafted filesystem images. Affects kernels since initial OCFS2 implementation (2.6.16+) through 6.19.13. Vendor patches available across all supported stable branches (6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0). EPSS score of 0.02% (5th percentile) suggests low probability of mass exploitation, though CVSS 7.8 reflects high impact if triggered. No active exploitation confirmed (not in CISA KEV) and no public POC identified at time of analysis.

Information Disclosure Linux Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out-of-bounds write in Linux kernel's ocfs2 filesystem driver allows local attackers with low privileges to achieve arbitrary code execution or system crash via a corrupted ocfs2 filesystem image. Exploitation occurs during copy_file_range operations when the malicious id_count field in the inode block exceeds physical inline data capacity, causing a buffer overflow past the inode block buffer. Vendor patches are available across multiple stable kernel versions (6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0). EPSS exploitation probability is low (0.02%, 5th percentile), and no active exploitation or public POC is currently identified.

Buffer Overflow Linux Memory Corruption
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Redis-server with Lua scripting allows authenticated attackers to trigger a use-after-free vulnerability on replicas where replica-read-only is disabled, potentially leading to remote code execution. The vulnerability exploits the master-replica synchronization mechanism and is present in all versions prior to 8.6.3. Patch vendor-released patch: 8.6.3.

Redis Use After Free Memory Corruption +1
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH POC PATCH This Week

Use-after-free in Redis 7.2.0 through 8.6.2 allows authenticated attackers to achieve remote code execution by exploiting error handling in the unblock client flow. When a blocked client is evicted during command re-execution, the server fails to handle the error return from processCommandAndResetClient, triggering memory corruption. Redis has released version 8.6.3 with a security fix. No public exploit code or CISA KEV listing identified at time of analysis, suggesting limited observed exploitation despite the critical RCE impact.

Redis Use After Free Memory Corruption +1
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Use-after-free vulnerability in Qualcomm Snapdragon chipsets enables local privilege escalation to achieve full device compromise. Low-privilege authenticated users can trigger memory corruption during performance counter deselect operations, gaining high-integrity code execution with kernel-level access. Qualcomm has released patches in their May 2026 security bulletin. EPSS data not yet available for this future-dated CVE; no confirmed active exploitation or public exploit code identified at time of analysis.

Buffer Overflow Use After Free Memory Corruption +1
NVD
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Mutt before 2.3.2 mishandles the IMAP GSS security level due to improper integer casting and insufficient bounds checking, allowing remote attackers to trigger memory corruption and information disclosure via a crafted IMAP server response during GSS-API authentication. The vulnerability requires high attack complexity (malicious IMAP server) but affects all versions prior to 2.3.2.

Information Disclosure Memory Corruption Mutt
NVD GitHub VulDB
EPSS 0% CVSS 6.7
MEDIUM This Month

Out-of-bounds write in MediaTek's slbc (secure local buffer component) due to type confusion allows local privilege escalation to full system compromise when an attacker already holds System privilege. The vulnerability requires no user interaction and affects 32 MediaTek chipset models. CISA SSVC framework rates technical impact as total; however, EPSS score of 0.02% suggests limited real-world exploitation despite the high CVSS score of 6.7, likely due to the requirement for pre-existing System privilege.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution in GeoVision GV-VMS V20 (version 20.0.2) allows unauthenticated attackers to corrupt stack memory via a crafted HTTP request to the WebCam Server Login functionality, leading to arbitrary code execution on the video management system. The flaw is a CWE-787 out-of-bounds write (stack buffer overflow) carrying a CVSS 9.8 score, and no public exploit identified at time of analysis, though Talos has published a vulnerability report (TALOS-2026-2369). EPSS is currently low at 0.12%, but the unauthenticated network attack surface on a video surveillance product makes this a high-priority patching target.

RCE Buffer Overflow Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 9.0
CRITICAL Act Now

Remote code execution in GeoVision GV-VMS V20 20.0.2 allows unauthenticated attackers to execute arbitrary code as SYSTEM via stack overflow in WebCam Server Login functionality. A specially crafted HTTP request with oversized username or password fields (exceeding 40 characters) triggers unconstrained sscanf buffer handling. CVSS 9.0 with high attack complexity reflects exploitation constraints (no null bytes allowed in payload), though network vector and lack of authentication requirements present significant risk. No active exploitation confirmed (not in CISA KEV); EPSS data unavailable for final risk assessment.

RCE Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Remote unauthenticated code execution in GeoVision GV-VMS V20 WebCam Server allows attackers to execute arbitrary code as SYSTEM via stack buffer overflow. The `gvapi` endpoint bypasses standard authentication and copies base64-decoded HTTP Authorization headers into a 256-byte stack buffer without bounds checking, enabling full stack control. The WebCam Server binary is compiled without ASLR, significantly lowering exploitation complexity. CVSS 10.0 with network vector, no prerequisites, and changed scope reflecting system-level compromise. Publicly disclosed by Cisco Talos and vendor advisory available from GeoVision.

RCE Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Use-after-free in Imagination Graphics DDK GPU GLES user-space library allows authenticated remote attackers to crash the GPU render process via crafted WebGPU content. CVSS 8.1 (High) with network vector and low complexity. On platforms where the GPU process runs with elevated system privileges, successful exploitation could enable system-level compromise beyond the initial crash. EPSS and KEV data not provided; SSVC framework indicates no confirmed exploitation, non-automatable attack, but total technical impact. Vendor patches available across affected DDK versions 1.18, 23.2, 24.1-24.2, and 25.1-25.3.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 8.1
HIGH This Week

Remote authenticated attackers can execute code or cause persistent denial-of-service in Imagination Technologies Graphics DDK by triggering a use-after-free in the GPU GLES render process via specially crafted WebGPU content. On platforms where the GPU driver runs with elevated system privileges, successful exploitation enables device-level compromise beyond the browser sandbox. EPSS data not available, no CISA KEV listing identified, no public POC confirmed. SSVC framework indicates no active exploitation and non-automatable attack requiring authenticated interaction.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Heap-based buffer overflow in hashcat 7.1.2 enables remote code execution or denial of service through maliciously crafted PKZIP hash files. Attackers can exploit inadequate input validation in the hex_to_binary function affecting PKZIP hash parser modules (17200, 17210, 17220, 17225, 17230) to overflow fixed-size buffers with arbitrary hex data. CVSS 9.8 reflects network-accessible attack vector requiring no authentication or user interaction, though real-world exploitation requires victim to process attacker-supplied hash files. EPSS data not available; no CISA KEV listing indicates no confirmed widespread exploitation. Public proof-of-concept exists (GitHub Gist), elevating exploitation risk for environments processing untrusted hash files.

RCE Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Heap-based buffer overflow in hashcat 7.1.2's Kerberos hash parser enables remote code execution without authentication. Attacker supplies a maliciously crafted Kerberos hash file with manipulated delimiter positions to overflow the fixed-size account_info buffer during memcpy operations in module_hash_decode. The vulnerability affects multiple Kerberos-related hashcat modules due to missing upper-bound validation on account_info_len before memory copy. CVSS 9.8 with network attack vector, but real-world exploitation requires user processing the malicious file. EPSS data not available; no active exploitation confirmed in CISA KEV at time of analysis.

RCE Denial Of Service Buffer Overflow +2
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Stack-based buffer overflow in hashcat 7.1.2's rule processing functions enables remote code execution when processing password candidates of 128+ characters. The vulnerability stems from inadequate bounds checking in mangle_to_hex_lower() and mangle_to_hex_upper() functions that fail to account for 2x memory expansion during byte-to-hex conversion. CVSS 9.8 (critical) with network attack vector and no authentication required. Public proof-of-concept code available via GitHub gist. No CISA KEV listing suggests targeted rather than widespread exploitation despite theoretical network exploitability.

RCE Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Linux kernel ksmbd (SMB server) during durable file handle scavenging allows memory corruption and potential remote code execution. When a durable SMB2 file handle survives session disconnect, the cleanup path dereferences a freed connection object via NULL fp->conn pointer during lock cleanup, causing a slab use-after-free. Exploitation probability is extremely low (EPSS 0.02%, 5th percentile) with no active exploitation confirmed. Vendor patches available across multiple stable kernel branches (6.12.84, 6.18.25, 7.0.2, 7.1-rc1) address the asymmetric cleanup by properly managing byte-range lock lifetimes during durable handle reconnection.

Use After Free Memory Corruption Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Integer underflow in Linux kernel NTFS3 driver during journal replay allows local attackers to trigger massive out-of-bounds memory copies into a 4KB buffer when processing corrupted filesystems. The check_file_record() function fails to validate rec->used field before using it in memmove() length calculations across DeleteAttribute, CreateAttribute, and change_attr_size handlers, enabling slab-out-of-bounds writes. No public exploit identified at time of analysis. EPSS score of 0.02% (5th percentile) indicates low exploitation probability. Vendor-released patches available across kernel versions 6.6.136, 6.12.84, 6.18.25, 7.0.2, and 7.1-rc1.

Memory Corruption Buffer Overflow Linux
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel F2FS filesystem allows local authenticated attackers to trigger kernel panic or potentially achieve code execution. The vulnerability (CWE-416) occurs during concurrent write callback and unmount operations when f2fs_write_end_io() decrements page count before checking node inode validity, leading to NULL pointer dereference. Discovered via xfstests generic/107 and syzbot fuzzing. EPSS exploitation probability is low (0.02%, 4th percentile), no active exploitation confirmed. Vendor patches available across stable kernel branches 6.18.25, 7.0.2, and 7.1-rc1.

Information Disclosure Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Out-of-bounds read in Linux kernel ksmbd allows authenticated SMB clients to trigger memory corruption by crafting malicious DACL ACEs with undersized headers. Attackers with permission to set ACLs on files can cause kernel KASAN reports and state corruption when subsequent CREATE operations walk the stored DACL via smb_check_perm_dacl(). Vendor patches available for kernel versions 6.12.84, 6.18.25, 7.0.2, and 7.1-rc1. EPSS score of 0.02% (5th percentile) indicates low likelihood of mass exploitation despite network attack vector, consistent with the requirement for authenticated access and specific file permission prerequisites.

Linux Memory Corruption Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Integer overflow in Linux kernel's ksmbd (SMB server) allows local authenticated attackers to bypass size validation and trigger memory corruption via crafted daemon responses. The vulnerability affects three IPC message handlers that fail to detect arithmetic overflow when computing expected message sizes from attacker-controlled fields (payload_sz, ngroups), enabling out-of-bounds memcpy operations. Vendor patches available for affected 5.15+ kernels. EPSS score 0.02% (5th percentile) indicates low observed exploitation probability. No CISA KEV listing or public exploit identified at time of analysis.

Red Hat Suse Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Out-of-bounds write in Linux kernel's ksmbd SMB server allows memory corruption when processing extended attributes (EA) in QUERY_INFO responses. The smb2_get_ea() function performs 4-byte alignment padding without checking remaining buffer space, causing 1-3 bytes to write past allocation boundaries when EA values exactly fill the response buffer. This occurs in compound SMB2 requests where shared response buffers are tightly constrained. EPSS score of 0.02% suggests minimal observed exploitation activity, though the CVSS 9.8 critical rating reflects the theoretical network-accessible, unauthenticated attack surface. Vendor patches available across multiple stable kernel branches (6.6.136, 6.12.84, 7.0.2, 7.1-rc1). Not listed in CISA KEV. This represents the third instance of the same vulnerability pattern in ksmbd QUERY_INFO handlers, following fixes in commits beef2634f81f and fda9522ed6af.

Memory Corruption Buffer Overflow Linux
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free condition in Linux kernel writeback subsystem allows local authenticated attackers to potentially execute arbitrary code, escalate privileges, or trigger kernel crashes. The vulnerability affects Linux kernel versions 6.18.x through 7.1-rc1 and arises from improper synchronization between work queue processing and memory deallocation in inode_switch_wbs_work_fn(). Vendor patches are available across stable kernel branches (6.18.25, 7.0.2, 7.1-rc1) with low EPSS score (0.02%) indicating minimal observed exploitation activity, though the CVSS 7.8 score reflects significant impact if successfully exploited by authenticated local users.

Denial Of Service Linux Use After Free +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel f2fs compressed writeback allows local authenticated users to trigger memory corruption, potentially executing arbitrary code or causing system crashes. Affects f2fs-compressed filesystems in Linux kernel 5.6 through 7.1-rc2, with patches available in 6.6.136, 6.12.84, 7.0.2, and 7.1-rc1. EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability despite CVSS 7.8 rating. This mirrors CVE-2026-23234's race condition pattern but in the compression code path that was missed by the earlier fix. No active exploitation confirmed (not in CISA KEV) and no public POC identified at time of analysis.

Information Disclosure Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Buffer overflow in Linux kernel's AMD CCP (Cryptographic Coprocessor) driver leaks kernel memory to userspace when retrieving PEK CSR (Platform Endorsement Key Certificate Signing Request). Affecting Linux kernel 4.16+ through 7.0.x, the vulnerability allows local authenticated users to read arbitrary kernel memory due to improper error handling when firmware returns invalid buffer length requirements. Patches available across stable branches (6.6.136, 6.12.84, 6.18.25, 7.0.2, 7.1-rc1). EPSS score of 0.02% indicates minimal observed exploitation probability, though the CVSS 7.1 reflects significant confidentiality impact. No CISA KEV listing or public exploit identified at time of analysis.

Memory Corruption Buffer Overflow Google +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Information disclosure in Linux kernel's AMD Cryptographic Coprocessor (CCP) driver allows local authenticated attackers to leak kernel memory to userspace via out-of-bounds read. When retrieving PDH certificates through SEV ioctl, the driver incorrectly copies data to userspace even after firmware command failures, potentially reading 2084+ bytes beyond allocated buffer boundaries. EPSS score of 0.02% (5th percentile) indicates minimal observed exploitation probability. Vendor patches available across multiple stable kernel branches (6.6.136, 6.12.84, 6.18.25, 7.0.2, 7.1-rc1) per upstream commits.

Memory Corruption Buffer Overflow Google +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Buffer overflow in Linux kernel CCP SEV driver allows local authenticated users to leak kernel memory to userspace. When the PSP firmware command to retrieve SEV CPU ID fails due to insufficient buffer size, the driver attempts to copy data beyond the allocated kernel buffer boundary, exposing up to 64 bytes of kernel memory. Exploitation requires local access with low privileges (CVSS PR:L) to invoke the SEV ioctl interface. EPSS score is very low (0.02%, 5th percentile) indicating minimal real-world exploitation observed. No public exploit identified at time of analysis, though the KASAN stack trace in the CVE description provides a clear exploitation path. Patches available across multiple stable kernel branches (6.6.136, 6.12.84, 6.18.25, 7.0.2, 7.1-rc1).

Memory Corruption Buffer Overflow Google +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer overflow in Linux kernel rxrpc subsystem allows local authenticated users to trigger memory corruption via malformed key payloads. The non-XDR parsing path in rxrpc_preparse() fails to validate ticket length against AFSTOKEN_RK_TIX_MAX, enabling unprivileged users to supply oversized tickets that cause WARN_ON() triggers and potential memory corruption when keys are read. Vendor patches available for kernel versions 6.6.136, 6.12.84, 6.18.25, 7.0.2, and 7.1-rc1. EPSS score of 0.02% indicates low observed exploitation probability, with no public exploit identified at time of analysis.

Memory Corruption Buffer Overflow Linux
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel virt_wifi driver allows local authenticated users to trigger memory corruption during ethtool operations on virtual WiFi devices being unregistered. The vulnerability stems from improper device parent reference handling via SET_NETDEV_DEV, where ethnl_ops_begin() calls pm_runtime_get_sync() on already-freed memory when a virt_wifi device unregisters concurrently with ethtool operations. Patches are available across multiple stable kernel branches (5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). EPSS exploitation probability is low (0.02%, 7th percentile), and no public exploit identified at time of analysis, though CVSS 7.8 reflects potential for complete system compromise if successfully triggered.

Red Hat Suse Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel's MANA network driver allows local authenticated attackers to corrupt memory and potentially execute code with kernel privileges. The flaw occurs when auxiliary_device_add() fails in add_adev(), triggering cleanup that frees memory still referenced by subsequent error-handling code. Patches available across stable kernel branches (6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). EPSS score of 0.02% (5th percentile) indicates low probability of widespread exploitation. No CISA KEV listing or public exploit identified at time of analysis.

Information Disclosure Linux Use After Free +3
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Race condition in Linux kernel ATM LEC driver allows local attackers with low privileges to trigger use-after-free memory corruption in sock_def_readable(), potentially achieving arbitrary code execution, privilege escalation, or denial of service. The flaw affects systems using ATM (Asynchronous Transfer Mode) LAN Emulation Client functionality, present since Linux kernel version 2.4 (commit 1da177e4c3f4). EPSS score of 0.02% (7th percentile) suggests low probability of mass exploitation. Vendor patches available across all maintained stable branches (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). Not listed in CISA KEV; no public exploit code identified at time of analysis.

Authentication Bypass Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel HID subsystem allows local attackers with low privileges to achieve arbitrary code execution, privilege escalation, or denial of service when force feedback initialization fails on Logitech G920 racing wheels. The vulnerability occurs when userspace continues accessing freed memory structures (sysfs and /dev/input) after initialization errors. Vendor patches available across multiple stable kernel branches (6.12.81, 6.18.22, 6.19.12, 7.0). EPSS score of 0.02% (5th percentile) indicates very low probability of mass exploitation, consistent with hardware-specific local attack surface requiring physical device presence.

Information Disclosure Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out-of-bounds memory writes in Linux kernel HID multitouch driver allow local authenticated users to achieve code execution or crash systems via malicious USB/HID devices. The vulnerability exists in the HID multitouch report parsing logic where mismatched report IDs in feature requests can confuse the HID core. Vendor-released patches are available across multiple kernel versions (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). EPSS score is low (0.02%, 7th percentile), indicating minimal observed exploitation attempts. No public exploit code identified at time of analysis.

Linux Memory Corruption Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Memory corruption in Linux kernel IPv6 ICMP error handling allows remote unauthenticated attackers to potentially achieve code execution or information disclosure. The vulnerability arises from incomplete control block (CB) sanitization when converting IPv4 ICMP errors to ICMPv6, enabling forged CIPSO options in outer IPv4 packets to manipulate inner IPv6 packet parsing. This can trigger out-of-bounds memory access extending into skb_shared_info structures. Despite CVSS 9.8 critical rating, EPSS exploitation probability is extremely low (0.02%, 7th percentile), no public exploit code exists, and CISA has not listed this as actively exploited. Patches are available across all supported kernel branches (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0).

Information Disclosure Linux Memory Corruption
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

A stack-based buffer overflow in the Linux kernel's IPv6-to-IPv4 tunneling (ip6_tunnel) code allows remote unauthenticated attackers to achieve arbitrary code execution. The vulnerability occurs when ip4ip6_err() passes a cloned skb with IPv6-formatted control buffer data to icmp_send(), which misinterprets it as IPv4 control buffer data. This type confusion causes __ip_options_echo() to read attacker-controlled packet data as a length value and copy up to that many bytes into a fixed 40-byte stack buffer, enabling remote exploitation with no prerequisites. EPSS score of 0.02% suggests limited exploitation probability despite critical CVSS 9.8 rating. Vendor-released patches are available across all maintained kernel branches (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, and mainline 7.0).

Linux Memory Corruption Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel netfilter subsystem allows local authenticated attackers to corrupt memory and potentially execute arbitrary code with kernel privileges. The vulnerability occurs when unregistering connection tracking helpers - expectations referencing the helper survive cleanup and later dereference the freed helper object during expectation dumps or new connection establishment. Vendor-released patches are available across multiple stable kernel branches (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). EPSS score of 0.02% indicates low observed exploitation probability; no active exploitation confirmed (not in CISA KEV), and no public exploit code identified at time of analysis.

Information Disclosure Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Stack buffer overflow in Linux kernel Bluetooth MGMT subsystem allows local authenticated attackers to execute arbitrary code with elevated privileges. The vulnerability stems from insufficient validation of the encryption key size (enc_size) parameter when loading Long Term Keys (LTKs) via the Bluetooth management interface. When processing LE LTK requests, the kernel uses the attacker-controlled enc_size value to perform stack operations against a fixed 16-byte buffer, enabling stack corruption through oversized values. Vendor-released patches are available across all active kernel branches. EPSS exploitation probability is low (0.02%, 7th percentile), and no public exploit has been identified at time of analysis, though the attack complexity is low once local authenticated access is obtained.

Memory Corruption Buffer Overflow Linux +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel Bluetooth subsystem allows local authenticated attackers to achieve arbitrary code execution with high privileges. The vulnerability exists in set_cig_params_sync where hci_conn objects can be freed or modified concurrently during lookup and field access due to inadequate locking. Vendor patches are available across multiple stable kernel branches (6.6, 6.12.81, 6.18.22, 6.19.12, 7.0). EPSS score of 0.02% indicates low observed exploitation probability, no CISA KEV listing, and no public exploit identified at time of analysis.

Information Disclosure Linux Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use-after-free in Linux Kernel Bluetooth stack allows adjacent network attackers to execute arbitrary code, escalate privileges, or cause denial of service without authentication. The vulnerability exists in hci_le_remote_conn_param_req_evt where hci_conn lookup and field access occurs outside the hdev lock protection, enabling concurrent memory corruption. Patches are available across multiple stable kernel branches (6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, and mainline 7.0). EPSS score of 0.02% indicates low observed exploitation probability, and no public exploit code or CISA KEV listing exists at time of analysis.

Information Disclosure Linux Memory Corruption +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel's BPF sockmap implementation allows local authenticated attackers to corrupt memory and potentially execute arbitrary code with kernel privileges. The vulnerability occurs in sk_psock_verdict_data_ready() when handling AF_UNIX sockets, where sk->sk_socket can be accessed after being freed following sock_orphan(). This affects Linux kernel versions 5.15 through 6.19.12, with patches available for stable branches 6.6.134, 6.12.81, 6.18.22, 6.19.12, and mainline 7.0. EPSS score of 0.02% indicates very low observed exploitation probability in the wild, and no active exploitation or public exploit code has been identified at time of analysis.

Google Information Disclosure Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel macb driver allows local authenticated attackers to cause denial of service or potentially escalate privileges during module removal. The vulnerability occurs in the PCI glue driver when platform_device_unregister() triggers a runtime resume callback that attempts to access already-freed clock structures. EPSS score is low (0.02%) with no evidence of active exploitation. Vendor patches are available across multiple stable kernel branches (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, and mainline 7.0).

Denial Of Service Use After Free Memory Corruption +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A heap buffer overflow in the Linux kernel's wilc1000 WiFi driver allows local authenticated users to trigger memory corruption via crafted SSID scan requests. The driver miscalculates buffer size due to u8 integer overflow (330 bytes wrapping to 74), causing kmalloc to allocate 75 bytes while memcpy writes up to 331 bytes - a 256-byte overflow. Patches are available across multiple stable kernel branches (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). EPSS score of 0.03% (9th percentile) suggests low likelihood of widespread exploitation, and CISA KEV does not list this CVE, indicating no confirmed active exploitation at time of analysis.

Red Hat Suse Buffer Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Stack buffer overflow in Linux kernel Bluetooth subsystem allows local authenticated attackers to achieve code execution, privilege escalation, or denial of service through malformed ISO socket parameters. The vulnerability occurs when binding an ISO Bluetooth socket with up to 31 BIS entries while the hci_le_big_create_sync() function only allocates stack space for 17 entries, resulting in a 14-byte overflow that corrupts adjacent stack memory. Patches are available across multiple kernel versions (6.12.81, 6.18.22, 6.19.12, 7.0), with EPSS indicating 0.02% exploitation probability and no active exploitation confirmed.

Red Hat Suse Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel GPIB subsystem allows local authenticated attackers with low privileges to execute arbitrary code, escalate privileges, or crash the system. The vulnerability occurs in IBRD, IBWRT, IBCMD, and IBWAIT ioctl handlers when concurrent IBCLOSEDEV calls free descriptors still in use by I/O operations. EPSS probability is very low (0.02%, 4th percentile), indicating minimal observed exploitation activity. Vendor patches available for stable branches 6.18.22, 6.19.12, and mainline 7.0 via commits cae26eff, 28c75dd1, and d1857f82.

Red Hat Suse Authentication Bypass +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free condition in Linux kernel USB Test and Measurement Class (USBTMC) driver allows local authenticated attackers to execute arbitrary code with elevated privileges. The vulnerability occurs when the usbtmc_release function fails to properly flush pending anchored URBs, leaving dangling references that can be exploited in the HCD giveback path. Vendor patches are available across multiple stable kernel versions (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, and 7.0). Despite the high CVSS score of 7.8, the EPSS exploitation probability is very low at 0.02% (7th percentile), indicating limited real-world targeting, and no active exploitation or public POC has been identified.

Red Hat Suse Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer overflow in Linux kernel COMEDI me_daq driver allows local authenticated users to achieve arbitrary code execution with kernel privileges. The me2600_xilinx_download() function fails to validate firmware file length before reading data streams, enabling out-of-bounds memory access during firmware loading operations. Patches available across multiple stable kernel versions (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). EPSS score of 0.02% (7th percentile) indicates low probability of widespread exploitation despite high CVSS 7.8 rating, and no active exploitation or public exploit code identified at time of analysis.

Red Hat Suse Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out-of-bounds write in Linux kernel comedi me4000 driver firmware loader allows local authenticated users to achieve high-impact code execution, data corruption, or system crash. The me4000_xilinx_download() function blindly trusts firmware file format headers without validating buffer boundaries, reading a length field from the first 4 bytes and then reading that many bytes from offset 16 without checking total file size. Patch available across multiple stable kernel branches (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0). EPSS score of 0.02% (7th percentile) indicates very low observed exploitation probability despite CVSS 7.8 rating. No public exploit code or active exploitation confirmed.

Red Hat Suse Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption in the Linux kernel zynqmp_nvmem driver allows local authenticated users to achieve privilege escalation through undersized DMA buffer exploitation. The vulnerability stems from incorrect buffer size calculations in dma_alloc_coherent and memcpy operations, enabling heap or memory corruption that can lead to complete system compromise. With a 7.8 CVSS score but only 0.02% EPSS (5th percentile), this represents a high-severity issue affecting specific Xilinx Zynq UltraScale+ deployments rather than a widespread exploitation target. Patches available across multiple stable kernel branches (6.12.81, 6.18.22, 6.19.12, 7.0) with upstream fixes confirmed in git commits.

Red Hat Suse Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel thermal subsystem allows local attackers with low privileges to execute arbitrary code, escalate privileges, or crash the system. The vulnerability stems from race conditions between thermal zone removal and power management resume operations, where delayed work items can continue executing after thermal zone objects are freed. EPSS score of 0.02% (5th percentile) suggests low probability of mass exploitation despite high CVSS severity. Vendor patches available across multiple stable kernel branches (6.12.83, 6.18.22, 6.19.12, 7.0) via upstream commits. No active exploitation confirmed in CISA KEV at time of analysis.

Red Hat Suse Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_uac1_legacy: validate control request size f_audio_complete() copies req->length bytes into a 4-byte stack variable: u32 data = 0; memcpy(&data, req->buf, req->length); req->length is derived from the host-controlled USB request path, which can lead to a stack out-of-bounds write. Validate req->actual against the expected payload size for the supported control selectors and decode only the expected amount of data. This avoids copying a host-influenced length into a fixed-size stack object.

Red Hat Suse Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial of service in FRRouting stable/10.0 allows unauthenticated attackers to crash the BGP daemon via malformed FlowSpec NLRI messages. The off-by-one vulnerability in bgp_flowspec_op_decode() enables out-of-bounds writes when parsing crafted BGP FlowSpec components, causing process termination. EPSS exploitation probability data not available, but SSVC marks this as automatable with partial technical impact. No public exploit code identified at time of analysis, and not listed in CISA KEV, suggesting theoretical rather than actively exploited risk.

Denial Of Service Buffer Overflow Memory Corruption +1
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer overflow in Linux kernel Xen hypervisor interface allows local authenticated users to achieve arbitrary code execution with high privilege escalation impact. The vulnerability stems from improper handling of non-NUL-terminated build ID data from HYPERVISOR_xen_version(XENVER_build_id) in drivers/xen/sys-hypervisor.c, where sprintf reads past buffer boundaries seeking a NUL terminator. Affects Linux kernel versions from 5.10 through 7.0 series when running as Xen domain. Vendor-released patches available across all affected stable branches (5.10.254, 5.15.204, 6.1.170, 6.6.137, 6.12.85, 6.18.26, 7.0.3). EPSS score of 0.08% (23rd percentile) indicates low probability of mass exploitation despite high CVSS 7.8, reflecting specialized Xen-only attack surface. No public exploit identified at time of analysis.

Red Hat Suse Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service in Wireshark 4.6.0 through 4.6.4 via crafted SDP protocol packets allows local attackers with user interaction to crash the application through a use-after-free memory corruption vulnerability in the SDP protocol dissector. EPSS and KEV status not available at analysis time; no public exploit code identified.

Denial Of Service Memory Corruption Use After Free +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service via MySQL protocol dissector crash in Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14 allows local users with no privileges to crash the application through a crafted malicious pcap file or network capture, requiring only user interaction to open the file. The vulnerability stems from improper memory access in the MySQL dissector parser (CWE-824: Access of Uninitialized Pointer), resulting in application termination and loss of packet analysis capability. No public exploit code or active exploitation has been identified at time of analysis.

Memory Corruption Denial Of Service Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service via crash in the GSM RP protocol dissector affects Wireshark 4.6.0-4.6.4 and 4.4.0-4.4.14. A local attacker with user privileges can trigger a dissector crash by crafting a malicious GSM RP packet and inducing a user to open it, causing application termination and loss of packet capture session. CVSS 5.5 reflects local attack vector and user interaction requirement; no remote exploitation path identified.

Memory Corruption Denial Of Service Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by sending a crafted Router Advertisement with a prefix length value exceeding the maximum valid length, resulting in a heap buffer overflow. Users processing IPv4 RA only are not impacted. To mitigate this issue, users should upgrade to the fixed version when available.

Buffer Overflow Memory Corruption Freertos Plus Tcp
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) before build 42183.

Buffer Overflow Memory Corruption Microsoft +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in WebView in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High)

Memory Corruption Use After Free Google +4
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Use after free in Chromoting in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: High)

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Type Confusion in V8 in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Google RCE +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Codecs in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: High)

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in WebMIDI in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Use After Free Google +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Media in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Use After Free Google +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Navigation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Use After Free Google +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Views in Google Chrome on Mac prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Use After Free Google +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Animation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in ANGLE in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Use After Free Google +4
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Use After Free Google +4
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use after free in Views in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Use After Free Microsoft Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Use After Free Microsoft Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in iOS in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Use After Free Memory Corruption Apple +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)

Use After Free RCE Memory Corruption +5
NVD VulDB
Prev Page 15 of 170 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy