Skip to main content

Red Hat

8625 CVEs vendor

Monthly

CVE-2026-41314 PyPI MEDIUM PATCH This Month

Denial of service via memory exhaustion in pypdf prior to 6.10.2 allows local attackers with user interaction to crash applications processing crafted PDF files containing FlateDecode-compressed images with inflated size values. The vulnerability exhausts available RAM during decompression, affecting any system using vulnerable pypdf versions to parse untrusted PDF documents.

Information Disclosure Python Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-41313 PyPI MEDIUM PATCH This Month

Denial of service via algorithmic complexity in pypdf versions prior to 6.10.2 allows local attackers to cause long runtimes by crafting a PDF with an excessively large trailer /Size value when loaded in incremental mode. The vulnerability requires user interaction to load the malicious PDF and results in availability degradation rather than data compromise. Patch version 6.10.2 is available from the vendor.

Information Disclosure Python Red Hat Suse
NVD GitHub
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-41312 PyPI MEDIUM PATCH This Month

Memory exhaustion in pypdf prior to 6.10.2 allows local attackers to craft malicious PDF files that exhaust system RAM when processed. The vulnerability requires user interaction to open a specially crafted PDF containing a /FlateDecode stream with a /Predictor value other than 1 and large predictor parameters. Vendor-released patch available in version 6.10.2.

Information Disclosure Python Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-41168 PyPI MEDIUM PATCH This Month

Denial of service in pypdf prior to version 6.10.1 allows remote attackers to craft malicious PDF files with oversized cross-reference stream `/Size` values or object stream `/N` values, causing excessive processing time and long runtimes. No authentication is required; the vulnerability is triggered by parsing a specially crafted PDF file. Patch version 6.10.1 is available from the vendor.

Information Disclosure Python Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-41650 npm MEDIUM PATCH GHSA This Month

fast-xml-parser XMLBuilder fails to escape comment and CDATA delimiters when building XML from JavaScript objects, allowing XML injection via unescaped `-->` and `]]>` sequences in user-controlled content. Attackers can inject malicious XML elements into comments or CDATA sections, enabling XSS attacks in browser contexts, SOAP message manipulation, RSS feed poisoning, or XML structure breakage. The vulnerability requires user interaction (UI:R) and affects only XMLBuilder output that includes user-controlled comments or CDATA; no public exploit code identified at time of analysis.

Node.js XSS Suse Red Hat
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-41240 npm MEDIUM PATCH GHSA This Month

Cross-site scripting (XSS) in DOMPurify occurs when function-based ADD_TAGS configuration is used with FORBID_TAGS, allowing attackers to bypass tag filtering and inject dangerous elements such as iframe, form, object, and embed with their attributes intact. The vulnerability stems from inconsistent handling of FORBID_TAGS compared to the separately-fixed FORBID_ATTR logic, where the forbidden tag check is short-circuited by a function-based ADD_TAGS predicate. Publicly available proof-of-concept demonstrates iframe and form injection with external URLs surviving sanitization; patch is available in version 3.4.0.

Node.js XSS Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-41239 npm MEDIUM PATCH GHSA This Month

Cross-site scripting (XSS) in DOMPurify when using SAFE_FOR_TEMPLATES with RETURN_DOM or RETURN_DOM_FRAGMENT modes allows remote attackers to execute arbitrary JavaScript by crafting malformed HTML that reassembles into template expressions after DOM normalization. The vulnerability affects DOMPurify from v1.0.10 through at least v3.3.3, exploitable when sanitized output is mounted into template-evaluating frameworks like Vue 2. A proof-of-concept demonstrates reliable exploitation with alert(1) execution.

Node.js XSS Red Hat
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-41238 npm MEDIUM PATCH GHSA This Month

DOMPurify versions 3.0.1 through 3.3.3 fail to prevent prototype pollution-based XSS attacks when using default configurations. An attacker who can exploit a prototype pollution gadget elsewhere in the application can pollute Object.prototype with permissive regex values, causing DOMPurify to bypass sanitization and allow arbitrary custom elements with event handler attributes. The vulnerability affects the standard DOMPurify.sanitize(userInput) call without requiring special configuration.

Google XSS Red Hat Chrome
NVD GitHub VulDB
CVSS 3.1
6.9
EPSS
0.0%
CVE-2026-31530 HIGH PATCH This Week

Use-after-free in Linux kernel CXL (Compute Express Link) subsystem allows local authenticated attackers to corrupt memory and potentially execute arbitrary code or cause kernel panics. The flaw occurs in cxl_detach_ep() during device removal when parent port references are freed prematurely, before child operations complete. Affects Linux kernel 6.3 through 7.0-rc5; patched in versions 6.12.80, 6.18.21, 6.19.11, and 7.0. EPSS score of 0.02% indicates low exploitation probability. No active exploitation or public exploit code identified at time of analysis.

Use After Free Linux Memory Corruption Buffer Overflow Denial Of Service +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31529 MEDIUM PATCH This Month

Memory leak in Linux kernel CXL region initialization allows local privileged attackers to cause denial of service through resource exhaustion. The vulnerability exists in the __construct_region() function where failed sysfs_update_group() calls fail to properly free allocated resources, resulting in cumulative memory exhaustion when region construction is repeatedly attempted and fails. CVSS 5.5 reflects local attack vector with low complexity and high availability impact; EPSS 0.02% indicates minimal real-world exploitation probability despite the vulnerability's severity classification.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31528 HIGH PATCH This Week

Out-of-bounds memory access in Linux kernel perf subsystem allows local authenticated attackers with low privileges to achieve high confidentiality, integrity, and availability impact. The vulnerability occurs when group_sched_in() fails during performance monitoring event handling and event inheritance uses the wrong PMU (Performance Monitoring Unit) context, leading to improper rollback and memory corruption. Despite high CVSS score (7.8), EPSS probability indicates very low real-world exploitation likelihood (0.02%, 5th percentile). Vendor patches available across multiple stable kernel branches (6.6.131, 6.12.80, 6.18.21, 6.19.11, 7.0) per git.kernel.org commit references.

Information Disclosure Linux Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31526 MEDIUM PATCH This Month

The Linux kernel BPF verifier fails to validate lock release on exception exits from static subprograms when bpf_throw() is invoked, potentially allowing denial of service or system instability through uncontrolled RCU and preemption lock retention. Affected versions span from 6.7 through 7.0-rc4; CVSS 5.5 (local privilege escalation path) but EPSS 0.02% suggests low real-world exploitation probability. Patch available in stable releases 6.18.21, 6.19.11, and 7.0.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31525 HIGH PATCH This Week

Signed integer overflow in the Linux kernel's BPF interpreter enables local attackers with low privileges to achieve out-of-bounds memory access and potentially execute arbitrary code. The flaw occurs when the 32-bit signed division/modulo operations handle INT_MIN (0x80000000), causing the abs() macro to trigger undefined behavior that creates a mismatch between the verifier's abstract interpretation and the interpreter's runtime behavior. With an EPSS score of 0.02% and no confirmed active exploitation, the primary risk is to systems where unprivileged users can load BPF programs, though default kernel configurations typically restrict BPF to privileged users. Patches are available across multiple stable kernel branches (6.6.131, 6.12.80, 6.18.21, 6.19.11).

Buffer Overflow Linux Memory Corruption Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31524 MEDIUM PATCH This Month

Memory leak and out-of-bounds read in the asus_report_fixup() HID driver function allows local authenticated attackers with limited privileges to cause denial of service through memory exhaustion. The vulnerability affects the ASUS HID device driver across multiple Linux kernel versions, where kmemdup()-allocated buffers were not freed properly and an out-of-bounds read could access memory beyond the original descriptor size. A patch is available from Linux kernel maintainers switching to devm_kzalloc() for proper memory lifecycle management.

Buffer Overflow Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31523 MEDIUM PATCH This Month

Double completions in NVMe-PCI polled queue handling occur when a high-priority task attempts to poll a queue during kernel reset before block layer queue maps are updated, causing race conditions between interrupt-driven and polled I/O paths. Affects Linux kernel versions before 5.10.253, 5.15.203, 6.1.168, 6.6.131, 6.12.80, 6.18.21, 6.19.11, and 7.0-rc2, requiring local authentication and high attack complexity to trigger. No public exploit identified, but vendor-released patches are available across all affected stable and development branches.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-31522 MEDIUM PATCH This Month

Memory leak in the HID magicmouse driver's report_fixup() function allows local authenticated attackers to cause a denial of service through repeated device interactions. The magicmouse_report_fixup() function allocates memory via kmemdup() but fails to free the allocated buffer before returning, leading to exhaustion of kernel memory on systems with a Magic Mouse connected. Vendor patches are available across multiple stable branches.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31520 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: HID: apple: avoid memory leak in apple_report_fixup() The apple_report_fixup() function was returning a newly kmemdup()-allocated buffer, but never freeing it. The caller of report_fixup() does not take ownership of the returned pointer, but it *is* permitted to return a sub-portion of the input rdesc, whose lifetime is managed by the caller.

Apple Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31519 MEDIUM PATCH This Month

A denial-of-service vulnerability in the Linux kernel's Btrfs filesystem implementation allows local authenticated attackers to cause filesystem corruption and crashes through a race condition during subvolume creation and lookup. When a newly created Btrfs subvolume's dentry cache is dropped before the BTRFS_ROOT_ORPHAN_CLEANUP flag is set, concurrent orphan cleanup operations can fail with ENOENT, creating negative dentries that prevent subvolume deletion and cause filesystem aborts. EPSS score of 0.02% indicates this is a low-probability exploitation scenario requiring specific timing and configuration conditions, though the impact is severe for affected systems. No public exploit code is identified at time of analysis.

Null Pointer Dereference Linux Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31517 MEDIUM PATCH This Month

Denial of service via kernel panic in the Linux kernel xfrm_iptfs module when processing fragmented IP-TFS packets with mixed fast-path and slow-path reassembly conditions. The vulnerability triggers an invalid memory access (SKB_LINEAR_ASSERT) in skb_put() when attempting to append data to a non-linear socket buffer during packet reassembly, affecting systems using IP-TFS encapsulation over IPsec. Local attackers with network access to send crafted IPsec packets can crash the kernel; active exploitation not confirmed but patch is available.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31516 HIGH PATCH This Week

Use-after-free in Linux kernel XFRM subsystem allows local authenticated attackers to achieve arbitrary code execution with high privileges. The vulnerability arises when XFRM policy hash threshold work items (policy_hthresh.work) outlive network namespace teardown, dereferencing freed struct net memory in xfrm_hash_rebuild(). Vendor patches available across multiple stable kernel versions (6.12.80, 6.18.21, 6.19.11, 7.0) confirm the issue affects kernels since commit 880a6fab8f6b. EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability despite CVSS:3.1 score of 7.8; no CISA KEV listing or public POC identified at time of analysis.

Information Disclosure Linux Race Condition Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31514 MEDIUM PATCH This Month

Short read handling in EROFS file-backed mounts can mark unread file pages as uptodate when vfs_iocb_iter_read() is interrupted by signals, leading to potential data corruption or information disclosure on systems using EROFS with file-backed mounts. Affected Linux kernel versions prior to fixes in 6.18.21, 6.19.11, and 6.12.80. Local authenticated users can trigger this via signal interruption during I/O operations.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31513 HIGH PATCH This Week

Buffer over-read in Linux kernel Bluetooth L2CAP allows adjacent network attackers to disclose sensitive kernel memory and crash systems via malformed Enhanced Credit Based Connection Requests. Affects multiple stable kernel versions (6.12.x, 6.18.x, 6.19.x). Vendor patches available for all affected branches. EPSS score of 0.02% indicates low observed exploitation probability despite the network-adjacent attack vector and lack of required authentication. No public exploit identified at time of analysis.

Buffer Overflow Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-31512 MEDIUM PATCH This Month

Denial of service via buffer over-read in Linux kernel Bluetooth L2CAP Enhanced Credit Based Flow Control data path allows local authenticated attackers to crash the system by sending malformed L2CAP packets with insufficient payload length. The vulnerability exists in l2cap_ecred_data_rcv() which reads the SDU length field without validating that the socket buffer contains the required 2 bytes, causing an out-of-bounds read that triggers a kernel panic when the buffer is too small. EPSS exploitation probability is 0.02% (percentile 7%), and a vendor patch is available.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31510 MEDIUM PATCH This Month

Null pointer dereference in the Linux kernel Bluetooth L2CAP implementation allows local authenticated attackers to cause a kernel panic and denial of service via the l2cap_sock_ready_cb function during L2CAP connection initialization. The vulnerability occurs when a socket pointer is dereferenced without null validation, triggering a KASAN null-ptr-deref exception that crashes the kernel. EPSS score of 0.02% indicates low real-world exploitation probability despite the moderate CVSS score; no public exploit code or active KEV listing has been identified at time of analysis.

Null Pointer Dereference Linux Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31509 MEDIUM PATCH This Month

Denial of service via deadlock in NFC NCI subsystem when nci_close_device() flushes work queues while holding req_lock, triggering a circular lock dependency with nci_rx_work(). The vulnerability affects Linux kernels across multiple stable branches (5.10, 5.15, 6.1, 6.6, 6.12, 6.18, 6.19, 7.0) and was reproduced in roughly 4% of nci selftest runs on debug kernels, though EPSS scoring (0.02% percentile 7%) indicates low baseline exploitation probability. Local privilege requirement and high attack complexity in practice mean real-world impact is limited to NFC-capable systems with specific workload timing.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31506 HIGH PATCH This Week

Double-free memory corruption in Linux kernel bcmasp network driver allows local authenticated attackers with low privileges to achieve arbitrary code execution, privilege escalation, or system crash. The vulnerability affects kernel versions 6.6 through early 7.0 release candidates. Vendor patches available across stable branches (6.12.80, 6.18.21, 6.19.11, 7.0). EPSS score of 0.02% (5th percentile) indicates very low real-world exploitation probability, and no active exploitation or public POC has been identified. This represents a low-priority issue for most environments despite the 7.8 CVSS score, as it requires local authenticated access and affects only systems using the specific bcmasp Broadcom network driver.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31505 HIGH PATCH This Week

Out-of-bounds memory write in Linux kernel iavf (Intel Adaptive Virtual Function) driver allows local authenticated attackers with low privileges to achieve high confidentiality, integrity, and availability impact via race condition during concurrent ethtool operations. The vulnerability stems from inconsistent use of queue counters (real_num_tx_queues vs num_active_queues vs num_tx_queues) across ethtool statistics functions, enabling memory corruption when changing network channels via 'ethtool -L' while simultaneously querying statistics with 'ethtool -S'. Patches available for kernel versions 6.12.80, 6.18.21, 6.19.11, and 7.0. EPSS exploitation probability is low (0.02%, 5th percentile) with no public exploit or active exploitation identified at time of analysis.

Buffer Overflow Debian Linux Memory Corruption Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31502 HIGH PATCH This Week

Type confusion in Linux kernel team driver allows local authenticated users to trigger memory corruption and potential privilege escalation. The team_setup_by_port() function incorrectly copies header_ops from non-Ethernet lower devices (such as GRE interfaces) without proper context validation, causing callbacks like dev_hard_header() to interpret netdev_priv() as the wrong structure type when processing stacked network topologies (e.g., gre → bond → team). While CVSS rates this 7.8 (High), EPSS probability is very low at 0.02% (5th percentile), and no active exploitation or public POC has been identified. Vendor patches are available across multiple stable kernel branches (6.12.80, 6.18.21, 6.19.11, 7.0).

Denial Of Service Linux Memory Corruption Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31501 CRITICAL PATCH Act Now

Use-after-free in Linux kernel ICSSG PRU Ethernet driver allows remote code execution with CVSS 9.8 scoring. Affects TI ICSSG network driver in kernels 6.15 through 7.0 (patched in 6.19.11 and 7.0). The flaw causes CPPI descriptors to be freed before timestamp processing completes on every received packet, creating a exploitable memory corruption condition. Despite critical CVSS scoring, EPSS probability is very low (0.02%, 5th percentile) and no active exploitation or public POC has been identified. The network attack vector (AV:N) combined with zero-day timing suggests this may be scored for worst-case remote exploitation scenario, but actual exploitability via network packets requires deeper investigation of ICSSG hardware context and packet processing pipeline.

Information Disclosure Linux Use After Free Memory Corruption Red Hat +1
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-31498 MEDIUM PATCH This Month

Denial of service via infinite loop in Bluetooth L2CAP ERTM reconfiguration allows local authenticated attackers to exhaust system memory. The vulnerability arises from two distinct flaws: improper handling of L2CAP channel reconfiguration that leaks ERTM resources and fails to validate minimum PDU size, causing an infinite loop in l2cap_segment_sdu() when remote_mps is set to zero. EPSS score of 0.02% indicates limited exploitation likelihood despite the high CVSS score, reflecting the requirement for local access and authenticated Bluetooth channel state.

Linux Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31497 MEDIUM PATCH This Month

Out-of-bounds array access in the btusb driver's Bluetooth SCO link handling allows local authenticated attackers to cause denial of service by exhausting kernel memory or crashing the Bluetooth subsystem. The btusb_work() function fails to constrain the sco_num variable before indexing a three-entry lookup table, permitting reads and potential writes past allocated buffer boundaries when four or more SCO links are active. This affects Linux kernel versions 5.8 through 7.0-rc2 and requires local access with unprivileged user privileges to trigger.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31493 HIGH PATCH This Week

Use-after-free in Linux kernel RDMA/EFA driver allows local authenticated users with low privileges to execute arbitrary code with high confidentiality, integrity, and availability impact. The vulnerability affects the admin queue completion handling where completion context data is accessed after being freed, creating a window for memory corruption exploitation. Affects kernel versions from 5.12 through 7.0-rc7, with vendor patches available for stable branches 6.18.21, 6.19.11, and 7.0. EPSS score of 0.02% (4th percentile) indicates low observed exploitation probability, and no public exploit code or CISA KEV listing identified at time of analysis.

Memory Corruption Use After Free Information Disclosure Linux Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31492 MEDIUM PATCH This Month

Use-after-free in Linux kernel RDMA/irdma driver allows local authenticated users to cause denial of service by triggering uninitialized completion handling during queue pair creation failure. When ib_copy_to_udata fails in irdma_create_qp, the cleanup path attempts to wait on an uninitialized free_qp completion structure, resulting in a kernel panic or system hang. EPSS score of 0.02% indicates low exploitation probability despite moderate CVSS score; patch is available from vendor.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31491 MEDIUM PATCH This Month

Integer overflow in Linux kernel RDMA/irdma depth calculation functions allows local authenticated users to trigger a denial of service via improper handling of U32_MAX values passed for SQ/RQ/SRQ size parameters. The vulnerability stems from depth calculations performed in 32-bit integers rather than 64-bit, enabling truncation that bypasses validation and returns success when allocation should fail, potentially causing system instability or resource exhaustion.

Buffer Overflow Integer Overflow Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31490 HIGH PATCH This Week

Use-after-free in Linux kernel's xe GPU driver allows local authenticated users to execute arbitrary code with kernel privileges. The vulnerability occurs in the SR-IOV physical function migration restore path when error handling fails to nullify a freed data pointer, enabling subsequent write operations to reference deallocated memory. With CVSS 7.8 (High) and very low EPSS (0.02%), this represents typical kernel memory corruption risk requiring local access and low privileges. Vendor patches are available for affected 6.19 and 7.0-rc versions.

Information Disclosure Linux Memory Corruption Use After Free Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31487 MEDIUM PATCH This Month

Use-after-free vulnerability in the Linux kernel SPI subsystem allows local authenticated attackers to cause denial of service by exploiting unsynchronized access to the driver_override field during device probe operations. The vulnerability occurs because __driver_attach() calls the bus match() callback without holding the device lock, creating a race condition when driver_override is accessed without proper synchronization. CVSS score of 5.5 reflects local attack vector with low complexity and high availability impact. EPSS exploitation probability is minimal at 0.02%, suggesting this is a localized memory safety issue rather than a widely-exploited attack vector.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31484 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: io_uring/fdinfo: fix OOB read in SQE_MIXED wrap check __io_uring_show_fdinfo() iterates over pending SQEs and, for 128-byte SQEs on an IORING_SETUP_SQE_MIXED ring, needs to detect when the second half of the SQE would be past the end of the sq_sqes array. The current check tests (++sq_head & sq_mask) == 0, but sq_head is only incremented when a 128-byte SQE is encountered, not on every iteration. The actual array index is sq_idx = (i + sq_head) & sq_mask, which can be sq_mask (the last slot) while the wrap check passes. Fix by checking sq_idx directly. Keep the sq_head increment so the loop still skips the second half of the 128-byte SQE on the next iteration.

Information Disclosure Linux Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-31483 MEDIUM PATCH This Month

Denial of service in Linux kernel on s390 architecture allows local authenticated attackers to crash the system by triggering an out-of-bounds access in the syscall dispatch table. The s390 syscall number is directly controlled by userspace without spectre boundary protection (array_index_nospec), enabling an attacker with local user privileges to supply an invalid syscall number that bypasses array bounds checking and causes a memory access violation. EPSS score is extremely low (0.03%), consistent with limited attack surface on s390-specific systems and requirement for local authentication.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31482 MEDIUM PATCH This Month

Information disclosure in Linux kernel s390 architecture allows local authenticated attackers to read residual data from r12 register during kernel entry transitions, enabling potential exposure of sensitive kernel state through register side channels. This occurs on s390 systems running kernel versions 6.4 through 7.0-rc5 and affects all architectures due to incomplete register scrubbing following removal of branch prediction isolation code. EPSS score of 0.02% indicates minimal real-world exploitation likelihood despite moderate CVSS impact rating.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31481 MEDIUM PATCH This Month

Kernel panic via null pointer dereference in the tracing subsystem occurs when boot-time trigger registration fails and kthread creation does not succeed, allowing deferred trigger frees to accumulate indefinitely and crash the system. Local authenticated attackers can trigger this by specifying malformed trace event parameters on the kernel command line, resulting in denial of service. EPSS exploitation probability is 0.02% (very low) despite moderate CVSS score, suggesting this requires specific boot-time configuration and local access.

Null Pointer Dereference Linux Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31480 MEDIUM PATCH This Month

Denial of service via deadlock in the Linux kernel tracing subsystem occurs when CPU hotplug operations interact with osnoise tracing thread lifecycle management. A local privileged user can trigger a deadlock by inducing CPU offline events while osnoise threads hold conflicting locks (interface_lock and cpus_read_lock), causing system hang. CVSS 5.5 reflects local attack vector and privilege requirement; EPSS 0.02% indicates low real-world exploitation likelihood despite deadlock severity.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31479 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/xe: always keep track of remap prev/next During 3D workload, user is reporting hitting: [ 413.361679] WARNING: drivers/gpu/drm/xe/xe_vm.c:1217 at vm_bind_ioctl_ops_unwind+0x1e2/0x2e0 [xe], CPU#7: vkd3d_queue/9925 [ 413.361944] CPU: 7 UID: 1000 PID: 9925 Comm: vkd3d_queue Kdump: loaded Not tainted 7.0.0-070000rc3-generic #202603090038 PREEMPT(lazy) [ 413.361949] RIP: 0010:vm_bind_ioctl_ops_unwind+0x1e2/0x2e0 [xe] [ 413.362074] RSP: 0018:ffffd4c25c3df930 EFLAGS: 00010282 [ 413.362077] RAX: 0000000000000000 RBX: ffff8f3ee817ed10 RCX: 0000000000000000 [ 413.362078] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 413.362079] RBP: ffffd4c25c3df980 R08: 0000000000000000 R09: 0000000000000000 [ 413.362081] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8f41fbf99380 [ 413.362082] R13: ffff8f3ee817e968 R14: 00000000ffffffef R15: ffff8f43d00bd380 [ 413.362083] FS: 00000001040ff6c0(0000) GS:ffff8f4696d89000(0000) knlGS:00000000330b0000 [ 413.362085] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 413.362086] CR2: 00007ddfc4747000 CR3: 00000002e6262005 CR4: 0000000000f72ef0 [ 413.362088] PKRU: 55555554 [ 413.362089] Call Trace: [ 413.362092] <TASK> [ 413.362096] xe_vm_bind_ioctl+0xa9a/0xc60 [xe] Which seems to hint that the vma we are re-inserting for the ops unwind is either invalid or overlapping with something already inserted in the vm. It shouldn't be invalid since this is a re-insertion, so must have worked before. Leaving the likely culprit as something already placed where we want to insert the vma. Following from that, for the case where we do something like a rebind in the middle of a vma, and one or both mapped ends are already compatible, we skip doing the rebind of those vma and set next/prev to NULL. As well as then adjust the original unmap va range, to avoid unmapping the ends. However, if we trigger the unwind path, we end up with three va, with the two ends never being removed and the original va range in the middle still being the shrunken size. If this occurs, one failure mode is when another unwind op needs to interact with that range, which can happen with a vector of binds. For example, if we need to re-insert something in place of the original va. In this case the va is still the shrunken version, so when removing it and then doing a re-insert it can overlap with the ends, which were never removed, triggering a warning like above, plus leaving the vm in a bad state. With that, we need two things here: 1) Stop nuking the prev/next tracking for the skip cases. Instead relying on checking for skip prev/next, where needed. That way on the unwind path, we now correctly remove both ends. 2) Undo the unmap va shrinkage, on the unwind path. With the two ends now removed the unmap va should expand back to the original size again, before re-insertion. v2: - Update the explanation in the commit message, based on an actual IGT of triggering this issue, rather than conjecture. - Also undo the unmap shrinkage, for the skip case. With the two ends now removed, the original unmap va range should expand back to the original range. v3: - Track the old start/range separately. vma_size/start() uses the va info directly. (cherry picked from commit aec6969f75afbf4e01fd5fb5850ed3e9c27043ac)

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31478 CRITICAL PATCH Act Now

In the Linux kernel, the following vulnerability has been resolved: ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len() After this commit (e2b76ab8b5c9 "ksmbd: add support for read compound"), response buffer management was changed to use dynamic iov array. In the new design, smb2_calc_max_out_buf_len() expects the second argument (hdr2_len) to be the offset of ->Buffer field in the response structure, not a hardcoded magic number. Fix the remaining call sites to use the correct offsetof() value.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-31477 HIGH PATCH This Week

Memory exhaustion and kernel crash in Linux kernel's ksmbd SMB server allows remote unauthenticated denial of service via crafted lock requests. The smb2_lock() function contains three critical error-handling defects: memory leaks when vfs_lock_file() returns unexpected errors, stale error propagation in UNLOCK operations, and NULL pointer dereference during rollback when smb_flock_init() allocation fails. CVSS vector indicates network-accessible, low-complexity exploitation requiring no authentication. EPSS score of 0.02% (7th percentile) suggests minimal observed scanning activity, and no KEV listing confirms no widespread exploitation detected. However, the network attack vector (AV:N) and high availability impact (A:H) make this a realistic DoS risk for systems running ksmbd. Vendor patches available across stable kernel series 5.15-6.19.

Denial Of Service Linux Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-31475 HIGH PATCH This Week

Memory corruption in the Linux kernel sma1307 ASoC driver allows local authenticated users to trigger a double-free condition leading to potential privilege escalation, denial of service, or information disclosure. The vulnerability stems from improper cleanup of device-managed memory allocations in error paths within the sma1307_setting_loaded() function, where devm_kzalloc()-allocated resources are incorrectly freed with kfree(), causing devres to later release the same memory a second time. Vendor patches are available across multiple stable kernel branches (6.18.21, 6.19.11, 7.0). EPSS score of 0.02% (4th percentile) indicates low observed exploitation probability, and no active exploitation or public POC has been identified.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31473 HIGH PATCH This Week

Use-after-free in Linux kernel media subsystem allows local authenticated attackers to potentially execute arbitrary code, escalate privileges, or cause system crashes. The race condition between MEDIA_REQUEST_IOC_REINIT and VIDIOC_REQBUFS(0) affects request-capable V4L2 media devices in kernels since version 4.20. Patches are available across multiple stable kernel branches (5.10.253, 5.15.203, 6.1.168, 6.6.131, 6.12.80, 6.18.21, 6.19.11, and 7.0). EPSS score of 0.02% indicates very low likelihood of mass exploitation, and no active exploitation or public POC has been identified.

Information Disclosure Linux Memory Corruption Use After Free Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31472 MEDIUM PATCH This Month

Denial of service in Linux kernel IPTFS (IP Traffic Flow Security) subsystem allows local authenticated attackers to trigger an infinite loop via crafted ESP packets with malformed inner IPv4 headers containing tot_len=0. The vulnerability bypasses input validation in __input_process_payload() that should reject IPv4 packets where tot_len is less than the header length, causing the kernel to spin indefinitely in softirq context and hang the system.

Linux Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31465 MEDIUM PATCH This Month

A denial-of-service condition in the Linux kernel writeback subsystem causes system hangs during suspend-to-RAM on filesystems with no data integrity guarantees (such as FUSE-based overlayfs). When the sync operation waits for flusher threads to complete writeback on these filesystems, the kernel can deadlock if the underlying filesystem daemon is frozen or unresponsive, particularly during system power management. The vulnerability affects Linux kernel versions prior to the fix and is resolved by introducing the SB_I_NO_DATA_INTEGRITY superblock flag to skip unnecessary writeback completion waits on filesystems that cannot guarantee data persistence.

Red Hat Suse Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31462 MEDIUM PATCH This Month

AMD GPU driver in the Linux kernel fails to prevent rapid PASID (Process Address Space ID) reuse, allowing local authenticated attackers to trigger interrupt handling errors and denial of service. When a process exits with an assigned PASID, page faults may remain pending in the interrupt handler ring buffer; if a new process is immediately assigned the same PASID, it inherits these stale interrupts causing system instability. The vulnerability affects Linux kernel versions prior to 7.0 RC1 and requires local user access with standard privileges. EPSS score of 0.02% indicates minimal real-world exploitation likelihood despite moderate CVSS impact rating.

Red Hat Suse Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31461 MEDIUM PATCH This Month

Memory leak in AMD display driver (amdgpu_dm) on Linux kernel allows local authenticated attackers to cause denial of service by exhausting kernel memory when display sinks are connected and the system resumes from sleep. The vulnerability arises from failure to free previously allocated drm_edid structures before overwriting them, and is confirmed in kernel versions up to 7.0 RC5 with EPSS exploitation probability of 0.02% indicating low real-world exploitation likelihood.

Red Hat Suse Amd Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31460 MEDIUM PATCH This Month

Denial of service via null pointer dereference in AMD display driver backlight setup affects Linux kernel versions 6.19 through 7.0-rc5 when LVDS connectors are present without extended backlight capabilities. Local authenticated users with low privileges can trigger a crash by accessing backlight controls on affected systems, causing system instability. Patch available from vendor with EPSS score of 0.02% indicating low real-world exploitation probability.

Red Hat Suse Amd Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31459 MEDIUM PATCH This Month

Memory leak in Linux kernel DAMON subsystem allows local authenticated users to exhaust system memory via failed allocation in damon_sysfs_new_test_ctx(), causing denial of service. The vulnerability affects kernel versions 6.17.6 through 7.0-rc1 when DAMON_SYSFS is enabled. A privileged user can trigger the leak by making specific control sequences that cause early function returns, bypassing cleanup code and leaving param_ctx unfreed.

Red Hat Suse Denial Of Service Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31445 MEDIUM PATCH This Month

Null pointer dereference in Linux kernel DAMON subsystem allows local authenticated attackers to cause denial of service when memory allocation failures occur during online parameter updates. The vulnerability affects DAMON's context commit mechanism (damon_commit_ctx), which can partially corrupt kernel state if internal memory allocation fails, potentially leading to NULL pointer dereference in damos_commit_dests(). While real-world impact is rare due to the low probability of allocation failure, the severe consequence of kernel panic necessitates this fix.

Red Hat Suse Denial Of Service Null Pointer Dereference Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31443 MEDIUM PATCH This Month

Denial of service in the Linux kernel dmaengine idxd subsystem allows local attackers with low privileges to crash the system by triggering a Function Level Reset when the hardware does not support event log reporting. The vulnerability occurs when the driver attempts to restore or free an event log that was never allocated, resulting in a kernel crash with high availability impact.

Red Hat Suse Denial Of Service Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31439 MEDIUM PATCH This Month

Incorrect error-handling in the Linux kernel's Xilinx XDMA DMA engine driver causes a kernel denial-of-service when regmap initialization fails. The driver's probe function checks the return value of devm_regmap_init_mmio against NULL rather than using IS_ERR(), meaning a failure returns an ERR_PTR() value that is non-NULL and passes the check silently; the corrupted pointer is then used, triggering a kernel panic. Affected systems require Xilinx XDMA hardware to be present and actively probed by the driver. No public exploit has been identified at time of analysis, and EPSS exploitation probability stands at a negligible 0.02%.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31438 MEDIUM PATCH This Month

Kernel panic in the Linux netfs subsystem's netfs_limit_iter() function crashes systems when a process writes a core dump to a 9P-mounted filesystem. The function handles only ITER_FOLIOQ, ITER_BVEC, and ITER_XARRAY iterator types, triggering a hard BUG() when __kernel_write() supplies an ITER_KVEC iterator via netfs_unbuffered_write(), producing a local denial of service via kernel panic. No public exploit code exists and no active exploitation has been identified; this is a no public exploit identified at time of analysis scenario with EPSS at 0.02% (5th percentile), indicating minimal widespread exploitation interest.

Linux Null Pointer Dereference Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31437 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's netfs subsystem crashes the kernel when retrying unbuffered writes on filesystems that omit the prepare_write stream operation, such as 9P. A local low-privilege user who can write to such a mounted filesystem and induce a get_user_pages() -EFAULT failure can trigger a kernel panic, causing a denial of service. No public exploit has been identified at time of analysis, and the EPSS score of 0.02% (4th percentile) reflects negligible observed exploitation probability; the vulnerability is not listed in CISA KEV.

Linux Null Pointer Dereference Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31434 MEDIUM PATCH This Month

Memory leak in the Linux kernel btrfs filesystem driver allows a local authenticated attacker to gradually exhaust kernel memory through repeated mount and unmount operations on affected configurations. The flaw exists in check_removing_space_info(), which incorrectly uses kfree() on kobject-initialized sub-group space_info elements instead of the proper kobject_put() teardown path, leaving kobj->name string allocations unreferenced and unfreed. No public exploit exists (EPSS 0.02%, 7th percentile) and the vulnerability is not listed in CISA KEV, placing real-world risk well below the CVSS 5.5 Medium score might suggest.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-6848 MEDIUM This Month

Red Hat Quay 3 bypasses password re-verification for sensitive operations such as token generation and robot account creation, allowing users with timed-out or idle authenticated sessions to perform privileged actions without providing valid credentials. An attacker with access to an abandoned browser session can execute sensitive operations despite the UI displaying authentication errors, resulting in unauthorized token creation, robot account manipulation, and information disclosure. CVSS 5.4 reflects moderate risk with network attack vector and low privilege requirements.

Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-31433 HIGH PATCH This Week

Out-of-bounds write in Linux kernel ksmbd allows authenticated remote attackers to cause memory corruption via crafted SMB2 compound requests combining QUERY_DIRECTORY and QUERY_INFO commands. The vulnerability arises when get_file_all_info() fails to validate OutputBufferLength against available buffer space before converting filenames to UTF-16, enabling buffer overflow beyond response buffer boundaries. With CVSS 8.8 (High) and network attack vector requiring only low privileges, this presents significant risk to systems running ksmbd SMB server. Vendor patches available across multiple kernel versions (5.15.203, 6.1.168, 6.6.131, 6.12.80, 6.18.21, 6.19.11, 7.0). EPSS exploitation probability remains low at 0.01% (2nd percentile), and no public exploit or CISA KEV listing identified at time of analysis.

Buffer Overflow Linux Red Hat Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-22753 Maven HIGH PATCH GHSA This Week

Path matching bypass in Spring Security 7.0.0-7.0.4 allows unauthenticated remote attackers to evade authentication, authorization, and other security controls when applications use securityMatchers(String) with a PathPatternRequestMatcher.Builder bean to prepend servlet paths. Improper matcher configuration causes filter chains to silently fail, leaving protected endpoints exposed without intended security controls. No active exploitation confirmed, but CVSS 7.5 with network attack vector (AV:N/AC:L/PR:N) indicates readily exploitable if applications use the specific configuration pattern. VMware-reported vulnerability requires immediate patching for affected Spring Security 7.x deployments.

Information Disclosure Java Red Hat
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-22748 Maven MEDIUM PATCH This Month

JWT token validation bypass in Spring Security allows authenticated attackers to forge or manipulate JWT tokens when NimbusJwtDecoder or NimbusReactiveJwtDecoder is used without explicit OAuth2TokenValidator configuration, enabling unauthorized access to protected resources. The vulnerability affects Spring Security versions 6.3.0-6.3.14, 6.4.0-6.4.14, 6.5.0-6.5.9, and 7.0.0-7.0.4. CVSS 5.3 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N) reflects network-accessible exploitation requiring low-privilege authentication and high attack complexity.

Information Disclosure Java Red Hat
NVD VulDB HeroDevs
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-41131 Go MEDIUM PATCH GHSA This Month

OpenFGA versions prior to 1.14.1 suffer from a cache key collision vulnerability in conditional authorization models that enables attackers to obtain unauthorized access to resources by forcing reuse of cached authorization decisions. When conditions are evaluated with caching enabled, different check requests can generate identical cache keys, causing OpenFGA to incorrectly return a previously cached authorization result for a subsequent request with different parameters. This affects deployments using relational models with condition evaluation where caching is active, allowing authenticated users to bypass intended access controls and disclose information about resources they should not access.

Information Disclosure Red Hat
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-41059 Go HIGH PATCH GHSA This Week

Authentication bypass in OAuth2 Proxy 7.5.0-7.15.1 allows remote unauthenticated attackers to access protected resources by exploiting path normalization discrepancies between the proxy and backend services. When deployments use skip_auth_routes or skip_auth_regex with broad wildcard patterns, attackers can inject '#' or '%23' (URL-encoded fragment delimiter) to match public allowlist rules while the upstream application serves sensitive endpoints. CVSS 8.2 (AV:N/AC:L/PR:N/UI:N) reflects network-based unauthenticated access; no public exploit identified at time of analysis. EPSS data not provided. Fixed in version 7.15.2 through conservative path normalization.

Authentication Bypass Red Hat
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-40923 Go MEDIUM PATCH GHSA This Month

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tekton/ internal paths by using .. path traversal components. The restriction check uses strings.HasPrefix without filepath.Clean, so a path like /tekton/home/../results passes validation but resolves to /tekton/results at runtime. This vulnerability is fixed in 1.11.1.

Kubernetes Path Traversal Red Hat Suse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-40924 Go MEDIUM PATCH GHSA This Month

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, the HTTP resolver's FetchHttpResource function calls io.ReadAll(resp.Body) with no response body size limit. Any tenant with permission to create TaskRuns or PipelineRuns that reference the HTTP resolver can point it at an attacker-controlled HTTP server that returns a very large response body within the 1-minute timeout window, causing the tekton-pipelines-resolvers pod to be OOM-killed by Kubernetes. Because all resolver types (Git, Hub, Bundle, Cluster, HTTP) run in the same pod, crashing this pod denies resolution service to the entire cluster. Repeated exploitation causes a sustained crash loop. The same vulnerable code path is reached by both the deprecated pkg/resolution/resolver/http and the current pkg/remoteresolution/resolver/http implementations. This vulnerability is fixed in 1.11.1.

Denial Of Service Kubernetes Suse Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-41066 PyPI HIGH PATCH GHSA This Week

### Impact Using either of the two parsers in the default configuration (with `resolve_entities=True`) allows untrusted XML input to read local files. ### Patches lxml 6.1.0 changes the default to `resolve_entities='internal'`, thus disallowing local file access by default. ### Workarounds Setting the `resolve_entities` option explicitly to `resolve_entities='internal'` or `resolve_entities=False` disables the local file access. ### Resources Original report: https://bugs.launchpad.net/lxml/+bug/2146291 The default option was changed to `resolve_entities='internal'` for the normal XML and HTML parsers in lxml 5.0. The default was not changed for `iterparse()` and `ETCompatXMLParser()` at the time. lxml 6.1 makes the safe option the default for all parsers.

XXE Suse Red Hat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-35240 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Oracle Authentication Bypass Red Hat Suse
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-35239 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Oracle Authentication Bypass Red Hat Suse
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-35238 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Oracle Authentication Bypass Red Hat Suse
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-35237 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Oracle Authentication Bypass Red Hat Suse
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-35236 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Oracle Authentication Bypass Red Hat Suse
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-35235 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Oracle Authentication Bypass Red Hat
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-35234 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Oracle Authentication Bypass Red Hat
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-34308 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Denial Of Service Oracle Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34304 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Denial Of Service Oracle Red Hat Suse
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-34303 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Denial Of Service Oracle Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34293 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Denial Of Service Oracle Red Hat Suse
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-34278 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Denial Of Service Oracle Red Hat Suse
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-34276 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Denial Of Service Oracle Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34272 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Denial Of Service Oracle Red Hat
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34271 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Denial Of Service Oracle Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34270 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Denial Of Service Oracle Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34267 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Denial Of Service Oracle Red Hat Suse
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-22021 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Denial Of Service Oracle Java Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-22017 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Denial Of Service Oracle Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-22015 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Oracle Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-22013 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).

Authentication Bypass Oracle Java Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-22009 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Denial Of Service Oracle Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-22005 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Denial Of Service Oracle Red Hat Suse
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Denial of service via memory exhaustion in pypdf prior to 6.10.2 allows local attackers with user interaction to crash applications processing crafted PDF files containing FlateDecode-compressed images with inflated size values. The vulnerability exhausts available RAM during decompression, affecting any system using vulnerable pypdf versions to parse untrusted PDF documents.

Information Disclosure Python Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Denial of service via algorithmic complexity in pypdf versions prior to 6.10.2 allows local attackers to cause long runtimes by crafting a PDF with an excessively large trailer /Size value when loaded in incremental mode. The vulnerability requires user interaction to load the malicious PDF and results in availability degradation rather than data compromise. Patch version 6.10.2 is available from the vendor.

Information Disclosure Python Red Hat +1
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Memory exhaustion in pypdf prior to 6.10.2 allows local attackers to craft malicious PDF files that exhaust system RAM when processed. The vulnerability requires user interaction to open a specially crafted PDF containing a /FlateDecode stream with a /Predictor value other than 1 and large predictor parameters. Vendor-released patch available in version 6.10.2.

Information Disclosure Python Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Denial of service in pypdf prior to version 6.10.1 allows remote attackers to craft malicious PDF files with oversized cross-reference stream `/Size` values or object stream `/N` values, causing excessive processing time and long runtimes. No authentication is required; the vulnerability is triggered by parsing a specially crafted PDF file. Patch version 6.10.1 is available from the vendor.

Information Disclosure Python Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

fast-xml-parser XMLBuilder fails to escape comment and CDATA delimiters when building XML from JavaScript objects, allowing XML injection via unescaped `-->` and `]]>` sequences in user-controlled content. Attackers can inject malicious XML elements into comments or CDATA sections, enabling XSS attacks in browser contexts, SOAP message manipulation, RSS feed poisoning, or XML structure breakage. The vulnerability requires user interaction (UI:R) and affects only XMLBuilder output that includes user-controlled comments or CDATA; no public exploit code identified at time of analysis.

Node.js XSS Suse +1
NVD GitHub VulDB
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Cross-site scripting (XSS) in DOMPurify occurs when function-based ADD_TAGS configuration is used with FORBID_TAGS, allowing attackers to bypass tag filtering and inject dangerous elements such as iframe, form, object, and embed with their attributes intact. The vulnerability stems from inconsistent handling of FORBID_TAGS compared to the separately-fixed FORBID_ATTR logic, where the forbidden tag check is short-circuited by a function-based ADD_TAGS predicate. Publicly available proof-of-concept demonstrates iframe and form injection with external URLs surviving sanitization; patch is available in version 3.4.0.

Node.js XSS Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Cross-site scripting (XSS) in DOMPurify when using SAFE_FOR_TEMPLATES with RETURN_DOM or RETURN_DOM_FRAGMENT modes allows remote attackers to execute arbitrary JavaScript by crafting malformed HTML that reassembles into template expressions after DOM normalization. The vulnerability affects DOMPurify from v1.0.10 through at least v3.3.3, exploitable when sanitized output is mounted into template-evaluating frameworks like Vue 2. A proof-of-concept demonstrates reliable exploitation with alert(1) execution.

Node.js XSS Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

DOMPurify versions 3.0.1 through 3.3.3 fail to prevent prototype pollution-based XSS attacks when using default configurations. An attacker who can exploit a prototype pollution gadget elsewhere in the application can pollute Object.prototype with permissive regex values, causing DOMPurify to bypass sanitization and allow arbitrary custom elements with event handler attributes. The vulnerability affects the standard DOMPurify.sanitize(userInput) call without requiring special configuration.

Google XSS Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel CXL (Compute Express Link) subsystem allows local authenticated attackers to corrupt memory and potentially execute arbitrary code or cause kernel panics. The flaw occurs in cxl_detach_ep() during device removal when parent port references are freed prematurely, before child operations complete. Affects Linux kernel 6.3 through 7.0-rc5; patched in versions 6.12.80, 6.18.21, 6.19.11, and 7.0. EPSS score of 0.02% indicates low exploitation probability. No active exploitation or public exploit code identified at time of analysis.

Use After Free Linux Memory Corruption +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory leak in Linux kernel CXL region initialization allows local privileged attackers to cause denial of service through resource exhaustion. The vulnerability exists in the __construct_region() function where failed sysfs_update_group() calls fail to properly free allocated resources, resulting in cumulative memory exhaustion when region construction is repeatedly attempted and fails. CVSS 5.5 reflects local attack vector with low complexity and high availability impact; EPSS 0.02% indicates minimal real-world exploitation probability despite the vulnerability's severity classification.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out-of-bounds memory access in Linux kernel perf subsystem allows local authenticated attackers with low privileges to achieve high confidentiality, integrity, and availability impact. The vulnerability occurs when group_sched_in() fails during performance monitoring event handling and event inheritance uses the wrong PMU (Performance Monitoring Unit) context, leading to improper rollback and memory corruption. Despite high CVSS score (7.8), EPSS probability indicates very low real-world exploitation likelihood (0.02%, 5th percentile). Vendor patches available across multiple stable kernel branches (6.6.131, 6.12.80, 6.18.21, 6.19.11, 7.0) per git.kernel.org commit references.

Information Disclosure Linux Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The Linux kernel BPF verifier fails to validate lock release on exception exits from static subprograms when bpf_throw() is invoked, potentially allowing denial of service or system instability through uncontrolled RCU and preemption lock retention. Affected versions span from 6.7 through 7.0-rc4; CVSS 5.5 (local privilege escalation path) but EPSS 0.02% suggests low real-world exploitation probability. Patch available in stable releases 6.18.21, 6.19.11, and 7.0.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Signed integer overflow in the Linux kernel's BPF interpreter enables local attackers with low privileges to achieve out-of-bounds memory access and potentially execute arbitrary code. The flaw occurs when the 32-bit signed division/modulo operations handle INT_MIN (0x80000000), causing the abs() macro to trigger undefined behavior that creates a mismatch between the verifier's abstract interpretation and the interpreter's runtime behavior. With an EPSS score of 0.02% and no confirmed active exploitation, the primary risk is to systems where unprivileged users can load BPF programs, though default kernel configurations typically restrict BPF to privileged users. Patches are available across multiple stable kernel branches (6.6.131, 6.12.80, 6.18.21, 6.19.11).

Buffer Overflow Linux Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory leak and out-of-bounds read in the asus_report_fixup() HID driver function allows local authenticated attackers with limited privileges to cause denial of service through memory exhaustion. The vulnerability affects the ASUS HID device driver across multiple Linux kernel versions, where kmemdup()-allocated buffers were not freed properly and an out-of-bounds read could access memory beyond the original descriptor size. A patch is available from Linux kernel maintainers switching to devm_kzalloc() for proper memory lifecycle management.

Buffer Overflow Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Double completions in NVMe-PCI polled queue handling occur when a high-priority task attempts to poll a queue during kernel reset before block layer queue maps are updated, causing race conditions between interrupt-driven and polled I/O paths. Affects Linux kernel versions before 5.10.253, 5.15.203, 6.1.168, 6.6.131, 6.12.80, 6.18.21, 6.19.11, and 7.0-rc2, requiring local authentication and high attack complexity to trigger. No public exploit identified, but vendor-released patches are available across all affected stable and development branches.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory leak in the HID magicmouse driver's report_fixup() function allows local authenticated attackers to cause a denial of service through repeated device interactions. The magicmouse_report_fixup() function allocates memory via kmemdup() but fails to free the allocated buffer before returning, leading to exhaustion of kernel memory on systems with a Magic Mouse connected. Vendor patches are available across multiple stable branches.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: HID: apple: avoid memory leak in apple_report_fixup() The apple_report_fixup() function was returning a newly kmemdup()-allocated buffer, but never freeing it. The caller of report_fixup() does not take ownership of the returned pointer, but it *is* permitted to return a sub-portion of the input rdesc, whose lifetime is managed by the caller.

Apple Information Disclosure Linux +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A denial-of-service vulnerability in the Linux kernel's Btrfs filesystem implementation allows local authenticated attackers to cause filesystem corruption and crashes through a race condition during subvolume creation and lookup. When a newly created Btrfs subvolume's dentry cache is dropped before the BTRFS_ROOT_ORPHAN_CLEANUP flag is set, concurrent orphan cleanup operations can fail with ENOENT, creating negative dentries that prevent subvolume deletion and cause filesystem aborts. EPSS score of 0.02% indicates this is a low-probability exploitation scenario requiring specific timing and configuration conditions, though the impact is severe for affected systems. No public exploit code is identified at time of analysis.

Null Pointer Dereference Linux Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service via kernel panic in the Linux kernel xfrm_iptfs module when processing fragmented IP-TFS packets with mixed fast-path and slow-path reassembly conditions. The vulnerability triggers an invalid memory access (SKB_LINEAR_ASSERT) in skb_put() when attempting to append data to a non-linear socket buffer during packet reassembly, affecting systems using IP-TFS encapsulation over IPsec. Local attackers with network access to send crafted IPsec packets can crash the kernel; active exploitation not confirmed but patch is available.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel XFRM subsystem allows local authenticated attackers to achieve arbitrary code execution with high privileges. The vulnerability arises when XFRM policy hash threshold work items (policy_hthresh.work) outlive network namespace teardown, dereferencing freed struct net memory in xfrm_hash_rebuild(). Vendor patches available across multiple stable kernel versions (6.12.80, 6.18.21, 6.19.11, 7.0) confirm the issue affects kernels since commit 880a6fab8f6b. EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability despite CVSS:3.1 score of 7.8; no CISA KEV listing or public POC identified at time of analysis.

Information Disclosure Linux Race Condition +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Short read handling in EROFS file-backed mounts can mark unread file pages as uptodate when vfs_iocb_iter_read() is interrupted by signals, leading to potential data corruption or information disclosure on systems using EROFS with file-backed mounts. Affected Linux kernel versions prior to fixes in 6.18.21, 6.19.11, and 6.12.80. Local authenticated users can trigger this via signal interruption during I/O operations.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Buffer over-read in Linux kernel Bluetooth L2CAP allows adjacent network attackers to disclose sensitive kernel memory and crash systems via malformed Enhanced Credit Based Connection Requests. Affects multiple stable kernel versions (6.12.x, 6.18.x, 6.19.x). Vendor patches available for all affected branches. EPSS score of 0.02% indicates low observed exploitation probability despite the network-adjacent attack vector and lack of required authentication. No public exploit identified at time of analysis.

Buffer Overflow Linux Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service via buffer over-read in Linux kernel Bluetooth L2CAP Enhanced Credit Based Flow Control data path allows local authenticated attackers to crash the system by sending malformed L2CAP packets with insufficient payload length. The vulnerability exists in l2cap_ecred_data_rcv() which reads the SDU length field without validating that the socket buffer contains the required 2 bytes, causing an out-of-bounds read that triggers a kernel panic when the buffer is too small. EPSS exploitation probability is 0.02% (percentile 7%), and a vendor patch is available.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Null pointer dereference in the Linux kernel Bluetooth L2CAP implementation allows local authenticated attackers to cause a kernel panic and denial of service via the l2cap_sock_ready_cb function during L2CAP connection initialization. The vulnerability occurs when a socket pointer is dereferenced without null validation, triggering a KASAN null-ptr-deref exception that crashes the kernel. EPSS score of 0.02% indicates low real-world exploitation probability despite the moderate CVSS score; no public exploit code or active KEV listing has been identified at time of analysis.

Null Pointer Dereference Linux Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service via deadlock in NFC NCI subsystem when nci_close_device() flushes work queues while holding req_lock, triggering a circular lock dependency with nci_rx_work(). The vulnerability affects Linux kernels across multiple stable branches (5.10, 5.15, 6.1, 6.6, 6.12, 6.18, 6.19, 7.0) and was reproduced in roughly 4% of nci selftest runs on debug kernels, though EPSS scoring (0.02% percentile 7%) indicates low baseline exploitation probability. Local privilege requirement and high attack complexity in practice mean real-world impact is limited to NFC-capable systems with specific workload timing.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Double-free memory corruption in Linux kernel bcmasp network driver allows local authenticated attackers with low privileges to achieve arbitrary code execution, privilege escalation, or system crash. The vulnerability affects kernel versions 6.6 through early 7.0 release candidates. Vendor patches available across stable branches (6.12.80, 6.18.21, 6.19.11, 7.0). EPSS score of 0.02% (5th percentile) indicates very low real-world exploitation probability, and no active exploitation or public POC has been identified. This represents a low-priority issue for most environments despite the 7.8 CVSS score, as it requires local authenticated access and affects only systems using the specific bcmasp Broadcom network driver.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out-of-bounds memory write in Linux kernel iavf (Intel Adaptive Virtual Function) driver allows local authenticated attackers with low privileges to achieve high confidentiality, integrity, and availability impact via race condition during concurrent ethtool operations. The vulnerability stems from inconsistent use of queue counters (real_num_tx_queues vs num_active_queues vs num_tx_queues) across ethtool statistics functions, enabling memory corruption when changing network channels via 'ethtool -L' while simultaneously querying statistics with 'ethtool -S'. Patches available for kernel versions 6.12.80, 6.18.21, 6.19.11, and 7.0. EPSS exploitation probability is low (0.02%, 5th percentile) with no public exploit or active exploitation identified at time of analysis.

Buffer Overflow Debian Linux +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Type confusion in Linux kernel team driver allows local authenticated users to trigger memory corruption and potential privilege escalation. The team_setup_by_port() function incorrectly copies header_ops from non-Ethernet lower devices (such as GRE interfaces) without proper context validation, causing callbacks like dev_hard_header() to interpret netdev_priv() as the wrong structure type when processing stacked network topologies (e.g., gre → bond → team). While CVSS rates this 7.8 (High), EPSS probability is very low at 0.02% (5th percentile), and no active exploitation or public POC has been identified. Vendor patches are available across multiple stable kernel branches (6.12.80, 6.18.21, 6.19.11, 7.0).

Denial Of Service Linux Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Linux kernel ICSSG PRU Ethernet driver allows remote code execution with CVSS 9.8 scoring. Affects TI ICSSG network driver in kernels 6.15 through 7.0 (patched in 6.19.11 and 7.0). The flaw causes CPPI descriptors to be freed before timestamp processing completes on every received packet, creating a exploitable memory corruption condition. Despite critical CVSS scoring, EPSS probability is very low (0.02%, 5th percentile) and no active exploitation or public POC has been identified. The network attack vector (AV:N) combined with zero-day timing suggests this may be scored for worst-case remote exploitation scenario, but actual exploitability via network packets requires deeper investigation of ICSSG hardware context and packet processing pipeline.

Information Disclosure Linux Use After Free +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service via infinite loop in Bluetooth L2CAP ERTM reconfiguration allows local authenticated attackers to exhaust system memory. The vulnerability arises from two distinct flaws: improper handling of L2CAP channel reconfiguration that leaks ERTM resources and fails to validate minimum PDU size, causing an infinite loop in l2cap_segment_sdu() when remote_mps is set to zero. EPSS score of 0.02% indicates limited exploitation likelihood despite the high CVSS score, reflecting the requirement for local access and authenticated Bluetooth channel state.

Linux Denial Of Service Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds array access in the btusb driver's Bluetooth SCO link handling allows local authenticated attackers to cause denial of service by exhausting kernel memory or crashing the Bluetooth subsystem. The btusb_work() function fails to constrain the sco_num variable before indexing a three-entry lookup table, permitting reads and potential writes past allocated buffer boundaries when four or more SCO links are active. This affects Linux kernel versions 5.8 through 7.0-rc2 and requires local access with unprivileged user privileges to trigger.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel RDMA/EFA driver allows local authenticated users with low privileges to execute arbitrary code with high confidentiality, integrity, and availability impact. The vulnerability affects the admin queue completion handling where completion context data is accessed after being freed, creating a window for memory corruption exploitation. Affects kernel versions from 5.12 through 7.0-rc7, with vendor patches available for stable branches 6.18.21, 6.19.11, and 7.0. EPSS score of 0.02% (4th percentile) indicates low observed exploitation probability, and no public exploit code or CISA KEV listing identified at time of analysis.

Memory Corruption Use After Free Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Use-after-free in Linux kernel RDMA/irdma driver allows local authenticated users to cause denial of service by triggering uninitialized completion handling during queue pair creation failure. When ib_copy_to_udata fails in irdma_create_qp, the cleanup path attempts to wait on an uninitialized free_qp completion structure, resulting in a kernel panic or system hang. EPSS score of 0.02% indicates low exploitation probability despite moderate CVSS score; patch is available from vendor.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Integer overflow in Linux kernel RDMA/irdma depth calculation functions allows local authenticated users to trigger a denial of service via improper handling of U32_MAX values passed for SQ/RQ/SRQ size parameters. The vulnerability stems from depth calculations performed in 32-bit integers rather than 64-bit, enabling truncation that bypasses validation and returns success when allocation should fail, potentially causing system instability or resource exhaustion.

Buffer Overflow Integer Overflow Linux +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel's xe GPU driver allows local authenticated users to execute arbitrary code with kernel privileges. The vulnerability occurs in the SR-IOV physical function migration restore path when error handling fails to nullify a freed data pointer, enabling subsequent write operations to reference deallocated memory. With CVSS 7.8 (High) and very low EPSS (0.02%), this represents typical kernel memory corruption risk requiring local access and low privileges. Vendor patches are available for affected 6.19 and 7.0-rc versions.

Information Disclosure Linux Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Use-after-free vulnerability in the Linux kernel SPI subsystem allows local authenticated attackers to cause denial of service by exploiting unsynchronized access to the driver_override field during device probe operations. The vulnerability occurs because __driver_attach() calls the bus match() callback without holding the device lock, creating a race condition when driver_override is accessed without proper synchronization. CVSS score of 5.5 reflects local attack vector with low complexity and high availability impact. EPSS exploitation probability is minimal at 0.02%, suggesting this is a localized memory safety issue rather than a widely-exploited attack vector.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: io_uring/fdinfo: fix OOB read in SQE_MIXED wrap check __io_uring_show_fdinfo() iterates over pending SQEs and, for 128-byte SQEs on an IORING_SETUP_SQE_MIXED ring, needs to detect when the second half of the SQE would be past the end of the sq_sqes array. The current check tests (++sq_head & sq_mask) == 0, but sq_head is only incremented when a 128-byte SQE is encountered, not on every iteration. The actual array index is sq_idx = (i + sq_head) & sq_mask, which can be sq_mask (the last slot) while the wrap check passes. Fix by checking sq_idx directly. Keep the sq_head increment so the loop still skips the second half of the 128-byte SQE on the next iteration.

Information Disclosure Linux Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service in Linux kernel on s390 architecture allows local authenticated attackers to crash the system by triggering an out-of-bounds access in the syscall dispatch table. The s390 syscall number is directly controlled by userspace without spectre boundary protection (array_index_nospec), enabling an attacker with local user privileges to supply an invalid syscall number that bypasses array bounds checking and causes a memory access violation. EPSS score is extremely low (0.03%), consistent with limited attack surface on s390-specific systems and requirement for local authentication.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Information disclosure in Linux kernel s390 architecture allows local authenticated attackers to read residual data from r12 register during kernel entry transitions, enabling potential exposure of sensitive kernel state through register side channels. This occurs on s390 systems running kernel versions 6.4 through 7.0-rc5 and affects all architectures due to incomplete register scrubbing following removal of branch prediction isolation code. EPSS score of 0.02% indicates minimal real-world exploitation likelihood despite moderate CVSS impact rating.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Kernel panic via null pointer dereference in the tracing subsystem occurs when boot-time trigger registration fails and kthread creation does not succeed, allowing deferred trigger frees to accumulate indefinitely and crash the system. Local authenticated attackers can trigger this by specifying malformed trace event parameters on the kernel command line, resulting in denial of service. EPSS exploitation probability is 0.02% (very low) despite moderate CVSS score, suggesting this requires specific boot-time configuration and local access.

Null Pointer Dereference Linux Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service via deadlock in the Linux kernel tracing subsystem occurs when CPU hotplug operations interact with osnoise tracing thread lifecycle management. A local privileged user can trigger a deadlock by inducing CPU offline events while osnoise threads hold conflicting locks (interface_lock and cpus_read_lock), causing system hang. CVSS 5.5 reflects local attack vector and privilege requirement; EPSS 0.02% indicates low real-world exploitation likelihood despite deadlock severity.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/xe: always keep track of remap prev/next During 3D workload, user is reporting hitting: [ 413.361679] WARNING: drivers/gpu/drm/xe/xe_vm.c:1217 at vm_bind_ioctl_ops_unwind+0x1e2/0x2e0 [xe], CPU#7: vkd3d_queue/9925 [ 413.361944] CPU: 7 UID: 1000 PID: 9925 Comm: vkd3d_queue Kdump: loaded Not tainted 7.0.0-070000rc3-generic #202603090038 PREEMPT(lazy) [ 413.361949] RIP: 0010:vm_bind_ioctl_ops_unwind+0x1e2/0x2e0 [xe] [ 413.362074] RSP: 0018:ffffd4c25c3df930 EFLAGS: 00010282 [ 413.362077] RAX: 0000000000000000 RBX: ffff8f3ee817ed10 RCX: 0000000000000000 [ 413.362078] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 413.362079] RBP: ffffd4c25c3df980 R08: 0000000000000000 R09: 0000000000000000 [ 413.362081] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8f41fbf99380 [ 413.362082] R13: ffff8f3ee817e968 R14: 00000000ffffffef R15: ffff8f43d00bd380 [ 413.362083] FS: 00000001040ff6c0(0000) GS:ffff8f4696d89000(0000) knlGS:00000000330b0000 [ 413.362085] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 413.362086] CR2: 00007ddfc4747000 CR3: 00000002e6262005 CR4: 0000000000f72ef0 [ 413.362088] PKRU: 55555554 [ 413.362089] Call Trace: [ 413.362092] <TASK> [ 413.362096] xe_vm_bind_ioctl+0xa9a/0xc60 [xe] Which seems to hint that the vma we are re-inserting for the ops unwind is either invalid or overlapping with something already inserted in the vm. It shouldn't be invalid since this is a re-insertion, so must have worked before. Leaving the likely culprit as something already placed where we want to insert the vma. Following from that, for the case where we do something like a rebind in the middle of a vma, and one or both mapped ends are already compatible, we skip doing the rebind of those vma and set next/prev to NULL. As well as then adjust the original unmap va range, to avoid unmapping the ends. However, if we trigger the unwind path, we end up with three va, with the two ends never being removed and the original va range in the middle still being the shrunken size. If this occurs, one failure mode is when another unwind op needs to interact with that range, which can happen with a vector of binds. For example, if we need to re-insert something in place of the original va. In this case the va is still the shrunken version, so when removing it and then doing a re-insert it can overlap with the ends, which were never removed, triggering a warning like above, plus leaving the vm in a bad state. With that, we need two things here: 1) Stop nuking the prev/next tracking for the skip cases. Instead relying on checking for skip prev/next, where needed. That way on the unwind path, we now correctly remove both ends. 2) Undo the unmap va shrinkage, on the unwind path. With the two ends now removed the unmap va should expand back to the original size again, before re-insertion. v2: - Update the explanation in the commit message, based on an actual IGT of triggering this issue, rather than conjecture. - Also undo the unmap shrinkage, for the skip case. With the two ends now removed, the original unmap va range should expand back to the original range. v3: - Track the old start/range separately. vma_size/start() uses the va info directly. (cherry picked from commit aec6969f75afbf4e01fd5fb5850ed3e9c27043ac)

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

In the Linux kernel, the following vulnerability has been resolved: ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len() After this commit (e2b76ab8b5c9 "ksmbd: add support for read compound"), response buffer management was changed to use dynamic iov array. In the new design, smb2_calc_max_out_buf_len() expects the second argument (hdr2_len) to be the offset of ->Buffer field in the response structure, not a hardcoded magic number. Fix the remaining call sites to use the correct offsetof() value.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Memory exhaustion and kernel crash in Linux kernel's ksmbd SMB server allows remote unauthenticated denial of service via crafted lock requests. The smb2_lock() function contains three critical error-handling defects: memory leaks when vfs_lock_file() returns unexpected errors, stale error propagation in UNLOCK operations, and NULL pointer dereference during rollback when smb_flock_init() allocation fails. CVSS vector indicates network-accessible, low-complexity exploitation requiring no authentication. EPSS score of 0.02% (7th percentile) suggests minimal observed scanning activity, and no KEV listing confirms no widespread exploitation detected. However, the network attack vector (AV:N) and high availability impact (A:H) make this a realistic DoS risk for systems running ksmbd. Vendor patches available across stable kernel series 5.15-6.19.

Denial Of Service Linux Null Pointer Dereference +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption in the Linux kernel sma1307 ASoC driver allows local authenticated users to trigger a double-free condition leading to potential privilege escalation, denial of service, or information disclosure. The vulnerability stems from improper cleanup of device-managed memory allocations in error paths within the sma1307_setting_loaded() function, where devm_kzalloc()-allocated resources are incorrectly freed with kfree(), causing devres to later release the same memory a second time. Vendor patches are available across multiple stable kernel branches (6.18.21, 6.19.11, 7.0). EPSS score of 0.02% (4th percentile) indicates low observed exploitation probability, and no active exploitation or public POC has been identified.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel media subsystem allows local authenticated attackers to potentially execute arbitrary code, escalate privileges, or cause system crashes. The race condition between MEDIA_REQUEST_IOC_REINIT and VIDIOC_REQBUFS(0) affects request-capable V4L2 media devices in kernels since version 4.20. Patches are available across multiple stable kernel branches (5.10.253, 5.15.203, 6.1.168, 6.6.131, 6.12.80, 6.18.21, 6.19.11, and 7.0). EPSS score of 0.02% indicates very low likelihood of mass exploitation, and no active exploitation or public POC has been identified.

Information Disclosure Linux Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service in Linux kernel IPTFS (IP Traffic Flow Security) subsystem allows local authenticated attackers to trigger an infinite loop via crafted ESP packets with malformed inner IPv4 headers containing tot_len=0. The vulnerability bypasses input validation in __input_process_payload() that should reject IPv4 packets where tot_len is less than the header length, causing the kernel to spin indefinitely in softirq context and hang the system.

Linux Denial Of Service Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A denial-of-service condition in the Linux kernel writeback subsystem causes system hangs during suspend-to-RAM on filesystems with no data integrity guarantees (such as FUSE-based overlayfs). When the sync operation waits for flusher threads to complete writeback on these filesystems, the kernel can deadlock if the underlying filesystem daemon is frozen or unresponsive, particularly during system power management. The vulnerability affects Linux kernel versions prior to the fix and is resolved by introducing the SB_I_NO_DATA_INTEGRITY superblock flag to skip unnecessary writeback completion waits on filesystems that cannot guarantee data persistence.

Red Hat Suse Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

AMD GPU driver in the Linux kernel fails to prevent rapid PASID (Process Address Space ID) reuse, allowing local authenticated attackers to trigger interrupt handling errors and denial of service. When a process exits with an assigned PASID, page faults may remain pending in the interrupt handler ring buffer; if a new process is immediately assigned the same PASID, it inherits these stale interrupts causing system instability. The vulnerability affects Linux kernel versions prior to 7.0 RC1 and requires local user access with standard privileges. EPSS score of 0.02% indicates minimal real-world exploitation likelihood despite moderate CVSS impact rating.

Red Hat Suse Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory leak in AMD display driver (amdgpu_dm) on Linux kernel allows local authenticated attackers to cause denial of service by exhausting kernel memory when display sinks are connected and the system resumes from sleep. The vulnerability arises from failure to free previously allocated drm_edid structures before overwriting them, and is confirmed in kernel versions up to 7.0 RC5 with EPSS exploitation probability of 0.02% indicating low real-world exploitation likelihood.

Red Hat Suse Amd +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service via null pointer dereference in AMD display driver backlight setup affects Linux kernel versions 6.19 through 7.0-rc5 when LVDS connectors are present without extended backlight capabilities. Local authenticated users with low privileges can trigger a crash by accessing backlight controls on affected systems, causing system instability. Patch available from vendor with EPSS score of 0.02% indicating low real-world exploitation probability.

Red Hat Suse Amd +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory leak in Linux kernel DAMON subsystem allows local authenticated users to exhaust system memory via failed allocation in damon_sysfs_new_test_ctx(), causing denial of service. The vulnerability affects kernel versions 6.17.6 through 7.0-rc1 when DAMON_SYSFS is enabled. A privileged user can trigger the leak by making specific control sequences that cause early function returns, bypassing cleanup code and leaving param_ctx unfreed.

Red Hat Suse Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Null pointer dereference in Linux kernel DAMON subsystem allows local authenticated attackers to cause denial of service when memory allocation failures occur during online parameter updates. The vulnerability affects DAMON's context commit mechanism (damon_commit_ctx), which can partially corrupt kernel state if internal memory allocation fails, potentially leading to NULL pointer dereference in damos_commit_dests(). While real-world impact is rare due to the low probability of allocation failure, the severe consequence of kernel panic necessitates this fix.

Red Hat Suse Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service in the Linux kernel dmaengine idxd subsystem allows local attackers with low privileges to crash the system by triggering a Function Level Reset when the hardware does not support event log reporting. The vulnerability occurs when the driver attempts to restore or free an event log that was never allocated, resulting in a kernel crash with high availability impact.

Red Hat Suse Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Incorrect error-handling in the Linux kernel's Xilinx XDMA DMA engine driver causes a kernel denial-of-service when regmap initialization fails. The driver's probe function checks the return value of devm_regmap_init_mmio against NULL rather than using IS_ERR(), meaning a failure returns an ERR_PTR() value that is non-NULL and passes the check silently; the corrupted pointer is then used, triggering a kernel panic. Affected systems require Xilinx XDMA hardware to be present and actively probed by the driver. No public exploit has been identified at time of analysis, and EPSS exploitation probability stands at a negligible 0.02%.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Kernel panic in the Linux netfs subsystem's netfs_limit_iter() function crashes systems when a process writes a core dump to a 9P-mounted filesystem. The function handles only ITER_FOLIOQ, ITER_BVEC, and ITER_XARRAY iterator types, triggering a hard BUG() when __kernel_write() supplies an ITER_KVEC iterator via netfs_unbuffered_write(), producing a local denial of service via kernel panic. No public exploit code exists and no active exploitation has been identified; this is a no public exploit identified at time of analysis scenario with EPSS at 0.02% (5th percentile), indicating minimal widespread exploitation interest.

Linux Null Pointer Dereference Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's netfs subsystem crashes the kernel when retrying unbuffered writes on filesystems that omit the prepare_write stream operation, such as 9P. A local low-privilege user who can write to such a mounted filesystem and induce a get_user_pages() -EFAULT failure can trigger a kernel panic, causing a denial of service. No public exploit has been identified at time of analysis, and the EPSS score of 0.02% (4th percentile) reflects negligible observed exploitation probability; the vulnerability is not listed in CISA KEV.

Linux Null Pointer Dereference Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory leak in the Linux kernel btrfs filesystem driver allows a local authenticated attacker to gradually exhaust kernel memory through repeated mount and unmount operations on affected configurations. The flaw exists in check_removing_space_info(), which incorrectly uses kfree() on kobject-initialized sub-group space_info elements instead of the proper kobject_put() teardown path, leaving kobj->name string allocations unreferenced and unfreed. No public exploit exists (EPSS 0.02%, 7th percentile) and the vulnerability is not listed in CISA KEV, placing real-world risk well below the CVSS 5.5 Medium score might suggest.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Red Hat Quay 3 bypasses password re-verification for sensitive operations such as token generation and robot account creation, allowing users with timed-out or idle authenticated sessions to perform privileged actions without providing valid credentials. An attacker with access to an abandoned browser session can execute sensitive operations despite the UI displaying authentication errors, resulting in unauthorized token creation, robot account manipulation, and information disclosure. CVSS 5.4 reflects moderate risk with network attack vector and low privilege requirements.

Information Disclosure Red Hat
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds write in Linux kernel ksmbd allows authenticated remote attackers to cause memory corruption via crafted SMB2 compound requests combining QUERY_DIRECTORY and QUERY_INFO commands. The vulnerability arises when get_file_all_info() fails to validate OutputBufferLength against available buffer space before converting filenames to UTF-16, enabling buffer overflow beyond response buffer boundaries. With CVSS 8.8 (High) and network attack vector requiring only low privileges, this presents significant risk to systems running ksmbd SMB server. Vendor patches available across multiple kernel versions (5.15.203, 6.1.168, 6.6.131, 6.12.80, 6.18.21, 6.19.11, 7.0). EPSS exploitation probability remains low at 0.01% (2nd percentile), and no public exploit or CISA KEV listing identified at time of analysis.

Buffer Overflow Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Path matching bypass in Spring Security 7.0.0-7.0.4 allows unauthenticated remote attackers to evade authentication, authorization, and other security controls when applications use securityMatchers(String) with a PathPatternRequestMatcher.Builder bean to prepend servlet paths. Improper matcher configuration causes filter chains to silently fail, leaving protected endpoints exposed without intended security controls. No active exploitation confirmed, but CVSS 7.5 with network attack vector (AV:N/AC:L/PR:N) indicates readily exploitable if applications use the specific configuration pattern. VMware-reported vulnerability requires immediate patching for affected Spring Security 7.x deployments.

Information Disclosure Java Red Hat
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

JWT token validation bypass in Spring Security allows authenticated attackers to forge or manipulate JWT tokens when NimbusJwtDecoder or NimbusReactiveJwtDecoder is used without explicit OAuth2TokenValidator configuration, enabling unauthorized access to protected resources. The vulnerability affects Spring Security versions 6.3.0-6.3.14, 6.4.0-6.4.14, 6.5.0-6.5.9, and 7.0.0-7.0.4. CVSS 5.3 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N) reflects network-accessible exploitation requiring low-privilege authentication and high attack complexity.

Information Disclosure Java Red Hat
NVD VulDB HeroDevs
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

OpenFGA versions prior to 1.14.1 suffer from a cache key collision vulnerability in conditional authorization models that enables attackers to obtain unauthorized access to resources by forcing reuse of cached authorization decisions. When conditions are evaluated with caching enabled, different check requests can generate identical cache keys, causing OpenFGA to incorrectly return a previously cached authorization result for a subsequent request with different parameters. This affects deployments using relational models with condition evaluation where caching is active, allowing authenticated users to bypass intended access controls and disclose information about resources they should not access.

Information Disclosure Red Hat
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Authentication bypass in OAuth2 Proxy 7.5.0-7.15.1 allows remote unauthenticated attackers to access protected resources by exploiting path normalization discrepancies between the proxy and backend services. When deployments use skip_auth_routes or skip_auth_regex with broad wildcard patterns, attackers can inject '#' or '%23' (URL-encoded fragment delimiter) to match public allowlist rules while the upstream application serves sensitive endpoints. CVSS 8.2 (AV:N/AC:L/PR:N/UI:N) reflects network-based unauthenticated access; no public exploit identified at time of analysis. EPSS data not provided. Fixed in version 7.15.2 through conservative path normalization.

Authentication Bypass Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tekton/ internal paths by using .. path traversal components. The restriction check uses strings.HasPrefix without filepath.Clean, so a path like /tekton/home/../results passes validation but resolves to /tekton/results at runtime. This vulnerability is fixed in 1.11.1.

Kubernetes Path Traversal Red Hat +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, the HTTP resolver's FetchHttpResource function calls io.ReadAll(resp.Body) with no response body size limit. Any tenant with permission to create TaskRuns or PipelineRuns that reference the HTTP resolver can point it at an attacker-controlled HTTP server that returns a very large response body within the 1-minute timeout window, causing the tekton-pipelines-resolvers pod to be OOM-killed by Kubernetes. Because all resolver types (Git, Hub, Bundle, Cluster, HTTP) run in the same pod, crashing this pod denies resolution service to the entire cluster. Repeated exploitation causes a sustained crash loop. The same vulnerable code path is reached by both the deprecated pkg/resolution/resolver/http and the current pkg/remoteresolution/resolver/http implementations. This vulnerability is fixed in 1.11.1.

Denial Of Service Kubernetes Suse +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

### Impact Using either of the two parsers in the default configuration (with `resolve_entities=True`) allows untrusted XML input to read local files. ### Patches lxml 6.1.0 changes the default to `resolve_entities='internal'`, thus disallowing local file access by default. ### Workarounds Setting the `resolve_entities` option explicitly to `resolve_entities='internal'` or `resolve_entities=False` disables the local file access. ### Resources Original report: https://bugs.launchpad.net/lxml/+bug/2146291 The default option was changed to `resolve_entities='internal'` for the normal XML and HTML parsers in lxml 5.0. The default was not changed for `iterparse()` and `ETCompatXMLParser()` at the time. lxml 6.1 makes the safe option the default for all parsers.

XXE Suse Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Oracle Authentication Bypass Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Oracle Authentication Bypass Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Oracle Authentication Bypass Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Oracle Authentication Bypass Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Oracle Authentication Bypass Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Oracle Authentication Bypass Red Hat
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Oracle Authentication Bypass Red Hat
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Denial Of Service Oracle Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Denial Of Service Oracle Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Denial Of Service Oracle Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Denial Of Service Oracle Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Denial Of Service Oracle Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Denial Of Service Oracle Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Denial Of Service Oracle Red Hat
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Denial Of Service Oracle Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Denial Of Service Oracle Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Denial Of Service Oracle Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Denial Of Service Oracle Java +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Denial Of Service Oracle Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Oracle Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).

Authentication Bypass Oracle Java +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Denial Of Service Oracle Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Denial Of Service Oracle Red Hat +1
NVD VulDB
Prev Page 23 of 96 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy