Skip to main content

Red Hat

8625 CVEs vendor

Monthly

CVE-2026-23020 MEDIUM PATCH This Month

The 3com 3c59x driver in the Linux kernel is susceptible to a null pointer dereference in the vortex_probe1() function when pdev is null, potentially causing a denial of service through system crash or hang. A local attacker with unprivileged access can trigger this condition during driver initialization. A patch is available to resolve this issue.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23018 MEDIUM PATCH This Month

A local privilege escalation vulnerability in the Linux kernel's btrfs filesystem can cause a denial of service through circular locking dependencies when memory reclaim is triggered during inode initialization. An authenticated local attacker can exploit this to hang or crash the system by performing filesystem operations that trigger the vulnerable code path. No patch is currently available.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23017 MEDIUM PATCH This Month

The Linux kernel idpf driver fails to properly handle initialization errors during driver load, leaving the system in an inconsistent state where subsequent resets trigger a null pointer dereference crash. Local users with administrative privileges can cause a denial of service by triggering conditions that cause the init_task to fail, such as rejected firmware operations. No patch is currently available for this medium-severity vulnerability.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23016 MEDIUM PATCH This Month

Linux kernel netfilter conntrack cleanup can hang indefinitely due to improper reference counting in IP fragmentation reassembly, where fraglist skbs retain nf_conn references that are never released. A local attacker with network namespace capabilities can trigger this denial of service condition, causing conntrack cleanup operations to become blocked. No patch is currently available for this medium-severity vulnerability.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23015 MEDIUM PATCH This Month

The Linux kernel GPIO MPSSE driver fails to properly release USB device references during probe error handling, potentially leading to resource exhaustion and denial of service on systems using affected GPIO hardware. A local attacker with standard user privileges can trigger this leak by causing probe failures, eventually exhausting system resources and impacting system availability. No patch is currently available for this issue.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71187 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: dmaengine: sh: rz-dmac: fix device leak on probe failure Make sure to drop the reference taken when looking up the ICU device during probe also on probe failures

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71184 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix NULL dereference on root when tracing inode eviction When evicting an inode the first thing we do is to setup tracing for it, which implies fetching the root's id.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71183 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: always detect conflicting inodes when logging inode refs After rename exchanging (either with the rename exchange operation or regular renames in multiple non-atomic steps) two inodes and at least one of them is a directory, we can end up with a log tree that contains only of the inodes and after a power failure that can result in an attempt to delete the other inode when it should not because it was not deleted before the power failure.

Linux Information Disclosure Microsoft Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71182 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: can: j1939: make j1939_session_activate() fail if device is no longer registered syzbot is still reporting unregister_netdevice: waiting for vcan0 to become free.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71181 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: rust_binder: remove spin_lock() in rust_shrink_free_page() When forward-porting Rust Binder to 6.18, I neglected to take commit fb56fdf8b9a2 ("mm/list_lru: split the lock to per-cgroup scope") into account, and apparently I did not end up running the shrinker callback when I sanity tested the driver before submission.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71180 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: counter: interrupt-cnt: Drop IRQF_NO_THREAD flag An IRQ handler can either be IRQF_NO_THREAD or acquire spinlock_t, as CONFIG_PROVE_RAW_LOCK_NESTING warns: ============================= [ BUG: Invalid wait context ] 6.18.0-rc1+git...

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-25152 npm MEDIUM PATCH This Month

Backstage TechDocs plugin versions prior to 1.13.11 and 1.14.1 contain a path traversal vulnerability that allows authenticated attackers to read arbitrary files from the host filesystem when the local generator is enabled. The vulnerability stems from insufficient symlink validation during the documentation build process, enabling attackers to embed sensitive file contents into generated HTML accessible to documentation viewers. Organizations using `techdocs.generator.runIn: local` with untrusted documentation sources are at risk until patching to the fixed versions.

Node.js Docker Path Traversal Backstage Red Hat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-25128 npm HIGH POC PATCH This Week

Fast-xml-parser versions 5.0.9 through 5.3.3 crash when processing XML containing out-of-range numeric entity code points, allowing remote attackers to cause denial of service against applications parsing untrusted XML input. Public exploit code exists for this vulnerability. Applications should upgrade to version 5.3.4 or later to remediate.

Denial Of Service Fast Xml Parser Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-24054 CRITICAL POC PATCH Act Now

Sandbox escape in Kata Containers allowing guest VM to access host resources. CVSS 10.0 — undermines the core security guarantee of hardware-isolated containers. PoC and patch available.

DNS Kata Containers Red Hat
NVD GitHub
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-24835 HIGH POC PATCH This Week

Podman Desktop versions prior to 1.25.1 contain an authentication bypass in the extension permission framework where the `isAccessAllowed()` function always returns true, allowing malicious extensions to hijack authentication sessions and access sensitive resources without authorization. Public exploit code exists for this vulnerability, affecting all current deployments of the affected product. Administrators should upgrade to version 1.25.1 or later immediately.

Kubernetes Authentication Bypass Podman Desktop Red Hat Podman
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-68119 Go HIGH PATCH This Week

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. [CVSS 7.0 HIGH]

Buffer Overflow RCE Go Red Hat Suse
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-61730 Go MEDIUM PATCH This Month

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. [CVSS 5.3 MEDIUM]

TLS Information Disclosure Go Suse Red Hat
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-61728 Go MEDIUM POC PATCH This Month

archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive. [CVSS 6.5 MEDIUM]

Denial Of Service Go Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-14840 PHP HIGH PATCH This Week

Http Client Manager versions up to 9.3.13 is affected by improper check for unusual or exceptional conditions (CVSS 7.5).

Drupal Http Client Manager Red Hat
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-1539 MEDIUM PATCH This Month

libsoup's HTTP redirect handling fails to strip Proxy-Authorization headers when requests are forwarded to different hosts, allowing proxy credentials to be exposed to unintended third-party servers. Applications relying on libsoup for HTTP communication are vulnerable to disclosure of sensitive proxy authentication data. No patch is currently available.

Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-1536 MEDIUM POC PATCH This Month

HTTP header injection in libsoup through CRLF sequences in the Content-Disposition header allows unauthenticated remote attackers to inject arbitrary headers or split responses without user interaction. Public exploit code exists for this vulnerability. The flaw affects any application using vulnerable versions of libsoup to process untrusted HTTP headers, with no patch currently available.

Code Injection Red Hat Suse
NVD VulDB
CVSS 3.1
5.8
EPSS
0.1%
CVE-2026-24765 PHP HIGH POC PATCH GHSA This Week

Unsafe deserialization in PHPUnit versions before 8.5.52, 9.6.33, 10.5.62, 11.5.50, and 12.5.8 allows local attackers to execute arbitrary code by placing malicious serialized objects in `.coverage` files that are deserialized without validation during PHPT test execution. An attacker with file write access can exploit the `cleanupForCoverage()` method's lack of object class restrictions to trigger gadget chains through `__wakeup()` methods. This high-severity vulnerability (CVSS 7.8) affects developers and CI/CD systems running PHPUnit on Linux systems.

RCE Deserialization Debian Linux Phpunit Red Hat +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-1504 MEDIUM PATCH This Month

Cross-origin data disclosure in Google Chrome's Background Fetch API prior to version 144.0.7559.110 enables remote attackers to steal sensitive information from other websites through specially crafted HTML pages, requiring only user interaction. The vulnerability affects all Chrome users and has a patch available in the latest version.

Google Chrome Red Hat Suse
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24688 PyPI MEDIUM PATCH This Month

Pypdf versions up to 6.6.2 is affected by loop with unreachable exit condition (infinite loop) (CVSS 4.3).

Python Pypdf Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-22263 MEDIUM PATCH This Month

Suricata versions up to 8.0.3 contains a vulnerability that allows attackers to slowdown over multiple packets (CVSS 5.3).

Information Disclosure Suricata Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-22262 MEDIUM PATCH This Month

Suricata versions prior to 8.0.3 and 7.0.14 are vulnerable to a stack buffer overflow when processing oversized datasets with the save or state options enabled, allowing an attacker with network access to cause a denial of service. The vulnerability requires specific conditions to trigger but does not require authentication or user interaction. A patch is available in the latest versions.

Stack Overflow Suricata Red Hat Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-14911 MEDIUM This Month

User-controlled chunkSize metadata from MongoDB lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container. [CVSS 6.5 MEDIUM]

MongoDB Red Hat Suse
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-66199 MEDIUM POC PATCH This Month

Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. [CVSS 5.9 MEDIUM]

OpenSSL TLS Memory Corruption Denial Of Service Information Disclosure +2
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-28164 MEDIUM POC PATCH This Month

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function. [CVSS 5.5 MEDIUM]

Buffer Overflow Denial Of Service Libpng Red Hat Suse
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-28162 MEDIUM POC PATCH This Month

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive [CVSS 5.5 MEDIUM]

Buffer Overflow Denial Of Service Libpng Red Hat Suse
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-15469 MEDIUM POC PATCH This Month

Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. [CVSS 5.5 MEDIUM]

OpenSSL TLS Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-15468 MEDIUM PATCH This Month

Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. [CVSS 5.9 MEDIUM]

OpenSSL TLS Null Pointer Dereference Denial Of Service Red Hat +1
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-11187 MEDIUM POC PATCH This Month

Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. [CVSS 6.1 MEDIUM]

OpenSSL Buffer Overflow Null Pointer Dereference Denial Of Service RCE +2
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-1467 MEDIUM POC PATCH This Month

libsoup's improper handling of URL-decoded input in HTTP proxy configurations allows remote attackers to inject CRLF sequences into the Host header, enabling injection of arbitrary HTTP headers or request bodies. Public exploit code exists for this vulnerability, which could allow attackers to manipulate downstream services through compromised proxy requests. Affected applications using libsoup with HTTP proxy functionality are at risk of integrity compromise, though no patch is currently available.

Authentication Bypass Red Hat Suse
NVD VulDB
CVSS 3.1
5.8
EPSS
0.1%
CVE-2026-24686 Go MEDIUM POC PATCH This Month

Path traversal in go-tuf versions 2.0.0 through 2.4.0 allows local attackers with low privileges to write metadata files outside the intended cache directory by injecting directory traversal sequences into the repository name parameter. An attacker supplying a malicious map file can escape the LocalMetadataDir boundary and create directories within the process's filesystem permissions. Public exploit code exists; update to version 2.4.1 or later.

Golang Go Tuf Red Hat Suse
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-24400 Maven CRITICAL PATCH Act Now

XXE (XML External Entity) injection in AssertJ Java testing library from 1.4.0 to before 3.27.7 allows reading arbitrary files when parsing XML assertions. Patch available.

Java SSRF XXE Denial Of Service Assertj +2
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-24131 npm MEDIUM POC PATCH This Month

pnpm versions before 10.28.2 fail to validate the `directories.bin` field during package processing, allowing malicious packages to use path traversal (e.g., `../../../../tmp`) to escape the package root and chmod 755 files at arbitrary locations on Unix-like systems. Public exploit code exists for this vulnerability. The issue affects Linux, macOS, and Node.js environments but not Windows due to platform-specific protections.

Linux Windows macOS Node.js Pnpm +2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-24056 npm MEDIUM POC PATCH This Month

pnpm versions prior to 10.28.2 fail to properly constrain symlink resolution when installing file: and git: dependencies, allowing malicious packages to copy sensitive files from the host system into node_modules and leak credentials. This affects developers using local file dependencies and CI/CD pipelines installing git-based packages, with public exploit code available. The vulnerability enables theft of credentials from locations like ~/.ssh/id_rsa and ~/.npmrc by exploiting symlinks to absolute paths outside the package root.

Node.js Pnpm Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23890 npm MEDIUM POC PATCH This Month

Pnpm versions up to 10.28.1 contains a vulnerability that allows attackers to overwriting config files, scripts, or other sensitive files (CVSS 6.5).

Node.js Path Traversal Pnpm Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23889 npm MEDIUM POC PATCH This Month

Path traversal in pnpm's tarball extraction on Windows allows attackers to write files outside the intended package directory by exploiting incomplete path normalization that fails to block backslash-based traversal sequences. Public exploit code exists for this vulnerability, which affects Windows developers and CI/CD pipelines (GitHub Actions, Azure DevOps) and could result in overwriting sensitive configuration files like .npmrc or build configurations. A patch is available in pnpm version 10.28.1 and later.

Windows Node.js Azure Github Path Traversal +2
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23888 npm MEDIUM POC PATCH This Month

Path traversal in pnpm's binary fetcher (versions prior to 10.28.1) allows attackers to write files outside the intended extraction directory through malicious ZIP entries or crafted prefix values, potentially overwriting critical configuration files and scripts on affected systems. All pnpm users installing packages with binary assets are vulnerable, particularly those in CI/CD pipelines or with custom Node.js binary configurations. Public exploit code exists for this medium-severity vulnerability.

Node.js Path Traversal Pnpm Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-59472 npm MEDIUM PATCH This Month

A denial of service vulnerability exists in Next.js versions with Partial Prerendering (PPR) enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the `Next-Resume: 1` header and processes attacker-controlled postponed state data. [CVSS 5.9 MEDIUM]

Node.js Denial Of Service Next.Js Red Hat Vercel
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-59471 npm MEDIUM PATCH This Month

A denial of service vulnerability exists in self-hosted Next.js applications that have `remotePatterns` configured for the Image Optimizer. [CVSS 5.9 MEDIUM]

Denial Of Service Next.Js Red Hat Vercel
NVD GitHub HeroDevs
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-0810 Cargo HIGH POC PATCH This Week

The gix-date library's TimeBuf component can produce invalid UTF-8 strings that corrupt its internal safety mechanisms, triggering undefined behavior in downstream processing. This local privilege escalation vulnerability affecting gix-date has public exploit code available and can cause application crashes or unexpected behavior when a local attacker supplies malformed input. No patch is currently available to remediate this issue.

Information Disclosure Gix Date Red Hat
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-14969 Maven MEDIUM PATCH This Month

A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. [CVSS 4.3 MEDIUM]

React Denial Of Service Red Hat
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-14525 Go MEDIUM PATCH This Month

A flaw was found in kubevirt. A user within a virtual machine (VM), if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. [CVSS 6.4 MEDIUM]

Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-50537 MEDIUM POC This Month

Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run() method, which validates test cases and checks for duplicates. [CVSS 5.5 MEDIUM]

Stack Overflow Eslint Red Hat
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23013 HIGH PATCH This Week

The Linux kernel's Octeon EP VF driver contains a use-after-free vulnerability in IRQ error handling where mismatched device IDs between request_irq() and free_irq() calls can leave IRQ handlers registered after their associated memory is freed. A local attacker with standard privileges can trigger an interrupt after the vulnerable ioq_vector structure is deallocated, causing a kernel crash or potential code execution. No patch is currently available.

Linux Use After Free Denial Of Service Memory Corruption Red Hat +1
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-23012 HIGH PATCH This Week

A use-after-free vulnerability in Linux kernel DAMON subsystem allows local users with sysfs write permissions to trigger memory corruption by calling damon_call() against inactive contexts, causing dangling pointers in the call_controls list. An attacker could leverage this to achieve information disclosure or denial of service, though exploitation complexity is moderate due to permission requirements. The vulnerability currently lacks a patch and affects Linux kernel versions with the vulnerable DAMON code.

Linux Use After Free Information Disclosure Memory Corruption Linux Kernel +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23009 MEDIUM PATCH This Month

The Linux kernel xHCI sideband endpoint removal function can crash when dereferencing a freed or non-existent transfer ring during suspend/resume cycles or device re-enumeration. A local attacker with user-level privileges can trigger a denial of service by causing the kernel to dereference invalid memory, resulting in a system crash. No patch is currently available for this medium-severity vulnerability.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23008 MEDIUM PATCH This Month

The vmwgfx driver in the Linux kernel crashes due to a null pointer dereference when KMS with 3D graphics is used on hardware version 10, which lacks GB Surfaces support. A local attacker with user-level privileges can trigger this vulnerability to cause a denial of service by crashing the display driver, resulting in a black screen. No patch is currently available for this medium-severity vulnerability.

Linux Denial Of Service Null Pointer Dereference Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23007 MEDIUM PATCH This Month

The Linux kernel's block layer fails to properly initialize non-protection information portions of auto-generated integrity buffers during write operations, allowing uninitialized memory containing sensitive data to be exposed to userspace or physical attackers with storage device access. This occurs when protection information is enabled with metadata sizes larger than the protection information tuple size, leaving the remainder uninitialized. Local attackers with appropriate permissions can read this uninitialized memory to leak kernel data.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23006 MEDIUM PATCH This Month

The Linux kernel's ASoC tlv320adcx140 audio driver contains a null pointer dereference in the adcx140_priv structure due to improper initialization of the snd_soc_component field, allowing local authenticated users to trigger a denial of service. An attacker with local access and user-level privileges can crash the audio subsystem by invoking the vulnerable code path. No patch is currently available for this medium-severity vulnerability.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23002 MEDIUM PATCH This Month

A null pointer dereference in the Linux kernel's build ID library can cause a denial of service when reading files in sleepable contexts. Local users with standard privileges can trigger a kernel crash through the filemap_read_folio() code path. This vulnerability requires no user interaction and affects the availability of the system.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23000 MEDIUM PATCH This Month

The Linux kernel mlx5e driver crashes with a null pointer dereference when profile change operations fail and rollback is unsuccessful, leaving the network device in an invalid state. A local attacker with standard user privileges can trigger a denial of service by attempting subsequent profile changes, such as through switchdev mode modifications, which will access the dangling null pointer and crash the system.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-22996 MEDIUM PATCH This Month

A null pointer dereference in the Linux kernel's mlx5e driver allows local attackers with user privileges to cause a denial of service by triggering a kernel panic when eswitch mode configuration fails. The vulnerability occurs when mlx5e_priv structure is improperly dereferenced during profile attachment failures, particularly when switching to switchdev mode. A patch is available to resolve this issue by storing netdev directly instead of referencing the unstable mlx5e_priv structure.

Linux Null Pointer Dereference Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-24401 MEDIUM PATCH This Month

Avahi daemon versions 0.9rc2 and below can be remotely crashed through a denial of service attack by sending a specially crafted mDNS response with a recursive CNAME record pointing to itself, triggering unbounded recursion and stack exhaustion. This vulnerability affects systems using multicast record browsers, including those relying on nss-mdns for service discovery. A patch is available for affected installations.

Denial Of Service Avahi Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-1386 MEDIUM This Month

Firecracker contains a vulnerability that allows attackers to a local host user with write access to the pre-created jailer directories to ove (CVSS 6.0).

Linux Firecracker Red Hat Suse
NVD GitHub
CVSS 3.1
6.0
EPSS
0.0%
CVE-2026-22995 HIGH PATCH This Week

Linux kernel ublk subsystem suffers from a use-after-free vulnerability in partition scan operations where a race condition between device teardown and asynchronous partition scanning allows local attackers with user privileges to access freed memory, potentially causing denial of service or information disclosure. The vulnerability stems from improper reference counting of disk objects during concurrent operations, affecting all Linux systems with the vulnerable ublk driver. A patch is available to resolve this issue by implementing proper disk reference management in the partition scan worker.

Linux Use After Free Race Condition Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-22993 MEDIUM PATCH This Month

The Linux kernel's idpf driver contains a NULL pointer dereference in its RSS LUT handling that can be triggered when ethtool commands access the RSS lookup table immediately after a soft reset. Local users with standard privileges can crash the system by performing queue count changes followed by ethtool operations on the affected network interface. A patch is available to properly manage RSS LUT state during soft resets based on queue count changes.

Linux Null Pointer Dereference Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-22989 MEDIUM PATCH This Month

The Linux kernel nfsd subsystem crashes when attempting to unlock a filesystem via administrative interface while the nfsd service is not running, as the unlock operation accesses freed state structures. A local user with administrative privileges can trigger a denial of service by attempting filesystem unlock operations against a stopped nfsd server.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-22987 MEDIUM PATCH This Month

A null pointer dereference in the Linux kernel's traffic control action module (act_api) causes a denial of service during network namespace teardown when invalid error pointers are dereferenced. A local attacker with low privileges can trigger this crash by manipulating tc actions during system shutdown or container termination. A patch is available to guard against ERR_PTR entries during action cleanup.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-22985 MEDIUM PATCH This Month

The Linux kernel's idpf driver crashes with a NULL pointer dereference when ethtool RSS operations are performed before the network interface is brought up, affecting systems using this driver. A local attacker with unprivileged user access can trigger a denial of service by executing RSS configuration commands on a down interface. The vulnerability is resolved by initializing the RSS lookup table during vport creation rather than at interface startup.

Linux Null Pointer Dereference Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-22983 MEDIUM PATCH This Month

The Linux kernel's network stack contains a null pointer dereference vulnerability in message handling that could cause a denial of service when the msg_get_inq field is improperly written by the callee function. Local attackers with basic privileges can trigger this condition by reusing kernel-internal msghdr structures, resulting in system crashes or service interruption. A patch is available to prevent writes to this input field and eliminate the unsafe branching logic.

Linux Null Pointer Dereference Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-22981 MEDIUM PATCH This Month

A null pointer dereference in the Linux kernel's idpf driver allows local attackers with user privileges to cause a denial of service by triggering improper netdevice state management during reset operations. The vulnerability occurs when the driver fails to properly detach and close network devices before deallocating vport resources, leaving pointers unprotected from concurrent callback access. A patch is available to resolve this issue by implementing proper device state synchronization during reset handling.

Linux Null Pointer Dereference Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71161 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: dm-verity: disable recursive forward error correction There are two problems with the recursive correction: 1. It may cause denial-of-service. [CVSS 5.5 MEDIUM]

Linux Red Hat Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71160 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: avoid chain re-validation if possible Hamza Mahfooz reports cpu soft lock-ups in nft_chain_validate(): watchdog: BUG: soft lockup - CPU#1 stuck for 27s! [CVSS 5.5 MEDIUM]

Linux Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71159 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free warning in btrfs_get_or_create_delayed_node() Previously, btrfs_get_or_create_delayed_node() set the delayed_node's refcount before acquiring the root->delayed_nodes lock. [CVSS 7.8 HIGH]

Linux Use After Free Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71158 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: gpio: mpsse: ensure worker is torn down When an IRQ worker is running, unplugging the device would cause a crash. The sealevel hardware this driver was written for was not hotpluggable, so I never realized it. [CVSS 5.5 MEDIUM]

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71157 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: always drop device refcount in ib_del_sub_device_and_put() Since nldev_deldev() (introduced by commit 060c642b2ab8 ("RDMA/nldev: Add support to add/delete a sub IB device through netlink") grabs a reference using ib_device_get_by_index() before calling ib_del_sub_device_and_put(), we need to drop that reference before returning -EOPNOTSUPP error. [CVSS 7.8 HIGH]

Linux Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71156 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: gve: defer interrupt enabling until NAPI registration Currently, interrupts are automatically enabled immediately upon request. [CVSS 7.8 HIGH]

Linux Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71155 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: Fix gmap_helper_zap_one_page() again A few checks were missing in gmap_helper_zap_one_page(), which can lead to memory corruption in the guest under specific circumstances. Add the missing checks. [CVSS 7.8 HIGH]

Linux Memory Corruption Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71154 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix memory leak on usb_submit_urb() failure In async_set_registers(), when usb_submit_urb() fails, the allocated async_req structure and URB are not freed, causing a memory leak. [CVSS 5.5 MEDIUM]

Linux Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71153 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix memory leak in get_file_all_info() In get_file_all_info(), if vfs_getattr() fails, the function returns immediately without freeing the allocated filename, leading to a memory leak. [CVSS 5.5 MEDIUM]

Linux Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71152 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net: dsa: properly keep track of conduit reference Problem description ------------------- DSA has a mumbo-jumbo of reference handling of the conduit net device and its kobject which, sadly, is just wrong and doesn't make sense. [CVSS 7.8 HIGH]

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71151 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3_reconfigure() In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the function returns immediately without freeing and erasing the newly allocated new_password and new_password2. [CVSS 5.5 MEDIUM]

Linux Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71149 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: correctly handle io_poll_add() return value on update When the core of io_uring was updated to handle completions consistently and with fixed return codes, the POLL_REMOVE opcode with updates got slightly broken. [CVSS 5.5 MEDIUM]

Linux Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71147 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix a memory leak in tpm2_load_cmd 'tpm2_load_cmd' allocates a tempoary blob indirectly via 'tpm2_key_decode' but it is not freed in the failure paths. Address this by wrapping the blob into with a cleanup helper. [CVSS 5.5 MEDIUM]

Linux Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71146 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: fix leaked ct in error paths There are some situations where ct might be leaked as error paths are skipping the refcounted check and return immediately. [CVSS 5.5 MEDIUM]

Linux Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71145 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: usb: phy: isp1301: fix non-OF device reference imbalance A recent change fixing a device reference leak in a UDC driver introduced a potential use-after-free in the non-OF case as the isp1301_get_client() helper only increases the reference count for the returned I2C device in the OF case. [CVSS 7.8 HIGH]

Linux Use After Free Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-24137 Go MEDIUM PATCH This Month

The Golang sigstore framework versions 1.10.3 and below fail to validate cache directory paths in the legacy TUF client, allowing a malicious TUF repository to overwrite arbitrary files on disk within the calling process's permission scope. This impacts direct users of the TUF client in sigstore/sigstore and older Cosign versions, though public Sigstore deployments are protected by metadata validation from trusted collaborators. No patch is currently available for this medium-severity path traversal vulnerability.

Golang Github Red Hat Suse
NVD GitHub
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-24117 Go MEDIUM PATCH This Month

Rekor versions 1.4.3 and earlier contain a server-side request forgery (SSRF) vulnerability in the /api/v1/index/retrieve endpoint that allows unauthenticated remote attackers to probe internal networks through blind SSRF attacks by supplying arbitrary URLs for public key retrieval. While the vulnerability cannot directly exfiltrate data or modify state since responses are not returned and only GET requests are supported, it enables reconnaissance of internal infrastructure. The issue is patched in version 1.5.0, or can be mitigated by disabling the retrieve API with --enable_retrieve_api=false.

SSRF Rekor Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-23831 Go MEDIUM PATCH This Month

Rekor versions 1.4.3 and below are vulnerable to denial of service through a null pointer dereference when processing malformed cose/v0.0.1 entries with empty spec.message fields. An unauthenticated remote attacker can trigger a panic in the Rekor process by sending a specially crafted entry, resulting in a 500 error response and temporary service disruption, though the thread recovery mechanism limits availability impact. The vulnerability has been patched in version 1.5.0.

Denial Of Service Rekor Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-20904 Go MEDIUM PATCH This Month

Gitea's OpenID URI visibility controls lack proper ownership validation, allowing authenticated users to modify the visibility settings of other users' OpenID identities. This integrity bypass affects any Gitea instance where multiple users manage OpenID configurations, enabling account enumeration or information disclosure through unauthorized visibility changes. A patch is available to remediate this medium-severity vulnerability.

Authentication Bypass Gitea Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-20888 Go MEDIUM PATCH This Month

Gitea fails to enforce proper authorization checks when users attempt to cancel scheduled auto-merges through the web interface, allowing any user with pull request read access to cancel merge operations initiated by other users. This authorization bypass could disrupt automated workflows and merge processes across repositories. A patch is available to address this vulnerability.

Authentication Bypass Gitea Red Hat Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-20883 Go MEDIUM PATCH This Month

Gitea's stopwatch API fails to re-validate repository access permissions, allowing revoked users to access sensitive information through active stopwatch sessions. An authenticated attacker with prior access to a private repository can enumerate issue titles and repository names even after their permissions have been removed. A patch is available to enforce proper access control validation.

Authentication Bypass Gitea Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-22234 Maven MEDIUM PATCH This Month

The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations. [CVSS 5.3 MEDIUM]

Information Disclosure Red Hat
NVD HeroDevs
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-67221 PyPI HIGH POC PATCH GHSA This Week

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents. [CVSS 7.5 HIGH]

Denial Of Service Orjson Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-71176 PyPI MEDIUM POC PATCH This Month

pytest versions up to 9.0.2 contains a vulnerability that allows attackers to cause a denial of service or possibly gain privileges (CVSS 6.8).

Denial Of Service Red Hat Suse
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-24006 npm HIGH PATCH This Week

Seroval versions 1.4.0 and below are vulnerable to denial of service attacks due to unbounded recursion when serializing deeply nested objects, allowing remote attackers to crash applications by exceeding the call stack limit. The vulnerability affects the deserialization library's handling of complex data structures without depth validation. Version 1.4.1 introduces a configurable depthLimit parameter to prevent exploitation of this resource exhaustion condition.

Deserialization Denial Of Service Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The 3com 3c59x driver in the Linux kernel is susceptible to a null pointer dereference in the vortex_probe1() function when pdev is null, potentially causing a denial of service through system crash or hang. A local attacker with unprivileged access can trigger this condition during driver initialization. A patch is available to resolve this issue.

Linux Null Pointer Dereference Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A local privilege escalation vulnerability in the Linux kernel's btrfs filesystem can cause a denial of service through circular locking dependencies when memory reclaim is triggered during inode initialization. An authenticated local attacker can exploit this to hang or crash the system by performing filesystem operations that trigger the vulnerable code path. No patch is currently available.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The Linux kernel idpf driver fails to properly handle initialization errors during driver load, leaving the system in an inconsistent state where subsequent resets trigger a null pointer dereference crash. Local users with administrative privileges can cause a denial of service by triggering conditions that cause the init_task to fail, such as rejected firmware operations. No patch is currently available for this medium-severity vulnerability.

Linux Null Pointer Dereference Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Linux kernel netfilter conntrack cleanup can hang indefinitely due to improper reference counting in IP fragmentation reassembly, where fraglist skbs retain nf_conn references that are never released. A local attacker with network namespace capabilities can trigger this denial of service condition, causing conntrack cleanup operations to become blocked. No patch is currently available for this medium-severity vulnerability.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The Linux kernel GPIO MPSSE driver fails to properly release USB device references during probe error handling, potentially leading to resource exhaustion and denial of service on systems using affected GPIO hardware. A local attacker with standard user privileges can trigger this leak by causing probe failures, eventually exhausting system resources and impacting system availability. No patch is currently available for this issue.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: dmaengine: sh: rz-dmac: fix device leak on probe failure Make sure to drop the reference taken when looking up the ICU device during probe also on probe failures

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix NULL dereference on root when tracing inode eviction When evicting an inode the first thing we do is to setup tracing for it, which implies fetching the root's id.

Linux Null Pointer Dereference Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: always detect conflicting inodes when logging inode refs After rename exchanging (either with the rename exchange operation or regular renames in multiple non-atomic steps) two inodes and at least one of them is a directory, we can end up with a log tree that contains only of the inodes and after a power failure that can result in an attempt to delete the other inode when it should not because it was not deleted before the power failure.

Linux Information Disclosure Microsoft +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: can: j1939: make j1939_session_activate() fail if device is no longer registered syzbot is still reporting unregister_netdevice: waiting for vcan0 to become free.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: rust_binder: remove spin_lock() in rust_shrink_free_page() When forward-porting Rust Binder to 6.18, I neglected to take commit fb56fdf8b9a2 ("mm/list_lru: split the lock to per-cgroup scope") into account, and apparently I did not end up running the shrinker callback when I sanity tested the driver before submission.

Linux Denial Of Service Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: counter: interrupt-cnt: Drop IRQF_NO_THREAD flag An IRQ handler can either be IRQF_NO_THREAD or acquire spinlock_t, as CONFIG_PROVE_RAW_LOCK_NESTING warns: ============================= [ BUG: Invalid wait context ] 6.18.0-rc1+git...

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Backstage TechDocs plugin versions prior to 1.13.11 and 1.14.1 contain a path traversal vulnerability that allows authenticated attackers to read arbitrary files from the host filesystem when the local generator is enabled. The vulnerability stems from insufficient symlink validation during the documentation build process, enabling attackers to embed sensitive file contents into generated HTML accessible to documentation viewers. Organizations using `techdocs.generator.runIn: local` with untrusted documentation sources are at risk until patching to the fixed versions.

Node.js Docker Path Traversal +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Fast-xml-parser versions 5.0.9 through 5.3.3 crash when processing XML containing out-of-range numeric entity code points, allowing remote attackers to cause denial of service against applications parsing untrusted XML input. Public exploit code exists for this vulnerability. Applications should upgrade to version 5.3.4 or later to remediate.

Denial Of Service Fast Xml Parser Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 10.0
CRITICAL POC PATCH Act Now

Sandbox escape in Kata Containers allowing guest VM to access host resources. CVSS 10.0 — undermines the core security guarantee of hardware-isolated containers. PoC and patch available.

DNS Kata Containers Red Hat
NVD GitHub
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

Podman Desktop versions prior to 1.25.1 contain an authentication bypass in the extension permission framework where the `isAccessAllowed()` function always returns true, allowing malicious extensions to hijack authentication sessions and access sensitive resources without authorization. Public exploit code exists for this vulnerability, affecting all current deployments of the affected product. Administrators should upgrade to version 1.25.1 or later immediately.

Kubernetes Authentication Bypass Podman Desktop +2
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. [CVSS 7.0 HIGH]

Buffer Overflow RCE Go +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. [CVSS 5.3 MEDIUM]

TLS Information Disclosure Go +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive. [CVSS 6.5 MEDIUM]

Denial Of Service Go Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Http Client Manager versions up to 9.3.13 is affected by improper check for unusual or exceptional conditions (CVSS 7.5).

Drupal Http Client Manager Red Hat
NVD
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

libsoup's HTTP redirect handling fails to strip Proxy-Authorization headers when requests are forwarded to different hosts, allowing proxy credentials to be exposed to unintended third-party servers. Applications relying on libsoup for HTTP communication are vulnerable to disclosure of sensitive proxy authentication data. No patch is currently available.

Information Disclosure Red Hat Suse
NVD VulDB
EPSS 0% CVSS 5.8
MEDIUM POC PATCH This Month

HTTP header injection in libsoup through CRLF sequences in the Content-Disposition header allows unauthenticated remote attackers to inject arbitrary headers or split responses without user interaction. Public exploit code exists for this vulnerability. The flaw affects any application using vulnerable versions of libsoup to process untrusted HTTP headers, with no patch currently available.

Code Injection Red Hat Suse
NVD VulDB
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Unsafe deserialization in PHPUnit versions before 8.5.52, 9.6.33, 10.5.62, 11.5.50, and 12.5.8 allows local attackers to execute arbitrary code by placing malicious serialized objects in `.coverage` files that are deserialized without validation during PHPT test execution. An attacker with file write access can exploit the `cleanupForCoverage()` method's lack of object class restrictions to trigger gadget chains through `__wakeup()` methods. This high-severity vulnerability (CVSS 7.8) affects developers and CI/CD systems running PHPUnit on Linux systems.

RCE Deserialization Debian Linux +3
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Cross-origin data disclosure in Google Chrome's Background Fetch API prior to version 144.0.7559.110 enables remote attackers to steal sensitive information from other websites through specially crafted HTML pages, requiring only user interaction. The vulnerability affects all Chrome users and has a patch available in the latest version.

Google Chrome Red Hat +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Pypdf versions up to 6.6.2 is affected by loop with unreachable exit condition (infinite loop) (CVSS 4.3).

Python Pypdf Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Suricata versions up to 8.0.3 contains a vulnerability that allows attackers to slowdown over multiple packets (CVSS 5.3).

Information Disclosure Suricata Red Hat +1
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Suricata versions prior to 8.0.3 and 7.0.14 are vulnerable to a stack buffer overflow when processing oversized datasets with the save or state options enabled, allowing an attacker with network access to cause a denial of service. The vulnerability requires specific conditions to trigger but does not require authentication or user interaction. A patch is available in the latest versions.

Stack Overflow Suricata Red Hat +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

User-controlled chunkSize metadata from MongoDB lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container. [CVSS 6.5 MEDIUM]

MongoDB Red Hat Suse
NVD
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. [CVSS 5.9 MEDIUM]

OpenSSL TLS Memory Corruption +4
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function. [CVSS 5.5 MEDIUM]

Buffer Overflow Denial Of Service Libpng +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive [CVSS 5.5 MEDIUM]

Buffer Overflow Denial Of Service Libpng +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. [CVSS 5.5 MEDIUM]

OpenSSL TLS Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. [CVSS 5.9 MEDIUM]

OpenSSL TLS Null Pointer Dereference +3
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. [CVSS 6.1 MEDIUM]

OpenSSL Buffer Overflow Null Pointer Dereference +4
NVD GitHub VulDB
EPSS 0% CVSS 5.8
MEDIUM POC PATCH This Month

libsoup's improper handling of URL-decoded input in HTTP proxy configurations allows remote attackers to inject CRLF sequences into the Host header, enabling injection of arbitrary HTTP headers or request bodies. Public exploit code exists for this vulnerability, which could allow attackers to manipulate downstream services through compromised proxy requests. Affected applications using libsoup with HTTP proxy functionality are at risk of integrity compromise, though no patch is currently available.

Authentication Bypass Red Hat Suse
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM POC PATCH This Month

Path traversal in go-tuf versions 2.0.0 through 2.4.0 allows local attackers with low privileges to write metadata files outside the intended cache directory by injecting directory traversal sequences into the repository name parameter. An attacker supplying a malicious map file can escape the LocalMetadataDir boundary and create directories within the process's filesystem permissions. Public exploit code exists; update to version 2.4.1 or later.

Golang Go Tuf Red Hat +1
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

XXE (XML External Entity) injection in AssertJ Java testing library from 1.4.0 to before 3.27.7 allows reading arbitrary files when parsing XML assertions. Patch available.

Java SSRF XXE +4
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

pnpm versions before 10.28.2 fail to validate the `directories.bin` field during package processing, allowing malicious packages to use path traversal (e.g., `../../../../tmp`) to escape the package root and chmod 755 files at arbitrary locations on Unix-like systems. Public exploit code exists for this vulnerability. The issue affects Linux, macOS, and Node.js environments but not Windows due to platform-specific protections.

Linux Windows macOS +4
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

pnpm versions prior to 10.28.2 fail to properly constrain symlink resolution when installing file: and git: dependencies, allowing malicious packages to copy sensitive files from the host system into node_modules and leak credentials. This affects developers using local file dependencies and CI/CD pipelines installing git-based packages, with public exploit code available. The vulnerability enables theft of credentials from locations like ~/.ssh/id_rsa and ~/.npmrc by exploiting symlinks to absolute paths outside the package root.

Node.js Pnpm Red Hat +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Pnpm versions up to 10.28.1 contains a vulnerability that allows attackers to overwriting config files, scripts, or other sensitive files (CVSS 6.5).

Node.js Path Traversal Pnpm +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Path traversal in pnpm's tarball extraction on Windows allows attackers to write files outside the intended package directory by exploiting incomplete path normalization that fails to block backslash-based traversal sequences. Public exploit code exists for this vulnerability, which affects Windows developers and CI/CD pipelines (GitHub Actions, Azure DevOps) and could result in overwriting sensitive configuration files like .npmrc or build configurations. A patch is available in pnpm version 10.28.1 and later.

Windows Node.js Azure +4
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Path traversal in pnpm's binary fetcher (versions prior to 10.28.1) allows attackers to write files outside the intended extraction directory through malicious ZIP entries or crafted prefix values, potentially overwriting critical configuration files and scripts on affected systems. All pnpm users installing packages with binary assets are vulnerable, particularly those in CI/CD pipelines or with custom Node.js binary configurations. Public exploit code exists for this medium-severity vulnerability.

Node.js Path Traversal Pnpm +2
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

A denial of service vulnerability exists in Next.js versions with Partial Prerendering (PPR) enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the `Next-Resume: 1` header and processes attacker-controlled postponed state data. [CVSS 5.9 MEDIUM]

Node.js Denial Of Service Next.Js +2
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

A denial of service vulnerability exists in self-hosted Next.js applications that have `remotePatterns` configured for the Image Optimizer. [CVSS 5.9 MEDIUM]

Denial Of Service Next.Js Red Hat +1
NVD GitHub HeroDevs
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

The gix-date library's TimeBuf component can produce invalid UTF-8 strings that corrupt its internal safety mechanisms, triggering undefined behavior in downstream processing. This local privilege escalation vulnerability affecting gix-date has public exploit code available and can cause application crashes or unexpected behavior when a local attacker supplies malformed input. No patch is currently available to remediate this issue.

Information Disclosure Gix Date Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. [CVSS 4.3 MEDIUM]

React Denial Of Service Red Hat
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

A flaw was found in kubevirt. A user within a virtual machine (VM), if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. [CVSS 6.4 MEDIUM]

Denial Of Service Red Hat Suse
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run() method, which validates test cases and checks for duplicates. [CVSS 5.5 MEDIUM]

Stack Overflow Eslint Red Hat
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

The Linux kernel's Octeon EP VF driver contains a use-after-free vulnerability in IRQ error handling where mismatched device IDs between request_irq() and free_irq() calls can leave IRQ handlers registered after their associated memory is freed. A local attacker with standard privileges can trigger an interrupt after the vulnerable ioq_vector structure is deallocated, causing a kernel crash or potential code execution. No patch is currently available.

Linux Use After Free Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability in Linux kernel DAMON subsystem allows local users with sysfs write permissions to trigger memory corruption by calling damon_call() against inactive contexts, causing dangling pointers in the call_controls list. An attacker could leverage this to achieve information disclosure or denial of service, though exploitation complexity is moderate due to permission requirements. The vulnerability currently lacks a patch and affects Linux kernel versions with the vulnerable DAMON code.

Linux Use After Free Information Disclosure +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The Linux kernel xHCI sideband endpoint removal function can crash when dereferencing a freed or non-existent transfer ring during suspend/resume cycles or device re-enumeration. A local attacker with user-level privileges can trigger a denial of service by causing the kernel to dereference invalid memory, resulting in a system crash. No patch is currently available for this medium-severity vulnerability.

Linux Denial Of Service Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The vmwgfx driver in the Linux kernel crashes due to a null pointer dereference when KMS with 3D graphics is used on hardware version 10, which lacks GB Surfaces support. A local attacker with user-level privileges can trigger this vulnerability to cause a denial of service by crashing the display driver, resulting in a black screen. No patch is currently available for this medium-severity vulnerability.

Linux Denial Of Service Null Pointer Dereference +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The Linux kernel's block layer fails to properly initialize non-protection information portions of auto-generated integrity buffers during write operations, allowing uninitialized memory containing sensitive data to be exposed to userspace or physical attackers with storage device access. This occurs when protection information is enabled with metadata sizes larger than the protection information tuple size, leaving the remainder uninitialized. Local attackers with appropriate permissions can read this uninitialized memory to leak kernel data.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The Linux kernel's ASoC tlv320adcx140 audio driver contains a null pointer dereference in the adcx140_priv structure due to improper initialization of the snd_soc_component field, allowing local authenticated users to trigger a denial of service. An attacker with local access and user-level privileges can crash the audio subsystem by invoking the vulnerable code path. No patch is currently available for this medium-severity vulnerability.

Linux Null Pointer Dereference Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A null pointer dereference in the Linux kernel's build ID library can cause a denial of service when reading files in sleepable contexts. Local users with standard privileges can trigger a kernel crash through the filemap_read_folio() code path. This vulnerability requires no user interaction and affects the availability of the system.

Linux Null Pointer Dereference Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The Linux kernel mlx5e driver crashes with a null pointer dereference when profile change operations fail and rollback is unsuccessful, leaving the network device in an invalid state. A local attacker with standard user privileges can trigger a denial of service by attempting subsequent profile changes, such as through switchdev mode modifications, which will access the dangling null pointer and crash the system.

Linux Null Pointer Dereference Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A null pointer dereference in the Linux kernel's mlx5e driver allows local attackers with user privileges to cause a denial of service by triggering a kernel panic when eswitch mode configuration fails. The vulnerability occurs when mlx5e_priv structure is improperly dereferenced during profile attachment failures, particularly when switching to switchdev mode. A patch is available to resolve this issue by storing netdev directly instead of referencing the unstable mlx5e_priv structure.

Linux Null Pointer Dereference Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Avahi daemon versions 0.9rc2 and below can be remotely crashed through a denial of service attack by sending a specially crafted mDNS response with a recursive CNAME record pointing to itself, triggering unbounded recursion and stack exhaustion. This vulnerability affects systems using multicast record browsers, including those relying on nss-mdns for service discovery. A patch is available for affected installations.

Denial Of Service Avahi Red Hat +1
NVD GitHub
EPSS 0% CVSS 6.0
MEDIUM This Month

Firecracker contains a vulnerability that allows attackers to a local host user with write access to the pre-created jailer directories to ove (CVSS 6.0).

Linux Firecracker Red Hat +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Linux kernel ublk subsystem suffers from a use-after-free vulnerability in partition scan operations where a race condition between device teardown and asynchronous partition scanning allows local attackers with user privileges to access freed memory, potentially causing denial of service or information disclosure. The vulnerability stems from improper reference counting of disk objects during concurrent operations, affecting all Linux systems with the vulnerable ublk driver. A patch is available to resolve this issue by implementing proper disk reference management in the partition scan worker.

Linux Use After Free Race Condition +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The Linux kernel's idpf driver contains a NULL pointer dereference in its RSS LUT handling that can be triggered when ethtool commands access the RSS lookup table immediately after a soft reset. Local users with standard privileges can crash the system by performing queue count changes followed by ethtool operations on the affected network interface. A patch is available to properly manage RSS LUT state during soft resets based on queue count changes.

Linux Null Pointer Dereference Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The Linux kernel nfsd subsystem crashes when attempting to unlock a filesystem via administrative interface while the nfsd service is not running, as the unlock operation accesses freed state structures. A local user with administrative privileges can trigger a denial of service by attempting filesystem unlock operations against a stopped nfsd server.

Linux Denial Of Service Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A null pointer dereference in the Linux kernel's traffic control action module (act_api) causes a denial of service during network namespace teardown when invalid error pointers are dereferenced. A local attacker with low privileges can trigger this crash by manipulating tc actions during system shutdown or container termination. A patch is available to guard against ERR_PTR entries during action cleanup.

Linux Denial Of Service Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The Linux kernel's idpf driver crashes with a NULL pointer dereference when ethtool RSS operations are performed before the network interface is brought up, affecting systems using this driver. A local attacker with unprivileged user access can trigger a denial of service by executing RSS configuration commands on a down interface. The vulnerability is resolved by initializing the RSS lookup table during vport creation rather than at interface startup.

Linux Null Pointer Dereference Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The Linux kernel's network stack contains a null pointer dereference vulnerability in message handling that could cause a denial of service when the msg_get_inq field is improperly written by the callee function. Local attackers with basic privileges can trigger this condition by reusing kernel-internal msghdr structures, resulting in system crashes or service interruption. A patch is available to prevent writes to this input field and eliminate the unsafe branching logic.

Linux Null Pointer Dereference Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A null pointer dereference in the Linux kernel's idpf driver allows local attackers with user privileges to cause a denial of service by triggering improper netdevice state management during reset operations. The vulnerability occurs when the driver fails to properly detach and close network devices before deallocating vport resources, leaving pointers unprotected from concurrent callback access. A patch is available to resolve this issue by implementing proper device state synchronization during reset handling.

Linux Null Pointer Dereference Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: dm-verity: disable recursive forward error correction There are two problems with the recursive correction: 1. It may cause denial-of-service. [CVSS 5.5 MEDIUM]

Linux Red Hat Information Disclosure
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: avoid chain re-validation if possible Hamza Mahfooz reports cpu soft lock-ups in nft_chain_validate(): watchdog: BUG: soft lockup - CPU#1 stuck for 27s! [CVSS 5.5 MEDIUM]

Linux Linux Kernel Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free warning in btrfs_get_or_create_delayed_node() Previously, btrfs_get_or_create_delayed_node() set the delayed_node's refcount before acquiring the root->delayed_nodes lock. [CVSS 7.8 HIGH]

Linux Use After Free Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: gpio: mpsse: ensure worker is torn down When an IRQ worker is running, unplugging the device would cause a crash. The sealevel hardware this driver was written for was not hotpluggable, so I never realized it. [CVSS 5.5 MEDIUM]

Linux Denial Of Service Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: always drop device refcount in ib_del_sub_device_and_put() Since nldev_deldev() (introduced by commit 060c642b2ab8 ("RDMA/nldev: Add support to add/delete a sub IB device through netlink") grabs a reference using ib_device_get_by_index() before calling ib_del_sub_device_and_put(), we need to drop that reference before returning -EOPNOTSUPP error. [CVSS 7.8 HIGH]

Linux Linux Kernel Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: gve: defer interrupt enabling until NAPI registration Currently, interrupts are automatically enabled immediately upon request. [CVSS 7.8 HIGH]

Linux Linux Kernel Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: Fix gmap_helper_zap_one_page() again A few checks were missing in gmap_helper_zap_one_page(), which can lead to memory corruption in the guest under specific circumstances. Add the missing checks. [CVSS 7.8 HIGH]

Linux Memory Corruption Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix memory leak on usb_submit_urb() failure In async_set_registers(), when usb_submit_urb() fails, the allocated async_req structure and URB are not freed, causing a memory leak. [CVSS 5.5 MEDIUM]

Linux Linux Kernel Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix memory leak in get_file_all_info() In get_file_all_info(), if vfs_getattr() fails, the function returns immediately without freeing the allocated filename, leading to a memory leak. [CVSS 5.5 MEDIUM]

Linux Linux Kernel Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net: dsa: properly keep track of conduit reference Problem description ------------------- DSA has a mumbo-jumbo of reference handling of the conduit net device and its kobject which, sadly, is just wrong and doesn't make sense. [CVSS 7.8 HIGH]

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3_reconfigure() In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the function returns immediately without freeing and erasing the newly allocated new_password and new_password2. [CVSS 5.5 MEDIUM]

Linux Linux Kernel Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: correctly handle io_poll_add() return value on update When the core of io_uring was updated to handle completions consistently and with fixed return codes, the POLL_REMOVE opcode with updates got slightly broken. [CVSS 5.5 MEDIUM]

Linux Linux Kernel Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix a memory leak in tpm2_load_cmd 'tpm2_load_cmd' allocates a tempoary blob indirectly via 'tpm2_key_decode' but it is not freed in the failure paths. Address this by wrapping the blob into with a cleanup helper. [CVSS 5.5 MEDIUM]

Linux Linux Kernel Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: fix leaked ct in error paths There are some situations where ct might be leaked as error paths are skipping the refcounted check and return immediately. [CVSS 5.5 MEDIUM]

Linux Linux Kernel Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: usb: phy: isp1301: fix non-OF device reference imbalance A recent change fixing a device reference leak in a UDC driver introduced a potential use-after-free in the non-OF case as the isp1301_get_client() helper only increases the reference count for the returned I2C device in the OF case. [CVSS 7.8 HIGH]

Linux Use After Free Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

The Golang sigstore framework versions 1.10.3 and below fail to validate cache directory paths in the legacy TUF client, allowing a malicious TUF repository to overwrite arbitrary files on disk within the calling process's permission scope. This impacts direct users of the TUF client in sigstore/sigstore and older Cosign versions, though public Sigstore deployments are protected by metadata validation from trusted collaborators. No patch is currently available for this medium-severity path traversal vulnerability.

Golang Github Red Hat +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Rekor versions 1.4.3 and earlier contain a server-side request forgery (SSRF) vulnerability in the /api/v1/index/retrieve endpoint that allows unauthenticated remote attackers to probe internal networks through blind SSRF attacks by supplying arbitrary URLs for public key retrieval. While the vulnerability cannot directly exfiltrate data or modify state since responses are not returned and only GET requests are supported, it enables reconnaissance of internal infrastructure. The issue is patched in version 1.5.0, or can be mitigated by disabling the retrieve API with --enable_retrieve_api=false.

SSRF Rekor Red Hat +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Rekor versions 1.4.3 and below are vulnerable to denial of service through a null pointer dereference when processing malformed cose/v0.0.1 entries with empty spec.message fields. An unauthenticated remote attacker can trigger a panic in the Rekor process by sending a specially crafted entry, resulting in a 500 error response and temporary service disruption, though the thread recovery mechanism limits availability impact. The vulnerability has been patched in version 1.5.0.

Denial Of Service Rekor Red Hat +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Gitea's OpenID URI visibility controls lack proper ownership validation, allowing authenticated users to modify the visibility settings of other users' OpenID identities. This integrity bypass affects any Gitea instance where multiple users manage OpenID configurations, enabling account enumeration or information disclosure through unauthorized visibility changes. A patch is available to remediate this medium-severity vulnerability.

Authentication Bypass Gitea Red Hat +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Gitea fails to enforce proper authorization checks when users attempt to cancel scheduled auto-merges through the web interface, allowing any user with pull request read access to cancel merge operations initiated by other users. This authorization bypass could disrupt automated workflows and merge processes across repositories. A patch is available to address this vulnerability.

Authentication Bypass Gitea Red Hat +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Gitea's stopwatch API fails to re-validate repository access permissions, allowing revoked users to access sensitive information through active stopwatch sessions. An authenticated attacker with prior access to a private repository can enumerate issue titles and repository names even after their permissions have been removed. A patch is available to enforce proper access control validation.

Authentication Bypass Gitea Red Hat +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations. [CVSS 5.3 MEDIUM]

Information Disclosure Red Hat
NVD HeroDevs
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents. [CVSS 7.5 HIGH]

Denial Of Service Orjson Red Hat +1
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM POC PATCH This Month

pytest versions up to 9.0.2 contains a vulnerability that allows attackers to cause a denial of service or possibly gain privileges (CVSS 6.8).

Denial Of Service Red Hat Suse
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Seroval versions 1.4.0 and below are vulnerable to denial of service attacks due to unbounded recursion when serializing deeply nested objects, allowing remote attackers to crash applications by exceeding the call stack limit. The vulnerability affects the deserialization library's handling of complex data structures without depth validation. Version 1.4.1 introduces a configurable depthLimit parameter to prevent exploitation of this resource exhaustion condition.

Deserialization Denial Of Service Red Hat +1
NVD GitHub
Prev Page 35 of 96 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy