Skip to main content

Red Hat

8625 CVEs vendor

Monthly

CVE-2026-23992 Go MEDIUM PATCH This Month

Signature threshold validation bypass in go-tuf versions 2.0.0 through 2.3.0 allows a compromised or misconfigured TUF repository to disable signature verification by setting thresholds to zero, enabling attackers to tamper with metadata files without detection. This affects systems relying on go-tuf for secure software update verification, potentially allowing unauthorized modifications to trusted metadata both at rest and in transit. A patch is available in version 2.3.1.

Golang Go Tuf Red Hat Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-23991 Go MEDIUM PATCH This Month

go-tuf is a Go implementation of The Update Framework (TUF). [CVSS 5.9 MEDIUM]

Golang Denial Of Service Go Tuf Red Hat Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-23957 npm HIGH PATCH This Week

Seroval versions 1.4.0 and below are vulnerable to denial of service through malformed deserialization payloads that specify excessively large array lengths, causing the parsing process to consume excessive CPU resources and become unresponsive. An unauthenticated remote attacker can exploit this without user interaction by sending a crafted serialized object to any application using the vulnerable library. The vulnerability has been patched in version 1.4.1.

Deserialization Denial Of Service Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-23952 NuGet MEDIUM POC PATCH This Month

ImageMagick and Magick.NET versions 14.10.1 and below are vulnerable to denial of service attacks through a null pointer dereference in the MSL parser when processing malformed comment tags, exploitable by authenticated attackers without user interaction. Public exploit code exists for this vulnerability, and affected systems may crash or experience assertion failures depending on build configuration. No patch is currently available to address this medium-severity issue.

Null Pointer Dereference Denial Of Service Magick.Net Imagemagick Red Hat +1
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23893 MEDIUM PATCH This Month

Privilege escalation in openCryptoki 2.3.2+ allows token-group members to exploit insecure symlink handling in group-writable token directories, enabling file operations on arbitrary filesystem targets when the library runs with elevated privileges. An attacker with token-group membership can plant symlinks to redirect administrative operations, potentially leading to privilege escalation or unauthorized data access. A patch is available.

Linux Privilege Escalation Opencryptoki Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-24047 npm MEDIUM PATCH This Month

The resolveSafeChildPath function in Backstage's backend-plugin-api prior to version 0.1.17 improperly validates symlink chains and dangling symlinks, allowing authenticated attackers to bypass path traversal protections used by Scaffolder actions and other backend components. An attacker with low privileges could exploit this to access files outside the intended directory boundaries by chaining intermediate symlinks or creating symlinks pointing to non-existent paths that are later materialized during file operations. This affects Backstage installations relying on the vulnerable path validation function for security isolation.

Path Traversal Red Hat
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-23737 npm HIGH POC PATCH This Week

Arbitrary code execution in Seroval versions 1.4.0 and below allows authenticated attackers to execute malicious JavaScript through improper deserialization handling in the fromJSON and fromCrossJSON functions. Exploitation requires multiple requests to the affected function and partial knowledge of runtime data usage, but grants full code execution capabilities. A patch is available in version 1.4.1 and later.

Deserialization Seroval Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-23736 npm HIGH PATCH This Week

Seroval is affected by improperly controlled modification of object prototype attributes (prototype pollution) (CVSS 7.3).

Deserialization Seroval Red Hat Suse
NVD GitHub
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-12781 MEDIUM POC PATCH This Month

When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative base64 alphabet" such as the URL safe alphabet. [CVSS 5.3 MEDIUM]

Python Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-66960 PyPI HIGH POC This Week

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata [CVSS 7.5 HIGH]

Denial Of Service AI / ML Ollama Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-66959 PyPI HIGH POC This Week

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder [CVSS 7.5 HIGH]

Denial Of Service AI / ML Ollama Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-22444 Maven HIGH PATCH This Week

Apache Solr 8.6 through 9.10.0 in standalone mode fails to properly validate the "create core" API parameters, allowing authenticated users to bypass the allowPaths security restriction and access unauthorized filesystem locations. On Windows systems configured with UNC path support, this vulnerability can lead to NTLM credential hash disclosure. Affected deployments using the allowPaths setting are at risk of unauthorized core creation and information exposure.

Windows Apache Solr Red Hat
NVD HeroDevs
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-22022 Maven HIGH PATCH This Week

Unauthorized API access in Apache Solr 5.3.0 through 9.10.0 allows unauthenticated attackers to bypass the RuleBasedAuthorizationPlugin due to insufficient input validation in permission rule enforcement. This vulnerability affects only deployments using multiple roles with specific predefined permissions like config-read, config-edit, schema-read, metrics-read, or security-read without the "all" permission rule defined. Successful exploitation grants attackers unauthorized access to sensitive Solr APIs, potentially exposing configuration and security data.

Apache Solr Red Hat
NVD HeroDevs
CVSS 3.1
8.2
EPSS
0.2%
CVE-2025-14559 Maven MEDIUM PATCH This Month

A flaw was found in the keycloak-services component of Keycloak. [CVSS 6.5 MEDIUM]

Authentication Bypass Red Hat
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-21968 MEDIUM PATCH This Month

Mysql Server contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 6.5).

Oracle MySQL MSSQL Denial Of Service Mysql Server +2
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-21964 MEDIUM PATCH This Month

Mysql contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 4.9).

Oracle MySQL MSSQL Denial Of Service Red Hat +1
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-21952 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 9.0.0-9.5.0. [CVSS 4.9 MEDIUM]

Oracle MySQL MSSQL Denial Of Service Mysql Server +2
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-21950 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.5.0. [CVSS 6.5 MEDIUM]

Oracle MySQL MSSQL Denial Of Service Mysql Server +2
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-21949 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.5.0. [CVSS 6.5 MEDIUM]

Oracle MySQL MSSQL Denial Of Service Mysql Server +2
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-21948 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. [CVSS 4.9 MEDIUM]

Oracle MySQL MSSQL Denial Of Service Mysql Server +2
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-21941 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. [CVSS 4.9 MEDIUM]

Oracle MySQL MSSQL Denial Of Service Mysql Server +2
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-21937 MEDIUM PATCH This Month

Mysql Server contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 4.9).

Oracle MySQL MSSQL Denial Of Service Mysql Server +2
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-21936 MEDIUM PATCH This Month

Mysql Cluster contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 4.9).

Oracle MySQL MSSQL Denial Of Service Mysql Cluster +3
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-21929 MEDIUM PATCH This Month

Mysql Server contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 5.3).

Oracle MySQL MSSQL Denial Of Service Mysql Server +2
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-15366 MEDIUM PATCH This Month

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

Command Injection Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.9
EPSS
0.1%
CVE-2026-21637 HIGH PATCH This Week

Node.js TLS servers using PSK or ALPN callbacks are vulnerable to denial of service when these callbacks throw unhandled synchronous exceptions during the TLS handshake. Remote attackers can exploit this by sending specially crafted TLS handshake requests to trigger resource exhaustion or process crashes, either through immediate termination or silent file descriptor leaks. No patch is currently available for this vulnerability.

Node.js TLS Denial Of Service Node.Js Red Hat +1
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-21636 CRITICAL PATCH Act Now

Node.js has a CVSS 10.0 permission model bypass that allows Unix Domain Socket connections to completely bypass network restrictions when --allow-net is configured.

Node.js Privilege Escalation Node.Js Red Hat Suse
NVD
CVSS 3.1
10.0
EPSS
0.0%
CVE-2025-59466 HIGH PATCH This Week

We have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when `async_hooks.createHook()` is enabled. Instead of reaching `process.on('uncaughtException')`, the process terminates, making the crash unrecoverable. [CVSS 7.5 HIGH]

Node.js Denial Of Service Node.Js Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-59464 HIGH PATCH This Week

A memory leak in Node.js’s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffer. [CVSS 7.5 HIGH]

Node.js OpenSSL TLS Denial Of Service Node.Js +2
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55132 MEDIUM PATCH This Month

A flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. [CVSS 5.3 MEDIUM]

Node.js Node.Js Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-33230 HIGH PATCH This Week

NVIDIA Nsight Systems for Linux contains a vulnerability in the .run installer, where an attacker could cause an OS command injection by supplying a malicious string to the installation path. [CVSS 7.3 HIGH]

Linux Denial Of Service Privilege Escalation Command Injection Information Disclosure +2
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-33229 HIGH PATCH This Week

NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. [CVSS 7.3 HIGH]

Windows Denial Of Service Privilege Escalation Information Disclosure Cuda Toolkit +1
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-33228 HIGH PATCH This Week

NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the process_nsys_rep_cli.py script if the script is invoked manually. [CVSS 7.3 HIGH]

Denial Of Service Privilege Escalation Command Injection Information Disclosure Cuda Toolkit +1
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-15281 HIGH PATCH This Week

Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process. [CVSS 7.5 HIGH]

Information Disclosure Glibc Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-1180 Maven MEDIUM PATCH This Month

Keycloak's OpenID Connect Dynamic Client Registration feature fails to validate jwks_uri values when clients authenticate via private_key_jwt, allowing attackers to redirect the server to arbitrary network endpoints. This enables reconnaissance and information disclosure attacks against internal services and cloud metadata endpoints accessible from the Keycloak server. No patch is currently available for this MEDIUM severity vulnerability.

Information Disclosure SSRF Red Hat
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2025-14369 MEDIUM This Month

dr_flac, an audio decoder within the dr_libs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, allowing an attacker with a specially crafted file to perform DoS against programs using the tool. [CVSS 5.5 MEDIUM]

Integer Overflow Denial Of Service Red Hat
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-0908 HIGH PATCH This Week

Heap corruption in Google Chrome's ANGLE graphics library prior to version 144.0.7559.59 can be triggered through a crafted HTML page, enabling remote attackers to execute arbitrary code without user interaction beyond visiting a malicious website. The vulnerability stems from a use-after-free memory flaw that affects all Chrome users, though no patch is currently available. With a CVSS score of 8.8 and minimal exploit complexity, this presents a significant risk to the browser's security model.

Use After Free Chrome Google Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-0907 CRITICAL PATCH Act Now

Chrome Split View prior to 144.0.7559.59 has a UI spoofing vulnerability that allows remote attackers to display misleading content in the split view interface.

Google Chrome Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-0905 CRITICAL PATCH Act Now

Google Chrome prior to 144.0.7559.59 has insufficient policy enforcement in Network that allows attackers who obtained a network position to access sensitive data.

Google Chrome Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-0904 MEDIUM PATCH This Month

Chrome versions up to 144.0.7559.59 is affected by user interface (ui) misrepresentation of critical information (CVSS 5.4).

Google Chrome Red Hat Suse
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-0902 HIGH PATCH This Week

Out-of-bounds memory read in Chrome's V8 JavaScript engine prior to version 144.0.7559.59 enables remote attackers to leak sensitive information through maliciously crafted web pages requiring only user interaction. The vulnerability affects all Chrome users and exposes high-impact confidentiality and integrity risks with no available patch at this time.

Chrome Google Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-0900 HIGH PATCH This Week

Object corruption in Google Chrome's V8 engine prior to version 144.0.7559.59 can be triggered by remote attackers through malicious HTML pages, potentially leading to complete system compromise including unauthorized access, data modification, and denial of service. The vulnerability requires user interaction to exploit but does not require authentication or special privileges. No patch is currently available for affected users.

Google Chrome Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-0899 HIGH PATCH This Week

Out-of-bounds memory access in Chrome's V8 engine (versions prior to 144.0.7559.59) enables remote attackers to corrupt objects and potentially achieve code execution by delivering a malicious HTML page to users. The vulnerability requires user interaction but poses significant risk due to its high CVSS score (8.8) and impact on confidentiality, integrity, and availability. No patch is currently available.

Chrome Google Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-23949 PyPI HIGH POC PATCH This Week

Jaraco.context versions 5.2.0 through 6.0.x contain a path traversal vulnerability in the tarball() function that allows attackers to extract files outside the intended directory when processing malicious tar archives, with public exploit code available. The vulnerability exploits insufficient path validation that fails to properly filter directory traversal sequences like `../`, potentially enabling unauthorized file extraction and nested tarball attacks. This affects all users processing untrusted tar archives with the vulnerable versions.

Path Traversal Jaraco.Context Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-23874 NuGet MEDIUM POC PATCH This Month

Imagemagick versions up to 7.1.2-13 is affected by loop with unreachable exit condition (infinite loop) (CVSS 5.5).

Stack Overflow Imagemagick Red Hat Suse
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-22770 NuGet MEDIUM PATCH This Month

ImageMagick versions prior to 7.1.2-13 fail to properly initialize buffer elements in the BilateralBlurImage method, leading to invalid pointer dereference and potential denial of service when memory allocation fails. An attacker can exploit this through network vectors to crash affected applications or trigger undefined behavior with high complexity requirements. A patch is available in version 7.1.2-13 and later.

Information Disclosure Imagemagick Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-23833 PyPI HIGH PATCH This Week

ESPHome versions 2025.9.0 through 2025.12.6 are vulnerable to a denial-of-service attack via integer overflow in the API protobuf decoder, affecting all supported microcontroller platforms (ESP32, ESP8266, RP2040, LibreTiny). Unauthenticated attackers can crash ESPHome devices by sending specially crafted packets with large field length values to bypass bounds checking when API encryption is disabled. Upgrade to version 2025.12.7 or later to remediate.

Integer Overflow Denial Of Service Esphome Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-23732 HIGH POC PATCH This Week

FreeRDP versions before 3.21.0 contain a buffer overflow in FastGlyph parsing where a malicious Remote Desktop server can crash the client by sending specially crafted glyph data that bypasses length validation. A remote attacker can exploit this vulnerability without authentication to cause denial of service, and public exploit code exists. The vulnerability affects FreeRDP clients connecting to untrusted or compromised RDP servers, with no patch currently available for most deployments.

Buffer Overflow Denial Of Service Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-23643 PHP MEDIUM PATCH This Month

CakePHP versions prior to 5.2.12 and 5.3.1 contain a stored cross-site scripting vulnerability in the PaginatorHelper::limitControl() method that allows unauthenticated attackers to inject malicious scripts through query string parameters. An attacker can exploit this to steal session cookies, perform unauthorized actions, or redirect users to malicious sites. The vulnerability requires user interaction to trigger but affects all installations using the vulnerable PaginatorHelper component.

Red Hat Cakephp
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-62291 HIGH PATCH This Week

In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow. [CVSS 8.1 HIGH]

Buffer Overflow Heap Overflow Integer Overflow Red Hat Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-24531 MEDIUM PATCH This Month

In OpenSC pam_pkcs11 before 0.6.13, pam_sm_authenticate() wrongly returns PAM_IGNORE in many error situations (such as an error triggered by a smartcard before login), allowing authentication bypass. [CVSS 6.7 MEDIUM]

Authentication Bypass Red Hat Suse
NVD GitHub
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-24528 HIGH PATCH This Week

In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash. [CVSS 7.1 HIGH]

Integer Overflow Denial Of Service Red Hat Suse
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-22045 Go MEDIUM PATCH This Month

Denial of service in Traefik versions prior to 2.11.35 and 3.6.7 allows unauthenticated remote attackers to exhaust server resources by establishing incomplete ACME TLS-ALPN connections and leaving them open indefinitely. An attacker can send minimal ClientHello messages with the acme-tls/1 protocol and cease responding, causing goroutines and file descriptors to be held until the entry point becomes unavailable. The vulnerability affects systems with ACME TLS challenge enabled.

Golang TLS Denial Of Service Traefik Red Hat +1
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-0915 HIGH PATCH This Week

Stack memory disclosure in GNU C Library versions 2.0-2.42 allows unauthenticated remote attackers to leak sensitive stack contents via crafted DNS queries when getnetbyaddr functions are configured to use the DNS backend for network lookups. This vulnerability affects systems running vulnerable Glibc and DNS resolver combinations, with no available patch currently released.

DNS Glibc Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-1002 Maven MEDIUM POC PATCH This Month

Improper URI path normalization in Vert.x Web's static file handler allows remote attackers to manipulate the cache and deny access to static files through specially crafted request URIs containing encoded path traversal sequences. An unauthenticated attacker can exploit this vulnerability over the network with no user interaction to cause denial of service by returning HTTP 404 responses for normally accessible files. Public exploit code exists and patches are available.

Github Vert.X Web Red Hat
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-15265 npm MEDIUM POC PATCH This Month

An SSR XSS exists in async hydration when attacker‑controlled keys are passed to hydratable. The key is embedded inside a <script> block without HTML‑safe escaping, allowing </script> to terminate the script and inject arbitrary JavaScript. [CVSS 6.1 MEDIUM]

XSS Svelte Red Hat
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-0962 MEDIUM POC PATCH This Month

Denial of service in Wireshark 4.6.0-4.6.2 and 4.4.0-4.4.12 can be triggered through a malformed SOME/IP-SD protocol packet, causing the application to crash. Public exploit code exists for this vulnerability, and affected users should avoid opening untrusted packet captures until a patch is available.

Denial Of Service Wireshark Red Hat Suse
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-0961 MEDIUM POC PATCH This Month

BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service [CVSS 5.5 MEDIUM]

Denial Of Service Wireshark Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-0960 MEDIUM POC PATCH This Month

HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service [CVSS 4.7 MEDIUM]

Denial Of Service Wireshark Red Hat Suse
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-0959 MEDIUM PATCH This Month

Wireshark versions 4.4.0-4.4.12 and 4.6.0-4.6.2 crash when processing malformed IEEE 802.11 wireless packets, enabling a remote denial of service attack that requires user interaction to view the malicious traffic. An attacker can exploit this out-of-bounds write vulnerability by crafting a specially formatted packet, causing the application to become unavailable without requiring authentication. No patch is currently available for this issue.

Denial Of Service Wireshark Red Hat Suse
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-0861 HIGH POC PATCH This Week

Glibc versions 2.30 through 2.42 contain an integer overflow in the memalign function family that allows attackers with control over both size and alignment parameters to trigger heap corruption. Public exploit code exists for this vulnerability, which requires carefully crafted inputs with alignment values between 2^62+1 and 2^63 paired with sizes near PTRDIFF_MAX. Local attackers exploiting this flaw could achieve code execution or denial of service on affected systems.

Buffer Overflow Integer Overflow Glibc Red Hat Suse
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-22036 npm MEDIUM PATCH This Month

Undici versions up to 7.18.0 is affected by allocation of resources without limits or throttling (CVSS 5.9).

Node.js Undici Red Hat Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-22857 CRITICAL POC PATCH Act Now

FreeRDP IRP thread handler has a use-after-free where the IRP is freed by Complete() then accessed on the error path. Fixed in 3.20.1.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-22856 HIGH POC PATCH This Week

Heap use-after-free in FreeRDP versions before 3.20.1 stems from unsynchronized access to serial channel thread tracking structures, allowing remote attackers to trigger memory corruption and achieve code execution. The vulnerability affects systems using vulnerable FreeRDP versions for remote desktop connections and has public exploit code available. No patch is currently available, requiring users to upgrade to version 3.20.1 or later.

Race Condition Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-22854 CRITICAL POC PATCH Act Now

FreeRDP drive read heap overflow when server-controlled read length exceeds IRP output buffer. Fixed in 3.20.1. PoC available.

Buffer Overflow Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-22852 CRITICAL POC PATCH Act Now

FreeRDP client before 3.20.1 has a heap buffer overflow in AUDIN format processing. A malicious RDP server can corrupt memory and crash the client. PoC available.

Memory Corruption Denial Of Service Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-22851 MEDIUM POC PATCH This Month

FreeRDP versions prior to 3.20.1 contain a race condition between the RDPGFX virtual channel and SDL rendering threads that enables heap use-after-free when graphics are reset. Public exploit code exists for this vulnerability, allowing attackers to crash the application or potentially execute code in industrial control systems and other environments using vulnerable FreeRDP implementations. A patch is not currently available, leaving affected systems exposed until an update is released.

Industrial Use After Free Race Condition Freerdp Red Hat +1
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-70968 CRITICAL POC Act Now

FreeImage 3.18.0 has a use-after-free in the TARGA plugin's loadRLE function. Processing a malicious TGA file can lead to code execution. PoC available.

Use After Free Freeimage Red Hat Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-71144 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure context reset on disconnect() After the blamed commit below, if the MPC subflow is already in TCP_CLOSE status or has fallback to TCP at mptcp_disconnect() time, mptcp_do_fastclose() skips setting the `send_fastclose flag` and the later __mptcp_close_ssk() does not reset anymore the related subflow context. [CVSS 5.5 MEDIUM]

Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71143 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: clk: samsung: exynos-clkout: Assign .num before accessing .hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs the bounds sanitizer (UBSAN_BOUNDS) about the number of elements in .hws[], so that it can warn when .hws[] is accessed out of bounds.

Linux Samsung Buffer Overflow Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71142 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: cpuset: fix warning when disabling remote partition A warning was triggered as follows: WARNING: kernel/cgroup/cpuset.c:1651 at remote_partition_disable+0xf7/0x110 RIP: 0010:remote_partition_disable+0xf7/0x110 RSP: 0018:ffffc90001947d88 EFLAGS: 00000206 RAX: 0000000000007fff RBX: ffff888103b6e000 RCX: 0000000000006f40 RDX: 0000000000006f00 RSI: ffffc90001947da8 RDI: ffff888103b6e000 RBP: ffff888103b6e000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000001 R11: ffff88810b2e2728 R12: ffffc90001947da8 R13: 0000000000000000 R14: ffffc90001947da8 R15: ffff8881081f1c00 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f55c8bbe0b2 CR3: 000000010b14c000 CR4: 00000000000006f0 Call Trace: <TASK> update_prstate+0x2d3/0x580 cpuset_partition_write+0x94/0xf0 kernfs_fop_write_iter+0x147/0x200 vfs_write+0x35d/0x500 ksys_write+0x66/0xe0 do_syscall_64+0x6b/0x390 entry_SYSCALL_64_after_hwframe+0x4b/0x53 RIP: 0033:0x7f55c8cd4887 Reproduction steps (on a 16-CPU machine): # cd /sys/fs/cgroup/ # mkdir A1 # echo +cpuset > A1/cgroup.subtree_control # echo "0-14" > A1/cpuset.cpus.exclusive # mkdir A1/A2 # echo "0-14" > A1/A2/cpuset.cpus.exclusive # echo "root" > A1/A2/cpuset.cpus.partition # echo 0 > /sys/devices/system/cpu/cpu15/online # echo member > A1/A2/cpuset.cpus.partition When CPU 15 is offlined, subpartitions_cpus gets cleared because no CPUs remain available for the top_cpuset, forcing partitions to share CPUs with the top_cpuset.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71141 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/tilcdc: Fix removal actions in case of failed probe The drm_kms_helper_poll_fini() and drm_atomic_helper_shutdown() helpers should only be called when the device has been successfully registered.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71139 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: kernel/kexec: fix IMA when allocation happens in CMA area *** Bug description *** When I tested kexec with the latest kernel, I ran into the following warning: [ 40.712410] ------------[ cut here ]------------ [ 40.712576] WARNING: CPU: 2 PID: 1562 at kernel/kexec_core.c:1001 kimage_map_segment+0x144/0x198 [...] [ 40.816047] Call trace: [ 40.818498] kimage_map_segment+0x144/0x198 (P) [ 40.823221] ima_kexec_post_load+0x58/0xc0 [ 40.827246] __do_sys_kexec_file_load+0x29c/0x368 [...] [ 40.855423] ---[ end trace 0000000000000000 ]--- *** How to reproduce *** This bug is only triggered when the kexec target address is allocated in the CMA area.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71138 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add missing NULL pointer check for pingpong interface It is checked almost always in dpu_encoder_phys_wb_setup_ctl(), but in a single place the check is missing.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71137 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" This patch ensures that the RX ring size (rx_pending) is not set below the permitted length.

Linux Buffer Overflow Memory Corruption Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-71136 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() It's possible for cp_read() and hdmi_read() to return -EIO. Those values are further used as indexes for accessing arrays.

Linux Buffer Overflow Information Disclosure Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-71135 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() The variable mddev->private is first assigned to conf and then checked: conf = mddev->private; if (!conf) ...

Linux Null Pointer Dereference Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71134 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: change all pageblocks migrate type on coalescing When a page is freed it coalesces with a buddy into a higher order page while possible.

Linux Information Disclosure IBM Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71133 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: avoid invalid read in irdma_net_event irdma_net_event() should not dereference anything from "neigh" (alias "ptr") until it has checked that the event is NETEVENT_NEIGH_UPDATE.

Linux Buffer Overflow Information Disclosure Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-71132 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: smc91x: fix broken irq-context in PREEMPT_RT When smc91x.c is built with PREEMPT_RT, the following splat occurs in FVP_RevC: [ 13.055000] smc91x LNRO0003:00 eth0: link up, 10Mbps, half-duplex, lpa 0x0000 [ 13.062137] BUG: workqueue leaked atomic, lock or RCU: kworker/2:1[106] [ 13.062137] preempt=0x00000000 lock=0->0 RCU=0->1 workfn=mld_ifc_work [ 13.062266] C ** replaying previous printk message ** [ 13.062266] CPU: 2 UID: 0 PID: 106 Comm: kworker/2:1 Not tainted 6.18.0-dirty #179 PREEMPT_{RT,(full)} [ 13.062353] Hardware name: , BIOS [ 13.062382] Workqueue: mld mld_ifc_work [ 13.062469] Call trace: [ 13.062494] show_stack+0x24/0x40 (C) [ 13.062602] __dump_stack+0x28/0x48 [ 13.062710] dump_stack_lvl+0x7c/0xb0 [ 13.062818] dump_stack+0x18/0x34 [ 13.062926] process_scheduled_works+0x294/0x450 [ 13.063043] worker_thread+0x260/0x3d8 [ 13.063124] kthread+0x1c4/0x228 [ 13.063235] ret_from_fork+0x10/0x20 This happens because smc_special_trylock() disables IRQs even on PREEMPT_RT, but smc_special_unlock() does not restore IRQs on PREEMPT_RT.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71130 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer Initialize the eb.vma array with values of 0 when the eb structure is first set up.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71129 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Sign extend kfunc call arguments The kfunc calls are native calls so they should follow LoongArch calling conventions. Sign extend its arguments properly to avoid kernel panic.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71128 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: erspan: Initialize options_len before referencing options. The struct ip_tunnel_info has a flexible array member named options that is protected by a counted_by(options_len) attribute.

Linux Buffer Overflow Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71127 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Discard Beacon frames to non-broadcast address Beacon frames are required to be sent to the broadcast address, see IEEE Std 802.11-2020, 11.1.3.1 ("The Address 1 field of the Beacon ..

Linux Authentication Bypass Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71126 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mptcp: avoid deadlock on fallback while reinjecting Jakub reported an MPTCP deadlock at fallback time: WARNING: possible recursive locking detected 6.18.0-rc7-virtme #1 Not tainted -------------------------------------------- mptcp_connect/20858 is trying to acquire lock: ff1100001da18b60 (&msk->fallback_lock){+.-.}-{3:3}, at: __mptcp_try_fallback+0xd8/0x280 but task is already holding lock: ff1100001da18b60 (&msk->fallback_lock){+.-.}-{3:3}, at: __mptcp_retrans+0x352/0xaa0 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&msk->fallback_lock); lock(&msk->fallback_lock); *** DEADLOCK *** May be due to missing lock nesting notation 3 locks held by mptcp_connect/20858: #0: ff1100001da18290 (sk_lock-AF_INET){+.+.}-{0:0}, at: mptcp_sendmsg+0x114/0x1bc0 #1: ff1100001db40fd0 (k-sk_lock-AF_INET#2){+.+.}-{0:0}, at: __mptcp_retrans+0x2cb/0xaa0 #2: ff1100001da18b60 (&msk->fallback_lock){+.-.}-{3:3}, at: __mptcp_retrans+0x352/0xaa0 stack backtrace: CPU: 0 UID: 0 PID: 20858 Comm: mptcp_connect Not tainted 6.18.0-rc7-virtme #1 PREEMPT(full) Hardware name: Bochs, BIOS Bochs 01/01/2011 Call Trace: <TASK> dump_stack_lvl+0x6f/0xa0 print_deadlock_bug.cold+0xc0/0xcd validate_chain+0x2ff/0x5f0 __lock_acquire+0x34c/0x740 lock_acquire.part.0+0xbc/0x260 _raw_spin_lock_bh+0x38/0x50 __mptcp_try_fallback+0xd8/0x280 mptcp_sendmsg_frag+0x16c2/0x3050 __mptcp_retrans+0x421/0xaa0 mptcp_release_cb+0x5aa/0xa70 release_sock+0xab/0x1d0 mptcp_sendmsg+0xd5b/0x1bc0 sock_write_iter+0x281/0x4d0 new_sync_write+0x3c5/0x6f0 vfs_write+0x65e/0xbb0 ksys_write+0x17e/0x200 do_syscall_64+0xbb/0xfd0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 RIP: 0033:0x7fa5627cbc5e Code: 4d 89 d8 e8 14 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 13 ff ff ff 0f 1f 00 f3 0f 1e fa RSP: 002b:00007fff1fe14700 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fa5627cbc5e RDX: 0000000000001f9c RSI: 00007fff1fe16984 RDI: 0000000000000005 RBP: 00007fff1fe14710 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff1fe16920 R13: 0000000000002000 R14: 0000000000001f9c R15: 0000000000001f9c The packet scheduler could attempt a reinjection after receiving an MP_FAIL and before the infinite map has been transmitted, causing a deadlock since MPTCP needs to do the reinjection atomically from WRT fallback.

Linux Code Injection Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71125 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tracing: Do not register unsupported perf events Synthetic events currently do not have a function to register perf events.

Linux Debian Null Pointer Dereference Denial Of Service Linux Kernel +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71124 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: move preempt_prepare_postamble after error check Move the call to preempt_prepare_postamble() after verifying that preempt_postamble_ptr is valid.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71122 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED syzkaller found it could overflow math in the test infrastructure and cause a WARN_ON by corrupting the reserved interval tree.

Linux Buffer Overflow Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71121 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: parisc: Do not reprogram affinitiy on ASP chip The ASP chip is a very old variant of the GSP chip and is used e.g. in HP 730 workstations.

Linux Denial Of Service HP Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71119 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: powerpc/kexec: Enable SMT before waking offline CPUs If SMT is disabled or a partial SMT state is enabled, when a new kernel image is loaded for kexec, on reboot the following warning is observed: kexec: Waking offline cpu 228.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Signature threshold validation bypass in go-tuf versions 2.0.0 through 2.3.0 allows a compromised or misconfigured TUF repository to disable signature verification by setting thresholds to zero, enabling attackers to tamper with metadata files without detection. This affects systems relying on go-tuf for secure software update verification, potentially allowing unauthorized modifications to trusted metadata both at rest and in transit. A patch is available in version 2.3.1.

Golang Go Tuf Red Hat +1
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

go-tuf is a Go implementation of The Update Framework (TUF). [CVSS 5.9 MEDIUM]

Golang Denial Of Service Go Tuf +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Seroval versions 1.4.0 and below are vulnerable to denial of service through malformed deserialization payloads that specify excessively large array lengths, causing the parsing process to consume excessive CPU resources and become unresponsive. An unauthenticated remote attacker can exploit this without user interaction by sending a crafted serialized object to any application using the vulnerable library. The vulnerability has been patched in version 1.4.1.

Deserialization Denial Of Service Red Hat +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

ImageMagick and Magick.NET versions 14.10.1 and below are vulnerable to denial of service attacks through a null pointer dereference in the MSL parser when processing malformed comment tags, exploitable by authenticated attackers without user interaction. Public exploit code exists for this vulnerability, and affected systems may crash or experience assertion failures depending on build configuration. No patch is currently available to address this medium-severity issue.

Null Pointer Dereference Denial Of Service Magick.Net +3
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Privilege escalation in openCryptoki 2.3.2+ allows token-group members to exploit insecure symlink handling in group-writable token directories, enabling file operations on arbitrary filesystem targets when the library runs with elevated privileges. An attacker with token-group membership can plant symlinks to redirect administrative operations, potentially leading to privilege escalation or unauthorized data access. A patch is available.

Linux Privilege Escalation Opencryptoki +2
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

The resolveSafeChildPath function in Backstage's backend-plugin-api prior to version 0.1.17 improperly validates symlink chains and dangling symlinks, allowing authenticated attackers to bypass path traversal protections used by Scaffolder actions and other backend components. An attacker with low privileges could exploit this to access files outside the intended directory boundaries by chaining intermediate symlinks or creating symlinks pointing to non-existent paths that are later materialized during file operations. This affects Backstage installations relying on the vulnerable path validation function for security isolation.

Path Traversal Red Hat
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Arbitrary code execution in Seroval versions 1.4.0 and below allows authenticated attackers to execute malicious JavaScript through improper deserialization handling in the fromJSON and fromCrossJSON functions. Exploitation requires multiple requests to the affected function and partial knowledge of runtime data usage, but grants full code execution capabilities. A patch is available in version 1.4.1 and later.

Deserialization Seroval Red Hat +1
NVD GitHub
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Seroval is affected by improperly controlled modification of object prototype attributes (prototype pollution) (CVSS 7.3).

Deserialization Seroval Red Hat +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative base64 alphabet" such as the URL safe alphabet. [CVSS 5.3 MEDIUM]

Python Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC This Week

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata [CVSS 7.5 HIGH]

Denial Of Service AI / ML Ollama +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder [CVSS 7.5 HIGH]

Denial Of Service AI / ML Ollama +2
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Apache Solr 8.6 through 9.10.0 in standalone mode fails to properly validate the "create core" API parameters, allowing authenticated users to bypass the allowPaths security restriction and access unauthorized filesystem locations. On Windows systems configured with UNC path support, this vulnerability can lead to NTLM credential hash disclosure. Affected deployments using the allowPaths setting are at risk of unauthorized core creation and information exposure.

Windows Apache Solr +1
NVD HeroDevs
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Unauthorized API access in Apache Solr 5.3.0 through 9.10.0 allows unauthenticated attackers to bypass the RuleBasedAuthorizationPlugin due to insufficient input validation in permission rule enforcement. This vulnerability affects only deployments using multiple roles with specific predefined permissions like config-read, config-edit, schema-read, metrics-read, or security-read without the "all" permission rule defined. Successful exploitation grants attackers unauthorized access to sensitive Solr APIs, potentially exposing configuration and security data.

Apache Solr Red Hat
NVD HeroDevs
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in the keycloak-services component of Keycloak. [CVSS 6.5 MEDIUM]

Authentication Bypass Red Hat
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Mysql Server contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 6.5).

Oracle MySQL MSSQL +4
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Mysql contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 4.9).

Oracle MySQL MSSQL +3
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 9.0.0-9.5.0. [CVSS 4.9 MEDIUM]

Oracle MySQL MSSQL +4
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.5.0. [CVSS 6.5 MEDIUM]

Oracle MySQL MSSQL +4
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.5.0. [CVSS 6.5 MEDIUM]

Oracle MySQL MSSQL +4
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. [CVSS 4.9 MEDIUM]

Oracle MySQL MSSQL +4
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. [CVSS 4.9 MEDIUM]

Oracle MySQL MSSQL +4
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Mysql Server contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 4.9).

Oracle MySQL MSSQL +4
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Mysql Cluster contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 4.9).

Oracle MySQL MSSQL +5
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Mysql Server contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 5.3).

Oracle MySQL MSSQL +4
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

Command Injection Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Node.js TLS servers using PSK or ALPN callbacks are vulnerable to denial of service when these callbacks throw unhandled synchronous exceptions during the TLS handshake. Remote attackers can exploit this by sending specially crafted TLS handshake requests to trigger resource exhaustion or process crashes, either through immediate termination or silent file descriptor leaks. No patch is currently available for this vulnerability.

Node.js TLS Denial Of Service +3
NVD
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Node.js has a CVSS 10.0 permission model bypass that allows Unix Domain Socket connections to completely bypass network restrictions when --allow-net is configured.

Node.js Privilege Escalation Node.Js +2
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

We have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when `async_hooks.createHook()` is enabled. Instead of reaching `process.on('uncaughtException')`, the process terminates, making the crash unrecoverable. [CVSS 7.5 HIGH]

Node.js Denial Of Service Node.Js +2
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A memory leak in Node.js’s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffer. [CVSS 7.5 HIGH]

Node.js OpenSSL TLS +4
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. [CVSS 5.3 MEDIUM]

Node.js Node.Js Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

NVIDIA Nsight Systems for Linux contains a vulnerability in the .run installer, where an attacker could cause an OS command injection by supplying a malicious string to the installation path. [CVSS 7.3 HIGH]

Linux Denial Of Service Privilege Escalation +4
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. [CVSS 7.3 HIGH]

Windows Denial Of Service Privilege Escalation +3
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the process_nsys_rep_cli.py script if the script is invoked manually. [CVSS 7.3 HIGH]

Denial Of Service Privilege Escalation Command Injection +3
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process. [CVSS 7.5 HIGH]

Information Disclosure Glibc Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Keycloak's OpenID Connect Dynamic Client Registration feature fails to validate jwks_uri values when clients authenticate via private_key_jwt, allowing attackers to redirect the server to arbitrary network endpoints. This enables reconnaissance and information disclosure attacks against internal services and cloud metadata endpoints accessible from the Keycloak server. No patch is currently available for this MEDIUM severity vulnerability.

Information Disclosure SSRF Red Hat
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

dr_flac, an audio decoder within the dr_libs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, allowing an attacker with a specially crafted file to perform DoS against programs using the tool. [CVSS 5.5 MEDIUM]

Integer Overflow Denial Of Service Red Hat
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's ANGLE graphics library prior to version 144.0.7559.59 can be triggered through a crafted HTML page, enabling remote attackers to execute arbitrary code without user interaction beyond visiting a malicious website. The vulnerability stems from a use-after-free memory flaw that affects all Chrome users, though no patch is currently available. With a CVSS score of 8.8 and minimal exploit complexity, this presents a significant risk to the browser's security model.

Use After Free Chrome Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Chrome Split View prior to 144.0.7559.59 has a UI spoofing vulnerability that allows remote attackers to display misleading content in the split view interface.

Google Chrome Red Hat +1
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Google Chrome prior to 144.0.7559.59 has insufficient policy enforcement in Network that allows attackers who obtained a network position to access sensitive data.

Google Chrome Red Hat +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Chrome versions up to 144.0.7559.59 is affected by user interface (ui) misrepresentation of critical information (CVSS 5.4).

Google Chrome Red Hat +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds memory read in Chrome's V8 JavaScript engine prior to version 144.0.7559.59 enables remote attackers to leak sensitive information through maliciously crafted web pages requiring only user interaction. The vulnerability affects all Chrome users and exposes high-impact confidentiality and integrity risks with no available patch at this time.

Chrome Google Red Hat +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Object corruption in Google Chrome's V8 engine prior to version 144.0.7559.59 can be triggered by remote attackers through malicious HTML pages, potentially leading to complete system compromise including unauthorized access, data modification, and denial of service. The vulnerability requires user interaction to exploit but does not require authentication or special privileges. No patch is currently available for affected users.

Google Chrome Red Hat +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds memory access in Chrome's V8 engine (versions prior to 144.0.7559.59) enables remote attackers to corrupt objects and potentially achieve code execution by delivering a malicious HTML page to users. The vulnerability requires user interaction but poses significant risk due to its high CVSS score (8.8) and impact on confidentiality, integrity, and availability. No patch is currently available.

Chrome Google Red Hat +1
NVD
EPSS 0% CVSS 8.6
HIGH POC PATCH This Week

Jaraco.context versions 5.2.0 through 6.0.x contain a path traversal vulnerability in the tarball() function that allows attackers to extract files outside the intended directory when processing malicious tar archives, with public exploit code available. The vulnerability exploits insufficient path validation that fails to properly filter directory traversal sequences like `../`, potentially enabling unauthorized file extraction and nested tarball attacks. This affects all users processing untrusted tar archives with the vulnerable versions.

Path Traversal Jaraco.Context Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Imagemagick versions up to 7.1.2-13 is affected by loop with unreachable exit condition (infinite loop) (CVSS 5.5).

Stack Overflow Imagemagick Red Hat +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

ImageMagick versions prior to 7.1.2-13 fail to properly initialize buffer elements in the BilateralBlurImage method, leading to invalid pointer dereference and potential denial of service when memory allocation fails. An attacker can exploit this through network vectors to crash affected applications or trigger undefined behavior with high complexity requirements. A patch is available in version 7.1.2-13 and later.

Information Disclosure Imagemagick Red Hat +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

ESPHome versions 2025.9.0 through 2025.12.6 are vulnerable to a denial-of-service attack via integer overflow in the API protobuf decoder, affecting all supported microcontroller platforms (ESP32, ESP8266, RP2040, LibreTiny). Unauthenticated attackers can crash ESPHome devices by sending specially crafted packets with large field length values to bypass bounds checking when API encryption is disabled. Upgrade to version 2025.12.7 or later to remediate.

Integer Overflow Denial Of Service Esphome +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

FreeRDP versions before 3.21.0 contain a buffer overflow in FastGlyph parsing where a malicious Remote Desktop server can crash the client by sending specially crafted glyph data that bypasses length validation. A remote attacker can exploit this vulnerability without authentication to cause denial of service, and public exploit code exists. The vulnerability affects FreeRDP clients connecting to untrusted or compromised RDP servers, with no patch currently available for most deployments.

Buffer Overflow Denial Of Service Freerdp +2
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

CakePHP versions prior to 5.2.12 and 5.3.1 contain a stored cross-site scripting vulnerability in the PaginatorHelper::limitControl() method that allows unauthenticated attackers to inject malicious scripts through query string parameters. An attacker can exploit this to steal session cookies, perform unauthorized actions, or redirect users to malicious sites. The vulnerability requires user interaction to trigger but affects all installations using the vulnerable PaginatorHelper component.

Red Hat Cakephp
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow. [CVSS 8.1 HIGH]

Buffer Overflow Heap Overflow Integer Overflow +2
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

In OpenSC pam_pkcs11 before 0.6.13, pam_sm_authenticate() wrongly returns PAM_IGNORE in many error situations (such as an error triggered by a smartcard before login), allowing authentication bypass. [CVSS 6.7 MEDIUM]

Authentication Bypass Red Hat Suse
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash. [CVSS 7.1 HIGH]

Integer Overflow Denial Of Service Red Hat +1
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Denial of service in Traefik versions prior to 2.11.35 and 3.6.7 allows unauthenticated remote attackers to exhaust server resources by establishing incomplete ACME TLS-ALPN connections and leaving them open indefinitely. An attacker can send minimal ClientHello messages with the acme-tls/1 protocol and cease responding, causing goroutines and file descriptors to be held until the entry point becomes unavailable. The vulnerability affects systems with ACME TLS challenge enabled.

Golang TLS Denial Of Service +3
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Stack memory disclosure in GNU C Library versions 2.0-2.42 allows unauthenticated remote attackers to leak sensitive stack contents via crafted DNS queries when getnetbyaddr functions are configured to use the DNS backend for network lookups. This vulnerability affects systems running vulnerable Glibc and DNS resolver combinations, with no available patch currently released.

DNS Glibc Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

Improper URI path normalization in Vert.x Web's static file handler allows remote attackers to manipulate the cache and deny access to static files through specially crafted request URIs containing encoded path traversal sequences. An unauthenticated attacker can exploit this vulnerability over the network with no user interaction to cause denial of service by returning HTTP 404 responses for normally accessible files. Public exploit code exists and patches are available.

Github Vert.X Web Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

An SSR XSS exists in async hydration when attacker‑controlled keys are passed to hydratable. The key is embedded inside a <script> block without HTML‑safe escaping, allowing </script> to terminate the script and inject arbitrary JavaScript. [CVSS 6.1 MEDIUM]

XSS Svelte Red Hat
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

Denial of service in Wireshark 4.6.0-4.6.2 and 4.4.0-4.4.12 can be triggered through a malformed SOME/IP-SD protocol packet, causing the application to crash. Public exploit code exists for this vulnerability, and affected users should avoid opening untrusted packet captures until a patch is available.

Denial Of Service Wireshark Red Hat +1
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service [CVSS 5.5 MEDIUM]

Denial Of Service Wireshark Red Hat +1
NVD
EPSS 0% CVSS 4.7
MEDIUM POC PATCH This Month

HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service [CVSS 4.7 MEDIUM]

Denial Of Service Wireshark Red Hat +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Wireshark versions 4.4.0-4.4.12 and 4.6.0-4.6.2 crash when processing malformed IEEE 802.11 wireless packets, enabling a remote denial of service attack that requires user interaction to view the malicious traffic. An attacker can exploit this out-of-bounds write vulnerability by crafting a specially formatted packet, causing the application to become unavailable without requiring authentication. No patch is currently available for this issue.

Denial Of Service Wireshark Red Hat +1
NVD
EPSS 0% CVSS 8.4
HIGH POC PATCH This Week

Glibc versions 2.30 through 2.42 contain an integer overflow in the memalign function family that allows attackers with control over both size and alignment parameters to trigger heap corruption. Public exploit code exists for this vulnerability, which requires carefully crafted inputs with alignment values between 2^62+1 and 2^63 paired with sizes near PTRDIFF_MAX. Local attackers exploiting this flaw could achieve code execution or denial of service on affected systems.

Buffer Overflow Integer Overflow Glibc +2
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Undici versions up to 7.18.0 is affected by allocation of resources without limits or throttling (CVSS 5.9).

Node.js Undici Red Hat +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

FreeRDP IRP thread handler has a use-after-free where the IRP is freed by Complete() then accessed on the error path. Fixed in 3.20.1.

Use After Free Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

Heap use-after-free in FreeRDP versions before 3.20.1 stems from unsynchronized access to serial channel thread tracking structures, allowing remote attackers to trigger memory corruption and achieve code execution. The vulnerability affects systems using vulnerable FreeRDP versions for remote desktop connections and has public exploit code available. No patch is currently available, requiring users to upgrade to version 3.20.1 or later.

Race Condition Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

FreeRDP drive read heap overflow when server-controlled read length exceeds IRP output buffer. Fixed in 3.20.1. PoC available.

Buffer Overflow Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

FreeRDP client before 3.20.1 has a heap buffer overflow in AUDIN format processing. A malicious RDP server can corrupt memory and crash the client. PoC available.

Memory Corruption Denial Of Service Freerdp +2
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

FreeRDP versions prior to 3.20.1 contain a race condition between the RDPGFX virtual channel and SDL rendering threads that enables heap use-after-free when graphics are reset. Public exploit code exists for this vulnerability, allowing attackers to crash the application or potentially execute code in industrial control systems and other environments using vulnerable FreeRDP implementations. A patch is not currently available, leaving affected systems exposed until an update is released.

Industrial Use After Free Race Condition +3
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

FreeImage 3.18.0 has a use-after-free in the TARGA plugin's loadRLE function. Processing a malicious TGA file can lead to code execution. PoC available.

Use After Free Freeimage Red Hat +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure context reset on disconnect() After the blamed commit below, if the MPC subflow is already in TCP_CLOSE status or has fallback to TCP at mptcp_disconnect() time, mptcp_do_fastclose() skips setting the `send_fastclose flag` and the later __mptcp_close_ssk() does not reset anymore the related subflow context. [CVSS 5.5 MEDIUM]

Linux Linux Kernel Red Hat +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: clk: samsung: exynos-clkout: Assign .num before accessing .hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs the bounds sanitizer (UBSAN_BOUNDS) about the number of elements in .hws[], so that it can warn when .hws[] is accessed out of bounds.

Linux Samsung Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: cpuset: fix warning when disabling remote partition A warning was triggered as follows: WARNING: kernel/cgroup/cpuset.c:1651 at remote_partition_disable+0xf7/0x110 RIP: 0010:remote_partition_disable+0xf7/0x110 RSP: 0018:ffffc90001947d88 EFLAGS: 00000206 RAX: 0000000000007fff RBX: ffff888103b6e000 RCX: 0000000000006f40 RDX: 0000000000006f00 RSI: ffffc90001947da8 RDI: ffff888103b6e000 RBP: ffff888103b6e000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000001 R11: ffff88810b2e2728 R12: ffffc90001947da8 R13: 0000000000000000 R14: ffffc90001947da8 R15: ffff8881081f1c00 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f55c8bbe0b2 CR3: 000000010b14c000 CR4: 00000000000006f0 Call Trace: <TASK> update_prstate+0x2d3/0x580 cpuset_partition_write+0x94/0xf0 kernfs_fop_write_iter+0x147/0x200 vfs_write+0x35d/0x500 ksys_write+0x66/0xe0 do_syscall_64+0x6b/0x390 entry_SYSCALL_64_after_hwframe+0x4b/0x53 RIP: 0033:0x7f55c8cd4887 Reproduction steps (on a 16-CPU machine): # cd /sys/fs/cgroup/ # mkdir A1 # echo +cpuset > A1/cgroup.subtree_control # echo "0-14" > A1/cpuset.cpus.exclusive # mkdir A1/A2 # echo "0-14" > A1/A2/cpuset.cpus.exclusive # echo "root" > A1/A2/cpuset.cpus.partition # echo 0 > /sys/devices/system/cpu/cpu15/online # echo member > A1/A2/cpuset.cpus.partition When CPU 15 is offlined, subpartitions_cpus gets cleared because no CPUs remain available for the top_cpuset, forcing partitions to share CPUs with the top_cpuset.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/tilcdc: Fix removal actions in case of failed probe The drm_kms_helper_poll_fini() and drm_atomic_helper_shutdown() helpers should only be called when the device has been successfully registered.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: kernel/kexec: fix IMA when allocation happens in CMA area *** Bug description *** When I tested kexec with the latest kernel, I ran into the following warning: [ 40.712410] ------------[ cut here ]------------ [ 40.712576] WARNING: CPU: 2 PID: 1562 at kernel/kexec_core.c:1001 kimage_map_segment+0x144/0x198 [...] [ 40.816047] Call trace: [ 40.818498] kimage_map_segment+0x144/0x198 (P) [ 40.823221] ima_kexec_post_load+0x58/0xc0 [ 40.827246] __do_sys_kexec_file_load+0x29c/0x368 [...] [ 40.855423] ---[ end trace 0000000000000000 ]--- *** How to reproduce *** This bug is only triggered when the kexec target address is allocated in the CMA area.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add missing NULL pointer check for pingpong interface It is checked almost always in dpu_encoder_phys_wb_setup_ctl(), but in a single place the check is missing.

Linux Null Pointer Dereference Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" This patch ensures that the RX ring size (rx_pending) is not set below the permitted length.

Linux Buffer Overflow Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() It's possible for cp_read() and hdmi_read() to return -EIO. Those values are further used as indexes for accessing arrays.

Linux Buffer Overflow Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() The variable mddev->private is first assigned to conf and then checked: conf = mddev->private; if (!conf) ...

Linux Null Pointer Dereference Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: change all pageblocks migrate type on coalescing When a page is freed it coalesces with a buddy into a higher order page while possible.

Linux Information Disclosure IBM +3
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: avoid invalid read in irdma_net_event irdma_net_event() should not dereference anything from "neigh" (alias "ptr") until it has checked that the event is NETEVENT_NEIGH_UPDATE.

Linux Buffer Overflow Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: smc91x: fix broken irq-context in PREEMPT_RT When smc91x.c is built with PREEMPT_RT, the following splat occurs in FVP_RevC: [ 13.055000] smc91x LNRO0003:00 eth0: link up, 10Mbps, half-duplex, lpa 0x0000 [ 13.062137] BUG: workqueue leaked atomic, lock or RCU: kworker/2:1[106] [ 13.062137] preempt=0x00000000 lock=0->0 RCU=0->1 workfn=mld_ifc_work [ 13.062266] C ** replaying previous printk message ** [ 13.062266] CPU: 2 UID: 0 PID: 106 Comm: kworker/2:1 Not tainted 6.18.0-dirty #179 PREEMPT_{RT,(full)} [ 13.062353] Hardware name: , BIOS [ 13.062382] Workqueue: mld mld_ifc_work [ 13.062469] Call trace: [ 13.062494] show_stack+0x24/0x40 (C) [ 13.062602] __dump_stack+0x28/0x48 [ 13.062710] dump_stack_lvl+0x7c/0xb0 [ 13.062818] dump_stack+0x18/0x34 [ 13.062926] process_scheduled_works+0x294/0x450 [ 13.063043] worker_thread+0x260/0x3d8 [ 13.063124] kthread+0x1c4/0x228 [ 13.063235] ret_from_fork+0x10/0x20 This happens because smc_special_trylock() disables IRQs even on PREEMPT_RT, but smc_special_unlock() does not restore IRQs on PREEMPT_RT.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer Initialize the eb.vma array with values of 0 when the eb structure is first set up.

Linux Null Pointer Dereference Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Sign extend kfunc call arguments The kfunc calls are native calls so they should follow LoongArch calling conventions. Sign extend its arguments properly to avoid kernel panic.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: erspan: Initialize options_len before referencing options. The struct ip_tunnel_info has a flexible array member named options that is protected by a counted_by(options_len) attribute.

Linux Buffer Overflow Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Discard Beacon frames to non-broadcast address Beacon frames are required to be sent to the broadcast address, see IEEE Std 802.11-2020, 11.1.3.1 ("The Address 1 field of the Beacon ..

Linux Authentication Bypass Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mptcp: avoid deadlock on fallback while reinjecting Jakub reported an MPTCP deadlock at fallback time: WARNING: possible recursive locking detected 6.18.0-rc7-virtme #1 Not tainted -------------------------------------------- mptcp_connect/20858 is trying to acquire lock: ff1100001da18b60 (&msk->fallback_lock){+.-.}-{3:3}, at: __mptcp_try_fallback+0xd8/0x280 but task is already holding lock: ff1100001da18b60 (&msk->fallback_lock){+.-.}-{3:3}, at: __mptcp_retrans+0x352/0xaa0 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&msk->fallback_lock); lock(&msk->fallback_lock); *** DEADLOCK *** May be due to missing lock nesting notation 3 locks held by mptcp_connect/20858: #0: ff1100001da18290 (sk_lock-AF_INET){+.+.}-{0:0}, at: mptcp_sendmsg+0x114/0x1bc0 #1: ff1100001db40fd0 (k-sk_lock-AF_INET#2){+.+.}-{0:0}, at: __mptcp_retrans+0x2cb/0xaa0 #2: ff1100001da18b60 (&msk->fallback_lock){+.-.}-{3:3}, at: __mptcp_retrans+0x352/0xaa0 stack backtrace: CPU: 0 UID: 0 PID: 20858 Comm: mptcp_connect Not tainted 6.18.0-rc7-virtme #1 PREEMPT(full) Hardware name: Bochs, BIOS Bochs 01/01/2011 Call Trace: <TASK> dump_stack_lvl+0x6f/0xa0 print_deadlock_bug.cold+0xc0/0xcd validate_chain+0x2ff/0x5f0 __lock_acquire+0x34c/0x740 lock_acquire.part.0+0xbc/0x260 _raw_spin_lock_bh+0x38/0x50 __mptcp_try_fallback+0xd8/0x280 mptcp_sendmsg_frag+0x16c2/0x3050 __mptcp_retrans+0x421/0xaa0 mptcp_release_cb+0x5aa/0xa70 release_sock+0xab/0x1d0 mptcp_sendmsg+0xd5b/0x1bc0 sock_write_iter+0x281/0x4d0 new_sync_write+0x3c5/0x6f0 vfs_write+0x65e/0xbb0 ksys_write+0x17e/0x200 do_syscall_64+0xbb/0xfd0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 RIP: 0033:0x7fa5627cbc5e Code: 4d 89 d8 e8 14 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 13 ff ff ff 0f 1f 00 f3 0f 1e fa RSP: 002b:00007fff1fe14700 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fa5627cbc5e RDX: 0000000000001f9c RSI: 00007fff1fe16984 RDI: 0000000000000005 RBP: 00007fff1fe14710 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff1fe16920 R13: 0000000000002000 R14: 0000000000001f9c R15: 0000000000001f9c The packet scheduler could attempt a reinjection after receiving an MP_FAIL and before the infinite map has been transmitted, causing a deadlock since MPTCP needs to do the reinjection atomically from WRT fallback.

Linux Code Injection Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tracing: Do not register unsupported perf events Synthetic events currently do not have a function to register perf events.

Linux Debian Null Pointer Dereference +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: move preempt_prepare_postamble after error check Move the call to preempt_prepare_postamble() after verifying that preempt_postamble_ptr is valid.

Linux Null Pointer Dereference Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED syzkaller found it could overflow math in the test infrastructure and cause a WARN_ON by corrupting the reserved interval tree.

Linux Buffer Overflow Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: parisc: Do not reprogram affinitiy on ASP chip The ASP chip is a very old variant of the GSP chip and is used e.g. in HP 730 workstations.

Linux Denial Of Service HP +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: powerpc/kexec: Enable SMT before waking offline CPUs If SMT is disabled or a partial SMT state is enabled, when a new kernel image is loaded for kexec, on reboot the following warning is observed: kexec: Waking offline cpu 228.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
Prev Page 36 of 96 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy