Skip to main content

Suse

9341 CVEs vendor

Monthly

CVE-2026-43120 HIGH PATCH This Week

Double-free memory corruption in Linux kernel RDMA/irdma driver allows local authenticated users to cause denial of service or potentially escalate privileges. The vulnerability occurs during memory region re-registration (rereg_user_mr) when IB_MR_REREG_TRANS flag is set: if umem allocation succeeds but subsequent steps fail, the umem is freed without nulling the pointer, leading to double-free when userspace calls ibv_dereg_mr. Vendor patches available across multiple stable kernel branches (6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0). EPSS score of 0.02% (5th percentile) indicates very low probability of exploitation in the wild, with no active exploitation confirmed (not in CISA KEV).

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43119 MEDIUM PATCH This Month

Data race conditions in the Linux kernel Bluetooth subsystem allow local authenticated attackers to cause denial of service by triggering concurrent access to hdev->req_status without proper synchronization. The vulnerability exists in the HCI synchronous command processing path where __hci_cmd_sync_sk() and multiple other functions access the same variable across different workqueues without holding locks, potentially causing memory corruption or system hangs.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43118 MEDIUM PATCH This Month

Data corruption in Linux kernel btrfs filesystem log replay allows local authenticated attackers to cause files to retain incorrect sizes after crash recovery. When a file is truncated to zero bytes, fssynced, and then a hardlink is created, the file incorrectly retains its pre-truncation size after a power failure and log replay, resulting in data integrity violation with availability impact.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43115 MEDIUM PATCH This Month

Denial of service in Linux kernel tiny SRCU (Synchronize-RCU) subsystem allows local authenticated attackers to trigger a system hang or crash by invoking call_srcu() while holding scheduler locks, causing a circular lock dependency and potential deadlock. The vulnerability affects kernel versions before 6.19.14 and 7.0, with EPSS score of 0.02% indicating low real-world exploitation probability despite moderate CVSS severity.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43108 MEDIUM PATCH This Month

A denial of service vulnerability in the Linux kernel's Qualcomm PD mapper service registry causes system crashes due to mismatched string element length validation in servreg_loc_pfr_req_ei. When a process daemon crashes and triggers a service registry location request, the QMI decoder rejects the reason field because its declared maximum length (65 bytes) is smaller than the actual field size (81 bytes), causing a decoding error and system halt. This affects all Linux kernel versions prior to the patch, triggered by local processes with standard user privileges.

Denial Of Service Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43107 MEDIUM PATCH This Month

Denial of service in Linux kernel xfrm (IPsec transform) subsystem allows local authenticated attackers to trigger a kernel panic via improper netlink message size calculation when handling XFRM_MSG_GETAE requests for states with interface ID set. The xfrm_aevent_msgsize() function fails to account for XFRMA_IF_ID attribute space, causing build_aevent() to exceed buffer bounds and hit a BUG_ON assertion, resulting in kernel crash. EPSS exploitation probability is very low at 0.02% despite the local attack vector, suggesting limited real-world impact.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43106 HIGH PATCH This Week

A reference counting error in Linux kernel's cachefiles subsystem allows local authenticated users to trigger memory corruption and potentially escalate privileges. The vulnerability stems from cachefiles_cull() passing a dentry with insufficient reference count to cachefiles_bury_object(), causing a use-after-free condition. With CVSS 7.8 (high severity) but only 0.02% EPSS exploitation probability (5th percentile), this represents a kernel memory safety issue requiring local access with low attack complexity. Patches available in stable kernel versions 6.19.14 and 7.0.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43102 MEDIUM PATCH This Month

Memory leak in the Airoha QDMA RX packet processing function allows local authenticated attackers to cause a denial of service through resource exhaustion. The vulnerability occurs when page pool fragments fail to properly return to the pool during error handling in airoha_qdma_rx_process(), allowing an attacker with local access and low privileges to exhaust kernel memory and crash the system. EPSS exploitation probability is extremely low at 0.02%, reflecting the local-only attack vector and privilege requirement.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43101 HIGH PATCH This Week

NULL pointer dereferences in Linux kernel's IPv6 IOAM (In-situ Operations, Administration, and Maintenance) trace data handling cause denial of service when network packets trigger the vulnerable code path. Affects Linux kernel 5.15 through 6.19.14 and mainline branches. Despite CVSS 7.5 High severity with network vector and no authentication, EPSS exploitation probability is very low (0.02%, 4th percentile), and no active exploitation or public POC is identified at time of analysis. Vendor patches available via stable kernel commits.

Linux Denial Of Service Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-43100 MEDIUM PATCH This Month

Null pointer dereference in Linux kernel bridge VLAN filtering code allows local authenticated attackers to trigger a denial of service via a crafted RTM_NEWLINK netlink message with BR_BOOLOPT_FDB_LOCAL_VLAN_0 flag when CONFIG_BRIDGE_VLAN_FILTERING is disabled. The vulnerability occurs because br_fdb_delete_locals_per_vlan_port() and br_fdb_insert_locals_per_vlan_port() dereference a NULL vlan group pointer without validation, causing a kernel panic. No public exploit code identified at time of analysis.

Canonical Denial Of Service Null Pointer Dereference Linux Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43097 HIGH PATCH This Week

Double-free vulnerability in the Linux kernel PCI Hyper-V driver allows local authenticated users to trigger kernel memory corruption and potentially escalate privileges. The flaw occurs in hv_pci_probe() error handling where ida_free() is called twice on the same domain number, leading to memory allocator corruption. Patches released in kernel 6.19.14 and 7.0 fix the issue by removing the redundant ida_free call. EPSS score of 0.02% indicates low exploitation probability in the wild, and no public exploit or KEV listing identified at time of analysis.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43096 MEDIUM PATCH This Month

Infinite vCPU fault loop in the Linux kernel's mshv (Microsoft Hypervisor) subsystem allows a local guest VM process to permanently spin a host vCPU thread, exhausting host CPU resources. The flaw exists in mshv_handle_gpa_intercept(), which unconditionally attempts page remaps on all movable-memory faults regardless of access permission - when a guest writes to a read-only Guest Physical Address region, the remap succeeds but the region retains its read-only designation, causing an immediate re-fault in a tight loop. Affected kernel versions run from commit b9a66cd5ccbb9fade15d0e427e19470d8ad35b75 through the fix commits; patched releases 6.19.14 and 7.0 are available. No public exploit has been identified and EPSS is 0.01%, consistent with the local, hypervisor-specific attack surface.

Linux Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43095 MEDIUM PATCH This Month

Linux kernel ASoC SDCA subsystem crashes on sound card teardown due to IRQ lifecycle mismanagement, causing a local denial of service. IRQ handlers registered via devm_request_threaded_irq() during component probe retain stale references to freed card and kcontrol structures after the sound card is torn down, resulting in null or dangling pointer dereferences and kernel panic. Exploitation requires local low-privilege access and SDCA-capable audio hardware; no public exploit exists and EPSS is extremely low at 0.02% (5th percentile).

Linux Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43092 MEDIUM PATCH This Month

The AF_XDP socket subsystem (xsk) in the Linux kernel fails to validate that a network device's MTU fits within the usable UMEM frame space at bind time, allowing a local low-privileged user to trigger a kernel denial of service. Usable frame space - chunk size minus headroom and tailroom - can fall below a standard 1500-byte MTU when 2k chunks are used, a gap that became exploitable once tailroom subtraction was introduced. The kernel also omits validation of hardware zero-copy capabilities via net_device::xdp_zc_max_segs. No public exploit has been identified and EPSS is 0.02% (5th percentile), indicating low immediate exploitation risk.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43090 MEDIUM PATCH This Month

Reference count leak in the Linux kernel's xfrm IPsec subsystem allows a local low-privileged attacker to exhaust kernel memory, resulting in denial of service. The defect resides in xfrm_migrate_policy_find(), where xfrm_pol_hold_rcu() is called twice - once implicitly by the lookup path (which already returns a held reference) and once redundantly - creating a refcount imbalance that prevents memory reclamation. Discovered by the Linux Verification Center using Syzkaller fuzzing; no public exploit identified at time of analysis, and EPSS is very low at 0.02% (5th percentile), indicating minimal observed exploitation activity.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43089 MEDIUM PATCH This Month

Uninitialized kernel memory is leaked to userspace through the xfrm_user subsystem's build_mapping() function in the Linux Kernel, where a one-byte compiler padding hole in struct xfrm_usersa_id after the proto field is never zeroed before the structure is copied across the kernel/userspace boundary. Authenticated local users with access to XFRM netlink interfaces can read this stale padding byte, potentially extracting kernel stack or heap fragments usable as an information disclosure primitive. No public exploit exists and EPSS is 0.02% (5th percentile), indicating negligible real-world exploitation probability at this time.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43088 MEDIUM PATCH This Month

Linux kernel PF_KEY IPSEC key management exports leak uninitialized kernel memory via SADB_ACQUIRE, SADB_X_NAT_T_NEW_MAPPING, and SADB_X_MIGRATE messages, allowing local authenticated users to disclose sensitive kernel memory. EPSS score of 0.02% (percentile 5%) indicates minimal real-world exploitation despite patch availability. The 4-byte information leak per message could enable ASLR bypass and kernel address disclosure attacks.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43087 MEDIUM PATCH This Month

Kernel crash in the Linux pinctrl mcp23s08 driver triggers a NULL pointer dereference during device probe when an MCP23S08/MCP23008 GPIO expander retains non-zero interrupt-on-change state across a warm reboot. The crash occurs because the driver's IRQ handler fires against pins whose nested IRQ handlers have not yet been registered, causing an unhandled kernel oops and system denial of service. Exploitation is local and device-specific; no public exploit identified at time of analysis, and EPSS remains at 0.02% (5th percentile) consistent with no observed in-the-wild triggering.

Linux Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43086 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel IPVS subsystem causes a kernel panic during IPVS service creation failure cleanup, resulting in a full host denial of service. Affected kernels from 6.2 onward contain a logic error in ip_vs_add_service() where a successful scheduler bind sets the local sched variable to NULL; if ip_vs_start_estimator() subsequently fails, the error path calls ip_vs_unbind_scheduler() with that NULL pointer, dereferencing offset 0x30 and triggering a general protection fault. Exploitation requires local authenticated access with CAP_NET_ADMIN privileges; no public exploit is identified and EPSS is 0.02%, indicating very low exploitation probability.

Linux Null Pointer Dereference Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43085 MEDIUM PATCH This Month

Kernel heap memory disclosure in Linux netfilter's nfnetlink_log subsystem exposes four bytes of stale kernel memory to unprivileged local userspace processes when NFLOG batch mode is active. The flaw exists in __nfulnl_send(), which appends an NLMSG_DONE terminator using nlmsg_put() - a helper that zero-pads alignment bytes but does not initialize the nfgenmsg payload itself - resulting in uninitialized kernel heap data transmitted to any userspace NFLOG consumer. No public exploit code exists and no active exploitation has been confirmed; however, CVSS vector AV:L/AC:L/PR:L signals that low-privileged local users can reliably trigger the leak without any special conditions beyond NFLOG batching being in use.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43082 MEDIUM PATCH This Month

Denial-of-service via off-by-one allocation in the Linux kernel txgbe network driver allows a local low-privileged user to crash the kernel on systems hosting Wangxun 10GbE NICs. The driver allocates property_entry struct lists without reserving the mandatory null-terminator sentinel slot, meaning kernel subsystems iterating over the list read beyond allocated memory bounds. No active exploitation has been identified and EPSS is extremely low (0.02%, 5th percentile), but patches are available across multiple stable kernel branches including 6.6.136, 6.12.83, 6.18.24, 6.19.14, and 7.0.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43081 MEDIUM PATCH This Month

Incorrect GENERIC_CMD register field masks in the Linux kernel's IPA (IP Accelerator) network driver for IPA v5.0+ hardware trigger a kernel WARN when a 'stop' command is sent to the MPSS (Modem Processor SubSystem) remoteproc while IPA is active. This availability-only vulnerability (CVSS C:N/I:N/A:H) affects authenticated local users on systems with Qualcomm IPA v5.0+ silicon. No public exploit exists and no KEV listing is present; with an EPSS of 0.02% this is a low-urgency stability fix rather than an active threat.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43080 MEDIUM PATCH This Month

Integer overflow in the Linux kernel's l2tp subsystem allows a local low-privileged attacker to cause a denial of service by sending oversized packets through a PPPoL2TP socket with UDP encapsulation. In l2tp_xmit_core() (net/l2tp/l2tp_core.c:1293), the UDP length field - constrained to 16 bits - is assigned a packet length value without any bounds check, silently truncating values exceeding 65535 bytes and producing malformed UDP frames on the wire or triggering a kernel WARN. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but a syzbot reproducer is publicly documented in the upstream patch discussion.

Linux Debian Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43079 MEDIUM PATCH This Month

Out-of-bounds array write in the Linux kernel's Intel uncore PMU driver (`perf/x86/intel/uncore`) causes denial of service on affected Intel multi-die x86 systems. The driver fails to skip discovery table parsing for dies whose CPUs are all offline at boot, allowing the assignment `pmu->boxes[die] = box` in `uncore_pci_pmu_register()` to overflow the boxes array, triggering a kernel WARN or potential memory corruption. Exploitation requires local low-privilege access under a specific hardware and boot configuration; no public exploit exists and EPSS is 0.02%, indicating negligible real-world exploitation likelihood.

Linux Intel Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43077 MEDIUM PATCH This Month

Local denial-of-service in the Linux kernel's AEAD crypto socket interface (`algif_aead`) allows a low-privileged local user to crash the kernel by submitting a decryption request where the minimum receive buffer size check fails to account for the authentication tag length. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms this is a locally exploitable, high-availability-impact issue with no confidentiality or integrity risk. Patches have been released across multiple Linux LTS stable branches (5.10.254, 5.15.204, 6.1.170, 6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0) and Ubuntu has issued multiple USN advisories (USN-8277-1 through USN-8281-1). No public exploit code has been identified and EPSS is 0.02%, indicating no public exploitation activity.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-35254 MEDIUM PATCH This Month

Oracle OCI CLI version 3.77 allows local attackers with user interaction to place imported files outside the intended directory, compromising file integrity and enabling potential code execution or data exfiltration. The vulnerability requires local access and user interaction but carries high integrity impact through arbitrary file placement. No active exploitation or public exploit code has been identified at the time of analysis.

Oracle Path Traversal Suse
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-23928 HIGH PATCH This Week

Stored cross-site scripting (XSS) in Zabbix 6.0-7.4 allows authenticated attackers with high privileges to inject malicious JavaScript via monitored host data that executes when other users view dashboards containing Item history widgets (7.0+) or Plain text widgets (6.0). The attack requires the attacker to control a monitored host and the victim to open a dashboard with HTML display enabled in the affected widget. CVSS 7.3 reflects high impact but requires specific preconditions: high-privilege access (PR:H), user interaction (UI:P), and precise attack timing (AT:P). No CISA KEV listing or public exploit identified at time of analysis, with low immediate exploitation risk given the privilege requirements.

XSS Zabbix Suse
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-23926 HIGH POC PATCH This Week

Stored Cross-Site Scripting (XSS) in Zabbix 7.0.x and 7.4.x allows authenticated administrators with non-super privileges to inject JavaScript payloads into maintenance period configurations. The malicious code executes when any user, including super admins, hovers over the affected maintenance period in the Host navigator widget tooltip, enabling session hijacking, credential theft, or unauthorized administrative actions with the victim's elevated privileges. Attack complexity is low and requires only user interaction (hovering), though exploit execution depends on victim access patterns. No public exploit code or active exploitation confirmed at time of analysis.

XSS Suse
NVD VulDB GitHub
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-44166 Go MEDIUM POC PATCH GHSA This Month

PocketBase versions before 0.22.42 and 0.30.0-0.37.3 allow account pre-hijacking via OAuth2 autolinking, where an attacker knowing a victim's email can create an unverified account linked to one OAuth2 provider, then retain access when the victim authenticates with a different provider and the accounts are auto-merged, because previous OAuth2 links are not cleared during the upgrade from unverified to verified status. Publicly available exploit code exists; vendor recommends immediate upgrade to v0.37.4 or v0.22.42.

Authentication Bypass Suse
NVD GitHub VulDB
CVSS 4.0
6.1
EPSS
0.0%
CVE-2026-42304 PyPI HIGH PATCH GHSA This Week

Remote denial of service in Twisted's DNS name decompression (twisted.names module) allows unauthenticated attackers to freeze the single-threaded reactor by sending a crafted TCP DNS packet with deeply chained compression pointers and thousands of questions. Publicly available exploit code exists. Despite high CVSS score (7.5), real-world impact is limited to applications using the twisted.names DNS server-not the broader Twisted framework. Vendor-released patch available in version 26.4.0rc2.

Denial Of Service Python Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-42285 Go HIGH PATCH GHSA This Week

GoBGP v4.4.0 crashes with SIGSEGV panic when an unauthenticated remote BGP peer sends malformed UPDATE messages with inconsistent attribute lengths. The nil pointer dereference in AdjRib.Update (adj.go:127) causes complete process termination and loss of BGP service. Publicly available exploit code exists (POC in GitHub advisory GHSA-p3w2-64xm-833j). Vendor-released patch available in v4.5.0. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) reflects the trivial remote exploitation of critical network infrastructure with no mitigating factors.

Denial Of Service Null Pointer Dereference Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-39402 MEDIUM PATCH This Month

Authorization bypass in LXC's setuid helper lxc-user-nic allows unprivileged users to delete OpenVSwitch-attached network interfaces belonging to other users. The vulnerability exists in the find_line() function's interface name comparison logic, which sets an authorization flag based on name match alone without re-verifying ownership, enabling a tenant to cause denial of service by disconnecting containers on shared infrastructure. This affects multi-tenant deployments using lxc-user-nic with OpenVSwitch bridges and is patched in LXC 7.0.0.

Authentication Bypass Denial Of Service Suse
NVD GitHub VulDB
CVSS 4.0
4.3
EPSS
0.0%
CVE-2026-44331 HIGH POC PATCH This Week

SQL injection in ProFTPD 1.3.9a and earlier allows remote attackers to execute arbitrary SQL commands when the 'UseReverseDNS on' configuration is enabled. The vulnerability exists in mod_wrap2_sql.c where attacker-controlled reverse DNS hostnames are passed unescaped into SQL queries during client access control checks. Exploitation complexity is high due to DNS character restrictions and specific configuration requirements. No active exploitation confirmed (not in CISA KEV), but upstream fix is available via GitHub commit 7666224. EPSS risk data not provided.

SQLi Suse
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-30923 HIGH PATCH This Week

Worker process crashes occur in ModSecurity (libmodsecurity3) when processing query string parameters containing single characters through the t:hexDecode transformation function. Remote unauthenticated attackers can trigger repeated segmentation faults to disrupt web application firewall protection, though service automatically recovers once the attack ceases. All libmodsecurity3 versions before 3.0.15 are affected across Apache, IIS, and Nginx deployments. OWASP confirmed the vulnerability via GitHub security advisory GHSA-qrjc-3jpc-3h2g and released patch version 3.0.15 addressing this buffer overflow (CWE-125: Out-of-bounds Read).

Suse Denial Of Service Apache Buffer Overflow Nginx +2
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-41417 Maven MEDIUM PATCH This Month

HTTP request smuggling and RTSP request injection in Netty arise from incomplete input validation in DefaultHttpRequest and DefaultFullHttpRequest. When these objects are created with a safe URI and later modified via setUri() with attacker-controlled input, the setUri() method bypasses CRLF validation that is enforced in constructors. HttpRequestEncoder and RtspEncoder then serialize the malicious URI directly into request lines, allowing attackers to inject additional HTTP or RTSP requests. Vendor-released patches: 4.1.133.Final and 4.2.13.Final address the vulnerability by applying consistent validation in setUri().

Authentication Bypass Java Suse Red Hat
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-25589 HIGH PATCH This Week

Heap-based buffer overflow in RedisBloom versions before 2.8.20 enables remote code execution via Redis RESTORE command when authenticated attackers supply malicious serialized payloads. The vulnerability stems from improper validation of deserialized data in the probabilistic data structures module. Exploitation requires Redis authentication and RESTORE command privileges (PR:L), with CVSS 7.7 rating reflecting the authentication requirement despite critical impact potential. No public exploit code or CISA KEV listing identified at time of analysis, though vendor has released security-focused patch 2.8.20.

Heap Overflow Redis RCE Buffer Overflow Suse
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.3%
CVE-2026-25588 HIGH PATCH This Week

Remote code execution in RedisTimeSeries versions before 1.12.14 allows authenticated attackers with RESTORE command permissions to execute arbitrary code via crafted serialized payloads. The vulnerability stems from improper validation of data processed through Redis RESTORE command, enabling heap buffer overflow exploitation. Attackers with low-level privileges can achieve complete system compromise (CVSS 7.7, CVSS:4.0 High confidentiality/integrity/availability impact) through network-based attacks with high complexity. No public exploit code or active exploitation confirmed at time of analysis.

Heap Overflow Redis RCE Buffer Overflow Suse
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.3%
CVE-2026-40934 PyPI HIGH PATCH GHSA This Week

Jupyter Server allows authenticated users to maintain indefinite access even after password changes due to persistent authentication cookie secrets stored in an unrotated file. An attacker who obtains a valid authentication cookie can continue using it to access the server with full privileges regardless of subsequent password resets or server restarts, affecting all Jupyter Server deployments using password authentication.

Information Disclosure Suse Red Hat
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.1%
CVE-2026-43073 MEDIUM PATCH This Month

Misuse of the `__copy_user_nocache()` function in the Linux kernel's x86-64 subsystem - specifically within NTB driver code and several other drivers - causes STAC/CLAC (SMAP-disabling) instructions to execute during kernel-to-kernel memory copies where no user-space access is actually performed. This incorrect usage defeats the Supervisor Mode Access Prevention (SMAP) protection temporarily and, critically, attaches user-space exception handling semantics to pure kernel copies; if a machine check exception or memory fault occurs during this window, the kernel may not handle it gracefully, resulting in a kernel panic. The CVSS availability-high rating (A:H) reflects this crash potential for any local authenticated user able to trigger the affected driver paths. No public exploit has been identified at time of analysis, and EPSS probability is negligible at 0.02%.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-61669 PyPI MEDIUM PATCH This Month

Open redirect vulnerability in Jupyter Server through version 2.17.0 allows unauthenticated remote attackers to redirect users to arbitrary external domains via insufficiently validated next query parameters in the login flow, enabling phishing attacks. User interaction (clicking a crafted login link) is required. The vulnerability is fixed in version 2.18.0.

Open Redirect Suse Red Hat
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-43069 MEDIUM PATCH This Month

Resource leak in the Linux kernel's Bluetooth hci_ll driver allows a local authenticated user to cause kernel memory exhaustion by repeatedly triggering an error path in download_firmware() where firmware objects allocated by request_firmware() are never released when their content is invalid. Systems equipped with Texas Instruments Bluetooth hardware (using the hci_ll driver) are affected across numerous stable kernel branches dating back to Linux 4.12. No public exploit exists and EPSS is 0.02% (7th percentile), classifying this as a low-urgency maintenance fix; patches are available across all actively maintained stable branches.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43068 MEDIUM PATCH This Month

Repeated data loss occurs on Linux kernel systems using ext4 filesystems due to the `ext4_mb_find_by_goal()` function failing to skip corrupted block groups during block allocation. Affected kernels from commit 163a203ddb36 through multiple stable branches will continuously attempt to allocate blocks from a group flagged `EXT4_MB_GRP_BBITMAP_CORRUPT`, producing kernel error messages stating 'This should not happen!! Data will be lost' and causing permanent inode data loss. No public exploit has been identified and EPSS is 0.02%, but the availability impact is rated High; this is a resilience defect in ext4 error-handling that requires local access and pre-existing filesystem corruption to manifest.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43066 MEDIUM PATCH This Month

Buffer-head reference leak in Linux kernel ext4 fast-commit replay (ext4_fc_replay_inode()) allows local authenticated users to exhaust kernel memory, resulting in denial of service. Four distinct error paths in the function skip the mandatory brelse() call on iloc.bh, and the function previously masked all errors by always returning 0. No public exploit identified at time of analysis; EPSS at 0.02% (7th percentile) reflects very low real-world exploitation probability and no CISA KEV listing corroborates the absence of observed active exploitation.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43065 MEDIUM PATCH This Month

Availability impact in the Linux kernel's ext4 filesystem subsystem arises from improperly managed discard workqueue lifecycle during remount and unmount operations. When a filesystem mounted with `-o discard` is remounted with `-o nodiscard` and then immediately unmounted, pending `s_discard_work` workqueue items are neither cancelled nor flushed before superblock teardown, potentially causing the work callback to reference freed memory and crash the kernel. Patch commits are confirmed across multiple stable branches; EPSS is 0.02% (7th percentile) and no KEV listing or public exploit exists, indicating negligible real-world exploitation risk outside of automated fuzzer (syzkaller) scenarios.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-32689 HIGH POC PATCH GHSA This Week

Unauthenticated remote denial-of-service in Phoenix Framework 1.7.0-1.7.21 and 1.8.0-1.8.5 allows attackers to crash Elixir BEAM nodes by sending multi-megabyte HTTP requests filled with newlines to the long-poll transport endpoint. A 1 MB payload of newline characters triggers allocation of approximately one million empty list elements, exhausting scheduler and memory resources. Session token required to trigger the vulnerability is obtainable via unauthenticated GET request, making exploitation trivial. Vendor-released patches (1.7.22, 1.8.6) enforce client-side batching limits. CVSS 8.7 (high availability impact) confirmed; no public exploit or CISA KEV listing identified at time of analysis.

Suse Denial Of Service
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-43061 MEDIUM PATCH This Month

TX deadlock in the Linux kernel's 8250 serial UART driver permanently blocks DMA transmissions when a DMA transaction is terminated without its completion callback executing. Specifically, `dmaengine_terminate_async` does not guarantee that `__dma_tx_complete` runs, leaving `dma->tx_running` permanently set and preventing any subsequent TX DMA scheduling. This availability-only denial-of-service (CVSS A:H) requires local low-privileged access and only manifests on systems with 8250 UART hardware operating in DMA mode; no public exploit exists and no KEV listing is present.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43060 HIGH PATCH This Week

Use-after-free in Linux kernel's netfilter nft_ct subsystem allows local authenticated attackers with low privileges to achieve code execution, privilege escalation, or denial of service. The vulnerability stems from stale references to conntrack zone templates, timeout policies, and helper objects in packets queued to nfqueue when these objects are removed. Exploitation probability is low (EPSS 0.02%, 7th percentile) with no active exploitation confirmed at time of analysis. Vendor-released patches available across multiple stable kernel branches (5.10.253, 5.15.203, 6.1.167, 6.6.130, 6.12.78, 6.18.20, 6.19.10, 7.0).

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-5766 PyPI MEDIUM PATCH This Month

Django 6.0 before 6.0.5 and 5.2 before 5.2.14 allow remote attackers to bypass the FILE_UPLOAD_MAX_MEMORY_SIZE limit by submitting ASGI requests with missing or understated Content-Length headers, potentially loading large files into memory and causing denial of service through resource exhaustion. No active exploitation confirmed, but the vulnerability requires only network access and no authentication, making it trivially exploitable once the bypass is understood.

Authentication Bypass Python Suse Red Hat
NVD VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-29168 HIGH PATCH This Week

Uncontrolled resource consumption in Apache HTTP Server's mod_md module allows remote unauthenticated attackers to exhaust server resources via malformed OCSP response data, affecting versions 2.4.30 through 2.4.66. The vulnerability enables attackers to achieve confidentiality, integrity, and availability impacts with low complexity exploitation over the network. No active exploitation confirmed (not in CISA KEV), but the network-accessible attack surface and lack of authentication requirement make this a credible threat requiring prompt patching to version 2.4.67.

Denial Of Service Apache Suse Red Hat Apache HTTP Server
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-44029 MEDIUM PATCH This Month

Arbitrary file writing via directory traversal in Nix versions before 2.34.7 allows unauthenticated remote attackers to overwrite files on systems running vulnerable versions of nix-prefetch-url or nix store prefetch-file with the --unpack flag. The vulnerability exploits improper path validation during archive extraction, enabling an attacker to craft malicious packages that write to arbitrary filesystem locations when unpacked. CVSS 5.3 (AV:N/AC:L/PR:N/UI:N) reflects network-based exploitation without authentication, though real-world impact depends on file permissions and deployment context. No active exploitation has been confirmed in CISA KEV at time of analysis.

Path Traversal Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-44028 HIGH PATCH This Week

Stack-to-heap overflow in Nix and Lix daemon's NAR parser enables local privilege escalation to root in multi-user installations. Low-privileged users with daemon access can trigger unbounded recursion in the coroutine-based parser to overwrite heap memory and achieve arbitrary code execution as the Nix daemon (root), provided ASLR can be bypassed. Vulnerability affects Nix 2.24.4-2.34.6 and Lix 2.93.0-2.95.1, with vendor-confirmed patches released across multiple version branches. CVSS vector indicates local attack with high complexity but cross-scope privilege escalation, consistent with the EPSS score suggesting targeted exploitation scenarios rather than mass scanning.

RCE Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-42257 Ruby MEDIUM PATCH GHSA This Month

Command injection in net-imap library allows attackers to inject arbitrary IMAP commands by supplying unvalidated user input to multiple methods that send raw, unescaped strings to the IMAP server. The #search, #uid_search, #fetch, #uid_fetch, #store, #uid_store, and #setquota methods accept string arguments that bypass normal validation and encoding, enabling CRLF injection to break command context. Applications that dynamically construct search criteria, fetch attributes, or quota limits from user input are at significant risk; a developer passing unsanitized input could allow an attacker to append malicious IMAP commands such as DELETE or other state-modifying operations.

Authentication Bypass Command Injection CSRF Suse
NVD GitHub VulDB
CVSS 4.0
5.8
EPSS
0.0%
CVE-2026-42256 Ruby MEDIUM PATCH GHSA This Month

Denial of service in net-imap SCRAM-SHA1/SHA256 authentication allows a hostile IMAP server to freeze the entire Ruby VM by sending an arbitrarily large PBKDF2 iteration count, blocking all threads for several minutes due to the blocking nature of OpenSSL::KDF.pbkdf2_hmac and its retention of the Global VM Lock. Patched versions 0.4.24, 0.5.14, and 0.6.4 introduce a max_iterations parameter that users must explicitly configure to prevent exploitation.

Denial Of Service OpenSSL Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.1%
CVE-2026-41888 Go MEDIUM PATCH GHSA This Month

Authorization bypass in Docker Distribution Registry allows remote clients to delete image tags via the DELETE /v2/<name>/manifests/<tag> endpoint even when the operator has explicitly configured storage.delete.enabled: false. The tag deletion code path in registry/handlers/manifests.go bypasses the deletion authorization check present in digest-based manifest deletion, enabling attackers with network access to cause denial of service by removing tags and disrupting supply chain integrity of registries intended to be immutable.

Authentication Bypass Denial Of Service Docker Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-42310 PyPI MEDIUM PATCH GHSA This Month

Pillow's PDF parser enters an infinite loop when processing maliciously crafted PDF files with circular Prev pointer references in trailer sections, causing 100% CPU consumption and application hang. All versions from 4.2.0 through 12.1.x are affected. The vulnerability is a denial-of-service condition affecting any application using Pillow to parse untrusted PDFs. Vendor-released patch: version 12.2.0.

Denial Of Service Python Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-42308 PyPI MEDIUM PATCH GHSA This Month

Integer overflow in Pillow's font glyph processing allows remote code execution or denial of service when handling maliciously crafted fonts with extremely large glyph advance values. Pillow versions before 12.2.0 are affected. The vulnerability is triggered during font rendering operations where position tracking accumulates glyph advances without proper bounds checking, leading to wraparound arithmetic that can corrupt memory or crash the interpreter.

Integer Overflow Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-42309 PyPI MEDIUM PATCH GHSA This Month

Heap buffer overflow in Pillow 11.2.1 through 12.1.x allows local attackers to cause denial of service or potentially execute arbitrary code by passing deeply nested list structures as coordinates to ImagePath.Path, ImageDraw.polygon, or ImageDraw.line APIs, which recursively unpack coordinates beyond allocated buffer boundaries.

Heap Overflow Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-41685 Go MEDIUM GHSA This Month

Incus before version 7.0.0 allows authenticated users to exhaust host disk space through unbounded uploads via instance backup import, storage bucket import, storage volume backup import, and storage volume ISO import endpoints. The daemon streams HTTP request bodies directly into temporary files using io.Copy without enforcing maximum request size limits, enabling denial of service on the host system or shared storage in multi-tenant deployments. Public proof-of-concept code demonstrates sustained disk exhaustion by streaming null bytes through application/octet-stream endpoints.

Denial Of Service Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-41684 Go MEDIUM GHSA This Month

Denial of service in Incus daemon via nil pointer dereference when restoring backup archives with valid inline backup/index.yaml but malformed legacy backup/container/backup.yaml omitting the container section. An authenticated user with backup import permissions can crash the daemon by crafting a backup archive that passes preflight validation but triggers nil dereference during the restore phase after archive extraction. CVSS 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) - confirmed by 7asecurity with proof-of-concept test cases.

Denial Of Service Null Pointer Dereference Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-41648 Go MEDIUM GHSA This Month

Incus versions up to 6.23.0 allow authenticated users to trigger denial of service by uploading crafted image or backup tarballs containing oversized YAML metadata files that consume excessive server memory during parsing. When metadata.yaml or backup/index.yaml entries declare large sizes in the tar header, the YAML decoder reads and allocates 5-6x the input size without limits, potentially exhausting memory on constrained daemons; a 200 MB YAML entry may trigger 1.2 GB of heap allocations. Vendor-released patch available in v7.0.0.

Denial Of Service Suse
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-41647 Go MEDIUM GHSA This Month

Nil-pointer dereference in Incus daemon S3 storage bucket import allows authenticated users to crash the daemon by uploading a truncated or corrupted tar backup file. The TransferManager.UploadAllFiles function fails to handle non-EOF errors from tar parsing, causing a panic when hdr is nil. Vendor-released patch available in v7.0.0.

Denial Of Service Null Pointer Dereference Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-40251 Go HIGH PATCH GHSA This Week

Denial of service in Incus prior to version 7.0.0 allows authenticated users to crash the Incus daemon by importing a maliciously crafted backup archive with physical snapshot directories but tampered metadata arrays. The vulnerability stems from an incorrect bounds check (len(slice) >= i-1 instead of len(slice) > i) in the backup restore and migration code paths, enabling out-of-bounds array access that triggers a runtime panic. Repeated exploitation keeps the Incus service offline, confirmed by a publicly available proof-of-concept.

Denial Of Service Information Disclosure Buffer Overflow Suse
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-40197 Go HIGH PATCH GHSA This Week

Nil-pointer dereference in Incus daemon's custom volume backup import logic allows authenticated users to crash the service by supplying a malformed backup archive containing null entries in the volume_snapshots array, enabling repeated denial of service attacks. The vulnerability exists in the CreateCustomVolumeFromBackup function which fails to validate snapshot pointers before dereferencing them during import operations. CVSS 6.5 (authenticated network access, high availability impact); no public exploit code or active exploitation reported at analysis time, but proof-of-concept demonstration included in advisory.

Null Pointer Dereference Denial Of Service Suse
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-40195 Go HIGH PATCH GHSA This Week

Nil-pointer dereference in Incus daemon's storage bucket import logic allows authenticated users to crash the daemon by submitting a malformed bucket backup archive with a missing config section in index.yaml, enabling denial of service through repeated exploitation. The vulnerability affects Incus versions prior to 7.0.0 and requires valid storage bucket feature access but no special privileges beyond authenticated user status.

Null Pointer Dereference Denial Of Service Python Suse
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-42091 Go MEDIUM PATCH This Month

goshs SimpleHTTPServer versions prior to 2.0.2 allow arbitrary file write via cross-origin PUT requests due to missing CSRF token validation on the PUT handler combined with permissive wildcard CORS headers. An attacker can trick a victim into visiting a malicious website which then writes arbitrary files to a goshs instance running on localhost or an internal network, bypassing network isolation protections. Publicly available exploit code exists, and the vulnerability affects all v2.x releases before 2.0.2 and all v1.x releases (no patch available for v1.x).

CSRF Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-35527 Go MEDIUM PATCH GHSA This Month

Blind server-side request forgery in Incus allows authenticated users to trigger arbitrary HEAD requests to internal or external endpoints during image import preflight validation, bypassing the restricted.images.servers project restriction. While the actual image download is blocked by project policies, the preflight HEAD request executes before validation occurs, enabling attackers to probe internal services, cloud metadata endpoints, or unroutable address space reachable from the Incus host. No public exploit code identified at time of analysis, though proof-of-concept reproduction is documented in the advisory.

Debian SSRF Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-33006 MEDIUM PATCH This Month

Timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows remote unauthenticated attackers to bypass Digest authentication with high attack complexity. The vulnerability exploits measurable timing differences in digest credential validation, enabling credential compromise without valid authentication. Apache has released patched version 2.4.67; no active exploitation has been confirmed, but CISA SSVC framework indicates automatable exploitation is not feasible due to the timing attack's sensitivity requirements.

Suse Authentication Bypass Apache Red Hat Apache HTTP Server
NVD VulDB
CVSS 3.1
4.8
EPSS
0.1%
CVE-2026-33007 MEDIUM PATCH This Month

Null pointer dereference in mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows unauthenticated remote attackers to crash child processes in caching forward proxy configurations, resulting in denial of service. The vulnerability has CVSS 5.3 (medium) with network accessibility and no authentication required, but is limited to partial availability impact affecting only specific proxy deployments. Vendor-released patch: version 2.4.67.

Red Hat Suse Null Pointer Dereference Denial Of Service Apache +1
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-33523 MEDIUM PATCH This Month

HTTP response splitting in Apache HTTP Server 2.4.0 through 2.4.66 allows remote attackers to inject arbitrary HTTP headers and content when the server acts as a proxy to untrusted or compromised backend servers, enabling cache poisoning, session fixation, and cross-site scripting attacks. CVSS 6.5 (moderate) with network attack vector, no authentication required, and confirmed automatable exploitation per CISA SSVC framework. Vendor-released patch: version 2.4.67.

Suse Apache Information Disclosure Red Hat Apache HTTP Server
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-33857 MEDIUM PATCH This Month

Out-of-bounds read in mod_proxy_ajp of Apache HTTP Server through version 2.4.66 allows remote unauthenticated attackers to disclose sensitive information via a crafted AJP protocol request. The vulnerability has a CVSS score of 5.3 (moderate) with no active exploitation confirmed. Upgrade to version 2.4.67 to remediate.

Red Hat Suse Information Disclosure Apache Buffer Overflow +1
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-34032 MEDIUM PATCH This Month

Improper null termination and out-of-bounds read vulnerability in Apache HTTP Server through version 2.4.66 allows remote unauthenticated attackers to trigger information disclosure with low complexity exploitation. The vulnerability has a CVSS score of 5.3 (medium) with network-accessible attack vector and no user interaction required, though technical impact is limited to confidentiality (partial information disclosure). Vendor-released patch: version 2.4.67 addresses the issue.

Red Hat Suse Apache Buffer Overflow Apache HTTP Server
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-34059 HIGH POC PATCH This Week

Buffer over-read in Apache HTTP Server through 2.4.66 enables remote unauthenticated information disclosure at network scale. Attackers can read sensitive memory content without authentication or user interaction, achieving high confidentiality impact with low attack complexity. EPSS exploitation probability and KEV status not provided, but SSVC framework confirms the vulnerability is automatable with partial technical impact and no active exploitation detected at time of analysis. Patch released in version 2.4.67.

Red Hat Suse Apache Buffer Overflow Apache HTTP Server
NVD VulDB GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-7482 Go HIGH PATCH GHSA This Week

Heap out-of-bounds read in Ollama's GGUF model loader (<0.17.1) leaks sensitive memory contents including API keys, environment variables, and concurrent user data when processing maliciously crafted model files. Attackers can trigger the vulnerability by uploading a GGUF file with tensor offsets exceeding file bounds via the unauthenticated /api/create endpoint, then exfiltrate leaked memory through /api/push to attacker-controlled registries. While default deployments bind to localhost only, the widely-adopted OLLAMA_HOST=0.0.0.0 configuration exposes instances to network exploitation. Vendor-released patch available in version 0.17.1 with GitHub commit 88d57d0483cca907e0b23a968c83627a20b21047 adding bounds validation to fs/ggml/gguf.go and server/quantization.go.

Information Disclosure Buffer Overflow Red Hat Suse
NVD GitHub
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-24072 HIGH PATCH This Week

Local .htaccess authors can escalate privileges to read arbitrary files as the httpd daemon user in Apache HTTP Server 2.4.66 and earlier. The vulnerability requires low-privilege authenticated access to create or modify .htaccess files, but exploits misconfigured module interactions to bypass intended access controls. Apache has released version 2.4.67 to address this issue. SSVC assessment indicates no active exploitation and non-automatable attack vector, with EPSS data not yet available for this recent disclosure.

Privilege Escalation Apache Suse Red Hat Apache HTTP Server
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7737 Go MEDIUM PATCH This Month

Out-of-bounds read in GoBGP BMP parser allows remote attackers to trigger information disclosure via malformed BMP messages to the BMPPeerUpNotification.ParseBody and BMPStatisticsReport.ParseBody functions. Affected versions are up to 4.3.0; patch available in version 4.4.0. CVSS 6.9 reflects availability impact. No public exploit code or active exploitation has been identified.

Information Disclosure Buffer Overflow Red Hat Suse
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-7734 Go MEDIUM PATCH This Month

Denial of service in osrg GoBGP up to version 4.3.0 allows remote attackers to trigger an infinite loop via malformed SRv6 L3 Service attributes in BGP packets. The vulnerability exists in the SRv6L3ServiceAttribute.DecodeFromBytes function, which incorrectly advances a loop variable when processing unknown sub-TLV types, causing the parser to never exit the loop and exhaust system resources. Vendor-released patch available in version 4.4.0.

Denial Of Service Suse
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-6948 MEDIUM PATCH This Month

Velociraptor server versions before 0.76.4 are vulnerable to denial of service via resource exhaustion when a compromised or rogue client sends specially crafted messages through the agent control channel, causing out-of-memory conditions and server crashes. The vulnerability requires authenticated client access but can be triggered by any authenticated agent, making it a realistic threat in environments where client integrity cannot be guaranteed. CVSS score of 4.9 reflects high privileges required (PR:H) but complete availability impact.

Denial Of Service Suse
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-36365 HIGH This Week

Command injection in Caesium Image Compressor (all versions through commit 02da2c6) allows local authenticated attackers to execute arbitrary OS commands via unsanitized input to shutdownMachine and putMachineToSleep functions in PostCompressionActions.cpp. The vulnerable code uses system() calls without input validation, enabling shell metacharacter injection during post-compression power management operations. Patch available via GitHub PR #376 replacing system() with QProcess::startDetached(). EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability. No evidence of active exploitation or public POC beyond the researcher's advisory.

Command Injection RCE Suse
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-37461 Go HIGH PATCH GHSA This Week

Remote attackers can crash GoBGP v4.3.0 by sending a malformed BGP UPDATE message that triggers an out-of-bounds read in IPv6 extended community parsing. The flaw allows unauthenticated denial of service against default configurations with no authentication required (CVSS AV:N/AC:L/PR:N/UI:N). No public exploit identified at time of analysis, and EPSS score of 0.02% (4th percentile) indicates very low observed exploitation probability. Upstream fixes available via GitHub commits 362cce3e and 9ce8936.

Denial Of Service Information Disclosure Buffer Overflow Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-37458 MEDIUM PATCH This Month

Missing input validation in FRRouting stable/10.0 through 10.6 allows authenticated BGP peers to trigger a Denial of Service by sending a crafted UPDATE message with invalid martian addresses in the MP_REACH_NLRI component. An authenticated attacker can crash or severely degrade the BGP routing daemon by exploiting insufficient validation of next-hop addresses, with an EPSS score of 0.02% indicating low real-world exploitation probability despite moderate CVSS scoring.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-6525 MEDIUM PATCH This Month

Wireshark 4.6.0 through 4.6.4 crashes when processing malformed IEEE 802.11 frames due to a null pointer dereference in the protocol dissector. An attacker can trigger denial of service by crafting or replaying a specially malformed wireless packet that causes the dissector to crash when analyzed, rendering packet analysis impossible until the application restarts. CVSS score 5.5 reflects local attack vector with user interaction required; no public exploit code has been identified at time of analysis.

Null Pointer Dereference Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43058 MEDIUM PATCH This Month

Local denial-of-service in the Linux kernel's vidtv virtual DVB media driver allows an authenticated local user to crash the kernel via a NULL pointer dereference triggered by uninitialized struct fields in vidtv_ts_null_write_into() and vidtv_ts_pcr_write_into(). Affected kernel versions span from commit f90cf6079bf6 across multiple stable branches through Linux 5.10, with fixes backported to 6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0.1, and 7.1-rc1. No public exploit identified at time of analysis, EPSS is 0.02% (7th percentile), and this CVE is not listed in the CISA KEV catalog, reflecting its low real-world exploitation likelihood.

Linux Null Pointer Dereference Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-42484 CRITICAL Act Now

Heap-based buffer overflow in hashcat 7.1.2 enables remote code execution or denial of service through maliciously crafted PKZIP hash files. Attackers can exploit inadequate input validation in the hex_to_binary function affecting PKZIP hash parser modules (17200, 17210, 17220, 17225, 17230) to overflow fixed-size buffers with arbitrary hex data. CVSS 9.8 reflects network-accessible attack vector requiring no authentication or user interaction, though real-world exploitation requires victim to process attacker-supplied hash files. EPSS data not available; no CISA KEV listing indicates no confirmed widespread exploitation. Public proof-of-concept exists (GitHub Gist), elevating exploitation risk for environments processing untrusted hash files.

RCE Denial Of Service Buffer Overflow Memory Corruption Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-42483 CRITICAL Act Now

Heap-based buffer overflow in hashcat 7.1.2's Kerberos hash parser enables remote code execution without authentication. Attacker supplies a maliciously crafted Kerberos hash file with manipulated delimiter positions to overflow the fixed-size account_info buffer during memcpy operations in module_hash_decode. The vulnerability affects multiple Kerberos-related hashcat modules due to missing upper-bound validation on account_info_len before memory copy. CVSS 9.8 with network attack vector, but real-world exploitation requires user processing the malicious file. EPSS data not available; no active exploitation confirmed in CISA KEV at time of analysis.

RCE Denial Of Service Buffer Overflow Memory Corruption Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-42482 CRITICAL Act Now

Stack-based buffer overflow in hashcat 7.1.2's rule processing functions enables remote code execution when processing password candidates of 128+ characters. The vulnerability stems from inadequate bounds checking in mangle_to_hex_lower() and mangle_to_hex_upper() functions that fail to account for 2x memory expansion during byte-to-hex conversion. CVSS 9.8 (critical) with network attack vector and no authentication required. Public proof-of-concept code available via GitHub gist. No CISA KEV listing suggests targeted rather than widespread exploitation despite theoretical network exploitability.

RCE Denial Of Service Buffer Overflow Memory Corruption Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-31719 HIGH PATCH This Week

Integrity verification bypass in Linux kernel crypto subsystem's Kerberos 5 encryption module allows remote unauthenticated attackers to bypass cryptographic hash checks when asynchronous decryption completes. The vulnerability stems from incorrect callback chaining that skips krb5enc_dispatch_decrypt_hash() verification entirely during async operations. Exploitation likelihood is low (EPSS 2%, percentile 4%) despite high CVSS severity, though EUVD classifies this as an authentication bypass affecting Linux 6.15+ with patches available for stable branches 6.18.25, 7.0.2, and mainline 7.1-rc1.

Red Hat Suse Authentication Bypass Linux
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-31714 MEDIUM PATCH This Month

Memory leak in f2fs_rename() function allows local authenticated attackers to cause denial of service through repeated file rename operations. The vulnerability exists in the f2fs filesystem implementation when handling SELinux label initialization during whiteout file creation, due to a missing f2fs_free_filename() call introduced in commit 40b2d55e0452. Vendor patches are available for Linux 6.6.136, 6.12.84, 6.18.25, 7.0.2, and 7.1-rc1.

Red Hat Suse Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31713 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason (error, crash) while processing FUSE_INIT, the filesystem creation will hang. The reason is that while all other threads will exit, the mounting thread (or process) will keep the device fd open, which will prevent an abort from happening. This is a regression from the async mount case, where the mount was done first, and the FUSE_INIT processing afterwards, in which case there's no such recursive syscall keeping the fd open.

Red Hat Suse Denial Of Service Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31710 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix dir separator in SMB1 UNIX mounts When calling cifs_mount_get_tcon() with SMB1 UNIX mounts, @cifs_sb->mnt_cifs_flags needs to be read or updated only after calling reset_cifs_unix_caps(), otherwise it might end up with missing CIFS_MOUNT_POSIXACL and CIFS_MOUNT_POSIX_PATHS bits. This fixes the wrong dir separator used in paths caused by the missing CIFS_MOUNT_POSIX_PATHS bit in cifs_sb_info::mnt_cifs_flags.

Red Hat Suse Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31707 HIGH PATCH This Week

Integer overflow in Linux kernel's ksmbd (SMB server) allows local authenticated attackers to bypass size validation and trigger memory corruption via crafted daemon responses. The vulnerability affects three IPC message handlers that fail to detect arithmetic overflow when computing expected message sizes from attacker-controlled fields (payload_sz, ngroups), enabling out-of-bounds memcpy operations. Vendor patches available for affected 5.15+ kernels. EPSS score 0.02% (5th percentile) indicates low observed exploitation probability. No CISA KEV listing or public exploit identified at time of analysis.

Red Hat Suse Memory Corruption Buffer Overflow Linux
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Double-free memory corruption in Linux kernel RDMA/irdma driver allows local authenticated users to cause denial of service or potentially escalate privileges. The vulnerability occurs during memory region re-registration (rereg_user_mr) when IB_MR_REREG_TRANS flag is set: if umem allocation succeeds but subsequent steps fail, the umem is freed without nulling the pointer, leading to double-free when userspace calls ibv_dereg_mr. Vendor patches available across multiple stable kernel branches (6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0). EPSS score of 0.02% (5th percentile) indicates very low probability of exploitation in the wild, with no active exploitation confirmed (not in CISA KEV).

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Data race conditions in the Linux kernel Bluetooth subsystem allow local authenticated attackers to cause denial of service by triggering concurrent access to hdev->req_status without proper synchronization. The vulnerability exists in the HCI synchronous command processing path where __hci_cmd_sync_sk() and multiple other functions access the same variable across different workqueues without holding locks, potentially causing memory corruption or system hangs.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Data corruption in Linux kernel btrfs filesystem log replay allows local authenticated attackers to cause files to retain incorrect sizes after crash recovery. When a file is truncated to zero bytes, fssynced, and then a hardlink is created, the file incorrectly retains its pre-truncation size after a power failure and log replay, resulting in data integrity violation with availability impact.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service in Linux kernel tiny SRCU (Synchronize-RCU) subsystem allows local authenticated attackers to trigger a system hang or crash by invoking call_srcu() while holding scheduler locks, causing a circular lock dependency and potential deadlock. The vulnerability affects kernel versions before 6.19.14 and 7.0, with EPSS score of 0.02% indicating low real-world exploitation probability despite moderate CVSS severity.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A denial of service vulnerability in the Linux kernel's Qualcomm PD mapper service registry causes system crashes due to mismatched string element length validation in servreg_loc_pfr_req_ei. When a process daemon crashes and triggers a service registry location request, the QMI decoder rejects the reason field because its declared maximum length (65 bytes) is smaller than the actual field size (81 bytes), causing a decoding error and system halt. This affects all Linux kernel versions prior to the patch, triggered by local processes with standard user privileges.

Denial Of Service Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service in Linux kernel xfrm (IPsec transform) subsystem allows local authenticated attackers to trigger a kernel panic via improper netlink message size calculation when handling XFRM_MSG_GETAE requests for states with interface ID set. The xfrm_aevent_msgsize() function fails to account for XFRMA_IF_ID attribute space, causing build_aevent() to exceed buffer bounds and hit a BUG_ON assertion, resulting in kernel crash. EPSS exploitation probability is very low at 0.02% despite the local attack vector, suggesting limited real-world impact.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A reference counting error in Linux kernel's cachefiles subsystem allows local authenticated users to trigger memory corruption and potentially escalate privileges. The vulnerability stems from cachefiles_cull() passing a dentry with insufficient reference count to cachefiles_bury_object(), causing a use-after-free condition. With CVSS 7.8 (high severity) but only 0.02% EPSS exploitation probability (5th percentile), this represents a kernel memory safety issue requiring local access with low attack complexity. Patches available in stable kernel versions 6.19.14 and 7.0.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory leak in the Airoha QDMA RX packet processing function allows local authenticated attackers to cause a denial of service through resource exhaustion. The vulnerability occurs when page pool fragments fail to properly return to the pool during error handling in airoha_qdma_rx_process(), allowing an attacker with local access and low privileges to exhaust kernel memory and crash the system. EPSS exploitation probability is extremely low at 0.02%, reflecting the local-only attack vector and privilege requirement.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

NULL pointer dereferences in Linux kernel's IPv6 IOAM (In-situ Operations, Administration, and Maintenance) trace data handling cause denial of service when network packets trigger the vulnerable code path. Affects Linux kernel 5.15 through 6.19.14 and mainline branches. Despite CVSS 7.5 High severity with network vector and no authentication, EPSS exploitation probability is very low (0.02%, 4th percentile), and no active exploitation or public POC is identified at time of analysis. Vendor patches available via stable kernel commits.

Linux Denial Of Service Null Pointer Dereference +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Null pointer dereference in Linux kernel bridge VLAN filtering code allows local authenticated attackers to trigger a denial of service via a crafted RTM_NEWLINK netlink message with BR_BOOLOPT_FDB_LOCAL_VLAN_0 flag when CONFIG_BRIDGE_VLAN_FILTERING is disabled. The vulnerability occurs because br_fdb_delete_locals_per_vlan_port() and br_fdb_insert_locals_per_vlan_port() dereference a NULL vlan group pointer without validation, causing a kernel panic. No public exploit code identified at time of analysis.

Canonical Denial Of Service Null Pointer Dereference +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Double-free vulnerability in the Linux kernel PCI Hyper-V driver allows local authenticated users to trigger kernel memory corruption and potentially escalate privileges. The flaw occurs in hv_pci_probe() error handling where ida_free() is called twice on the same domain number, leading to memory allocator corruption. Patches released in kernel 6.19.14 and 7.0 fix the issue by removing the redundant ida_free call. EPSS score of 0.02% indicates low exploitation probability in the wild, and no public exploit or KEV listing identified at time of analysis.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Infinite vCPU fault loop in the Linux kernel's mshv (Microsoft Hypervisor) subsystem allows a local guest VM process to permanently spin a host vCPU thread, exhausting host CPU resources. The flaw exists in mshv_handle_gpa_intercept(), which unconditionally attempts page remaps on all movable-memory faults regardless of access permission - when a guest writes to a read-only Guest Physical Address region, the remap succeeds but the region retains its read-only designation, causing an immediate re-fault in a tight loop. Affected kernel versions run from commit b9a66cd5ccbb9fade15d0e427e19470d8ad35b75 through the fix commits; patched releases 6.19.14 and 7.0 are available. No public exploit has been identified and EPSS is 0.01%, consistent with the local, hypervisor-specific attack surface.

Linux Denial Of Service Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Linux kernel ASoC SDCA subsystem crashes on sound card teardown due to IRQ lifecycle mismanagement, causing a local denial of service. IRQ handlers registered via devm_request_threaded_irq() during component probe retain stale references to freed card and kcontrol structures after the sound card is torn down, resulting in null or dangling pointer dereferences and kernel panic. Exploitation requires local low-privilege access and SDCA-capable audio hardware; no public exploit exists and EPSS is extremely low at 0.02% (5th percentile).

Linux Denial Of Service Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The AF_XDP socket subsystem (xsk) in the Linux kernel fails to validate that a network device's MTU fits within the usable UMEM frame space at bind time, allowing a local low-privileged user to trigger a kernel denial of service. Usable frame space - chunk size minus headroom and tailroom - can fall below a standard 1500-byte MTU when 2k chunks are used, a gap that became exploitable once tailroom subtraction was introduced. The kernel also omits validation of hardware zero-copy capabilities via net_device::xdp_zc_max_segs. No public exploit has been identified and EPSS is 0.02% (5th percentile), indicating low immediate exploitation risk.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Reference count leak in the Linux kernel's xfrm IPsec subsystem allows a local low-privileged attacker to exhaust kernel memory, resulting in denial of service. The defect resides in xfrm_migrate_policy_find(), where xfrm_pol_hold_rcu() is called twice - once implicitly by the lookup path (which already returns a held reference) and once redundantly - creating a refcount imbalance that prevents memory reclamation. Discovered by the Linux Verification Center using Syzkaller fuzzing; no public exploit identified at time of analysis, and EPSS is very low at 0.02% (5th percentile), indicating minimal observed exploitation activity.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Uninitialized kernel memory is leaked to userspace through the xfrm_user subsystem's build_mapping() function in the Linux Kernel, where a one-byte compiler padding hole in struct xfrm_usersa_id after the proto field is never zeroed before the structure is copied across the kernel/userspace boundary. Authenticated local users with access to XFRM netlink interfaces can read this stale padding byte, potentially extracting kernel stack or heap fragments usable as an information disclosure primitive. No public exploit exists and EPSS is 0.02% (5th percentile), indicating negligible real-world exploitation probability at this time.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Linux kernel PF_KEY IPSEC key management exports leak uninitialized kernel memory via SADB_ACQUIRE, SADB_X_NAT_T_NEW_MAPPING, and SADB_X_MIGRATE messages, allowing local authenticated users to disclose sensitive kernel memory. EPSS score of 0.02% (percentile 5%) indicates minimal real-world exploitation despite patch availability. The 4-byte information leak per message could enable ASLR bypass and kernel address disclosure attacks.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Kernel crash in the Linux pinctrl mcp23s08 driver triggers a NULL pointer dereference during device probe when an MCP23S08/MCP23008 GPIO expander retains non-zero interrupt-on-change state across a warm reboot. The crash occurs because the driver's IRQ handler fires against pins whose nested IRQ handlers have not yet been registered, causing an unhandled kernel oops and system denial of service. Exploitation is local and device-specific; no public exploit identified at time of analysis, and EPSS remains at 0.02% (5th percentile) consistent with no observed in-the-wild triggering.

Linux Denial Of Service Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel IPVS subsystem causes a kernel panic during IPVS service creation failure cleanup, resulting in a full host denial of service. Affected kernels from 6.2 onward contain a logic error in ip_vs_add_service() where a successful scheduler bind sets the local sched variable to NULL; if ip_vs_start_estimator() subsequently fails, the error path calls ip_vs_unbind_scheduler() with that NULL pointer, dereferencing offset 0x30 and triggering a general protection fault. Exploitation requires local authenticated access with CAP_NET_ADMIN privileges; no public exploit is identified and EPSS is 0.02%, indicating very low exploitation probability.

Linux Null Pointer Dereference Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Kernel heap memory disclosure in Linux netfilter's nfnetlink_log subsystem exposes four bytes of stale kernel memory to unprivileged local userspace processes when NFLOG batch mode is active. The flaw exists in __nfulnl_send(), which appends an NLMSG_DONE terminator using nlmsg_put() - a helper that zero-pads alignment bytes but does not initialize the nfgenmsg payload itself - resulting in uninitialized kernel heap data transmitted to any userspace NFLOG consumer. No public exploit code exists and no active exploitation has been confirmed; however, CVSS vector AV:L/AC:L/PR:L signals that low-privileged local users can reliably trigger the leak without any special conditions beyond NFLOG batching being in use.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial-of-service via off-by-one allocation in the Linux kernel txgbe network driver allows a local low-privileged user to crash the kernel on systems hosting Wangxun 10GbE NICs. The driver allocates property_entry struct lists without reserving the mandatory null-terminator sentinel slot, meaning kernel subsystems iterating over the list read beyond allocated memory bounds. No active exploitation has been identified and EPSS is extremely low (0.02%, 5th percentile), but patches are available across multiple stable kernel branches including 6.6.136, 6.12.83, 6.18.24, 6.19.14, and 7.0.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Incorrect GENERIC_CMD register field masks in the Linux kernel's IPA (IP Accelerator) network driver for IPA v5.0+ hardware trigger a kernel WARN when a 'stop' command is sent to the MPSS (Modem Processor SubSystem) remoteproc while IPA is active. This availability-only vulnerability (CVSS C:N/I:N/A:H) affects authenticated local users on systems with Qualcomm IPA v5.0+ silicon. No public exploit exists and no KEV listing is present; with an EPSS of 0.02% this is a low-urgency stability fix rather than an active threat.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Integer overflow in the Linux kernel's l2tp subsystem allows a local low-privileged attacker to cause a denial of service by sending oversized packets through a PPPoL2TP socket with UDP encapsulation. In l2tp_xmit_core() (net/l2tp/l2tp_core.c:1293), the UDP length field - constrained to 16 bits - is assigned a packet length value without any bounds check, silently truncating values exceeding 65535 bytes and producing malformed UDP frames on the wire or triggering a kernel WARN. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but a syzbot reproducer is publicly documented in the upstream patch discussion.

Linux Debian Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds array write in the Linux kernel's Intel uncore PMU driver (`perf/x86/intel/uncore`) causes denial of service on affected Intel multi-die x86 systems. The driver fails to skip discovery table parsing for dies whose CPUs are all offline at boot, allowing the assignment `pmu->boxes[die] = box` in `uncore_pci_pmu_register()` to overflow the boxes array, triggering a kernel WARN or potential memory corruption. Exploitation requires local low-privilege access under a specific hardware and boot configuration; no public exploit exists and EPSS is 0.02%, indicating negligible real-world exploitation likelihood.

Linux Intel Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Local denial-of-service in the Linux kernel's AEAD crypto socket interface (`algif_aead`) allows a low-privileged local user to crash the kernel by submitting a decryption request where the minimum receive buffer size check fails to account for the authentication tag length. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms this is a locally exploitable, high-availability-impact issue with no confidentiality or integrity risk. Patches have been released across multiple Linux LTS stable branches (5.10.254, 5.15.204, 6.1.170, 6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0) and Ubuntu has issued multiple USN advisories (USN-8277-1 through USN-8281-1). No public exploit code has been identified and EPSS is 0.02%, indicating no public exploitation activity.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Oracle OCI CLI version 3.77 allows local attackers with user interaction to place imported files outside the intended directory, compromising file integrity and enabling potential code execution or data exfiltration. The vulnerability requires local access and user interaction but carries high integrity impact through arbitrary file placement. No active exploitation or public exploit code has been identified at the time of analysis.

Oracle Path Traversal Suse
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Stored cross-site scripting (XSS) in Zabbix 6.0-7.4 allows authenticated attackers with high privileges to inject malicious JavaScript via monitored host data that executes when other users view dashboards containing Item history widgets (7.0+) or Plain text widgets (6.0). The attack requires the attacker to control a monitored host and the victim to open a dashboard with HTML display enabled in the affected widget. CVSS 7.3 reflects high impact but requires specific preconditions: high-privilege access (PR:H), user interaction (UI:P), and precise attack timing (AT:P). No CISA KEV listing or public exploit identified at time of analysis, with low immediate exploitation risk given the privilege requirements.

XSS Zabbix Suse
NVD VulDB
EPSS 0% CVSS 7.3
HIGH POC PATCH This Week

Stored Cross-Site Scripting (XSS) in Zabbix 7.0.x and 7.4.x allows authenticated administrators with non-super privileges to inject JavaScript payloads into maintenance period configurations. The malicious code executes when any user, including super admins, hovers over the affected maintenance period in the Host navigator widget tooltip, enabling session hijacking, credential theft, or unauthorized administrative actions with the victim's elevated privileges. Attack complexity is low and requires only user interaction (hovering), though exploit execution depends on victim access patterns. No public exploit code or active exploitation confirmed at time of analysis.

XSS Suse
NVD VulDB GitHub
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

PocketBase versions before 0.22.42 and 0.30.0-0.37.3 allow account pre-hijacking via OAuth2 autolinking, where an attacker knowing a victim's email can create an unverified account linked to one OAuth2 provider, then retain access when the victim authenticates with a different provider and the accounts are auto-merged, because previous OAuth2 links are not cleared during the upgrade from unverified to verified status. Publicly available exploit code exists; vendor recommends immediate upgrade to v0.37.4 or v0.22.42.

Authentication Bypass Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial of service in Twisted's DNS name decompression (twisted.names module) allows unauthenticated attackers to freeze the single-threaded reactor by sending a crafted TCP DNS packet with deeply chained compression pointers and thousands of questions. Publicly available exploit code exists. Despite high CVSS score (7.5), real-world impact is limited to applications using the twisted.names DNS server-not the broader Twisted framework. Vendor-released patch available in version 26.4.0rc2.

Denial Of Service Python Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

GoBGP v4.4.0 crashes with SIGSEGV panic when an unauthenticated remote BGP peer sends malformed UPDATE messages with inconsistent attribute lengths. The nil pointer dereference in AdjRib.Update (adj.go:127) causes complete process termination and loss of BGP service. Publicly available exploit code exists (POC in GitHub advisory GHSA-p3w2-64xm-833j). Vendor-released patch available in v4.5.0. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) reflects the trivial remote exploitation of critical network infrastructure with no mitigating factors.

Denial Of Service Null Pointer Dereference Suse
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Authorization bypass in LXC's setuid helper lxc-user-nic allows unprivileged users to delete OpenVSwitch-attached network interfaces belonging to other users. The vulnerability exists in the find_line() function's interface name comparison logic, which sets an authorization flag based on name match alone without re-verifying ownership, enabling a tenant to cause denial of service by disconnecting containers on shared infrastructure. This affects multi-tenant deployments using lxc-user-nic with OpenVSwitch bridges and is patched in LXC 7.0.0.

Authentication Bypass Denial Of Service Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

SQL injection in ProFTPD 1.3.9a and earlier allows remote attackers to execute arbitrary SQL commands when the 'UseReverseDNS on' configuration is enabled. The vulnerability exists in mod_wrap2_sql.c where attacker-controlled reverse DNS hostnames are passed unescaped into SQL queries during client access control checks. Exploitation complexity is high due to DNS character restrictions and specific configuration requirements. No active exploitation confirmed (not in CISA KEV), but upstream fix is available via GitHub commit 7666224. EPSS risk data not provided.

SQLi Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Worker process crashes occur in ModSecurity (libmodsecurity3) when processing query string parameters containing single characters through the t:hexDecode transformation function. Remote unauthenticated attackers can trigger repeated segmentation faults to disrupt web application firewall protection, though service automatically recovers once the attack ceases. All libmodsecurity3 versions before 3.0.15 are affected across Apache, IIS, and Nginx deployments. OWASP confirmed the vulnerability via GitHub security advisory GHSA-qrjc-3jpc-3h2g and released patch version 3.0.15 addressing this buffer overflow (CWE-125: Out-of-bounds Read).

Suse Denial Of Service Apache +4
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

HTTP request smuggling and RTSP request injection in Netty arise from incomplete input validation in DefaultHttpRequest and DefaultFullHttpRequest. When these objects are created with a safe URI and later modified via setUri() with attacker-controlled input, the setUri() method bypasses CRLF validation that is enforced in constructors. HttpRequestEncoder and RtspEncoder then serialize the malicious URI directly into request lines, allowing attackers to inject additional HTTP or RTSP requests. Vendor-released patches: 4.1.133.Final and 4.2.13.Final address the vulnerability by applying consistent validation in setUri().

Authentication Bypass Java Suse +1
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Heap-based buffer overflow in RedisBloom versions before 2.8.20 enables remote code execution via Redis RESTORE command when authenticated attackers supply malicious serialized payloads. The vulnerability stems from improper validation of deserialized data in the probabilistic data structures module. Exploitation requires Redis authentication and RESTORE command privileges (PR:L), with CVSS 7.7 rating reflecting the authentication requirement despite critical impact potential. No public exploit code or CISA KEV listing identified at time of analysis, though vendor has released security-focused patch 2.8.20.

Heap Overflow Redis RCE +2
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Remote code execution in RedisTimeSeries versions before 1.12.14 allows authenticated attackers with RESTORE command permissions to execute arbitrary code via crafted serialized payloads. The vulnerability stems from improper validation of data processed through Redis RESTORE command, enabling heap buffer overflow exploitation. Attackers with low-level privileges can achieve complete system compromise (CVSS 7.7, CVSS:4.0 High confidentiality/integrity/availability impact) through network-based attacks with high complexity. No public exploit code or active exploitation confirmed at time of analysis.

Heap Overflow Redis RCE +2
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Jupyter Server allows authenticated users to maintain indefinite access even after password changes due to persistent authentication cookie secrets stored in an unrotated file. An attacker who obtains a valid authentication cookie can continue using it to access the server with full privileges regardless of subsequent password resets or server restarts, affecting all Jupyter Server deployments using password authentication.

Information Disclosure Suse Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Misuse of the `__copy_user_nocache()` function in the Linux kernel's x86-64 subsystem - specifically within NTB driver code and several other drivers - causes STAC/CLAC (SMAP-disabling) instructions to execute during kernel-to-kernel memory copies where no user-space access is actually performed. This incorrect usage defeats the Supervisor Mode Access Prevention (SMAP) protection temporarily and, critically, attaches user-space exception handling semantics to pure kernel copies; if a machine check exception or memory fault occurs during this window, the kernel may not handle it gracefully, resulting in a kernel panic. The CVSS availability-high rating (A:H) reflects this crash potential for any local authenticated user able to trigger the affected driver paths. No public exploit has been identified at time of analysis, and EPSS probability is negligible at 0.02%.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Open redirect vulnerability in Jupyter Server through version 2.17.0 allows unauthenticated remote attackers to redirect users to arbitrary external domains via insufficiently validated next query parameters in the login flow, enabling phishing attacks. User interaction (clicking a crafted login link) is required. The vulnerability is fixed in version 2.18.0.

Open Redirect Suse Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Resource leak in the Linux kernel's Bluetooth hci_ll driver allows a local authenticated user to cause kernel memory exhaustion by repeatedly triggering an error path in download_firmware() where firmware objects allocated by request_firmware() are never released when their content is invalid. Systems equipped with Texas Instruments Bluetooth hardware (using the hci_ll driver) are affected across numerous stable kernel branches dating back to Linux 4.12. No public exploit exists and EPSS is 0.02% (7th percentile), classifying this as a low-urgency maintenance fix; patches are available across all actively maintained stable branches.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Repeated data loss occurs on Linux kernel systems using ext4 filesystems due to the `ext4_mb_find_by_goal()` function failing to skip corrupted block groups during block allocation. Affected kernels from commit 163a203ddb36 through multiple stable branches will continuously attempt to allocate blocks from a group flagged `EXT4_MB_GRP_BBITMAP_CORRUPT`, producing kernel error messages stating 'This should not happen!! Data will be lost' and causing permanent inode data loss. No public exploit has been identified and EPSS is 0.02%, but the availability impact is rated High; this is a resilience defect in ext4 error-handling that requires local access and pre-existing filesystem corruption to manifest.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Buffer-head reference leak in Linux kernel ext4 fast-commit replay (ext4_fc_replay_inode()) allows local authenticated users to exhaust kernel memory, resulting in denial of service. Four distinct error paths in the function skip the mandatory brelse() call on iloc.bh, and the function previously masked all errors by always returning 0. No public exploit identified at time of analysis; EPSS at 0.02% (7th percentile) reflects very low real-world exploitation probability and no CISA KEV listing corroborates the absence of observed active exploitation.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Availability impact in the Linux kernel's ext4 filesystem subsystem arises from improperly managed discard workqueue lifecycle during remount and unmount operations. When a filesystem mounted with `-o discard` is remounted with `-o nodiscard` and then immediately unmounted, pending `s_discard_work` workqueue items are neither cancelled nor flushed before superblock teardown, potentially causing the work callback to reference freed memory and crash the kernel. Patch commits are confirmed across multiple stable branches; EPSS is 0.02% (7th percentile) and no KEV listing or public exploit exists, indicating negligible real-world exploitation risk outside of automated fuzzer (syzkaller) scenarios.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.7
HIGH POC PATCH This Week

Unauthenticated remote denial-of-service in Phoenix Framework 1.7.0-1.7.21 and 1.8.0-1.8.5 allows attackers to crash Elixir BEAM nodes by sending multi-megabyte HTTP requests filled with newlines to the long-poll transport endpoint. A 1 MB payload of newline characters triggers allocation of approximately one million empty list elements, exhausting scheduler and memory resources. Session token required to trigger the vulnerability is obtainable via unauthenticated GET request, making exploitation trivial. Vendor-released patches (1.7.22, 1.8.6) enforce client-side batching limits. CVSS 8.7 (high availability impact) confirmed; no public exploit or CISA KEV listing identified at time of analysis.

Suse Denial Of Service
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

TX deadlock in the Linux kernel's 8250 serial UART driver permanently blocks DMA transmissions when a DMA transaction is terminated without its completion callback executing. Specifically, `dmaengine_terminate_async` does not guarantee that `__dma_tx_complete` runs, leaving `dma->tx_running` permanently set and preventing any subsequent TX DMA scheduling. This availability-only denial-of-service (CVSS A:H) requires local low-privileged access and only manifests on systems with 8250 UART hardware operating in DMA mode; no public exploit exists and no KEV listing is present.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel's netfilter nft_ct subsystem allows local authenticated attackers with low privileges to achieve code execution, privilege escalation, or denial of service. The vulnerability stems from stale references to conntrack zone templates, timeout policies, and helper objects in packets queued to nfqueue when these objects are removed. Exploitation probability is low (EPSS 0.02%, 7th percentile) with no active exploitation confirmed at time of analysis. Vendor-released patches available across multiple stable kernel branches (5.10.253, 5.15.203, 6.1.167, 6.6.130, 6.12.78, 6.18.20, 6.19.10, 7.0).

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Django 6.0 before 6.0.5 and 5.2 before 5.2.14 allow remote attackers to bypass the FILE_UPLOAD_MAX_MEMORY_SIZE limit by submitting ASGI requests with missing or understated Content-Length headers, potentially loading large files into memory and causing denial of service through resource exhaustion. No active exploitation confirmed, but the vulnerability requires only network access and no authentication, making it trivially exploitable once the bypass is understood.

Authentication Bypass Python Suse +1
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Uncontrolled resource consumption in Apache HTTP Server's mod_md module allows remote unauthenticated attackers to exhaust server resources via malformed OCSP response data, affecting versions 2.4.30 through 2.4.66. The vulnerability enables attackers to achieve confidentiality, integrity, and availability impacts with low complexity exploitation over the network. No active exploitation confirmed (not in CISA KEV), but the network-accessible attack surface and lack of authentication requirement make this a credible threat requiring prompt patching to version 2.4.67.

Denial Of Service Apache Suse +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Arbitrary file writing via directory traversal in Nix versions before 2.34.7 allows unauthenticated remote attackers to overwrite files on systems running vulnerable versions of nix-prefetch-url or nix store prefetch-file with the --unpack flag. The vulnerability exploits improper path validation during archive extraction, enabling an attacker to craft malicious packages that write to arbitrary filesystem locations when unpacked. CVSS 5.3 (AV:N/AC:L/PR:N/UI:N) reflects network-based exploitation without authentication, though real-world impact depends on file permissions and deployment context. No active exploitation has been confirmed in CISA KEV at time of analysis.

Path Traversal Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Stack-to-heap overflow in Nix and Lix daemon's NAR parser enables local privilege escalation to root in multi-user installations. Low-privileged users with daemon access can trigger unbounded recursion in the coroutine-based parser to overwrite heap memory and achieve arbitrary code execution as the Nix daemon (root), provided ASLR can be bypassed. Vulnerability affects Nix 2.24.4-2.34.6 and Lix 2.93.0-2.95.1, with vendor-confirmed patches released across multiple version branches. CVSS vector indicates local attack with high complexity but cross-scope privilege escalation, consistent with the EPSS score suggesting targeted exploitation scenarios rather than mass scanning.

RCE Suse
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Command injection in net-imap library allows attackers to inject arbitrary IMAP commands by supplying unvalidated user input to multiple methods that send raw, unescaped strings to the IMAP server. The #search, #uid_search, #fetch, #uid_fetch, #store, #uid_store, and #setquota methods accept string arguments that bypass normal validation and encoding, enabling CRLF injection to break command context. Applications that dynamically construct search criteria, fetch attributes, or quota limits from user input are at significant risk; a developer passing unsanitized input could allow an attacker to append malicious IMAP commands such as DELETE or other state-modifying operations.

Authentication Bypass Command Injection CSRF +1
NVD GitHub VulDB
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Denial of service in net-imap SCRAM-SHA1/SHA256 authentication allows a hostile IMAP server to freeze the entire Ruby VM by sending an arbitrarily large PBKDF2 iteration count, blocking all threads for several minutes due to the blocking nature of OpenSSL::KDF.pbkdf2_hmac and its retention of the Global VM Lock. Patched versions 0.4.24, 0.5.14, and 0.6.4 introduce a max_iterations parameter that users must explicitly configure to prevent exploitation.

Denial Of Service OpenSSL Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Authorization bypass in Docker Distribution Registry allows remote clients to delete image tags via the DELETE /v2/<name>/manifests/<tag> endpoint even when the operator has explicitly configured storage.delete.enabled: false. The tag deletion code path in registry/handlers/manifests.go bypasses the deletion authorization check present in digest-based manifest deletion, enabling attackers with network access to cause denial of service by removing tags and disrupting supply chain integrity of registries intended to be immutable.

Authentication Bypass Denial Of Service Docker +2
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Pillow's PDF parser enters an infinite loop when processing maliciously crafted PDF files with circular Prev pointer references in trailer sections, causing 100% CPU consumption and application hang. All versions from 4.2.0 through 12.1.x are affected. The vulnerability is a denial-of-service condition affecting any application using Pillow to parse untrusted PDFs. Vendor-released patch: version 12.2.0.

Denial Of Service Python Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Integer overflow in Pillow's font glyph processing allows remote code execution or denial of service when handling maliciously crafted fonts with extremely large glyph advance values. Pillow versions before 12.2.0 are affected. The vulnerability is triggered during font rendering operations where position tracking accumulates glyph advances without proper bounds checking, leading to wraparound arithmetic that can corrupt memory or crash the interpreter.

Integer Overflow Buffer Overflow Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Heap buffer overflow in Pillow 11.2.1 through 12.1.x allows local attackers to cause denial of service or potentially execute arbitrary code by passing deeply nested list structures as coordinates to ImagePath.Path, ImageDraw.polygon, or ImageDraw.line APIs, which recursively unpack coordinates beyond allocated buffer boundaries.

Heap Overflow Buffer Overflow Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Incus before version 7.0.0 allows authenticated users to exhaust host disk space through unbounded uploads via instance backup import, storage bucket import, storage volume backup import, and storage volume ISO import endpoints. The daemon streams HTTP request bodies directly into temporary files using io.Copy without enforcing maximum request size limits, enabling denial of service on the host system or shared storage in multi-tenant deployments. Public proof-of-concept code demonstrates sustained disk exhaustion by streaming null bytes through application/octet-stream endpoints.

Denial Of Service Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Denial of service in Incus daemon via nil pointer dereference when restoring backup archives with valid inline backup/index.yaml but malformed legacy backup/container/backup.yaml omitting the container section. An authenticated user with backup import permissions can crash the daemon by crafting a backup archive that passes preflight validation but triggers nil dereference during the restore phase after archive extraction. CVSS 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) - confirmed by 7asecurity with proof-of-concept test cases.

Denial Of Service Null Pointer Dereference Suse
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Incus versions up to 6.23.0 allow authenticated users to trigger denial of service by uploading crafted image or backup tarballs containing oversized YAML metadata files that consume excessive server memory during parsing. When metadata.yaml or backup/index.yaml entries declare large sizes in the tar header, the YAML decoder reads and allocates 5-6x the input size without limits, potentially exhausting memory on constrained daemons; a 200 MB YAML entry may trigger 1.2 GB of heap allocations. Vendor-released patch available in v7.0.0.

Denial Of Service Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Nil-pointer dereference in Incus daemon S3 storage bucket import allows authenticated users to crash the daemon by uploading a truncated or corrupted tar backup file. The TransferManager.UploadAllFiles function fails to handle non-EOF errors from tar parsing, causing a panic when hdr is nil. Vendor-released patch available in v7.0.0.

Denial Of Service Null Pointer Dereference Suse
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in Incus prior to version 7.0.0 allows authenticated users to crash the Incus daemon by importing a maliciously crafted backup archive with physical snapshot directories but tampered metadata arrays. The vulnerability stems from an incorrect bounds check (len(slice) >= i-1 instead of len(slice) > i) in the backup restore and migration code paths, enabling out-of-bounds array access that triggers a runtime panic. Repeated exploitation keeps the Incus service offline, confirmed by a publicly available proof-of-concept.

Denial Of Service Information Disclosure Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Nil-pointer dereference in Incus daemon's custom volume backup import logic allows authenticated users to crash the service by supplying a malformed backup archive containing null entries in the volume_snapshots array, enabling repeated denial of service attacks. The vulnerability exists in the CreateCustomVolumeFromBackup function which fails to validate snapshot pointers before dereferencing them during import operations. CVSS 6.5 (authenticated network access, high availability impact); no public exploit code or active exploitation reported at analysis time, but proof-of-concept demonstration included in advisory.

Null Pointer Dereference Denial Of Service Suse
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Nil-pointer dereference in Incus daemon's storage bucket import logic allows authenticated users to crash the daemon by submitting a malformed bucket backup archive with a missing config section in index.yaml, enabling denial of service through repeated exploitation. The vulnerability affects Incus versions prior to 7.0.0 and requires valid storage bucket feature access but no special privileges beyond authenticated user status.

Null Pointer Dereference Denial Of Service Python +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

goshs SimpleHTTPServer versions prior to 2.0.2 allow arbitrary file write via cross-origin PUT requests due to missing CSRF token validation on the PUT handler combined with permissive wildcard CORS headers. An attacker can trick a victim into visiting a malicious website which then writes arbitrary files to a goshs instance running on localhost or an internal network, bypassing network isolation protections. Publicly available exploit code exists, and the vulnerability affects all v2.x releases before 2.0.2 and all v1.x releases (no patch available for v1.x).

CSRF Suse
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Blind server-side request forgery in Incus allows authenticated users to trigger arbitrary HEAD requests to internal or external endpoints during image import preflight validation, bypassing the restricted.images.servers project restriction. While the actual image download is blocked by project policies, the preflight HEAD request executes before validation occurs, enabling attackers to probe internal services, cloud metadata endpoints, or unroutable address space reachable from the Incus host. No public exploit code identified at time of analysis, though proof-of-concept reproduction is documented in the advisory.

Debian SSRF Suse
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows remote unauthenticated attackers to bypass Digest authentication with high attack complexity. The vulnerability exploits measurable timing differences in digest credential validation, enabling credential compromise without valid authentication. Apache has released patched version 2.4.67; no active exploitation has been confirmed, but CISA SSVC framework indicates automatable exploitation is not feasible due to the timing attack's sensitivity requirements.

Suse Authentication Bypass Apache +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Null pointer dereference in mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows unauthenticated remote attackers to crash child processes in caching forward proxy configurations, resulting in denial of service. The vulnerability has CVSS 5.3 (medium) with network accessibility and no authentication required, but is limited to partial availability impact affecting only specific proxy deployments. Vendor-released patch: version 2.4.67.

Red Hat Suse Null Pointer Dereference +3
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

HTTP response splitting in Apache HTTP Server 2.4.0 through 2.4.66 allows remote attackers to inject arbitrary HTTP headers and content when the server acts as a proxy to untrusted or compromised backend servers, enabling cache poisoning, session fixation, and cross-site scripting attacks. CVSS 6.5 (moderate) with network attack vector, no authentication required, and confirmed automatable exploitation per CISA SSVC framework. Vendor-released patch: version 2.4.67.

Suse Apache Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out-of-bounds read in mod_proxy_ajp of Apache HTTP Server through version 2.4.66 allows remote unauthenticated attackers to disclose sensitive information via a crafted AJP protocol request. The vulnerability has a CVSS score of 5.3 (moderate) with no active exploitation confirmed. Upgrade to version 2.4.67 to remediate.

Red Hat Suse Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Improper null termination and out-of-bounds read vulnerability in Apache HTTP Server through version 2.4.66 allows remote unauthenticated attackers to trigger information disclosure with low complexity exploitation. The vulnerability has a CVSS score of 5.3 (medium) with network-accessible attack vector and no user interaction required, though technical impact is limited to confidentiality (partial information disclosure). Vendor-released patch: version 2.4.67 addresses the issue.

Red Hat Suse Apache +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Buffer over-read in Apache HTTP Server through 2.4.66 enables remote unauthenticated information disclosure at network scale. Attackers can read sensitive memory content without authentication or user interaction, achieving high confidentiality impact with low attack complexity. EPSS exploitation probability and KEV status not provided, but SSVC framework confirms the vulnerability is automatable with partial technical impact and no active exploitation detected at time of analysis. Patch released in version 2.4.67.

Red Hat Suse Apache +2
NVD VulDB GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap out-of-bounds read in Ollama's GGUF model loader (<0.17.1) leaks sensitive memory contents including API keys, environment variables, and concurrent user data when processing maliciously crafted model files. Attackers can trigger the vulnerability by uploading a GGUF file with tensor offsets exceeding file bounds via the unauthenticated /api/create endpoint, then exfiltrate leaked memory through /api/push to attacker-controlled registries. While default deployments bind to localhost only, the widely-adopted OLLAMA_HOST=0.0.0.0 configuration exposes instances to network exploitation. Vendor-released patch available in version 0.17.1 with GitHub commit 88d57d0483cca907e0b23a968c83627a20b21047 adding bounds validation to fs/ggml/gguf.go and server/quantization.go.

Information Disclosure Buffer Overflow Red Hat +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Local .htaccess authors can escalate privileges to read arbitrary files as the httpd daemon user in Apache HTTP Server 2.4.66 and earlier. The vulnerability requires low-privilege authenticated access to create or modify .htaccess files, but exploits misconfigured module interactions to bypass intended access controls. Apache has released version 2.4.67 to address this issue. SSVC assessment indicates no active exploitation and non-automatable attack vector, with EPSS data not yet available for this recent disclosure.

Privilege Escalation Apache Suse +2
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Out-of-bounds read in GoBGP BMP parser allows remote attackers to trigger information disclosure via malformed BMP messages to the BMPPeerUpNotification.ParseBody and BMPStatisticsReport.ParseBody functions. Affected versions are up to 4.3.0; patch available in version 4.4.0. CVSS 6.9 reflects availability impact. No public exploit code or active exploitation has been identified.

Information Disclosure Buffer Overflow Red Hat +1
NVD VulDB GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Denial of service in osrg GoBGP up to version 4.3.0 allows remote attackers to trigger an infinite loop via malformed SRv6 L3 Service attributes in BGP packets. The vulnerability exists in the SRv6L3ServiceAttribute.DecodeFromBytes function, which incorrectly advances a loop variable when processing unknown sub-TLV types, causing the parser to never exit the loop and exhaust system resources. Vendor-released patch available in version 4.4.0.

Denial Of Service Suse
NVD VulDB GitHub
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Velociraptor server versions before 0.76.4 are vulnerable to denial of service via resource exhaustion when a compromised or rogue client sends specially crafted messages through the agent control channel, causing out-of-memory conditions and server crashes. The vulnerability requires authenticated client access but can be triggered by any authenticated agent, making it a realistic threat in environments where client integrity cannot be guaranteed. CVSS score of 4.9 reflects high privileges required (PR:H) but complete availability impact.

Denial Of Service Suse
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Command injection in Caesium Image Compressor (all versions through commit 02da2c6) allows local authenticated attackers to execute arbitrary OS commands via unsanitized input to shutdownMachine and putMachineToSleep functions in PostCompressionActions.cpp. The vulnerable code uses system() calls without input validation, enabling shell metacharacter injection during post-compression power management operations. Patch available via GitHub PR #376 replacing system() with QProcess::startDetached(). EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability. No evidence of active exploitation or public POC beyond the researcher's advisory.

Command Injection RCE Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote attackers can crash GoBGP v4.3.0 by sending a malformed BGP UPDATE message that triggers an out-of-bounds read in IPv6 extended community parsing. The flaw allows unauthenticated denial of service against default configurations with no authentication required (CVSS AV:N/AC:L/PR:N/UI:N). No public exploit identified at time of analysis, and EPSS score of 0.02% (4th percentile) indicates very low observed exploitation probability. Upstream fixes available via GitHub commits 362cce3e and 9ce8936.

Denial Of Service Information Disclosure Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Missing input validation in FRRouting stable/10.0 through 10.6 allows authenticated BGP peers to trigger a Denial of Service by sending a crafted UPDATE message with invalid martian addresses in the MP_REACH_NLRI component. An authenticated attacker can crash or severely degrade the BGP routing daemon by exploiting insufficient validation of next-hop addresses, with an EPSS score of 0.02% indicating low real-world exploitation probability despite moderate CVSS scoring.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Wireshark 4.6.0 through 4.6.4 crashes when processing malformed IEEE 802.11 frames due to a null pointer dereference in the protocol dissector. An attacker can trigger denial of service by crafting or replaying a specially malformed wireless packet that causes the dissector to crash when analyzed, rendering packet analysis impossible until the application restarts. CVSS score 5.5 reflects local attack vector with user interaction required; no public exploit code has been identified at time of analysis.

Null Pointer Dereference Denial Of Service Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Local denial-of-service in the Linux kernel's vidtv virtual DVB media driver allows an authenticated local user to crash the kernel via a NULL pointer dereference triggered by uninitialized struct fields in vidtv_ts_null_write_into() and vidtv_ts_pcr_write_into(). Affected kernel versions span from commit f90cf6079bf6 across multiple stable branches through Linux 5.10, with fixes backported to 6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0.1, and 7.1-rc1. No public exploit identified at time of analysis, EPSS is 0.02% (7th percentile), and this CVE is not listed in the CISA KEV catalog, reflecting its low real-world exploitation likelihood.

Linux Null Pointer Dereference Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Heap-based buffer overflow in hashcat 7.1.2 enables remote code execution or denial of service through maliciously crafted PKZIP hash files. Attackers can exploit inadequate input validation in the hex_to_binary function affecting PKZIP hash parser modules (17200, 17210, 17220, 17225, 17230) to overflow fixed-size buffers with arbitrary hex data. CVSS 9.8 reflects network-accessible attack vector requiring no authentication or user interaction, though real-world exploitation requires victim to process attacker-supplied hash files. EPSS data not available; no CISA KEV listing indicates no confirmed widespread exploitation. Public proof-of-concept exists (GitHub Gist), elevating exploitation risk for environments processing untrusted hash files.

RCE Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Heap-based buffer overflow in hashcat 7.1.2's Kerberos hash parser enables remote code execution without authentication. Attacker supplies a maliciously crafted Kerberos hash file with manipulated delimiter positions to overflow the fixed-size account_info buffer during memcpy operations in module_hash_decode. The vulnerability affects multiple Kerberos-related hashcat modules due to missing upper-bound validation on account_info_len before memory copy. CVSS 9.8 with network attack vector, but real-world exploitation requires user processing the malicious file. EPSS data not available; no active exploitation confirmed in CISA KEV at time of analysis.

RCE Denial Of Service Buffer Overflow +2
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Stack-based buffer overflow in hashcat 7.1.2's rule processing functions enables remote code execution when processing password candidates of 128+ characters. The vulnerability stems from inadequate bounds checking in mangle_to_hex_lower() and mangle_to_hex_upper() functions that fail to account for 2x memory expansion during byte-to-hex conversion. CVSS 9.8 (critical) with network attack vector and no authentication required. Public proof-of-concept code available via GitHub gist. No CISA KEV listing suggests targeted rather than widespread exploitation despite theoretical network exploitability.

RCE Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Integrity verification bypass in Linux kernel crypto subsystem's Kerberos 5 encryption module allows remote unauthenticated attackers to bypass cryptographic hash checks when asynchronous decryption completes. The vulnerability stems from incorrect callback chaining that skips krb5enc_dispatch_decrypt_hash() verification entirely during async operations. Exploitation likelihood is low (EPSS 2%, percentile 4%) despite high CVSS severity, though EUVD classifies this as an authentication bypass affecting Linux 6.15+ with patches available for stable branches 6.18.25, 7.0.2, and mainline 7.1-rc1.

Red Hat Suse Authentication Bypass +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory leak in f2fs_rename() function allows local authenticated attackers to cause denial of service through repeated file rename operations. The vulnerability exists in the f2fs filesystem implementation when handling SELinux label initialization during whiteout file creation, due to a missing f2fs_free_filename() call introduced in commit 40b2d55e0452. Vendor patches are available for Linux 6.6.136, 6.12.84, 6.18.25, 7.0.2, and 7.1-rc1.

Red Hat Suse Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason (error, crash) while processing FUSE_INIT, the filesystem creation will hang. The reason is that while all other threads will exit, the mounting thread (or process) will keep the device fd open, which will prevent an abort from happening. This is a regression from the async mount case, where the mount was done first, and the FUSE_INIT processing afterwards, in which case there's no such recursive syscall keeping the fd open.

Red Hat Suse Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix dir separator in SMB1 UNIX mounts When calling cifs_mount_get_tcon() with SMB1 UNIX mounts, @cifs_sb->mnt_cifs_flags needs to be read or updated only after calling reset_cifs_unix_caps(), otherwise it might end up with missing CIFS_MOUNT_POSIXACL and CIFS_MOUNT_POSIX_PATHS bits. This fixes the wrong dir separator used in paths caused by the missing CIFS_MOUNT_POSIX_PATHS bit in cifs_sb_info::mnt_cifs_flags.

Red Hat Suse Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Integer overflow in Linux kernel's ksmbd (SMB server) allows local authenticated attackers to bypass size validation and trigger memory corruption via crafted daemon responses. The vulnerability affects three IPC message handlers that fail to detect arithmetic overflow when computing expected message sizes from attacker-controlled fields (payload_sz, ngroups), enabling out-of-bounds memcpy operations. Vendor patches available for affected 5.15+ kernels. EPSS score 0.02% (5th percentile) indicates low observed exploitation probability. No CISA KEV listing or public exploit identified at time of analysis.

Red Hat Suse Memory Corruption +2
NVD VulDB
Prev Page 24 of 104 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy