Skip to main content

Suse

9341 CVEs vendor

Monthly

CVE-2026-5886 MEDIUM PATCH This Month

Out-of-bounds read in Google Chrome WebAudio (Mac) prior to version 147.0.7727.55 enables remote information disclosure via crafted HTML. Unauthenticated network-based attacker can extract sensitive process memory without user interaction. CVSS 7.5 (High confidentiality impact). No public exploit identified at time of analysis. Low observed exploitation activity (EPSS <1%). Patch available from vendor.

Information Disclosure Google Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-5885 MEDIUM PATCH This Month

Memory disclosure in Google Chrome on Windows prior to version 147.0.7727.55 allows remote attackers to extract sensitive information from process memory by delivering a crafted HTML page through WebML parsing. The vulnerability stems from insufficient input validation in the WebML component and requires user interaction (visiting a malicious page), making it a moderate-risk information disclosure affecting a ubiquitous browser platform.

Information Disclosure Google Microsoft Red Hat Suse +1
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-5884 HIGH PATCH This Week

Remote code execution in Google Chrome prior to 147.0.7727.55 allows attackers to escape renderer sandbox via malicious HTML page. A remote attacker who has already compromised the renderer process can achieve arbitrary code execution within the sandbox through insufficient input validation in Chrome's Media component. Requires user interaction (visiting crafted page). EPSS score of 0.05% (16th percentile) indicates low observed exploitation probability; no confirmed active exploitation (not in CISA KEV). Vendor patch released in Chrome 147.0.7727.55.

Google RCE Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-5882 MEDIUM PATCH This Month

UI spoofing in Google Chrome fullscreen mode prior to version 147.0.7727.55 allows remote attackers to deceive users with crafted HTML pages displaying fake security UI elements, potentially leading to credential theft or malware distribution through trusted-looking interface impersonation. The vulnerability requires user interaction (clicking/navigating to the malicious page) but poses moderate integrity risk due to the deceptive nature of fullscreen UI manipulation. No active exploitation has been confirmed, though the attack vector is straightforward for mass phishing campaigns.

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-5881 MEDIUM PATCH This Month

Google Chrome versions prior to 147.0.7727.55 contain a policy bypass vulnerability in the LocalNetworkAccess feature that allows remote attackers to circumvent navigation restrictions by delivering a crafted HTML page. An unauthenticated attacker requires only user interaction (clicking or viewing the malicious page) to trigger the bypass, resulting in integrity compromise of network access policies. EPSS exploitation probability is low at 0.02%, and no public exploit code or active exploitation has been reported.

Authentication Bypass Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-5880 MEDIUM PATCH This Month

Omnibox spoofing in Google Chrome prior to 147.0.7727.55 allows remote attackers with a compromised renderer process to spoof the URL bar contents via crafted HTML, deceiving users about the actual page origin. The vulnerability requires renderer process compromise (post-sandbox-escape condition) and user interaction, limiting real-world exploitation to multi-stage attacks. Patch available in Chrome 147.0.7727.55 and later; EPSS score of 0.03% reflects low autonomous exploitation likelihood despite medium CVSS rating.

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-5878 MEDIUM PATCH This Month

UI spoofing via incorrect security UI rendering in Google Chrome's Blink engine allows remote attackers to deceive users into trusting malicious content through crafted HTML pages, affecting Chrome versions prior to 147.0.7727.55. The attack requires user interaction (clicking or viewing the malicious page) but no authentication. While assigned Medium severity by Google and carrying low EPSS exploitation probability (0.03%, 10th percentile), the integrity impact centers on user trust and phishing enablement rather than code execution.

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-5877 HIGH PATCH This Week

Remote code execution within Chrome's sandbox affects all versions prior to 147.0.7727.55 through a use-after-free vulnerability in the browser's navigation component. Remote attackers can execute arbitrary code by delivering a specially crafted HTML page that triggers memory corruption when a user visits the malicious site. EPSS probability of 0.04% indicates low observed exploitation activity, and no CISA KEV listing confirms this is not confirmed actively exploited at time of analysis. Google has released patches in Chrome 147.0.7727.55.

Denial Of Service RCE Google Memory Corruption Use After Free +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5876 MEDIUM PATCH This Month

Side-channel information leakage in Google Chrome's Navigation feature prior to version 147.0.7727.55 allows unauthenticated remote attackers to extract cross-origin data by serving a crafted HTML page. The vulnerability requires user interaction (clicking or navigating to a malicious page) but successfully bypasses same-origin policy protections, exposing sensitive information from different origins. With an EPSS score of 0.03% (10th percentile) indicating very low real-world exploitation probability, this represents a medium-severity information disclosure risk appropriate for routine patching rather than emergency mitigation.

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-5875 MEDIUM PATCH This Month

UI spoofing via policy bypass in Blink rendering engine in Google Chrome prior to version 147.0.7727.55 allows remote attackers to deceive users through crafted HTML pages. The vulnerability requires user interaction (clicking or viewing) but needs no authentication, affecting all Chrome users on unpatched versions. Chromium security team rated this as Medium severity; EPSS score of 0.02% indicates low real-world exploitation probability despite public disclosure.

Google Authentication Bypass Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-5874 CRITICAL PATCH Act Now

Use-after-free vulnerability in Google Chrome's PrivateAI component (versions prior to 147.0.7727.55) enables sandbox escape when remote attackers socially engineer victims into performing specific UI interactions with malicious HTML pages. Exploitation requires user engagement with attacker-controlled content but no authentication. CVSS 9.6 critical severity reflects potential for complete compromise of confidentiality, integrity, and availability with scope change indicating sandbox boundary violation. No public exploit identified at time of analysis; low observed exploitation activity (EPSS 0.03%).

Denial Of Service Memory Corruption Google Use After Free Red Hat +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-5873 HIGH PATCH This Week

Remote code execution in Google Chrome prior to 147.0.7727.55 allows attackers to execute arbitrary code within the browser sandbox through crafted HTML pages exploiting out-of-bounds read/write conditions in the V8 JavaScript engine. User interaction (visiting a malicious page) is required, but no authentication is needed. With CVSS 8.8 and low EPSS (0.04%, 11th percentile), this represents a high-severity browser vulnerability with limited observed real-world exploitation activity. Patch available in Chrome 147.0.7727.55. No public exploit identified at time of analysis.

RCE Google Information Disclosure Buffer Overflow Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5872 HIGH PATCH This Week

Remote code execution in Google Chrome's Blink rendering engine (versions prior to 147.0.7727.55) allows unauthenticated attackers to execute arbitrary code within Chrome's sandbox by delivering a malicious HTML page that triggers a use-after-free vulnerability. While rated High severity (CVSS 8.8) due to complete confidentiality/integrity/availability impact, EPSS scoring places exploitation probability at only 4% (11th percentile), indicating low observed targeting in the wild. No confirmed active exploitation (not in CISA KEV) and no public proof-of-concept identified at time of analysis. Vendor-released patch available in Chrome 147.0.7727.55.

Memory Corruption Denial Of Service Use After Free RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5871 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 147.0.7727.55 allows unauthenticated attackers to execute arbitrary code within the browser sandbox via a maliciously crafted HTML page exploiting a type confusion vulnerability in the V8 JavaScript engine. With CVSS 8.8 (High), network-based attack vector requiring only user interaction, and available vendor patch, this represents a significant but contained threat. EPSS score of 0.04% (11th percentile) indicates low observed exploitation probability, and no active exploitation or public POC is identified at time of analysis. The sandbox containment limits initial impact severity compared to full system compromise.

Memory Corruption Google RCE Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5870 HIGH PATCH This Week

Remote code execution in Google Chrome's Skia graphics library (versions prior to 147.0.7727.55) allows remote attackers to execute arbitrary code within the browser's sandbox via specially crafted HTML pages exploiting an integer overflow vulnerability. Google patched this high-severity flaw in Chrome 147.0.7727.55 released April 2026. No active exploitation confirmed (not on CISA KEV), with low EPSS score (0.04%, 11th percentile) indicating minimal observed exploitation activity. Exploitation requires user interaction (visiting malicious webpage) but no authentication, making it viable for drive-by attacks against unpatched Chrome installations.

Google RCE Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5869 MEDIUM PATCH This Month

Heap buffer overflow in WebML (a web markup language component) in Google Chrome prior to version 147.0.7727.55 allows remote attackers to obtain potentially sensitive information from process memory by serving a crafted HTML page. The vulnerability requires no user authentication and can be triggered through normal web browsing, though exploitation has a low probability (EPSS 0.03%) and no public exploit code has been identified.

Google Buffer Overflow Heap Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-5868 HIGH PATCH This Week

Arbitrary code execution in Google Chrome for macOS versions prior to 147.0.7727.55 occurs via heap buffer overflow in the ANGLE graphics layer when processing malicious HTML pages. Remote attackers can achieve full compromise of confidentiality, integrity, and availability within Chrome's sandbox by exploiting this CWE-122 heap overflow with low attack complexity and no authentication. EPSS probability is low (0.03%, 10th percentile) with no public exploit identified at time of analysis, indicating limited observed exploitation activity despite the high CVSS score of 8.8.

RCE Google Buffer Overflow Heap Overflow Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5866 HIGH PATCH This Week

Remote code execution in Google Chrome Media component (versions prior to 147.0.7727.55) enables unauthenticated attackers to execute arbitrary code within Chrome's sandbox via specially crafted HTML pages. Exploitation requires user interaction to visit a malicious site. The use-after-free memory corruption vulnerability achieves high confidentiality, integrity, and availability impact within the sandboxed environment. No public exploit identified at time of analysis.

Google RCE Memory Corruption Denial Of Service Use After Free +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5864 MEDIUM PATCH This Month

Heap buffer overflow in Google Chrome's WebAudio component prior to version 147.0.7727.55 allows unauthenticated remote attackers to read sensitive information from process memory by serving a crafted HTML page. The vulnerability has a CVSS score of 6.5 and EPSS probability of 0.03% (8th percentile), indicating low real-world exploitation likelihood despite the network attack vector and lack of user interaction requirements. Vendor-released patch is available.

Google Buffer Overflow Heap Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-5862 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 147.0.7727.55 allows unauthenticated attackers to execute arbitrary code within the browser's sandbox through a crafted HTML page exploiting an inappropriate implementation in the V8 JavaScript engine. User interaction is required (visiting a malicious webpage). No public exploit identified at time of analysis, with EPSS exploitation probability at 0.04% (11th percentile), indicating low observed attacker interest despite high CVSS severity.

Google RCE Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5861 HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine (versions prior to 147.0.7727.55) allows unauthenticated remote attackers to execute arbitrary code within the sandbox by exploiting a use-after-free memory corruption vulnerability through a malicious HTML page. User interaction (visiting a crafted website) is required. No public exploit identified at time of analysis, with EPSS probability at 4% (11th percentile), indicating relatively low immediate exploitation risk despite high CVSS severity.

Memory Corruption Denial Of Service Use After Free RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5859 HIGH PATCH This Week

Integer overflow in Google Chrome's WebML component (versions prior to 147.0.7727.55) enables remote attackers to trigger heap corruption via malicious HTML pages, requiring only user interaction to visit a crafted website. The vendor-assigned severity is Critical, though EPSS indicates only 0.03% probability of exploitation in the wild (9th percentile), and no public exploit identified at time of analysis. Patch available in Chrome 147.0.7727.55 and later.

Google Buffer Overflow Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5858 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 147.0.7727.55 allows unauthenticated attackers to execute arbitrary code by exploiting a heap buffer overflow in the WebML component through specially crafted HTML pages. The vulnerability requires user interaction (visiting a malicious page) but presents critical risk with high impact to confidentiality, integrity, and availability. EPSS score of 0.03% (9th percentile) indicates low probability of imminent exploitation in the wild, with no public exploit identified at time of analysis and no CISA KEV listing confirming active exploitation.

RCE Google Buffer Overflow Heap Overflow Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-39860 CRITICAL POC PATCH Act Now

Local privilege escalation in Nix package manager daemon (versions prior to 2.34.5/2.33.4/2.32.7/2.31.4/2.30.4/2.29.3/2.28.6) allows unprivileged users to gain root access in multi-user Linux installations. Incomplete fix for CVE-2024-27297 permits symlink attacks during fixed-output derivation registration, enabling arbitrary file overwrites as root. Attackers exploit sandboxed build registration by placing symlinks in temporary output paths, causing the daemon to follow symlinks and overwrite sensitive system files with controlled content. Affects default configurations where all users can submit builds. No public exploit identified at time of analysis.

Information Disclosure Apple Suse
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%
CVE-2026-5302 MEDIUM PATCH This Month

CORS misconfiguration in CoolerControl coolercontrold versions 2.0.0 through 3.x allows unauthenticated remote attackers to read sensitive data and send control commands to the service by exploiting browser-based cross-origin requests from malicious websites. The vulnerability requires user interaction (UI:R) but grants attackers capability to leak information and manipulate daemon operations with a CVSS score of 6.3 (medium).

Cors Misconfiguration Information Disclosure Suse
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2026-5300 MEDIUM PATCH This Month

CoolerControl's coolercontrold daemon versions before 4.0.0 lack proper authentication controls, allowing unauthenticated local attackers to view and modify sensitive system data through unprotected HTTP API endpoints. The vulnerability affects coolercontrold 0.14.0 through 3.x, with CVSS 5.9 reflecting local attack vector and low-complexity exploitation; no public exploit code or active KEV status identified at time of analysis.

Authentication Bypass Information Disclosure Suse
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-5301 HIGH PATCH This Week

Remote stored cross-site scripting in CoolerControl UI's log viewer (versions 2.0.0 through 3.x) enables complete service compromise when administrators view poisoned log entries. GitLab-reported vulnerability affects coolercontrol-ui versions before 4.0.0. Attack requires user interaction (administrator must view logs) but no authentication to inject payload. EPSS score of 0.02% (5th percentile) indicates very low observed exploitation probability. No public exploit identified at time of analysis, not listed in CISA KEV.

XSS Suse
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-5208 HIGH PATCH This Week

Command injection in CoolerControl daemon (coolercontrold) versions prior to 4.0.0 allows high-privileged local attackers to escalate privileges to root by embedding malicious bash commands in alert configuration names. The vulnerability enables authenticated administrators to execute arbitrary system commands with root privileges through the alert management interface. EPSS score of 0.05% (17th percentile) indicates low current exploitation probability, with no active exploitation confirmed and CISA SSVC assessment marking exploitation status as 'none' and automatable as 'no'.

Command Injection RCE Suse
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-32281 Go HIGH PATCH This Week

Algorithmic complexity denial of service in Go's crypto/x509 library allows remote attackers to cause resource exhaustion via certificate chains containing excessive policy mappings. Affects Go versions <1.25.9 and 1.26.0-1.26.1. Attack requires no authentication (CVSS AV:N/PR:N) but targets only otherwise-trusted certificate chains from roots in the system or configured trust store. EPSS score 0.01% indicates minimal observed exploitation probability. No active exploitation confirmed (not in CI

Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-32288 Go MEDIUM PATCH This Month

Denial of service via unbounded memory allocation in Go's archive/tar package when parsing maliciously-crafted tar archives containing many sparse regions in old GNU sparse map format. Affects Go standard library versions prior to 1.25.9 and 1.26.2. Local attackers with user interaction can exhaust system memory, crashing applications that process untrusted tar files. No public exploit code identified; EPSS score of 0.01% indicates very low exploitation probability despite moderate CVSS severity.

Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-27143 Go CRITICAL PATCH NEWS Act Now

Integer overflow in Go compiler's loop optimization (cmd/compile 1.25.x < 1.25.9, 1.26.x < 1.26.2) allows remote code execution through crafted source code that triggers invalid array indexing at runtime. Attack vector is network-accessible (AV:N) with no authentication required (PR:N), enabling attackers to compile malicious Go programs that exploit compiler-generated memory corruption vulnerabilities. EPSS score of 0.01% (1st percentile) indicates low observed exploitation probability despite

Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-27144 Go HIGH PATCH This Week

Memory corruption in Go compiler cmd/compile versions before 1.25.9 and 1.26.0-1.26.1 allows local authenticated attackers to achieve integrity compromise and denial of service. A flaw in pointer unwrapping logic during memory move operations causes the compiler to incorrectly assess overlapping memory regions, potentially corrupting compiled binaries. EPSS score of 0.01% indicates minimal real-world exploitation probability, and no public exploit or active exploitation (non-KEV) has been identified at time of analysis.

Buffer Overflow Memory Corruption Red Hat Suse
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-32289 Go MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Go's html/template package allows incorrect escaping of template actions within JavaScript template literals, enabling attackers to inject malicious scripts when template branches and brace-depth tracking are mishandled. Affects html/template versions prior to 1.26.2 and 1.25.9. The vulnerability requires user interaction (UI:R) and is not actively exploited based on available intelligence, though the low EPSS score (0.01%) indicates minimal real-world exploitation likelihood despite the network-accessible attack vector.

XSS Red Hat Suse
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-32282 Go MEDIUM PATCH This Month

Time-of-check-time-of-use (TOCTOU) race condition in Go's internal/syscall/unix Root.Chmod allows local privileged attackers to modify file permissions on targets outside the intended root filesystem boundary. By replacing the target with a symlink between the permission check and the actual chmod operation, attackers can exploit the Linux fchmodat syscall's behavior of silently ignoring AT_SYMLINK_NOFOLLOW to modify arbitrary files outside the restricted root. Exploitation requires high privileges and precise timing; EPSS score of 0.01% indicates minimal real-world exploitation probability despite moderate CVSS severity.

Information Disclosure Red Hat Suse
NVD VulDB HeroDevs
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-34079 HIGH PATCH This Week

Arbitrary file deletion in Flatpak versions prior to 1.16.4 allows sandboxed applications to delete files on the host system via path traversal during ld.so cache cleanup. The vulnerability stems from improper validation of application-controlled paths when removing outdated cache files, enabling applications to escape sandbox constraints and delete arbitrary host files. No active exploitation or public exploit code is confirmed at time of analysis, though the technical barrier is low given the CVSS vector shows network-accessible attack with low complexity and no authentication required.

Path Traversal Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-35406 Cargo MEDIUM PATCH GHSA This Month

Aardvark-dns enters an unrecoverable infinite error loop consuming 100% CPU when processing a truncated TCP DNS query followed by a connection reset, causing denial of service to DNS resolution services. The vulnerability affects the aardvark-dns container DNS service and requires local network access to trigger. No public exploit code or active exploitation has been identified, but the trivial attack vector (malformed DNS packets) and high CPU impact make this a practical denial-of-service risk for containerized deployments.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-39395 Go MEDIUM PATCH GHSA This Month

Cosign verify-blob-attestation incorrectly validates attestation signatures and predicate types in versions before 3.0.6 and 2.6.3, allowing remote attackers to bypass integrity verification by submitting malformed attestations or mismatched predicate types that are falsely reported as verified. The vulnerability affects container and binary code signing workflows where attestation integrity is critical for supply chain security.

Authentication Bypass Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-39373 PyPI MEDIUM PATCH GHSA This Month

Memory exhaustion in JWCrypto before 1.5.7 allows unauthenticated remote attackers to cause denial of service on memory-constrained systems by sending crafted JWE tokens with ZIP compression that decompress to approximately 100MB despite remaining under the 250KB input size limit. The vulnerability exploits incomplete validation in the upstream CVE-2024-28102 patch, which restricted input token size but failed to enforce decompressed output limits.

Information Disclosure Python Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-39324 Ruby CRITICAL PATCH GHSA Act Now

Session authentication bypass in Rack::Session::Cookie 2.0.0 through 2.1.1 allows unauthenticated remote attackers to forge valid session cookies and gain unauthorized access. When configured with secrets, the implementation incorrectly falls back to a default decoder on decryption failures rather than rejecting malformed cookies, enabling attackers to manipulate session state without any secret knowledge. CVSS 9.3 (Critical) with network attack vector, low complexity, and no privileges required. No public exploit or active exploitation (CISA KEV) identified at time of analysis, though the simplicity of the attack vector (AC:L, PR:N) suggests exploitation is straightforward once the vulnerability is understood.

Authentication Bypass Suse
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-39316 MEDIUM PATCH This Month

Local denial of service and potential remote code execution in OpenPrinting CUPS 2.4.16 and prior occurs when the scheduler (cupsd) deletes temporary printers without expiring associated subscriptions, leaving dangling pointers in memory that are subsequently dereferenced. An unauthenticated local attacker can crash the cupsd daemon or, with heap grooming techniques, achieve arbitrary code execution on systems running affected CUPS versions.

Denial Of Service Use After Free RCE Memory Corruption Red Hat +1
NVD GitHub VulDB
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-39314 MEDIUM PATCH This Month

Denial of service in OpenPrinting CUPS 2.4.16 and prior allows unprivileged local users to crash the cupsd root process via integer underflow in _ppdCreateFromIPP() by supplying a negative job-password-supported IPP attribute, which wraps to a large size_t value and triggers a stack buffer overflow in memset(). When combined with systemd's automatic restart mechanism, an attacker can sustain repeated crashes without requiring elevated privileges or user interaction.

Denial Of Service Integer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-35611 Ruby HIGH PATCH GHSA This Week

Regular expression denial of service (ReDoS) in the Addressable Ruby library versions 2.3.0 through 2.8.x allows unauthenticated remote attackers to cause application-level denial of service through maliciously crafted URIs that trigger catastrophic backtracking in URI template expansion. The vulnerability affects URI templates using explode modifiers (e.g., {foo*}, {+var*}) and multi-variable templates with + or # operators (e.g., {+v1,v2,v3}), generating O(2^n) and O(n^k) complexity regex patterns respectively. EPSS exploitation probability and KEV status data not available; no public exploit identified at time of analysis. Vendor-released patch: version 2.9.0.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-35580 Maven CRITICAL PATCH GHSA Act Now

Shell command injection in Emissary workflow engine below version 8.39.0 allows high-privileged attackers with repository write access to execute arbitrary commands via GitHub Actions workflow_dispatch inputs. Attackers exploit unsanitized ${{ }} expression syntax in workflow files to inject malicious shell commands, enabling repository poisoning and supply chain attacks affecting downstream users. CVSS 9.1 (Critical) with Changed scope indicates potential to compromise beyond the vulnerable component. No public exploit code or CISA KEV listing identified at time of analysis, though exploitation requires only repository write access with low attack complexity.

Command Injection Suse
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-33034 PyPI HIGH PATCH GHSA This Week

Unbounded memory consumption in Django ASGI applications allows unauthenticated remote attackers to bypass DATA_UPLOAD_MAX_MEMORY_SIZE protections via malformed Content-Length headers, leading to denial of service. Affects Django 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. CVSS 7.5 (High) with network-accessible, low-complexity attack vector requiring no privileges. EPSS data not available; no public exploit identified at time of analysis. Vendor patches released April 2026 across all affected major branches.

Denial Of Service Python Red Hat Suse
NVD VulDB HeroDevs
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33033 PyPI MEDIUM POC PATCH GHSA This Month

Django's MultiPartParser allows authenticated remote attackers to cause denial of service through performance degradation by submitting multipart uploads with Content-Transfer-Encoding: base64 and excessive whitespace. Affected versions include Django 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30, with unsupported series 5.0.x, 4.1.x, and 3.2.x potentially also vulnerable. The vulnerability has a CVSS 6.5 score reflecting high availability impact but requires authentication (PR:L) and is not actively exploited or publicly weaponized at analysis time.

Python Information Disclosure Red Hat Suse
NVD GitHub VulDB HeroDevs
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-4277 PyPI CRITICAL PATCH GHSA Act Now

Unauthenticated attackers can bypass add permissions in Django GenericInlineModelAdmin (versions 6.0 <6.0.4, 5.2 <5.2.13, 4.2 <4.2.30) by submitting forged POST data to inline model forms. Permission checks fail to validate creation rights on inline model instances, enabling unauthorized database record insertion with network access alone. CVSS 9.8 critical severity reflects complete confidentiality, integrity, and availability impact. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.01%).

Authentication Bypass Python Red Hat Suse
NVD VulDB HeroDevs
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-3902 PyPI HIGH PATCH GHSA This Week

Header spoofing in Django 4.2 through 6.0 allows remote attackers to bypass security controls by exploiting ambiguous ASGI header normalization. The ASGIRequest handler incorrectly maps both hyphenated and underscored header variants to the same underscored version, enabling attackers to send conflicting headers where the malicious version overwrites legitimate security headers. Affects Django 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. No public exploit identified at time of analysis. EPSS data not available, but the unauthenticated network attack vector and high integrity impact warrant immediate patching.

Python Authentication Bypass Red Hat Suse
NVD VulDB HeroDevs
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-35554 Maven HIGH PATCH GHSA This Week

Buffer use-after-free in Apache Kafka Java producer client (versions ≤3.9.1, ≤4.0.1, ≤4.1.1) can silently route messages to incorrect topics when batch expiration races with in-flight network requests. CVSS 8.7 (High) with network-accessible attack vector and high complexity. CISA SSVC indicates no active exploitation, non-automatable attack, and partial technical impact. No public exploit identified at time of analysis. EPSS data not provided, but the combination of high CVSS, cross-scope impact (S:C), and dual confidentiality/integrity impact warrants prioritization for environments processing sensitive message streams.

Information Disclosure Memory Corruption Apache Use After Free Deserialization +3
NVD HeroDevs
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-35480 Go MEDIUM PATCH GHSA This Month

Denial-of-service vulnerability in go-ipld-prime DAG-CBOR decoder allows remote attackers to cause excessive memory allocation through CBOR headers declaring arbitrarily large collection sizes without preallocation caps. A malicious payload under 100 bytes with nested structures can trigger over 9GB of memory allocation, crashing applications using the library. The vulnerability affects all versions prior to v0.22.0, and while no confirmed active exploitation has been reported, the attack requires only unauthenticated network access and minimal attacker resources.

Denial Of Service Suse
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-35444 HIGH PATCH This Week

Heap out-of-bounds read in SDL_image library's XCF format parser allows remote information disclosure when processing malicious GIMP files. Attackers can craft .xcf files with undersized colormaps and invalid pixel indices to leak up to 762 bytes of heap memory into rendered image data, potentially exposing sensitive process memory. The vulnerability affects both indexed color code paths (1-bit and 2-bit per pixel). No public exploit identified at time of analysis, but EPSS and exploitation likelihood are notable given the library's widespread use in gaming and multimedia applications requiring minimal user interaction (opening a file).

Buffer Overflow Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-35201 Ruby MEDIUM PATCH GHSA This Month

Out-of-bounds read in RDiscount's Markdown parser allows denial-of-service when processing attacker-controlled inputs exceeding 2GB. The vulnerability occurs because unsigned Ruby string lengths are truncated to signed integers before passing to the native parser, causing the parser to read past buffer boundaries and crash. Affected are RDiscount.new(input).to_html and RDiscount.new(input).toc_content methods. No public exploitation beyond proof-of-concept exists; patch version 2.2.7.4 is available.

Buffer Overflow Information Disclosure Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-34380 MEDIUM PATCH This Month

Signed integer overflow in OpenEXR's undo_pxr24_impl() function allows unauthenticated remote attackers to bypass buffer bounds checks and trigger heap buffer overflow during EXR file decoding, potentially causing denial of service or limited data corruption when processing maliciously crafted EXR files. The vulnerability affects OpenEXR versions 3.2.0 through 3.2.6, 3.3.0 through 3.3.8, and 3.4.0 through 3.4.8. No public exploit code or active exploitation has been confirmed at the time of analysis.

Buffer Overflow Integer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-34378 MEDIUM PATCH This Month

Integer overflow in OpenEXR 3.4.0-3.4.8 allows remote attackers to crash applications processing malicious EXR files via a negative dataWindow.min.x value in the file header, triggering a signed integer overflow in generic_unpack() that causes process termination with SIGILL. The vulnerability requires user interaction (opening a crafted file) and affects availability only, with no confirmed active exploitation at time of analysis.

Integer Overflow Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33540 Go HIGH PATCH GHSA This Week

Server-Side Request Forgery (SSRF) in distribution container toolkit versions before 3.1.0 enables credential theft via malicious upstream registry responses. When operating in pull-through cache mode, distribution parses WWW-Authenticate bearer challenges from upstream registries without validating the realm URL against the configured upstream host. Attackers controlling the upstream registry or positioned for man-in-the-middle attacks can specify arbitrary realm URLs, causing distribution to transmit configured upstream credentials via basic authentication to attacker-controlled endpoints (CVSS 7.5, High confidentiality impact). EPSS data and KEV status not available; no public exploit identified at time of analysis, though exploitation requires only network access with low complexity (AV:N/AC:L) and no authentication (PR:N).

SSRF Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-31053 MEDIUM This Month

Double free vulnerability in Rizin's LE binary format parser (librz/bin/format/le/le.c) allows local attackers to trigger heap corruption and denial of service by providing a specially crafted LE binary with circular or malformed fixup chains. The le_load_fixup_record() function improperly manages memory during error handling, freeing relocation entries multiple times. With CVSS 6.2 and local attack vector, this poses moderate risk to systems and automated analysis pipelines that process untrusted binaries without sandboxing.

Denial Of Service Suse
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-31410 MEDIUM PATCH This Month

Denial-of-service in the Linux kernel's ksmbd SMB server component stems from improper handling of volume identifiers in FS_OBJECT_ID_INFORMATION responses. Affected kernels fail to correctly use the superblock UUID (sb->s_uuid) as the volume identifier, and lack a safe fallback (via vfs_statfs()) for filesystems that do not expose a UUID - creating conditions for a kernel availability impact when a local low-privileged user interacts with an affected SMB share. EPSS is 0.01% (1st percentile) and no active exploitation is confirmed in CISA KEV; no public exploit code has been identified at time of analysis.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-34933 MEDIUM PATCH This Month

Denial of service in Avahi prior to version 0.9-rc4 allows local unprivileged users to crash avahi-daemon by sending a D-Bus method call with conflicting publish flags. The vulnerability requires local access and low privileges but causes immediate service unavailability. No public exploit code or active exploitation has been confirmed; however, the attack is trivial to execute given the low complexity barrier.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-35471 Go CRITICAL PATCH GHSA Act Now

Unauthenticated arbitrary file deletion in goshs HTTP file server allows remote attackers to delete any file or directory on the host system via path traversal. A missing return statement after input validation enables attackers to bypass the '..' check by double-encoding traversal sequences (e.g., %252e%252e), sending requests to '/<traversal>/<target-path>?delete' to trigger os.RemoveAll on arbitrary filesystem paths. The vulnerability affects the default configuration with no authentication or special flags required. Public exploit code exists with a working proof-of-concept shell script demonstrating the attack. CVSS 9.8 (Critical) reflects network accessibility, no authentication requirement, and complete impact to integrity and availability. Vendor-released patch available via GitHub commit 237f3af.

Path Traversal Suse
NVD GitHub
CVSS 3.0
9.8
EPSS
0.1%
CVE-2026-34980 MEDIUM PATCH This Month

Unauthenticated remote code execution in OpenPrinting CUPS 2.4.16 and earlier allows attackers to send print jobs to shared PostScript queues without authentication, exploit a newline injection vulnerability in page-border parameter handling, and execute arbitrary binaries as the lp user by chaining a follow-up raw print job. CISA KEV status and active exploitation confirmation not provided; no publicly available patches identified at publication.

Authentication Bypass Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.1
EPSS
0.0%
CVE-2026-34979 MEDIUM PATCH This Month

Heap-based buffer overflow in OpenPrinting CUPS scheduler versions 2.4.16 and prior allows unauthenticated remote attackers to trigger a denial of service condition by crafting malicious job attributes that overflow buffers during filter option string construction. With a CVSS score of 5.3 and network accessibility, this vulnerability impacts availability on exposed CUPS instances; no public exploit code or vendor patch has been released as of publication.

Heap Overflow Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-34978 MEDIUM PATCH This Month

Path traversal in OpenPrinting CUPS RSS notifier (versions 2.4.16 and prior) allows unauthenticated remote IPP clients to write arbitrary files outside the intended CacheDir/rss directory via a crafted notify-recipient-uri parameter. By exploiting default group-writable permissions on CacheDir, attackers can overwrite critical state files such as job.cache, causing the CUPS scheduler to fail parsing job queues and resulting in loss of previously queued print jobs. No public exploit code or vendor patch is currently available, though the vulnerability is demonstrated with proof-of-concept exploitation.

Path Traversal Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-34990 MEDIUM PATCH This Month

Local privilege escalation in OpenPrinting CUPS 2.4.16 and prior allows unprivileged users to bypass authentication and create arbitrary file overwrites as root by coercing cupsd into issuing reusable Authorization tokens and leveraging printer-sharing policies to persist file:// URIs that bypass FileDevice restrictions. A proof-of-concept demonstrates root command execution via sudoers file modification, and the vulnerability is confirmed by the presence of public exploit code.

Authentication Bypass Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.0
EPSS
0.0%
CVE-2026-31400 MEDIUM PATCH This Month

Linux kernel sunrpc subsystem fails to properly release cache_request objects when file descriptors are closed mid-read, resulting in memory leaks and potential information disclosure through stale cache entries. The vulnerability affects all Linux kernel versions with the affected sunrpc cache implementation, and requires no special privileges or network access to trigger since it occurs during normal file descriptor closure in the kernel's user-space cache management interface.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31399 HIGH PATCH This Week

Use-after-free in the Linux kernel's nvdimm/bus subsystem allows local privileged users to potentially trigger memory corruption when device_add() fails during nd_async_device_register() asynchronous initialization. The flaw stems from the parent device reference being dropped before the parent pointer is accessed on allocation failure paths. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.02%.

Linux Use After Free Memory Corruption Denial Of Service Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-31395 HIGH PATCH This Week

Out-of-bounds read and write in the Broadcom bnxt_en network driver of the Linux kernel allows a malicious or compromised NIC to corrupt kernel heap memory or crash the system. The flaw resides in the DBG_BUF_PRODUCER async event handler, which uses a firmware-supplied 16-bit 'type' field as an unchecked index into the bp->bs_trace[] array. No public exploit identified at time of analysis and EPSS rates exploitation probability at just 0.02%, but the impact on confidentiality and availability is high where the trust boundary between NIC firmware and kernel is relevant.

Linux Buffer Overflow Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-31394 MEDIUM PATCH This Month

Null pointer dereference in Linux kernel mac80211 IEEE 802.11 wireless subsystem crashes AP_VLAN stations during channel bandwidth change operations. The ieee80211_chan_bw_change() function incorrectly accesses link data on VLAN interfaces (such as 4-address WDS clients) where the link structure is uninitialized, leading to kernel panic when dereferencing a NULL channel pointer. Any system with AP_VLAN wireless configurations and active channel state announcement (CSA) operations is vulnerable to local denial of service.

Linux Denial Of Service Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31390 MEDIUM PATCH This Month

Linux kernel xe (Intel GPU) driver leaks dynamically allocated virtual memory area (VMA) structures when argument validation fails in the xe_vm_madvise_ioctl handler, allowing local attackers to exhaust kernel memory and trigger denial of service. The vulnerability has been patched upstream in stable kernel branches with proper cleanup path addition.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23472 MEDIUM PATCH This Month

Infinite loop in Linux kernel serial core driver handle_tx() affects systems using uninitialized PORT_UNKNOWN serial ports, where uart_write_room() and uart_write() behave inconsistently regarding null transmit buffers, causing denial of service through system hangs. The vulnerability impacts caif_serial and other drivers that rely on tty_write_room() to determine write capacity. Patch available in upstream kernel commits; no CVSS score assigned due to kernel-specific nature and relatively limited exposure scope.

Linux Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23470 MEDIUM PATCH This Month

Linux kernel drm/imagination driver deadlock in soft reset sequence allows local denial of service when the soft reset handler calls disable_irq() from within a threaded IRQ handler context, creating a self-deadlock condition. The fix replaces disable_irq() with disable_irq_nosync() to prevent the handler from waiting on itself. Affected systems running vulnerable kernel versions with imagination GPU drivers can experience system hangs during GPU reset operations; no public exploit code identified at time of analysis.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23467 MEDIUM PATCH This Month

NULL pointer dereference in Linux kernel DRM i915 GPU driver allows local denial of service during system probe when DMC firmware initialization has not yet completed but hardware has DC6 power state enabled. The vulnerability occurs in intel_dmc_update_dc6_allowed_count() when called from gen9_set_dc_state() during intel_power_domains_init_hw(), which executes before DMC initialization, causing kernel oops if DC6 is unexpectedly enabled by BIOS firmware. No public exploit code identified; this is a kernel crash vulnerability requiring local system access triggered by atypical BIOS behavior.

Linux Null Pointer Dereference Denial Of Service Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23465 MEDIUM PATCH This Month

Linux kernel btrfs filesystem fails to log new directory dentries when the parent directory of a conflicting inode is logged, causing new files and subdirectories to become inaccessible after power failure or system crash. The vulnerability affects all Linux kernel versions with btrfs; an attacker or system malfunction can trigger data loss through specific filesystem operation sequences involving deleted and recreated inodes with naming conflicts.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23464 MEDIUM PATCH This Month

Memory leak in Linux kernel Microchip MPFS system controller driver (mpfs_sys_controller_probe) allows local attackers to exhaust kernel memory by repeatedly triggering the MTD device lookup failure path, eventually causing denial of service through memory exhaustion.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23460 MEDIUM PATCH This Month

NULL pointer dereference in Linux kernel ROSE socket implementation allows local denial of service when rose_connect() is called twice during an active connection attempt. The vulnerability occurs because rose_connect() fails to validate TCP_SYN_SENT state, permitting rose->neighbour to be overwritten with NULL, which later causes a kernel crash when rose_transmit_link() dereferences the NULL pointer during socket closure. No active exploitation reported; fix available in upstream kernel commits.

Linux Null Pointer Dereference Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23448 HIGH PATCH This Week

Out-of-bounds read in the Linux kernel's cdc_ncm USB networking driver allows a local attacker with a malicious or compromised USB CDC NCM device to read kernel memory beyond the skb buffer. The flaw lives in cdc_ncm_rx_verify_ndp16(), where the NDP16 nframes bounds check omits the ndpoffset value, letting DPE array iteration in cdc_ncm_rx_fixup() walk past the legitimate buffer when wNdpIndex points near the end of the NTB. No public exploit identified at time of analysis and EPSS exploitation probability is 0.02% (5th percentile), but a patch is available from upstream Linux maintainers.

Linux Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23447 HIGH PATCH This Week

Buffer overflow in Linux kernel cdc_ncm driver allows out-of-bounds memory reads when processing malformed USB CDC NCM (Network Control Model) packets with NDP32 (Normal Data Packet) headers positioned near the end of the network transfer buffer. The vulnerability exists in cdc_ncm_rx_verify_ndp32() where bounds checking fails to account for the ndpoffset value when validating the DPE (Data Packet Element) array size, potentially enabling local denial-of-service or information disclosure on systems with affected USB CDC NCM network devices. No active exploitation or public proof-of-concept identified at time of analysis.

Linux Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23445 HIGH PATCH This Week

Kernel page fault in Intel IGC network driver XDP TX timestamp handling allows local denial of service when an XDP application requesting TX timestamping shuts down while the interface link remains active. The vulnerability stems from stale xsk_meta pointers left in memory after TX ring shutdown, causing the IRQ handler to dereference invalid kernel addresses and trigger a kernel panic. This affects Linux kernel versions in the igc driver and requires no special privileges or network access, only the ability to run XDP programs on an affected system.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23443 MEDIUM PATCH This Month

Use-after-free vulnerability in Linux kernel ACPI processor errata handling allows local attackers to cause denial of service or potentially execute code via device pointer dereference after reference dropping in acpi_processor_errata_piix4(). The vulnerability affects multiple Linux kernel versions and was introduced in a previous fix attempt (commit f132e089fe89); it has been resolved across stable kernel branches with no active public exploitation identified.

Linux Denial Of Service Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23441 MEDIUM PATCH This Month

Race condition in Linux kernel net/mlx5e IPSec offload driver allows concurrent access to a shared DMA-mapped ASO context, potentially causing information disclosure or incorrect IPSec processing results. The vulnerability affects systems using Mellanox MLX5 network adapters with IPSec offload functionality. An attacker with local access to initiate multiple IPSec operations in rapid succession can trigger the race condition, corrupting the shared context and causing subsequent operations to read invalid data, compromising confidentiality and integrity of IPSec-protected traffic.

Linux Race Condition Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-23440 HIGH PATCH This Week

Linux kernel net/mlx5e driver suffers a race condition during IPSec ESN (Extended Sequence Number) update handling that causes incorrect ESN high-order bit increments, leading to anti-replay failures and IPSec traffic halts. The vulnerability affects systems using Mellanox ConnectX adapters with IPSec full offload mode enabled. Attackers with local network access or the ability to trigger IPSec traffic patterns could exploit this to disrupt encrypted communications, though no public exploit code or active exploitation has been reported.

Linux Race Condition Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-23437 HIGH PATCH This Week

Linux kernel net shaper module fails to validate netdev liveness during hierarchy read operations, allowing information disclosure through use-after-free conditions when a network device is unregistered while RCU-protected read operations are in progress. The vulnerability affects the netlink operation callbacks in the shaper subsystem, where references acquired during pre-callbacks are not validated before later lock/RCU acquisitions, creating a race condition that can expose kernel memory or cause denial of service. No public exploit code has been identified at time of analysis, and the issue requires local access to trigger netlink operations.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23436 MEDIUM PATCH This Month

Linux kernel net shaper subsystem susceptible to race condition during hierarchy creation allows unauthenticated local attackers to leak kernel memory or trigger use-after-free conditions. The vulnerability arises when a netdev is unregistered between reference acquisition during Netlink operation preparation and subsequent lock acquisition, permitting hierarchy allocation after flush operations have completed. Fixed via upstream commits that consolidate locking to pre-callback phase, preventing concurrent write races with flush operations.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23435 MEDIUM PATCH This Month

Linux kernel NULL pointer dereference in the x86 PMU NMI handler on AMD EPYC systems causes denial of service when perf event unthrottling races with PMU rescheduling. The vulnerability stems from commit 7e772a93eb61 moving event pointer initialization later in x86_pmu_enable(), allowing the unthrottle path to set active_mask bits without populating the corresponding events[] array entries, leading to NULL pointer dereference when subsequent PMC overflow interrupts fire. No public exploit code identified at time of analysis; patch fixes are available in upstream Linux kernel stable branches.

Linux Null Pointer Dereference Denial Of Service Amd Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23433 MEDIUM PATCH This Month

Null pointer dereference in Linux kernel arm_mpam memory bandwidth monitoring causes kernel oops when an MSC supporting bandwidth monitoring transitions offline and back online. The mpam_restore_mbwu_state() function fails to initialize a value buffer before passing it to __ris_msmon_read() via IPI, triggering a crash in the bandwidth counter restoration routine. This affects ARM systems with MPAM (Memory Partitioning and Monitoring) support and results in denial of service through system instability when memory controllers are toggled.

Linux Null Pointer Dereference Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23432 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's mshv (Microsoft Hyper-V) driver allows local attackers to trigger a kernel panic by unmapping user memory after a failed mshv_map_user_memory() call. The error path incorrectly calls vfree() without unregistering the associated MMU notifier, leaving a dangling reference that fires when userspace performs subsequent memory operations. This is a memory safety issue affecting the Hyper-V virtualization subsystem in the Linux kernel.

Linux Use After Free Memory Corruption Information Disclosure Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23431 MEDIUM PATCH This Month

Memory leak in the Linux kernel's Amlogic SPI controller driver (aml_spisg_probe) fails to release SPI controller resources in multiple error paths during probe, allowing local attackers to exhaust kernel memory through repeated driver load/unload cycles or failed probe attempts. The vulnerability has been resolved in the upstream kernel by converting to device-managed SPI allocation functions.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23430 MEDIUM PATCH This Month

Memory leak in Linux kernel drm/vmwgfx driver caused by overwriting KMS surface dirty tracker without proper cleanup. The vulnerability affects the VMware graphics driver subsystem in the kernel, allowing local attackers to trigger memory exhaustion through repeated surface operations. No CVSS score, EPSS data, or KEV status available; fix commits exist in upstream stable kernel branches.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23429 HIGH PATCH This Week

Linux kernel crashes in iommu_sva_unbind_device() when accessing a freed mm structure after iommu_domain_free() deallocates domain->mm->iommu_mm, causing denial of service on systems using IOMMU Shared Virtual Addressing (SVA). The fix reorders code to access the structure before the domain is freed. No CVSS score, EPSS, or KEV status available; no public exploit code identified.

Linux Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23428 CRITICAL PATCH Act Now

Use-after-free in Linux kernel ksmbd SMB server allows local or remote attackers to read freed memory and potentially achieve denial of service or code execution via compound SMB2 requests that reuse a tree connection after it has been disconnected and its associated share_conf structure freed. The vulnerability exists because smb2_get_ksmbd_tcon() bypasses state validation checks when reusing connections in compound requests, enabling subsequent commands to dereference already-freed share_conf pointers. No CVE severity metrics are available, but KASAN confirms memory corruption is triggered in smb2_write operations during tree disconnect sequences.

Linux Use After Free Ubuntu Memory Corruption Authentication Bypass +3
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-23427 CRITICAL PATCH Act Now

Use-after-free in Linux kernel's ksmbd SMB server allows remote attackers to crash the kernel or potentially execute code via malicious SMB2 DURABLE_REQ_V2 replay operations. The vulnerability occurs when parse_durable_handle_context() unconditionally reassigns file handle connection pointers during replay operations, causing stale pointer dereferences when the reassigned connection is subsequently freed. A KASAN report confirms the use-after-free in spin_lock operations during file descriptor closure, triggered during SMB2 connection handling in the ksmbd-io workqueue. No public exploit code or active exploitation has been confirmed at time of analysis.

Linux Use After Free Ubuntu Memory Corruption Information Disclosure +3
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-23426 MEDIUM PATCH This Month

Linux kernel drm/logicvc driver fails to release a device node reference in logicvc_drm_config_parse(), causing a reference leak that can exhaust kernel memory resources over time. The vulnerability affects all Linux kernel versions with the logicvc DRM driver enabled; it requires local access to trigger repeated calls to the vulnerable code path. This is a low-severity resource exhaustion issue resolved via kernel patch implementing automatic cleanup attributes.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out-of-bounds read in Google Chrome WebAudio (Mac) prior to version 147.0.7727.55 enables remote information disclosure via crafted HTML. Unauthenticated network-based attacker can extract sensitive process memory without user interaction. CVSS 7.5 (High confidentiality impact). No public exploit identified at time of analysis. Low observed exploitation activity (EPSS <1%). Patch available from vendor.

Information Disclosure Google Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Memory disclosure in Google Chrome on Windows prior to version 147.0.7727.55 allows remote attackers to extract sensitive information from process memory by delivering a crafted HTML page through WebML parsing. The vulnerability stems from insufficient input validation in the WebML component and requires user interaction (visiting a malicious page), making it a moderate-risk information disclosure affecting a ubiquitous browser platform.

Information Disclosure Google Microsoft +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome prior to 147.0.7727.55 allows attackers to escape renderer sandbox via malicious HTML page. A remote attacker who has already compromised the renderer process can achieve arbitrary code execution within the sandbox through insufficient input validation in Chrome's Media component. Requires user interaction (visiting crafted page). EPSS score of 0.05% (16th percentile) indicates low observed exploitation probability; no confirmed active exploitation (not in CISA KEV). Vendor patch released in Chrome 147.0.7727.55.

Google RCE Red Hat +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

UI spoofing in Google Chrome fullscreen mode prior to version 147.0.7727.55 allows remote attackers to deceive users with crafted HTML pages displaying fake security UI elements, potentially leading to credential theft or malware distribution through trusted-looking interface impersonation. The vulnerability requires user interaction (clicking/navigating to the malicious page) but poses moderate integrity risk due to the deceptive nature of fullscreen UI manipulation. No active exploitation has been confirmed, though the attack vector is straightforward for mass phishing campaigns.

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Google Chrome versions prior to 147.0.7727.55 contain a policy bypass vulnerability in the LocalNetworkAccess feature that allows remote attackers to circumvent navigation restrictions by delivering a crafted HTML page. An unauthenticated attacker requires only user interaction (clicking or viewing the malicious page) to trigger the bypass, resulting in integrity compromise of network access policies. EPSS exploitation probability is low at 0.02%, and no public exploit code or active exploitation has been reported.

Authentication Bypass Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Omnibox spoofing in Google Chrome prior to 147.0.7727.55 allows remote attackers with a compromised renderer process to spoof the URL bar contents via crafted HTML, deceiving users about the actual page origin. The vulnerability requires renderer process compromise (post-sandbox-escape condition) and user interaction, limiting real-world exploitation to multi-stage attacks. Patch available in Chrome 147.0.7727.55 and later; EPSS score of 0.03% reflects low autonomous exploitation likelihood despite medium CVSS rating.

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

UI spoofing via incorrect security UI rendering in Google Chrome's Blink engine allows remote attackers to deceive users into trusting malicious content through crafted HTML pages, affecting Chrome versions prior to 147.0.7727.55. The attack requires user interaction (clicking or viewing the malicious page) but no authentication. While assigned Medium severity by Google and carrying low EPSS exploitation probability (0.03%, 10th percentile), the integrity impact centers on user trust and phishing enablement rather than code execution.

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution within Chrome's sandbox affects all versions prior to 147.0.7727.55 through a use-after-free vulnerability in the browser's navigation component. Remote attackers can execute arbitrary code by delivering a specially crafted HTML page that triggers memory corruption when a user visits the malicious site. EPSS probability of 0.04% indicates low observed exploitation activity, and no CISA KEV listing confirms this is not confirmed actively exploited at time of analysis. Google has released patches in Chrome 147.0.7727.55.

Denial Of Service RCE Google +5
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Side-channel information leakage in Google Chrome's Navigation feature prior to version 147.0.7727.55 allows unauthenticated remote attackers to extract cross-origin data by serving a crafted HTML page. The vulnerability requires user interaction (clicking or navigating to a malicious page) but successfully bypasses same-origin policy protections, exposing sensitive information from different origins. With an EPSS score of 0.03% (10th percentile) indicating very low real-world exploitation probability, this represents a medium-severity information disclosure risk appropriate for routine patching rather than emergency mitigation.

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

UI spoofing via policy bypass in Blink rendering engine in Google Chrome prior to version 147.0.7727.55 allows remote attackers to deceive users through crafted HTML pages. The vulnerability requires user interaction (clicking or viewing) but needs no authentication, affecting all Chrome users on unpatched versions. Chromium security team rated this as Medium severity; EPSS score of 0.02% indicates low real-world exploitation probability despite public disclosure.

Google Authentication Bypass Red Hat +2
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Use-after-free vulnerability in Google Chrome's PrivateAI component (versions prior to 147.0.7727.55) enables sandbox escape when remote attackers socially engineer victims into performing specific UI interactions with malicious HTML pages. Exploitation requires user engagement with attacker-controlled content but no authentication. CVSS 9.6 critical severity reflects potential for complete compromise of confidentiality, integrity, and availability with scope change indicating sandbox boundary violation. No public exploit identified at time of analysis; low observed exploitation activity (EPSS 0.03%).

Denial Of Service Memory Corruption Google +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome prior to 147.0.7727.55 allows attackers to execute arbitrary code within the browser sandbox through crafted HTML pages exploiting out-of-bounds read/write conditions in the V8 JavaScript engine. User interaction (visiting a malicious page) is required, but no authentication is needed. With CVSS 8.8 and low EPSS (0.04%, 11th percentile), this represents a high-severity browser vulnerability with limited observed real-world exploitation activity. Patch available in Chrome 147.0.7727.55. No public exploit identified at time of analysis.

RCE Google Information Disclosure +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's Blink rendering engine (versions prior to 147.0.7727.55) allows unauthenticated attackers to execute arbitrary code within Chrome's sandbox by delivering a malicious HTML page that triggers a use-after-free vulnerability. While rated High severity (CVSS 8.8) due to complete confidentiality/integrity/availability impact, EPSS scoring places exploitation probability at only 4% (11th percentile), indicating low observed targeting in the wild. No confirmed active exploitation (not in CISA KEV) and no public proof-of-concept identified at time of analysis. Vendor-released patch available in Chrome 147.0.7727.55.

Memory Corruption Denial Of Service Use After Free +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 147.0.7727.55 allows unauthenticated attackers to execute arbitrary code within the browser sandbox via a maliciously crafted HTML page exploiting a type confusion vulnerability in the V8 JavaScript engine. With CVSS 8.8 (High), network-based attack vector requiring only user interaction, and available vendor patch, this represents a significant but contained threat. EPSS score of 0.04% (11th percentile) indicates low observed exploitation probability, and no active exploitation or public POC is identified at time of analysis. The sandbox containment limits initial impact severity compared to full system compromise.

Memory Corruption Google RCE +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's Skia graphics library (versions prior to 147.0.7727.55) allows remote attackers to execute arbitrary code within the browser's sandbox via specially crafted HTML pages exploiting an integer overflow vulnerability. Google patched this high-severity flaw in Chrome 147.0.7727.55 released April 2026. No active exploitation confirmed (not on CISA KEV), with low EPSS score (0.04%, 11th percentile) indicating minimal observed exploitation activity. Exploitation requires user interaction (visiting malicious webpage) but no authentication, making it viable for drive-by attacks against unpatched Chrome installations.

Google RCE Red Hat +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Heap buffer overflow in WebML (a web markup language component) in Google Chrome prior to version 147.0.7727.55 allows remote attackers to obtain potentially sensitive information from process memory by serving a crafted HTML page. The vulnerability requires no user authentication and can be triggered through normal web browsing, though exploitation has a low probability (EPSS 0.03%) and no public exploit code has been identified.

Google Buffer Overflow Heap Overflow +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary code execution in Google Chrome for macOS versions prior to 147.0.7727.55 occurs via heap buffer overflow in the ANGLE graphics layer when processing malicious HTML pages. Remote attackers can achieve full compromise of confidentiality, integrity, and availability within Chrome's sandbox by exploiting this CWE-122 heap overflow with low attack complexity and no authentication. EPSS probability is low (0.03%, 10th percentile) with no public exploit identified at time of analysis, indicating limited observed exploitation activity despite the high CVSS score of 8.8.

RCE Google Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome Media component (versions prior to 147.0.7727.55) enables unauthenticated attackers to execute arbitrary code within Chrome's sandbox via specially crafted HTML pages. Exploitation requires user interaction to visit a malicious site. The use-after-free memory corruption vulnerability achieves high confidentiality, integrity, and availability impact within the sandboxed environment. No public exploit identified at time of analysis.

Google RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Heap buffer overflow in Google Chrome's WebAudio component prior to version 147.0.7727.55 allows unauthenticated remote attackers to read sensitive information from process memory by serving a crafted HTML page. The vulnerability has a CVSS score of 6.5 and EPSS probability of 0.03% (8th percentile), indicating low real-world exploitation likelihood despite the network attack vector and lack of user interaction requirements. Vendor-released patch is available.

Google Buffer Overflow Heap Overflow +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 147.0.7727.55 allows unauthenticated attackers to execute arbitrary code within the browser's sandbox through a crafted HTML page exploiting an inappropriate implementation in the V8 JavaScript engine. User interaction is required (visiting a malicious webpage). No public exploit identified at time of analysis, with EPSS exploitation probability at 0.04% (11th percentile), indicating low observed attacker interest despite high CVSS severity.

Google RCE Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine (versions prior to 147.0.7727.55) allows unauthenticated remote attackers to execute arbitrary code within the sandbox by exploiting a use-after-free memory corruption vulnerability through a malicious HTML page. User interaction (visiting a crafted website) is required. No public exploit identified at time of analysis, with EPSS probability at 4% (11th percentile), indicating relatively low immediate exploitation risk despite high CVSS severity.

Memory Corruption Denial Of Service Use After Free +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Integer overflow in Google Chrome's WebML component (versions prior to 147.0.7727.55) enables remote attackers to trigger heap corruption via malicious HTML pages, requiring only user interaction to visit a crafted website. The vendor-assigned severity is Critical, though EPSS indicates only 0.03% probability of exploitation in the wild (9th percentile), and no public exploit identified at time of analysis. Patch available in Chrome 147.0.7727.55 and later.

Google Buffer Overflow Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 147.0.7727.55 allows unauthenticated attackers to execute arbitrary code by exploiting a heap buffer overflow in the WebML component through specially crafted HTML pages. The vulnerability requires user interaction (visiting a malicious page) but presents critical risk with high impact to confidentiality, integrity, and availability. EPSS score of 0.03% (9th percentile) indicates low probability of imminent exploitation in the wild, with no public exploit identified at time of analysis and no CISA KEV listing confirming active exploitation.

RCE Google Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 9.0
CRITICAL POC PATCH Act Now

Local privilege escalation in Nix package manager daemon (versions prior to 2.34.5/2.33.4/2.32.7/2.31.4/2.30.4/2.29.3/2.28.6) allows unprivileged users to gain root access in multi-user Linux installations. Incomplete fix for CVE-2024-27297 permits symlink attacks during fixed-output derivation registration, enabling arbitrary file overwrites as root. Attackers exploit sandboxed build registration by placing symlinks in temporary output paths, causing the daemon to follow symlinks and overwrite sensitive system files with controlled content. Affects default configurations where all users can submit builds. No public exploit identified at time of analysis.

Information Disclosure Apple Suse
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

CORS misconfiguration in CoolerControl coolercontrold versions 2.0.0 through 3.x allows unauthenticated remote attackers to read sensitive data and send control commands to the service by exploiting browser-based cross-origin requests from malicious websites. The vulnerability requires user interaction (UI:R) but grants attackers capability to leak information and manipulate daemon operations with a CVSS score of 6.3 (medium).

Cors Misconfiguration Information Disclosure Suse
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

CoolerControl's coolercontrold daemon versions before 4.0.0 lack proper authentication controls, allowing unauthenticated local attackers to view and modify sensitive system data through unprotected HTTP API endpoints. The vulnerability affects coolercontrold 0.14.0 through 3.x, with CVSS 5.9 reflecting local attack vector and low-complexity exploitation; no public exploit code or active KEV status identified at time of analysis.

Authentication Bypass Information Disclosure Suse
NVD
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Remote stored cross-site scripting in CoolerControl UI's log viewer (versions 2.0.0 through 3.x) enables complete service compromise when administrators view poisoned log entries. GitLab-reported vulnerability affects coolercontrol-ui versions before 4.0.0. Attack requires user interaction (administrator must view logs) but no authentication to inject payload. EPSS score of 0.02% (5th percentile) indicates very low observed exploitation probability. No public exploit identified at time of analysis, not listed in CISA KEV.

XSS Suse
NVD
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Command injection in CoolerControl daemon (coolercontrold) versions prior to 4.0.0 allows high-privileged local attackers to escalate privileges to root by embedding malicious bash commands in alert configuration names. The vulnerability enables authenticated administrators to execute arbitrary system commands with root privileges through the alert management interface. EPSS score of 0.05% (17th percentile) indicates low current exploitation probability, with no active exploitation confirmed and CISA SSVC assessment marking exploitation status as 'none' and automatable as 'no'.

Command Injection RCE Suse
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Algorithmic complexity denial of service in Go's crypto/x509 library allows remote attackers to cause resource exhaustion via certificate chains containing excessive policy mappings. Affects Go versions <1.25.9 and 1.26.0-1.26.1. Attack requires no authentication (CVSS AV:N/PR:N) but targets only otherwise-trusted certificate chains from roots in the system or configured trust store. EPSS score 0.01% indicates minimal observed exploitation probability. No active exploitation confirmed (not in CI

Denial Of Service Red Hat Suse
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service via unbounded memory allocation in Go's archive/tar package when parsing maliciously-crafted tar archives containing many sparse regions in old GNU sparse map format. Affects Go standard library versions prior to 1.25.9 and 1.26.2. Local attackers with user interaction can exhaust system memory, crashing applications that process untrusted tar files. No public exploit code identified; EPSS score of 0.01% indicates very low exploitation probability despite moderate CVSS severity.

Denial Of Service Red Hat Suse
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Integer overflow in Go compiler's loop optimization (cmd/compile 1.25.x < 1.25.9, 1.26.x < 1.26.2) allows remote code execution through crafted source code that triggers invalid array indexing at runtime. Attack vector is network-accessible (AV:N) with no authentication required (PR:N), enabling attackers to compile malicious Go programs that exploit compiler-generated memory corruption vulnerabilities. EPSS score of 0.01% (1st percentile) indicates low observed exploitation probability despite

Buffer Overflow Red Hat Suse
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Memory corruption in Go compiler cmd/compile versions before 1.25.9 and 1.26.0-1.26.1 allows local authenticated attackers to achieve integrity compromise and denial of service. A flaw in pointer unwrapping logic during memory move operations causes the compiler to incorrectly assess overlapping memory regions, potentially corrupting compiled binaries. EPSS score of 0.01% indicates minimal real-world exploitation probability, and no public exploit or active exploitation (non-KEV) has been identified at time of analysis.

Buffer Overflow Memory Corruption Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Go's html/template package allows incorrect escaping of template actions within JavaScript template literals, enabling attackers to inject malicious scripts when template branches and brace-depth tracking are mishandled. Affects html/template versions prior to 1.26.2 and 1.25.9. The vulnerability requires user interaction (UI:R) and is not actively exploited based on available intelligence, though the low EPSS score (0.01%) indicates minimal real-world exploitation likelihood despite the network-accessible attack vector.

XSS Red Hat Suse
NVD VulDB
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

Time-of-check-time-of-use (TOCTOU) race condition in Go's internal/syscall/unix Root.Chmod allows local privileged attackers to modify file permissions on targets outside the intended root filesystem boundary. By replacing the target with a symlink between the permission check and the actual chmod operation, attackers can exploit the Linux fchmodat syscall's behavior of silently ignoring AT_SYMLINK_NOFOLLOW to modify arbitrary files outside the restricted root. Exploitation requires high privileges and precise timing; EPSS score of 0.01% indicates minimal real-world exploitation probability despite moderate CVSS severity.

Information Disclosure Red Hat Suse
NVD VulDB HeroDevs
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Arbitrary file deletion in Flatpak versions prior to 1.16.4 allows sandboxed applications to delete files on the host system via path traversal during ld.so cache cleanup. The vulnerability stems from improper validation of application-controlled paths when removing outdated cache files, enabling applications to escape sandbox constraints and delete arbitrary host files. No active exploitation or public exploit code is confirmed at time of analysis, though the technical barrier is low given the CVSS vector shows network-accessible attack with low complexity and no authentication required.

Path Traversal Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Aardvark-dns enters an unrecoverable infinite error loop consuming 100% CPU when processing a truncated TCP DNS query followed by a connection reset, causing denial of service to DNS resolution services. The vulnerability affects the aardvark-dns container DNS service and requires local network access to trigger. No public exploit code or active exploitation has been identified, but the trivial attack vector (malformed DNS packets) and high CPU impact make this a practical denial-of-service risk for containerized deployments.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cosign verify-blob-attestation incorrectly validates attestation signatures and predicate types in versions before 3.0.6 and 2.6.3, allowing remote attackers to bypass integrity verification by submitting malformed attestations or mismatched predicate types that are falsely reported as verified. The vulnerability affects container and binary code signing workflows where attestation integrity is critical for supply chain security.

Authentication Bypass Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Memory exhaustion in JWCrypto before 1.5.7 allows unauthenticated remote attackers to cause denial of service on memory-constrained systems by sending crafted JWE tokens with ZIP compression that decompress to approximately 100MB despite remaining under the 250KB input size limit. The vulnerability exploits incomplete validation in the upstream CVE-2024-28102 patch, which restricted input token size but failed to enforce decompressed output limits.

Information Disclosure Python Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Session authentication bypass in Rack::Session::Cookie 2.0.0 through 2.1.1 allows unauthenticated remote attackers to forge valid session cookies and gain unauthorized access. When configured with secrets, the implementation incorrectly falls back to a default decoder on decryption failures rather than rejecting malformed cookies, enabling attackers to manipulate session state without any secret knowledge. CVSS 9.3 (Critical) with network attack vector, low complexity, and no privileges required. No public exploit or active exploitation (CISA KEV) identified at time of analysis, though the simplicity of the attack vector (AC:L, PR:N) suggests exploitation is straightforward once the vulnerability is understood.

Authentication Bypass Suse
NVD GitHub VulDB
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Local denial of service and potential remote code execution in OpenPrinting CUPS 2.4.16 and prior occurs when the scheduler (cupsd) deletes temporary printers without expiring associated subscriptions, leaving dangling pointers in memory that are subsequently dereferenced. An unauthenticated local attacker can crash the cupsd daemon or, with heap grooming techniques, achieve arbitrary code execution on systems running affected CUPS versions.

Denial Of Service Use After Free RCE +3
NVD GitHub VulDB
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Denial of service in OpenPrinting CUPS 2.4.16 and prior allows unprivileged local users to crash the cupsd root process via integer underflow in _ppdCreateFromIPP() by supplying a negative job-password-supported IPP attribute, which wraps to a large size_t value and triggers a stack buffer overflow in memset(). When combined with systemd's automatic restart mechanism, an attacker can sustain repeated crashes without requiring elevated privileges or user interaction.

Denial Of Service Integer Overflow Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Regular expression denial of service (ReDoS) in the Addressable Ruby library versions 2.3.0 through 2.8.x allows unauthenticated remote attackers to cause application-level denial of service through maliciously crafted URIs that trigger catastrophic backtracking in URI template expansion. The vulnerability affects URI templates using explode modifiers (e.g., {foo*}, {+var*}) and multi-variable templates with + or # operators (e.g., {+v1,v2,v3}), generating O(2^n) and O(n^k) complexity regex patterns respectively. EPSS exploitation probability and KEV status data not available; no public exploit identified at time of analysis. Vendor-released patch: version 2.9.0.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Shell command injection in Emissary workflow engine below version 8.39.0 allows high-privileged attackers with repository write access to execute arbitrary commands via GitHub Actions workflow_dispatch inputs. Attackers exploit unsanitized ${{ }} expression syntax in workflow files to inject malicious shell commands, enabling repository poisoning and supply chain attacks affecting downstream users. CVSS 9.1 (Critical) with Changed scope indicates potential to compromise beyond the vulnerable component. No public exploit code or CISA KEV listing identified at time of analysis, though exploitation requires only repository write access with low attack complexity.

Command Injection Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Unbounded memory consumption in Django ASGI applications allows unauthenticated remote attackers to bypass DATA_UPLOAD_MAX_MEMORY_SIZE protections via malformed Content-Length headers, leading to denial of service. Affects Django 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. CVSS 7.5 (High) with network-accessible, low-complexity attack vector requiring no privileges. EPSS data not available; no public exploit identified at time of analysis. Vendor patches released April 2026 across all affected major branches.

Denial Of Service Python Red Hat +1
NVD VulDB HeroDevs
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Django's MultiPartParser allows authenticated remote attackers to cause denial of service through performance degradation by submitting multipart uploads with Content-Transfer-Encoding: base64 and excessive whitespace. Affected versions include Django 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30, with unsupported series 5.0.x, 4.1.x, and 3.2.x potentially also vulnerable. The vulnerability has a CVSS 6.5 score reflecting high availability impact but requires authentication (PR:L) and is not actively exploited or publicly weaponized at analysis time.

Python Information Disclosure Red Hat +1
NVD GitHub VulDB HeroDevs
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Unauthenticated attackers can bypass add permissions in Django GenericInlineModelAdmin (versions 6.0 <6.0.4, 5.2 <5.2.13, 4.2 <4.2.30) by submitting forged POST data to inline model forms. Permission checks fail to validate creation rights on inline model instances, enabling unauthorized database record insertion with network access alone. CVSS 9.8 critical severity reflects complete confidentiality, integrity, and availability impact. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.01%).

Authentication Bypass Python Red Hat +1
NVD VulDB HeroDevs
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Header spoofing in Django 4.2 through 6.0 allows remote attackers to bypass security controls by exploiting ambiguous ASGI header normalization. The ASGIRequest handler incorrectly maps both hyphenated and underscored header variants to the same underscored version, enabling attackers to send conflicting headers where the malicious version overwrites legitimate security headers. Affects Django 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. No public exploit identified at time of analysis. EPSS data not available, but the unauthenticated network attack vector and high integrity impact warrant immediate patching.

Python Authentication Bypass Red Hat +1
NVD VulDB HeroDevs
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Buffer use-after-free in Apache Kafka Java producer client (versions ≤3.9.1, ≤4.0.1, ≤4.1.1) can silently route messages to incorrect topics when batch expiration races with in-flight network requests. CVSS 8.7 (High) with network-accessible attack vector and high complexity. CISA SSVC indicates no active exploitation, non-automatable attack, and partial technical impact. No public exploit identified at time of analysis. EPSS data not provided, but the combination of high CVSS, cross-scope impact (S:C), and dual confidentiality/integrity impact warrants prioritization for environments processing sensitive message streams.

Information Disclosure Memory Corruption Apache +5
NVD HeroDevs
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Denial-of-service vulnerability in go-ipld-prime DAG-CBOR decoder allows remote attackers to cause excessive memory allocation through CBOR headers declaring arbitrarily large collection sizes without preallocation caps. A malicious payload under 100 bytes with nested structures can trigger over 9GB of memory allocation, crashing applications using the library. The vulnerability affects all versions prior to v0.22.0, and while no confirmed active exploitation has been reported, the attack requires only unauthenticated network access and minimal attacker resources.

Denial Of Service Suse
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Heap out-of-bounds read in SDL_image library's XCF format parser allows remote information disclosure when processing malicious GIMP files. Attackers can craft .xcf files with undersized colormaps and invalid pixel indices to leak up to 762 bytes of heap memory into rendered image data, potentially exposing sensitive process memory. The vulnerability affects both indexed color code paths (1-bit and 2-bit per pixel). No public exploit identified at time of analysis, but EPSS and exploitation likelihood are notable given the library's widespread use in gaming and multimedia applications requiring minimal user interaction (opening a file).

Buffer Overflow Information Disclosure Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Out-of-bounds read in RDiscount's Markdown parser allows denial-of-service when processing attacker-controlled inputs exceeding 2GB. The vulnerability occurs because unsigned Ruby string lengths are truncated to signed integers before passing to the native parser, causing the parser to read past buffer boundaries and crash. Affected are RDiscount.new(input).to_html and RDiscount.new(input).toc_content methods. No public exploitation beyond proof-of-concept exists; patch version 2.2.7.4 is available.

Buffer Overflow Information Disclosure Suse
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Signed integer overflow in OpenEXR's undo_pxr24_impl() function allows unauthenticated remote attackers to bypass buffer bounds checks and trigger heap buffer overflow during EXR file decoding, potentially causing denial of service or limited data corruption when processing maliciously crafted EXR files. The vulnerability affects OpenEXR versions 3.2.0 through 3.2.6, 3.3.0 through 3.3.8, and 3.4.0 through 3.4.8. No public exploit code or active exploitation has been confirmed at the time of analysis.

Buffer Overflow Integer Overflow Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Integer overflow in OpenEXR 3.4.0-3.4.8 allows remote attackers to crash applications processing malicious EXR files via a negative dataWindow.min.x value in the file header, triggering a signed integer overflow in generic_unpack() that causes process termination with SIGILL. The vulnerability requires user interaction (opening a crafted file) and affects availability only, with no confirmed active exploitation at time of analysis.

Integer Overflow Buffer Overflow Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Server-Side Request Forgery (SSRF) in distribution container toolkit versions before 3.1.0 enables credential theft via malicious upstream registry responses. When operating in pull-through cache mode, distribution parses WWW-Authenticate bearer challenges from upstream registries without validating the realm URL against the configured upstream host. Attackers controlling the upstream registry or positioned for man-in-the-middle attacks can specify arbitrary realm URLs, causing distribution to transmit configured upstream credentials via basic authentication to attacker-controlled endpoints (CVSS 7.5, High confidentiality impact). EPSS data and KEV status not available; no public exploit identified at time of analysis, though exploitation requires only network access with low complexity (AV:N/AC:L) and no authentication (PR:N).

SSRF Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.2
MEDIUM This Month

Double free vulnerability in Rizin's LE binary format parser (librz/bin/format/le/le.c) allows local attackers to trigger heap corruption and denial of service by providing a specially crafted LE binary with circular or malformed fixup chains. The le_load_fixup_record() function improperly manages memory during error handling, freeing relocation entries multiple times. With CVSS 6.2 and local attack vector, this poses moderate risk to systems and automated analysis pipelines that process untrusted binaries without sandboxing.

Denial Of Service Suse
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial-of-service in the Linux kernel's ksmbd SMB server component stems from improper handling of volume identifiers in FS_OBJECT_ID_INFORMATION responses. Affected kernels fail to correctly use the superblock UUID (sb->s_uuid) as the volume identifier, and lack a safe fallback (via vfs_statfs()) for filesystems that do not expose a UUID - creating conditions for a kernel availability impact when a local low-privileged user interacts with an affected SMB share. EPSS is 0.01% (1st percentile) and no active exploitation is confirmed in CISA KEV; no public exploit code has been identified at time of analysis.

Information Disclosure Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service in Avahi prior to version 0.9-rc4 allows local unprivileged users to crash avahi-daemon by sending a D-Bus method call with conflicting publish flags. The vulnerability requires local access and low privileges but causes immediate service unavailability. No public exploit code or active exploitation has been confirmed; however, the attack is trivial to execute given the low complexity barrier.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Unauthenticated arbitrary file deletion in goshs HTTP file server allows remote attackers to delete any file or directory on the host system via path traversal. A missing return statement after input validation enables attackers to bypass the '..' check by double-encoding traversal sequences (e.g., %252e%252e), sending requests to '/<traversal>/<target-path>?delete' to trigger os.RemoveAll on arbitrary filesystem paths. The vulnerability affects the default configuration with no authentication or special flags required. Public exploit code exists with a working proof-of-concept shell script demonstrating the attack. CVSS 9.8 (Critical) reflects network accessibility, no authentication requirement, and complete impact to integrity and availability. Vendor-released patch available via GitHub commit 237f3af.

Path Traversal Suse
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Unauthenticated remote code execution in OpenPrinting CUPS 2.4.16 and earlier allows attackers to send print jobs to shared PostScript queues without authentication, exploit a newline injection vulnerability in page-border parameter handling, and execute arbitrary binaries as the lp user by chaining a follow-up raw print job. CISA KEV status and active exploitation confirmation not provided; no publicly available patches identified at publication.

Authentication Bypass Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Heap-based buffer overflow in OpenPrinting CUPS scheduler versions 2.4.16 and prior allows unauthenticated remote attackers to trigger a denial of service condition by crafting malicious job attributes that overflow buffers during filter option string construction. With a CVSS score of 5.3 and network accessibility, this vulnerability impacts availability on exposed CUPS instances; no public exploit code or vendor patch has been released as of publication.

Heap Overflow Buffer Overflow Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Path traversal in OpenPrinting CUPS RSS notifier (versions 2.4.16 and prior) allows unauthenticated remote IPP clients to write arbitrary files outside the intended CacheDir/rss directory via a crafted notify-recipient-uri parameter. By exploiting default group-writable permissions on CacheDir, attackers can overwrite critical state files such as job.cache, causing the CUPS scheduler to fail parsing job queues and resulting in loss of previously queued print jobs. No public exploit code or vendor patch is currently available, though the vulnerability is demonstrated with proof-of-concept exploitation.

Path Traversal Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Local privilege escalation in OpenPrinting CUPS 2.4.16 and prior allows unprivileged users to bypass authentication and create arbitrary file overwrites as root by coercing cupsd into issuing reusable Authorization tokens and leveraging printer-sharing policies to persist file:// URIs that bypass FileDevice restrictions. A proof-of-concept demonstrates root command execution via sudoers file modification, and the vulnerability is confirmed by the presence of public exploit code.

Authentication Bypass Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Linux kernel sunrpc subsystem fails to properly release cache_request objects when file descriptors are closed mid-read, resulting in memory leaks and potential information disclosure through stale cache entries. The vulnerability affects all Linux kernel versions with the affected sunrpc cache implementation, and requires no special privileges or network access to trigger since it occurs during normal file descriptor closure in the kernel's user-space cache management interface.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in the Linux kernel's nvdimm/bus subsystem allows local privileged users to potentially trigger memory corruption when device_add() fails during nd_async_device_register() asynchronous initialization. The flaw stems from the parent device reference being dropped before the parent pointer is accessed on allocation failure paths. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.02%.

Linux Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Out-of-bounds read and write in the Broadcom bnxt_en network driver of the Linux kernel allows a malicious or compromised NIC to corrupt kernel heap memory or crash the system. The flaw resides in the DBG_BUF_PRODUCER async event handler, which uses a firmware-supplied 16-bit 'type' field as an unchecked index into the bp->bs_trace[] array. No public exploit identified at time of analysis and EPSS rates exploitation probability at just 0.02%, but the impact on confidentiality and availability is high where the trust boundary between NIC firmware and kernel is relevant.

Linux Buffer Overflow Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Null pointer dereference in Linux kernel mac80211 IEEE 802.11 wireless subsystem crashes AP_VLAN stations during channel bandwidth change operations. The ieee80211_chan_bw_change() function incorrectly accesses link data on VLAN interfaces (such as 4-address WDS clients) where the link structure is uninitialized, leading to kernel panic when dereferencing a NULL channel pointer. Any system with AP_VLAN wireless configurations and active channel state announcement (CSA) operations is vulnerable to local denial of service.

Linux Denial Of Service Null Pointer Dereference +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Linux kernel xe (Intel GPU) driver leaks dynamically allocated virtual memory area (VMA) structures when argument validation fails in the xe_vm_madvise_ioctl handler, allowing local attackers to exhaust kernel memory and trigger denial of service. The vulnerability has been patched upstream in stable kernel branches with proper cleanup path addition.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Infinite loop in Linux kernel serial core driver handle_tx() affects systems using uninitialized PORT_UNKNOWN serial ports, where uart_write_room() and uart_write() behave inconsistently regarding null transmit buffers, causing denial of service through system hangs. The vulnerability impacts caif_serial and other drivers that rely on tty_write_room() to determine write capacity. Patch available in upstream kernel commits; no CVSS score assigned due to kernel-specific nature and relatively limited exposure scope.

Linux Denial Of Service Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Linux kernel drm/imagination driver deadlock in soft reset sequence allows local denial of service when the soft reset handler calls disable_irq() from within a threaded IRQ handler context, creating a self-deadlock condition. The fix replaces disable_irq() with disable_irq_nosync() to prevent the handler from waiting on itself. Affected systems running vulnerable kernel versions with imagination GPU drivers can experience system hangs during GPU reset operations; no public exploit code identified at time of analysis.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NULL pointer dereference in Linux kernel DRM i915 GPU driver allows local denial of service during system probe when DMC firmware initialization has not yet completed but hardware has DC6 power state enabled. The vulnerability occurs in intel_dmc_update_dc6_allowed_count() when called from gen9_set_dc_state() during intel_power_domains_init_hw(), which executes before DMC initialization, causing kernel oops if DC6 is unexpectedly enabled by BIOS firmware. No public exploit code identified; this is a kernel crash vulnerability requiring local system access triggered by atypical BIOS behavior.

Linux Null Pointer Dereference Denial Of Service +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Linux kernel btrfs filesystem fails to log new directory dentries when the parent directory of a conflicting inode is logged, causing new files and subdirectories to become inaccessible after power failure or system crash. The vulnerability affects all Linux kernel versions with btrfs; an attacker or system malfunction can trigger data loss through specific filesystem operation sequences involving deleted and recreated inodes with naming conflicts.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory leak in Linux kernel Microchip MPFS system controller driver (mpfs_sys_controller_probe) allows local attackers to exhaust kernel memory by repeatedly triggering the MTD device lookup failure path, eventually causing denial of service through memory exhaustion.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NULL pointer dereference in Linux kernel ROSE socket implementation allows local denial of service when rose_connect() is called twice during an active connection attempt. The vulnerability occurs because rose_connect() fails to validate TCP_SYN_SENT state, permitting rose->neighbour to be overwritten with NULL, which later causes a kernel crash when rose_transmit_link() dereferences the NULL pointer during socket closure. No active exploitation reported; fix available in upstream kernel commits.

Linux Null Pointer Dereference Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out-of-bounds read in the Linux kernel's cdc_ncm USB networking driver allows a local attacker with a malicious or compromised USB CDC NCM device to read kernel memory beyond the skb buffer. The flaw lives in cdc_ncm_rx_verify_ndp16(), where the NDP16 nframes bounds check omits the ndpoffset value, letting DPE array iteration in cdc_ncm_rx_fixup() walk past the legitimate buffer when wNdpIndex points near the end of the NTB. No public exploit identified at time of analysis and EPSS exploitation probability is 0.02% (5th percentile), but a patch is available from upstream Linux maintainers.

Linux Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer overflow in Linux kernel cdc_ncm driver allows out-of-bounds memory reads when processing malformed USB CDC NCM (Network Control Model) packets with NDP32 (Normal Data Packet) headers positioned near the end of the network transfer buffer. The vulnerability exists in cdc_ncm_rx_verify_ndp32() where bounds checking fails to account for the ndpoffset value when validating the DPE (Data Packet Element) array size, potentially enabling local denial-of-service or information disclosure on systems with affected USB CDC NCM network devices. No active exploitation or public proof-of-concept identified at time of analysis.

Linux Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Kernel page fault in Intel IGC network driver XDP TX timestamp handling allows local denial of service when an XDP application requesting TX timestamping shuts down while the interface link remains active. The vulnerability stems from stale xsk_meta pointers left in memory after TX ring shutdown, causing the IRQ handler to dereference invalid kernel addresses and trigger a kernel panic. This affects Linux kernel versions in the igc driver and requires no special privileges or network access, only the ability to run XDP programs on an affected system.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Use-after-free vulnerability in Linux kernel ACPI processor errata handling allows local attackers to cause denial of service or potentially execute code via device pointer dereference after reference dropping in acpi_processor_errata_piix4(). The vulnerability affects multiple Linux kernel versions and was introduced in a previous fix attempt (commit f132e089fe89); it has been resolved across stable kernel branches with no active public exploitation identified.

Linux Denial Of Service Null Pointer Dereference +2
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Race condition in Linux kernel net/mlx5e IPSec offload driver allows concurrent access to a shared DMA-mapped ASO context, potentially causing information disclosure or incorrect IPSec processing results. The vulnerability affects systems using Mellanox MLX5 network adapters with IPSec offload functionality. An attacker with local access to initiate multiple IPSec operations in rapid succession can trigger the race condition, corrupting the shared context and causing subsequent operations to read invalid data, compromising confidentiality and integrity of IPSec-protected traffic.

Linux Race Condition Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Linux kernel net/mlx5e driver suffers a race condition during IPSec ESN (Extended Sequence Number) update handling that causes incorrect ESN high-order bit increments, leading to anti-replay failures and IPSec traffic halts. The vulnerability affects systems using Mellanox ConnectX adapters with IPSec full offload mode enabled. Attackers with local network access or the ability to trigger IPSec traffic patterns could exploit this to disrupt encrypted communications, though no public exploit code or active exploitation has been reported.

Linux Race Condition Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Linux kernel net shaper module fails to validate netdev liveness during hierarchy read operations, allowing information disclosure through use-after-free conditions when a network device is unregistered while RCU-protected read operations are in progress. The vulnerability affects the netlink operation callbacks in the shaper subsystem, where references acquired during pre-callbacks are not validated before later lock/RCU acquisitions, creating a race condition that can expose kernel memory or cause denial of service. No public exploit code has been identified at time of analysis, and the issue requires local access to trigger netlink operations.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Linux kernel net shaper subsystem susceptible to race condition during hierarchy creation allows unauthenticated local attackers to leak kernel memory or trigger use-after-free conditions. The vulnerability arises when a netdev is unregistered between reference acquisition during Netlink operation preparation and subsequent lock acquisition, permitting hierarchy allocation after flush operations have completed. Fixed via upstream commits that consolidate locking to pre-callback phase, preventing concurrent write races with flush operations.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Linux kernel NULL pointer dereference in the x86 PMU NMI handler on AMD EPYC systems causes denial of service when perf event unthrottling races with PMU rescheduling. The vulnerability stems from commit 7e772a93eb61 moving event pointer initialization later in x86_pmu_enable(), allowing the unthrottle path to set active_mask bits without populating the corresponding events[] array entries, leading to NULL pointer dereference when subsequent PMC overflow interrupts fire. No public exploit code identified at time of analysis; patch fixes are available in upstream Linux kernel stable branches.

Linux Null Pointer Dereference Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Null pointer dereference in Linux kernel arm_mpam memory bandwidth monitoring causes kernel oops when an MSC supporting bandwidth monitoring transitions offline and back online. The mpam_restore_mbwu_state() function fails to initialize a value buffer before passing it to __ris_msmon_read() via IPI, triggering a crash in the bandwidth counter restoration routine. This affects ARM systems with MPAM (Memory Partitioning and Monitoring) support and results in denial of service through system instability when memory controllers are toggled.

Linux Null Pointer Dereference Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's mshv (Microsoft Hyper-V) driver allows local attackers to trigger a kernel panic by unmapping user memory after a failed mshv_map_user_memory() call. The error path incorrectly calls vfree() without unregistering the associated MMU notifier, leaving a dangling reference that fires when userspace performs subsequent memory operations. This is a memory safety issue affecting the Hyper-V virtualization subsystem in the Linux kernel.

Linux Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory leak in the Linux kernel's Amlogic SPI controller driver (aml_spisg_probe) fails to release SPI controller resources in multiple error paths during probe, allowing local attackers to exhaust kernel memory through repeated driver load/unload cycles or failed probe attempts. The vulnerability has been resolved in the upstream kernel by converting to device-managed SPI allocation functions.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory leak in Linux kernel drm/vmwgfx driver caused by overwriting KMS surface dirty tracker without proper cleanup. The vulnerability affects the VMware graphics driver subsystem in the kernel, allowing local attackers to trigger memory exhaustion through repeated surface operations. No CVSS score, EPSS data, or KEV status available; fix commits exist in upstream stable kernel branches.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Linux kernel crashes in iommu_sva_unbind_device() when accessing a freed mm structure after iommu_domain_free() deallocates domain->mm->iommu_mm, causing denial of service on systems using IOMMU Shared Virtual Addressing (SVA). The fix reorders code to access the structure before the domain is freed. No CVSS score, EPSS, or KEV status available; no public exploit code identified.

Linux Denial Of Service Red Hat +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Linux kernel ksmbd SMB server allows local or remote attackers to read freed memory and potentially achieve denial of service or code execution via compound SMB2 requests that reuse a tree connection after it has been disconnected and its associated share_conf structure freed. The vulnerability exists because smb2_get_ksmbd_tcon() bypasses state validation checks when reusing connections in compound requests, enabling subsequent commands to dereference already-freed share_conf pointers. No CVE severity metrics are available, but KASAN confirms memory corruption is triggered in smb2_write operations during tree disconnect sequences.

Linux Use After Free Ubuntu +5
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Linux kernel's ksmbd SMB server allows remote attackers to crash the kernel or potentially execute code via malicious SMB2 DURABLE_REQ_V2 replay operations. The vulnerability occurs when parse_durable_handle_context() unconditionally reassigns file handle connection pointers during replay operations, causing stale pointer dereferences when the reassigned connection is subsequently freed. A KASAN report confirms the use-after-free in spin_lock operations during file descriptor closure, triggered during SMB2 connection handling in the ksmbd-io workqueue. No public exploit code or active exploitation has been confirmed at time of analysis.

Linux Use After Free Ubuntu +5
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Linux kernel drm/logicvc driver fails to release a device node reference in logicvc_drm_config_parse(), causing a reference leak that can exhaust kernel memory resources over time. The vulnerability affects all Linux kernel versions with the logicvc DRM driver enabled; it requires local access to trigger repeated calls to the vulnerable code path. This is a low-severity resource exhaustion issue resolved via kernel patch implementing automatic cleanup attributes.

Linux Information Disclosure Red Hat +1
NVD VulDB
Prev Page 31 of 104 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy