Skip to main content

Suse

9341 CVEs vendor

Monthly

CVE-2026-23425 HIGH PATCH This Week

Linux kernel KVM ARM64 fails to properly initialize ID registers for non-protected pKVM guests, causing feature detection checks to incorrectly return zero and preventing proper save/restore of system registers like TCR2_EL1 during world switches, potentially leading to state corruption. The vulnerability affects the hypervisor's ability to detect CPU features in non-protected virtual machines despite the initialization flag being incorrectly set. This is a kernel-level logic error that impacts system register handling in ARM64 virtualization.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-23424 HIGH PATCH This Week

Linux kernel accel/amdxdna driver fails to validate command buffer payload count, allowing out-of-bounds reads in AMD XDNA accelerator command processing. The vulnerability affects the accel/amdxdna subsystem across unspecified Linux kernel versions and permits information disclosure through unvalidated payload size interpretation. No active exploitation, public proof-of-concept, or CVSS data currently available.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-23423 MEDIUM PATCH This Month

Linux kernel btrfs subsystem fails to free allocated pages in btrfs_uring_read_extent() when error conditions occur before asynchronous I/O completion, leading to memory leaks. The vulnerability affects all Linux kernel versions with the vulnerable btrfs implementation; while tagged as Information Disclosure, the primary impact is denial of service through memory exhaustion rather than data exposure. No public exploit code or active exploitation has been identified; this is a defensive fix addressing a code path that may never execute under normal conditions but represents a resource management defect.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23421 MEDIUM PATCH This Month

Memory leak in Linux kernel DRM/XE configfs device release allows information disclosure through unfreed ctx_restore_mid_bb allocation. The xe_config_device_release() function fails to deallocate ctx_restore_mid_bb[0].cs memory that was previously allocated by wa_bb_store(), leaving sensitive kernel memory accessible when the configfs device is removed. Affected Linux kernel versions containing the vulnerable DRM/XE driver require patching to prevent potential information leakage.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23420 MEDIUM PATCH This Month

Mutex lock-unlock mismatch in the Linux kernel's wlcore Wi-Fi driver allows potential information disclosure or system instability through improper synchronization. The vulnerability occurs when wl->mutex is unlocked without being locked first, detected by the Clang thread-safety analyzer. This affects all Linux kernel versions with the wlcore Wi-Fi driver. No active exploitation has been identified, but the bug creates a race condition that could be leveraged to access shared kernel state.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23419 HIGH PATCH This Week

Linux kernel RDS TCP subsystem resolves circular locking dependency in rds_tcp_tune() function where socket lock contention with fs_reclaim memory allocation creates deadlock potential. The vulnerability affects all Linux kernel versions with the vulnerable code path in net/rds/tcp.c; the fix relocates sk_net_refcnt_upgrade() outside the socket lock critical section to eliminate the circular lock dependency without compromising synchronization semantics.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-23418 MEDIUM PATCH This Month

Memory leak in Linux kernel DRM/XE register save-restore (reg_sr) module fails to free allocated memory when xa_store() operation fails, potentially allowing local information disclosure or denial of service through repeated trigger of the error path. The vulnerability affects all Linux kernel versions containing the affected drm/xe/reg_sr code prior to the fix commits referenced. No CVSS score or exploit data provided; patch commits are available in upstream Linux repository.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-35393 Go CRITICAL PATCH GHSA Act Now

Unauthenticated arbitrary file write in goshs (Go Simple HTTP Server) allows remote attackers to overwrite any file on the host filesystem via path traversal in multipart upload endpoints. The vulnerability exists in the default configuration with no authentication required. The upload handler fails to sanitize the directory component of the request path, enabling attackers to escape the webroot using URL-encoded traversal sequences (e.g., /../../target/upload) while the server validates only that paths end with '/upload'. Functional proof-of-concept exploit code is publicly available. EPSS data not available, not listed in CISA KEV.

Path Traversal Suse
NVD GitHub
CVSS 3.0
9.8
EPSS
0.1%
CVE-2026-35392 Go CRITICAL PATCH GHSA Act Now

Arbitrary file write in goshs HTTP server allows unauthenticated remote attackers to overwrite any file on the target system via path traversal in PUT requests. The PUT upload handler in goshs (a Go-based simple HTTP server) performs no path sanitization on user-supplied URL paths, enabling direct filesystem access outside the intended webroot through URL-encoded directory traversal sequences (%2e%2e/). CVSS 9.8 reflects network-accessible exploitation requiring no authentication or user interaction. No public exploit identified at time of analysis beyond the proof-of-concept in the security advisory. EPSS data not available, but the trivial exploit complexity (single curl command with --path-as-is flag) and default-vulnerable configuration present significant risk to exposed instances.

Path Traversal Suse
NVD GitHub
CVSS 3.0
9.8
EPSS
0.1%
CVE-2026-35540 PHP MEDIUM PATCH GHSA This Month

Roundcube Webmail 1.6.0 through 1.6.13 allows Server-Side Request Forgery (SSRF) and Information Disclosure through insufficient CSS sanitization in HTML email messages, enabling attackers to craft malicious stylesheets that reference local network hosts. The vulnerability affects all instances processing HTML emails with external stylesheet links, and does not require authentication due to the unauthenticated attack vector (AV:N, PR:N in CVSS). Vendor-released patch: versions 1.6.14, 1.7-rc5, and later.

Information Disclosure SSRF Suse
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-35536 PyPI HIGH PATCH GHSA This Week

Cookie attribute injection in Tornado web framework versions before 6.5.5 allows unauthenticated remote attackers to manipulate cookie security attributes through crafted characters in domain, path, and samesite parameters of RequestHandler.set_cookie. With CVSS 7.2 and EPSS data unavailable, this represents a moderate integrity and confidentiality risk for web applications using affected Tornado versions. No public exploit identified at time of analysis, though the vulnerability mechanism is straightforward for exploitation.

Code Injection Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-34831 Ruby MEDIUM PATCH GHSA This Month

HTTP response desynchronization in Rack web server framework versions prior to 2.2.23, 3.1.21, and 3.2.6 allows remote attackers to cause Content-Length header mismatches by requesting non-existent paths with percent-encoded UTF-8 characters. The vulnerability stems from Rack::Files#fail using String#size instead of String#bytesize when setting Content-Length, causing declared header values to be smaller than actual bytes transmitted, potentially leading to response framing errors and information disclosure in deployments sensitive to Content-Length validation. No public exploit code or confirmed active exploitation identified at time of analysis.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-34830 Ruby MEDIUM PATCH GHSA This Month

Rack::Sendfile in versions prior to 2.2.23, 3.1.21, and 3.2.6 allows remote attackers to inject regex metacharacters into X-Accel-Mapping request headers, enabling unescaped interpolation that manipulates the X-Accel-Redirect response header and causes nginx to serve unintended files from internal locations. No public exploit code or active exploitation has been confirmed; patch versions are available from the vendor.

Nginx Code Injection Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-34826 Ruby MEDIUM PATCH GHSA This Month

Denial of service in Rack versions prior to 2.2.23, 3.1.21, and 3.2.6 allows unauthenticated remote attackers to consume disproportionate CPU, memory, I/O, and bandwidth by supplying many small overlapping byte ranges in HTTP Range headers, bypassing the existing CVE-2024-26141 fix that only validates total byte coverage. The vulnerability affects Rack's file-serving paths that process multipart byte range responses, enabling attackers to degrade service availability with minimal request complexity.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-34786 Ruby MEDIUM PATCH GHSA This Month

Rack::Static fails to apply security-relevant response headers to URL-encoded variants of static file paths, allowing attackers to bypass header-based security controls by requesting percent-encoded forms of protected resources. This affects Rack versions prior to 2.2.23, 3.1.21, and 3.2.6, and is particularly dangerous in deployments relying on Rack::Static to enforce Content-Security-Policy, X-Frame-Options, or similar protective headers on static content. No public exploit code or active exploitation has been confirmed at time of analysis.

Authentication Bypass Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-34763 Ruby MEDIUM PATCH GHSA This Month

Rack web server interface versions prior to 2.2.23, 3.1.21, and 3.2.6 fail to properly escape regex metacharacters when constructing directory path filtering expressions, causing the Rack::Directory component to expose full filesystem paths in HTML directory listings. An unauthenticated remote attacker can retrieve sensitive path information by requesting directory listings when the configured root path contains regex special characters such as +, *, or ., achieving low-confidentiality impact with CVSS 5.3. No public exploit code or active exploitation has been confirmed at time of analysis.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-34230 Ruby MEDIUM PATCH GHSA This Month

Denial of service in Rack::Utils.select_best_encoding allows unauthenticated remote attackers to consume disproportionate CPU resources via a crafted Accept-Encoding header containing multiple wildcard entries, affecting Rack versions prior to 2.2.23, 3.1.21, and 3.2.6. The vulnerability exploits quadratic time complexity in the encoding selection algorithm used by Rack::Deflater middleware, enabling a single HTTP request to trigger sustained CPU exhaustion and application unavailability.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-34835 Ruby MEDIUM PATCH GHSA This Month

Host header validation bypass in Rack 3.0.0.beta1-3.1.20 and 3.2.0-3.2.5 allows unauthenticated remote attackers to poison Host headers by injecting RFC-noncompliant characters (/, ?, #, @) that pass the AUTHORITY regex but are accepted by req.host, req.url, and req.base_url. Applications relying on naive prefix or suffix matching for host validation, link generation, or origin checks can be bypassed, enabling host header poisoning attacks. No public exploit code or active exploitation has been confirmed at the time of analysis.

Authentication Bypass Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-35414 MEDIUM PATCH This Month

OpenSSH before version 10.3 mishandles the authorized_keys principals option when a principals list is combined with a Certificate Authority that uses certain comma character patterns, allowing authenticated local or remote users to disclose sensitive authorization information or manipulate authentication decisions. This vulnerability affects all OpenSSH versions prior to 10.3p1 and requires authenticated access (PR:L) with non-trivial attack complexity (AC:H), resulting in partial confidentiality and integrity impact. No public exploit code or active exploitation has been identified at time of analysis.

SSH Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-34591 PyPI HIGH PATCH GHSA This Week

Path traversal in Poetry's wheel installer (versions prior to 2.3.3) allows malicious Python packages to write arbitrary files outside the installation directory during package installation. Attackers can craft wheel files containing ../ directory traversal sequences that bypass containment checks, enabling file overwrite with Poetry process privileges. This directly threatens CI/CD pipelines and developer workstations installing untrusted packages from PyPI or private repositories. No active exploitation confirmed at time of analysis, but a functional proof-of-concept is publicly documented in the GitHub advisory.

Path Traversal Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-34543 PyPI HIGH PATCH GHSA This Week

Heap memory disclosure in OpenEXR 3.4.0 through 3.4.7 allows remote attackers to extract sensitive information through decoded pixel data when processing malicious EXR image files. The vulnerability requires no authentication (PR:N) or user interaction (UI:N), triggering automatically during file parsing under default configurations. With CVSS 8.7 and high confidentiality impact (VC:H), this represents significant risk for applications processing untrusted EXR files. No public exploit identified at time of analysis, though the low attack complexity (AC:L) suggests straightforward exploitation once attack methods are documented.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-34544 PyPI HIGH PATCH GHSA This Week

Out-of-bounds heap write in OpenEXR 3.4.0-3.4.7 allows local attackers to crash applications or corrupt memory when processing malicious B44/B44A compressed EXR files. Attack requires user interaction to open a crafted image file. Patched in version 3.4.8. CVSS 8.4 (High) reflects local attack vector with no privileges required but mandatory user action. No confirmed active exploitation or public POC identified at time of analysis, though proof-of-concept development is feasible given the detailed GitHub advisory and commit.

Buffer Overflow Integer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-34525 PyPI MEDIUM PATCH GHSA This Month

AIOHTTP prior to version 3.13.4 allows multiple Host headers in HTTP requests, enabling information disclosure through header injection attacks. An unauthenticated remote attacker can exploit this by crafting malicious requests with duplicate Host headers to potentially bypass security controls or extract sensitive information from affected applications. The vulnerability has been patched in version 3.13.4, and no public exploit code or active exploitation has been identified at the time of analysis.

Python Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-34516 PyPI MEDIUM PATCH GHSA This Month

Memory exhaustion vulnerability in AIOHTTP prior to version 3.13.4 allows unauthenticated remote attackers to trigger denial of service via specially crafted HTTP responses containing excessive multipart headers. The vulnerability exploits insufficient memory limits during multipart header parsing, causing the server or client to consume more memory than intended. CVSS 6.6 (medium-high availability impact) with no public exploit code identified at time of analysis.

Python Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.6
EPSS
0.0%
CVE-2026-34515 PyPI MEDIUM PATCH GHSA This Month

AIOHTTP static resource handler on Windows exposes NTLMv2 remote path information to unauthenticated remote attackers, allowing information disclosure with high confidentiality impact. Versions prior to 3.13.4 are affected. The vulnerability has been patched and no active exploitation has been confirmed at this time.

Python Information Disclosure Microsoft Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.6
EPSS
0.1%
CVE-2026-22815 PyPI MEDIUM PATCH GHSA This Month

Memory exhaustion in aiohttp's header and trailer handling allows remote attackers to cause denial of service by sending attacker-controlled HTTP requests or responses with uncapped header/trailer values. The vulnerability affects aiohttp Python library across affected versions, enabling attackers to exhaust application memory without authentication. A mitigation is available via reverse proxy configuration, and upstream patch has been released.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-34447 PyPI MEDIUM PATCH GHSA This Month

ONNX versions prior to 1.21.0 allow local attackers to read arbitrary files outside the model directory through symlink traversal during external data loading, requiring user interaction to load a malicious model file. The vulnerability has a CVSS score of 5.5 (medium severity) and is classified as information disclosure with confirmed patch availability in version 1.21.0.

Information Disclosure Microsoft Suse
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-34446 PyPI MEDIUM PATCH GHSA This Month

ONNX versions prior to 1.21.0 allow local attackers to read arbitrary files by exploiting a hardlink-based path traversal vulnerability in onnx.load(). The vulnerability bypasses existing symlink protections because hardlinks appear as regular files to filesystem checks. An attacker with local file system access can craft a malicious ONNX model file using hardlinks to access sensitive data outside the intended directory, requiring user interaction to load the crafted model. No public exploit code has been identified; EPSS score of 4.7 indicates low exploitation probability despite moderate CVSS impact.

Path Traversal Microsoft Red Hat Suse
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-34445 PyPI HIGH PATCH GHSA This Week

Arbitrary attribute injection in ONNX Python library (versions prior to 1.21.0) allows unauthenticated remote attackers to manipulate internal object properties by embedding malicious metadata in ONNX model files, resulting in potential information disclosure, data integrity violations, and high availability impact (CVSS 8.6). The vulnerability stems from unchecked use of Python's setattr() with externally-controlled keys during ExternalDataInfo deserialization. No public exploit code or CISA KEV listing identified at time of analysis, but proof-of-concept development is trivial given the straightforward nature of Python attribute manipulation. EPSS data not provided, but the unauthenticated network-accessible attack vector and low complexity suggest material risk for organizations processing untrusted ONNX models.

Python Microsoft Information Disclosure Red Hat Suse
NVD GitHub
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-34397 MEDIUM PATCH This Month

Local privilege escalation in Himmelblau versions 2.0.0-alpha through 2.3.8 and 3.0.0-alpha through 3.1.0 allows authenticated users to assume privileged group membership when their Azure Entra ID-mapped CN or short name collides with system group names (sudo, wheel, docker, adm, etc.). The NSS module resolves the collision to the attacker's fake primary group, potentially granting group-level privileges if the system uses NSS for authorization decisions. CVSS 6.3 (medium); no public exploit identified at time of analysis.

Microsoft Privilege Escalation Docker Suse
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-5292 HIGH PATCH This Week

Out-of-bounds read in WebCodecs component of Google Chrome prior to version 146.0.7680.178 allows remote attackers to read arbitrary memory contents via specially crafted HTML pages. The vulnerability affects all Chrome versions below the patched release and requires only HTML delivery (no authentication); exploitation could disclose sensitive data from the browser process memory, though the Chromium project assessed this as Medium severity.

Google Information Disclosure Buffer Overflow Debian Suse +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5291 MEDIUM PATCH This Month

Information disclosure in Google Chrome's WebGL implementation prior to version 146.0.7680.178 allows remote attackers to extract potentially sensitive data from process memory by serving a crafted HTML page. The vulnerability affects all Chrome versions before the patched release and requires only user interaction (visiting a malicious webpage) to trigger memory disclosure via WebGL rendering.

Google Information Disclosure Debian Red Hat Suse +1
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-5290 CRITICAL PATCH Act Now

Use-after-free in Chrome's compositing engine allows remote attackers who have compromised the renderer process to escape the sandbox via crafted HTML pages in Google Chrome prior to version 146.0.7680.178. This high-severity vulnerability requires prior renderer compromise but enables privilege escalation from the sandboxed renderer to system-level access, making it a critical sandbox bypass vector. Vendor-released patch addresses the issue in Chrome 146.0.7680.178 and later.

Google Use After Free Denial Of Service Memory Corruption Debian +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-5289 CRITICAL PATCH Act Now

Use-after-free in Google Chrome's Navigation component prior to version 146.0.7680.178 enables sandbox escape for attackers who have already compromised the renderer process, allowing them to potentially execute arbitrary code with elevated privileges via a malicious HTML page. Chromium rates this as high severity; patch availability confirmed from vendor.

Google Use After Free Denial Of Service Memory Corruption Debian +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-5288 CRITICAL PATCH Act Now

Use-after-free in Chrome's WebView on Android prior to version 146.0.7680.178 allows a remote attacker with a compromised renderer process to escape the sandbox via crafted HTML, potentially leading to arbitrary code execution outside the browser's security boundary. This vulnerability requires prior renderer compromise but eliminates a critical containment layer, classified as High severity by Chromium.

Google Use After Free Denial Of Service Memory Corruption Debian +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-5286 HIGH PATCH This Week

Remote code execution in Google Chrome prior to version 146.0.7680.178 via use-after-free vulnerability in the Dawn graphics library allows unauthenticated remote attackers to execute arbitrary code through a crafted HTML page. The vulnerability affects all Chrome versions below the patched release and carries high severity per Chromium's assessment.

Google Use After Free RCE Memory Corruption Denial Of Service +4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5284 HIGH PATCH This Week

Remote code execution in Google Chrome prior to 146.0.7680.178 via use-after-free vulnerability in Dawn graphics subsystem allows an attacker who has already compromised the renderer process to execute arbitrary code through a crafted HTML page. This vulnerability requires prior renderer compromise but presents significant risk in multi-process exploitation chains; vendor has released patched version 146.0.7680.178 to address the issue.

Google Use After Free RCE Memory Corruption Denial Of Service +4
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-5283 MEDIUM PATCH This Month

Information disclosure in ANGLE (graphics abstraction layer) within Google Chrome prior to version 146.0.7680.178 enables remote attackers to leak cross-origin data through crafted HTML pages. The vulnerability affects all Chrome versions before the patched release and requires only network access and user interaction (visiting a malicious page), posing a moderate real-world risk to users who may inadvertently access attacker-controlled content.

Google Authentication Bypass Debian Red Hat Suse +1
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-5282 HIGH PATCH This Week

Out-of-bounds read in WebCodecs functionality in Google Chrome prior to version 146.0.7680.178 allows remote attackers to read arbitrary memory contents via a crafted HTML page. The vulnerability affects all Chrome versions before the patched release and requires only user interaction (visiting a malicious webpage) to trigger. No public exploit code or active exploitation has been confirmed at time of analysis.

Google Information Disclosure Buffer Overflow Debian Red Hat +2
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-5278 HIGH PATCH This Week

Remote code execution in Google Chrome on Android via use-after-free vulnerability in Web MIDI allows unauthenticated remote attackers to execute arbitrary code through a crafted HTML page. The vulnerability affects Chrome versions prior to 146.0.7680.178 and carries high severity per Chromium's security classification. A vendor-released patch is available.

Google Use After Free RCE Memory Corruption Denial Of Service +4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5277 HIGH PATCH This Week

Integer overflow in ANGLE (Google's OpenGL abstraction layer) in Chrome on Windows before version 146.0.7680.178 enables out-of-bounds memory writes if the renderer process is compromised, allowing an attacker to execute arbitrary code with renderer privileges. The vulnerability requires prior renderer process compromise, limiting the immediate attack surface but representing a critical post-compromise escalation vector. Chromium severity is rated High; patch availability confirms vendor remediation.

Google Buffer Overflow Microsoft Debian Red Hat +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-5276 MEDIUM PATCH This Month

Information disclosure in Google Chrome's WebUSB implementation prior to version 146.0.7680.178 allows remote attackers to extract sensitive data from process memory by delivering a crafted HTML page, exploiting insufficient policy enforcement in the WebUSB API. The vulnerability affects all Chrome versions before 146.0.7680.178 across all platforms. No public exploit code or active exploitation has been confirmed at the time of this analysis.

Google Information Disclosure Debian Red Hat Suse +1
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-5275 HIGH PATCH This Week

Remote code execution in ANGLE (Almost Native Graphics Layer Engine) within Google Chrome on macOS prior to version 146.0.7680.178 allows unauthenticated remote attackers to execute arbitrary code by crafting a malicious HTML page that triggers a heap buffer overflow. This vulnerability affects all Chrome versions below the patched release and poses an immediate risk to macOS users who visit compromised or malicious websites.

Google Heap Overflow RCE Buffer Overflow Debian +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5274 HIGH PATCH This Week

Integer overflow in Google Chrome's Codecs component prior to version 146.0.7680.178 enables remote code execution and arbitrary memory read/write operations when a user visits a malicious HTML page. The vulnerability affects all versions before the patch release and requires no user interaction beyond visiting a crafted webpage. Chromium security team classified this as High severity; no public exploit code or active exploitation has been confirmed at the time of analysis.

Google RCE Debian Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-34872 CRITICAL PATCH Act Now

Finite-field Diffie-Hellman (FFDH) in Mbed TLS 3.5.x, 3.6.0 through 3.6.5, and TF-PSA-Crypto 1.0 lacks contributory behavior due to improper validation of peer-supplied parameters, allowing an attacker to restrict the shared secret to a small set of predictable values. While the vulnerability does not directly impact TLS (which does not depend on contributory behavior), it poses a significant risk to protocols that do rely on this property, including those where an active network attacker or malicious peer can exploit the weakness. No CVSS score or public exploit code has been assigned at the time of analysis.

Information Disclosure Jwt Attack Red Hat Suse
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-34441 MEDIUM PATCH This Month

HTTP Request Smuggling in cpp-httplib prior to 0.40.0 allows remote attackers to inject arbitrary HTTP requests on HTTP/1.1 keep-alive connections by embedding malicious request data in the body of GET requests that the static file handler does not consume. The unread body bytes remain on the TCP stream and are interpreted as a new request, enabling information disclosure and request manipulation without authentication or user interaction.

Request Smuggling Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-5190 HIGH PATCH This Week

Memory corruption leading to arbitrary code execution affects AWS C Event Stream library versions before 0.6.0 when clients process malicious event-stream messages from attacker-controlled servers. The out-of-bounds write vulnerability in the streaming decoder requires high attack complexity and user interaction (CVSS:3.1/AV:N/AC:H/PR:N/UI:R), but grants complete control over confidentiality, integrity, and availability if successfully exploited. No public exploit identified at time of analysis, with EPSS data unavailable for this 2026-dated CVE. Vendor-released patch version 0.6.0 addresses the issue.

Buffer Overflow RCE Memory Corruption Suse
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.0%
CVE-2026-32725 HIGH PATCH This Week

Authorization bypass in scitokens-cpp library (all versions prior to 1.4.1) allows authenticated attackers to escape path-based scope restrictions via parent-directory traversal in token scope claims. The library incorrectly normalizes '..' components instead of rejecting them, enabling privilege escalation to access resources outside intended directories. EPSS data not provided, but the vulnerability is network-exploitable with low attack complexity (CVSS 8.3). No confirmed active exploitation (CISA KEV) or public exploit code identified at time of analysis, though the fix commit is publicly documented.

Path Traversal Suse
NVD GitHub
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-32726 HIGH PATCH This Week

Authorization bypass in SciTokens C++ library (versions prior to 1.4.1) allows authenticated attackers to access unauthorized filesystem paths via flawed scope validation. The library's path-prefix matching does not enforce path-segment boundaries, enabling a token scoped to '/data/project1' to incorrectly authorize access to '/data/project10' or '/data/project1-backup'. CVSS 8.1 (High) reflects the significant confidentiality and integrity impact, though exploitation requires low-privilege authenticated access (PR:L). No public exploit identified at time of analysis, with EPSS data not available for recent CVE. Vendor-released patch available in version 1.4.1.

Authentication Bypass Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-33995 MEDIUM PATCH This Month

FreeRDP prior to version 3.24.2 contains a double-free vulnerability in Kerberos authentication handling that crashes FreeRDP clients during NLA connection teardown following failed authentication attempts on systems with Kerberos configured. The vulnerability affects all versions before 3.24.2 across multiple Linux distributions (Debian, Ubuntu) and requires network access but no authentication credentials, presenting a denial-of-service vector against RDP clients in enterprise environments using Kerberos or Kerberos U2U authentication. No public exploit code has been identified, and the impact is limited to availability (denial of service) rather than confidentiality or integrity.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-33987 HIGH PATCH This Week

Heap buffer overflow in FreeRDP's persistent bitmap cache handling allows local attackers to corrupt memory integrity and crash the RDP client. Affecting all versions prior to 3.24.2, the vulnerability (CWE-122) occurs when memory reallocation fails but the buffer size variable is prematurely updated, creating a size/pointer mismatch. EPSS data not available, but marked medium priority by Ubuntu. No public exploit identified at time of analysis, though technical details are disclosed in the GitHub Security Advisory.

Heap Overflow Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-33985 MEDIUM PATCH This Month

FreeRDP versions prior to 3.24.2 leak sensitive heap data to the screen during pixel rendering in remote desktop sessions, allowing unauthenticated remote attackers to obtain confidential information through a man-in-the-middle position or compromised RDP server. The vulnerability requires user interaction (UI:R) and involves out-of-bounds memory read (CWE-125), with CVSS 5.9 reflecting moderate confidentiality impact and low availability degradation. No public exploit code or active exploitation has been confirmed at time of analysis.

Information Disclosure Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-33982 HIGH PATCH This Week

Heap-buffer-overflow in FreeRDP's winpr_aligned_offset_recalloc() function allows local attackers with no privileges but requiring user interaction to trigger high-severity information disclosure and denial of service in versions prior to 3.24.2. The vulnerability involves a READ operation at 24 bytes before heap allocation boundaries (CWE-125: Out-of-bounds Read). Vendor-released patch version 3.24.2 available via GitHub commit a48dbde2c8. EPSS data not provided; no public exploit identified at time of analysis. Affects all FreeRDP installations below 3.24.2, tracked across 7 Debian releases.

Information Disclosure Buffer Overflow Suse Red Hat
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-33952 MEDIUM PATCH This Month

FreeRDP clients before version 3.24.2 crash with SIGABRT when connecting through a malicious RDP Gateway due to an unvalidated auth_length field triggering a WINPR_ASSERT() failure in rts_read_auth_verifier_no_checks(). This pre-authentication denial of service affects all FreeRDP clients using RPC-over-HTTP gateway transport, regardless of user authentication status. The vulnerability has been patched in version 3.24.2.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.1%
CVE-2026-33977 MEDIUM PATCH This Month

Denial of service in FreeRDP prior to version 3.24.2 allows remote attackers to crash the client via a malicious RDP server sending IMA ADPCM audio data with an invalid step index value (≥89). The unvalidated network-supplied index causes an out-of-bounds access into an 89-entry lookup table, triggering a WINPR_ASSERT() failure and process abort. This affects all FreeRDP clients with audio redirection enabled (the default configuration), requiring user interaction to establish an RDP connection but no authentication. No public exploit code identified at time of analysis.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-4789 Go CRITICAL PATCH NEWS GHSA Act Now

Kyverno versions 1.16.0 and later contain a server-side request forgery vulnerability in unrestricted CEL HTTP functions that allow attackers to make arbitrary HTTP requests from the Kyverno controller, potentially accessing internal services and metadata endpoints. The vulnerability affects Kubernetes clusters running vulnerable Kyverno versions with policies utilizing CEL-based HTTP operations, with no CVSS or EPSS data currently available to quantify severity.

SSRF Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-32884 MEDIUM PATCH This Month

Botan cryptography library versions prior to 3.11.0 fail to properly validate X.509 certificate DNS name constraints due to case-sensitive comparison of the Common Name field, allowing attackers to present certificates with mixed-case Common Names that bypass name constraint restrictions and potentially establish unauthorized secure connections to restricted domains.

Information Disclosure Red Hat Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-34165 Go MEDIUM PATCH GHSA This Month

Maliciously crafted `.idx` files in go-git v5 cause asymmetric memory consumption leading to Denial of Service through integer overflow vulnerabilities. Exploitation requires local write access to the `.git` directory, limiting attack surface to scenarios where an attacker has already compromised repository access or can inject files into a shared repository. No public exploit code or active exploitation has been confirmed; however, the low CVSS complexity and requirement for only low-privilege local access make this a moderate operational concern for development environments and CI/CD systems that process untrusted repositories.

Denial Of Service Integer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-33990 Go MEDIUM PATCH GHSA This Month

Server-side request forgery in Docker Model Runner allows unprivileged containers or malicious OCI registries to make arbitrary GET requests to internal services by exploiting unvalidated realm URLs in the OCI registry token exchange flow. Affected versions prior to 1.1.25 (Docker Desktop prior to 4.67.0) permit attackers to access host-local services and reflect response bodies back to the caller, potentially exfiltrating sensitive data from internal endpoints. No public exploit code or active exploitation has been reported at time of analysis.

Docker SSRF Microsoft Suse
NVD GitHub
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-33641 PyPI HIGH POC PATCH GHSA This Week

Command injection in Glances Python monitoring tool allows local authenticated users to execute arbitrary system commands via malicious configuration files. Attackers with write access to Glances configuration files can embed shell commands in backtick-enclosed strings that execute automatically during config parsing with the privileges of the Glances process. In environments where Glances runs as a system service with elevated privileges, this enables privilege escalation from low-privileged user to root. CVSS 7.8 (High) with local attack vector requiring low privileges. Public exploit code exists in the advisory. EPSS data not available, not listed in CISA KEV.

Python Command Injection Privilege Escalation Suse
NVD GitHub VulDB Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-33533 PyPI HIGH PATCH GHSA This Week

Cross-origin data exfiltration in Glances XML-RPC server (glances -s) allows any website to steal complete system monitoring data including hostname, OS details, process lists with command-line arguments, and network configuration through CORS misconfiguration. The server sends Access-Control-Allow-Origin: * on all responses and processes XML-RPC POST requests with Content-Type: text/plain without validation, bypassing browser CORS preflight checks. Default deployments run unauthenticated, making all network-accessible instances immediately exploitable. No public exploit identified at time of analysis, though detailed proof-of-concept code is included in the advisory.

Cors Misconfiguration Python Buffer Overflow Suse
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-33032 Go CRITICAL POC NEWS GHSA Act Now

Remote unauthenticated nginx service takeover in nginx-ui's MCP integration allows network attackers to create, modify, or delete nginx configuration files and trigger automatic reloads without authentication. The /mcp_message endpoint lacks authentication middleware while exposing the same MCP tool handlers as the protected /mcp endpoint, and the IP whitelist defaults to empty (allow-all). Attackers can inject malicious server blocks to intercept credentials, exfiltrate backend topology, or crash nginx with invalid configs. CVSS 9.8 (Critical) with network attack vector, no authentication required, and high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, though detailed proof-of-concept HTTP request provided in advisory.

Nginx Authentication Bypass Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-33030 Go HIGH GHSA This Week

Insecure Direct Object Reference (IDOR) in nginx-ui up to v2.3.3 allows authenticated low-privilege users to access, modify, and delete any resource across all user accounts, including plaintext DNS provider API tokens (Cloudflare, AWS Route53, Alibaba Cloud) and ACME private keys. The application's base Model struct lacks user_id fields, and all resource endpoints query by ID without ownership verification. CVSS 8.8 reflects scope change to external services—stolen Cloudflare tokens enable DNS hijacking and fraudulent certificate issuance. No public exploit identified at time of analysis, but trivial to execute via standard HTTP requests. Vendor-released patch: v2.3.4.

Nginx Information Disclosure Command Injection Docker Suse
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-33029 Go MEDIUM PATCH GHSA This Month

Authenticated denial of service in nginx-ui 2.3.3 and earlier allows any user with settings access to submit a negative integer for the logrotate.interval parameter, triggering an infinite loop in the backend that exhausts CPU resources and renders the web interface unresponsive. Vendor-released patch available in v2.3.4. No public exploit code identified beyond proof-of-concept documentation; not confirmed as actively exploited.

Nginx Denial Of Service Docker Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-33028 Go HIGH PATCH GHSA This Week

Race condition in nginx-ui web interface allows remote authenticated attackers to corrupt the primary configuration file (app.ini) through concurrent API requests, resulting in persistent denial of service and potential remote code execution. The vulnerability affects nginx-ui versions prior to 2.3.4 deployed in production environments including Docker containers. Concurrent POST requests to /api/settings trigger unsynchronized file writes that interleave at the OS level, corrupting configuration sections and creating cross-contamination between INI fields. In non-deterministic scenarios, user-controlled input can overwrite shell command fields (ReloadCmd, RestartCmd), enabling arbitrary command execution during nginx reload operations. Public exploit code demonstrates the attack path using standard HTTP testing tools. No CISA KEV listing or EPSS data available at time of analysis, but proof-of-concept with detailed reproduction steps exists in the GitHub security advisory.

Race Condition Denial Of Service RCE Nginx Docker +2
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-33027 Go MEDIUM PATCH GHSA This Month

Authenticated users in nginx-ui v2.3.3 and earlier can delete the entire `/etc/nginx` configuration directory via path traversal using double-encoded sequences (..%252F), causing immediate Nginx service failure and denial of service. The vulnerability exploits improper URL canonicalization combined with unsafe recursive deletion logic that resolves malicious paths to the base configuration directory instead of rejecting them.

Nginx Path Traversal Denial Of Service Docker Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-33026 Go CRITICAL PATCH NEWS GHSA Act Now

Remote authenticated attackers can achieve arbitrary command execution on nginx-ui v2.3.3 servers by manipulating encrypted backup archives during restoration. The vulnerability stems from a circular trust model where backup integrity metadata is encrypted using the same AES key provided to clients, allowing attackers to decrypt backups, inject malicious configuration (including command execution directives), recompute valid hashes, and re-encrypt the archive. The restore process accepts tampered backups despite hash verification warnings. Publicly available exploit code exists with detailed proof-of-concept demonstrating configuration injection leading to arbitrary command execution. Vendor-released patch available in nginx-ui v2.3.4. This represents a regression from GHSA-g9w5-qffc-6762, which addressed backup access control but not the underlying cryptographic design flaw.

Nginx Authentication Bypass Docker Suse
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.0%
CVE-2026-3945 HIGH PATCH This Week

Remote denial of service in tinyproxy versions through 1.11.3 allows unauthenticated attackers to exhaust all proxy worker connections via malformed HTTP chunked transfer encoding. An integer overflow in chunk size parsing (using strtol() without ERANGE validation) enables attackers to send LONG_MAX values that bypass size checks and trigger arithmetic overflow during chunklen+2 calculations. This forces the proxy to attempt reading unbounded request body data, holding worker slots indefinitely until all connections are exhausted and new clients are rejected. Upstream fix available (commits bb7edc4, 969852c) but latest stable release 1.11.3 remains unpatched. EPSS data not available; no public exploit identified at time of analysis, though attack complexity is low (CVSS AC:L) and requires no authentication (PR:N).

Integer Overflow Denial Of Service Suse Debian
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-34204 Go HIGH GHSA This Week

Authentication bypass in MinIO allows any authenticated user with s3:PutObject permission to permanently corrupt objects by injecting fake server-side encryption metadata via crafted X-Minio-Replication-* headers. Attackers can selectively render individual objects or entire buckets permanently unreadable through the S3 API without requiring elevated ReplicateObjectAction permissions. Affects all MinIO releases from RELEASE.2024-03-30T09-41-56Z through the final open-source release. Vendor-released patch available in MinIO AIStor RELEASE.2026-03-26T21-24-40Z. No public exploit identified at time of analysis, though the attack mechanism is well-documented in the advisory.

Docker Microsoft Apple Authentication Bypass Suse
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-34042 Go HIGH PATCH GHSA This Week

Unauthenticated remote cache poisoning in nektos/act (GitHub Actions local runner) enables arbitrary code execution by exposing the built-in actions/cache server on all network interfaces without authentication. Attackers who can reach the cache server-including from the public internet if exposed-can inject malicious cache entries with predictable keys, leading to remote code execution within Docker containers running GitHub Actions workflows. No public exploit identified at time of analysis, though EPSS data unavailable. Vendor-released patch available in act v0.2.86.

Docker RCE Authentication Bypass Suse
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-32241 Go HIGH PATCH GHSA This Week

Command injection in Flannel's experimental Extension backend allows authenticated Kubernetes users with node annotation privileges to execute arbitrary commands as root on all flannel nodes in the cluster. This affects Flannel versions prior to 0.28.2 using the Extension backend; other backends (vxlan, wireguard) are unaffected. No public exploit identified at time of analysis, but CVSS 7.5 reflects high impact once node annotation access is achieved. EPSS data not available for this recent CVE (2026 designation appears to be error; actual 2025 advisory).

Kubernetes Command Injection Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-34389 Go MEDIUM PATCH GHSA This Month

Fleet device management software prior to version 4.81.0 allows privilege escalation through email validation bypass in the user invitation flow. An attacker with a valid invite token can create an account using an arbitrary email address while retaining the role permissions granted by the invite, potentially obtaining global admin access. No public exploit code or active exploitation has been identified at the time of analysis.

Authentication Bypass Suse
NVD GitHub
CVSS 4.0
4.9
EPSS
0.0%
CVE-2026-34041 Go HIGH PATCH GHSA This Week

Command injection in nektos/act (GitHub Actions local runner) allows attackers to execute arbitrary code by embedding deprecated workflow commands in untrusted input. Act versions prior to 0.2.86 unconditionally process ::set-env:: and ::add-path:: commands that GitHub Actions disabled in 2020, enabling PATH hijacking and environment variable injection when workflows echo PR titles, branch names, or commit messages. Publicly available exploit code exists with working proof-of-concept demonstrating NODE_OPTIONS and LD_PRELOAD injection vectors. This creates a critical supply chain risk where workflows safe on GitHub Actions become exploitable when developers test them locally with act.

Docker Command Injection Ubuntu RCE Node.js +2
NVD GitHub
CVSS 4.0
7.7
EPSS
0.0%
CVE-2026-34388 Go MEDIUM PATCH GHSA This Month

Denial-of-service vulnerability in Fleet device management software prior to version 4.81.0 allows authenticated hosts to crash the entire Fleet server process by sending a malformed log type value to the gRPC Launcher endpoint, disrupting all connected devices, MDM enrollments, and API consumers. The vulnerability requires prior authentication but affects availability across the entire infrastructure. Vendor-released patch: version 4.81.0.

Denial Of Service Suse
NVD GitHub
CVSS 4.0
6.6
EPSS
0.0%
CVE-2026-34386 Go MEDIUM PATCH GHSA This Month

SQL injection in Fleet device management software versions prior to 4.81.0 allows authenticated Team Admin or Global Admin users to execute arbitrary SQL queries against the Fleet database via the MDM bootstrap package configuration API endpoint. Attackers with these privileges can exfiltrate sensitive data, modify arbitrary team configurations, and inject malicious content into team settings. The vulnerability requires authentication but poses significant risk to multi-tenant Fleet deployments where administrative credentials may be compromised or where insider threats exist.

SQLi Information Disclosure Suse
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-34385 Go MEDIUM PATCH GHSA This Month

SQL injection in Fleet's Apple MDM profile delivery pipeline before version 4.81.0 allows authenticated attackers with valid MDM enrollment certificates to exfiltrate or modify database contents, including user credentials, API tokens, and device enrollment secrets. This second-order SQL injection vulnerability affects the cpe:2.3:a:fleetdm:fleet product line and requires valid MDM enrollment credentials to exploit, limiting the attack surface to adversaries who have already established trust within the MDM enrollment process. No public exploit code or active exploitation has been identified at the time of this analysis.

SQLi Apple Suse
NVD GitHub
CVSS 4.0
6.2
EPSS
0.0%
CVE-2026-29180 Go MEDIUM PATCH GHSA This Month

Fleet device management software versions prior to 4.81.1 contain a broken access control vulnerability in the host transfer API that allows authenticated team maintainers to transfer hosts from any team into their own team, circumventing team isolation boundaries and gaining full control over stolen hosts including root-level script execution capabilities. The vulnerability requires authenticated access (PR:L in CVSS vector) but presents high integrity impact due to the ability to execute privileged commands on managed endpoints. No public exploit code or active exploitation has been confirmed at time of analysis.

Authentication Bypass Suse
NVD GitHub
CVSS 4.0
4.9
EPSS
0.0%
CVE-2026-34043 npm MEDIUM PATCH This Month

The serialize-javascript npm library versions prior to 7.0.5 contain a CPU exhaustion denial-of-service vulnerability triggered when processing specially crafted array-like objects with artificially large length properties, causing the serialization process to hang indefinitely and consume 100% CPU. The vulnerability affects npm package serialize-javascript (pkg:npm/serialize-javascript) and impacts applications that serialize untrusted or user-controlled objects, particularly those also vulnerable to prototype pollution or YAML deserialization attacks that could inject malicious payloads. No public exploit code has been identified, but the attack vector is network-accessible with high complexity, posing a moderate real-world threat in supply-chain and backend service contexts.

Denial Of Service Deserialization Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-26061 Go HIGH PATCH GHSA This Week

Fleet server memory exhaustion via unbounded request bodies allows unauthenticated denial-of-service against multiple HTTP endpoints. The vulnerability affects Fleet v4 (github.com/fleetdm/fleet/v4) and was responsibly disclosed by @fuzzztf. Attackers can exhaust available memory and force server restarts by sending oversized or repeated HTTP requests to unauthenticated endpoints lacking size limits. No public exploit identified at time of analysis, though the attack mechanism is straightforward given the CWE-770 resource allocation vulnerability class.

Privilege Escalation Information Disclosure Authentication Bypass Nginx Denial Of Service +1
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-26060 Go MEDIUM PATCH This Month

Fleet's password reset token invalidation logic fails to revoke previously issued tokens when a user changes their password, allowing attackers with a captured token to perform account takeover by resetting the password again within the token's 24-hour validity window. The vulnerability affects Fleet versions distributed via the Go package github.com/fleetdm/fleet/v4 and requires prior compromise of a valid password reset token to exploit, limiting real-world impact to scenarios where token interception has already occurred.

Authentication Bypass Suse
NVD GitHub
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-33936 PyPI MEDIUM PATCH This Month

Denial-of-service vulnerability in python-ecdsa library allows remote attackers to crash applications parsing untrusted DER-encoded private keys through truncated or malformed DER structures. The DER parsing functions accept invalid input that declares a longer byte length than actually provided, subsequently triggering unexpected internal IndexError exceptions instead of cleanly rejecting the malformed data. Publicly available proof-of-concept code demonstrates deterministic crashes via SigningKey.from_der() on mutated DER inputs.

Python Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-27879 MEDIUM PATCH This Month

Grafana versions prior to patching are vulnerable to denial-of-service attacks via maliciously crafted resample queries that exhaust server memory and trigger out-of-memory crashes. Authenticated users with query execution privileges can exploit this low-complexity remote vulnerability to disrupt service availability. No public exploit code or confirmed active exploitation has been identified at the time of analysis, though the attack surface is broad given Grafana's widespread deployment in monitoring infrastructure.

Grafana Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28375 MEDIUM PATCH This Month

Grafana's testdata data-source plugin allows authenticated users to trigger out-of-memory (OOM) crashes, causing a denial of service affecting availability. The vulnerability requires low-privilege user authentication and network access to the affected Grafana instance, enabling local or remote attackers with valid credentials to exhaust server memory resources without user interaction. No public exploit code or active exploitation has been confirmed at the time of analysis.

Grafana Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33945 Go CRITICAL PATCH Act Now

Path traversal in Incus system container manager allows authenticated remote attackers to write arbitrary files as root on the host via malformed systemd credential configuration keys. Affecting all versions before 6.23.0, this enables both privilege escalation from container to host and denial of service through critical file overwrites. EPSS score of 0.06% (18th percentile) indicates low observed exploitation probability, with no public exploit identified at time of analysis. The CVSS 9.9 Critical rating reflects the severe impact of container escape, though the PR:L requirement and lack of active exploitation temper immediate urgency.

Path Traversal Privilege Escalation Denial Of Service Red Hat Suse
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-33898 Go HIGH PATCH This Week

Authentication bypass in Incus webui (versions prior to 6.23.0) permits local or remote attackers to gain unauthorized access to the system container and virtual machine manager via an improperly validated authentication token. The vulnerability allows attackers who can reach the temporary localhost web server to escalate privileges to the level of the user running 'incus webui', enabling control over containers, virtual machines, and potentially underlying system resources. CVSS score of 8.8 (High) reflects network attack vector with low complexity requiring user interaction; no public exploit identified at time of analysis.

Authentication Bypass Privilege Escalation Red Hat Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-33897 Go CRITICAL PATCH Act Now

Incus system container and virtual machine manager versions prior to 6.23.0 allow authenticated users with instance access to read and write arbitrary files as root on the host system through exploitation of pongo2 template processing. The vulnerability (scored CVSS 10.0 critical) stems from a bypassed chroot isolation mechanism that was intended to confine template operations to instance filesystems but instead permits unrestricted host filesystem access. No public exploit identified at time of analysis, though the vulnerability is tagged as Server-Side Template Injection (SSTI) with a GitHub security advisory published.

Information Disclosure Ssti Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-33743 Go MEDIUM PATCH This Month

Denial of service in Incus prior to version 6.23.0 allows authenticated users with storage bucket access to crash the Incus daemon via specially crafted storage bucket backups, enabling repeated attacks to render the control plane API unavailable while leaving running workloads unaffected. The vulnerability requires local or remote authentication to the Incus system and has a CVSS score of 6.5 (medium severity) with high availability impact. Vendor-released patch available in version 6.23.0.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33711 Go MEDIUM PATCH This Month

Incus versions prior to 6.23.0 allow local authenticated attackers to manipulate temporary screenshot files via predictable /tmp paths and symlink attacks, potentially truncating and altering permissions of arbitrary files on systems with disabled symlink protection (rare), leading to denial of service or local privilege escalation. The vulnerability requires local access and authenticated user privileges but is particularly dangerous on systems without kernel-level symlink protections enabled. An exploit proof-of-concept exists, and the vendor has released patched version 6.23.0 to address the issue.

Linux Privilege Escalation Denial Of Service Red Hat Suse
NVD GitHub
CVSS 4.0
4.7
EPSS
0.0%
CVE-2026-33542 Go MEDIUM PATCH GHSA This Month

Incus versions prior to 6.23.0 fail to validate image fingerprints when downloading from simplestreams servers, enabling attackers with local privileges to poison the image cache and potentially cause other tenants to execute attacker-controlled container or virtual machine images instead of legitimate ones. The vulnerability requires local authentication and specific conditions but carries high integrity impact in multi-tenant environments; no active exploitation has been confirmed.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.7
EPSS
0.0%
CVE-2026-3650 HIGH CISA Act Now

Malformed DICOM files with non-standard VR types trigger uncontrolled memory allocation in Grassroots DICOM (GDCM) library, enabling remote denial-of-service attacks without authentication. CISA ICS-CERT issued an ICSMA advisory (26-083-01) highlighting impacts to medical imaging systems that rely on GDCM for DICOM parsing. The vulnerability allows heap exhaustion from a single malicious file read operation, with CVSS 7.5 (High severity, network-accessible, no privileges required). No public exploit identified at time of analysis.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Linux kernel KVM ARM64 fails to properly initialize ID registers for non-protected pKVM guests, causing feature detection checks to incorrectly return zero and preventing proper save/restore of system registers like TCR2_EL1 during world switches, potentially leading to state corruption. The vulnerability affects the hypervisor's ability to detect CPU features in non-protected virtual machines despite the initialization flag being incorrectly set. This is a kernel-level logic error that impacts system register handling in ARM64 virtualization.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Linux kernel accel/amdxdna driver fails to validate command buffer payload count, allowing out-of-bounds reads in AMD XDNA accelerator command processing. The vulnerability affects the accel/amdxdna subsystem across unspecified Linux kernel versions and permits information disclosure through unvalidated payload size interpretation. No active exploitation, public proof-of-concept, or CVSS data currently available.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Linux kernel btrfs subsystem fails to free allocated pages in btrfs_uring_read_extent() when error conditions occur before asynchronous I/O completion, leading to memory leaks. The vulnerability affects all Linux kernel versions with the vulnerable btrfs implementation; while tagged as Information Disclosure, the primary impact is denial of service through memory exhaustion rather than data exposure. No public exploit code or active exploitation has been identified; this is a defensive fix addressing a code path that may never execute under normal conditions but represents a resource management defect.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory leak in Linux kernel DRM/XE configfs device release allows information disclosure through unfreed ctx_restore_mid_bb allocation. The xe_config_device_release() function fails to deallocate ctx_restore_mid_bb[0].cs memory that was previously allocated by wa_bb_store(), leaving sensitive kernel memory accessible when the configfs device is removed. Affected Linux kernel versions containing the vulnerable DRM/XE driver require patching to prevent potential information leakage.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Mutex lock-unlock mismatch in the Linux kernel's wlcore Wi-Fi driver allows potential information disclosure or system instability through improper synchronization. The vulnerability occurs when wl->mutex is unlocked without being locked first, detected by the Clang thread-safety analyzer. This affects all Linux kernel versions with the wlcore Wi-Fi driver. No active exploitation has been identified, but the bug creates a race condition that could be leveraged to access shared kernel state.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Linux kernel RDS TCP subsystem resolves circular locking dependency in rds_tcp_tune() function where socket lock contention with fs_reclaim memory allocation creates deadlock potential. The vulnerability affects all Linux kernel versions with the vulnerable code path in net/rds/tcp.c; the fix relocates sk_net_refcnt_upgrade() outside the socket lock critical section to eliminate the circular lock dependency without compromising synchronization semantics.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory leak in Linux kernel DRM/XE register save-restore (reg_sr) module fails to free allocated memory when xa_store() operation fails, potentially allowing local information disclosure or denial of service through repeated trigger of the error path. The vulnerability affects all Linux kernel versions containing the affected drm/xe/reg_sr code prior to the fix commits referenced. No CVSS score or exploit data provided; patch commits are available in upstream Linux repository.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Unauthenticated arbitrary file write in goshs (Go Simple HTTP Server) allows remote attackers to overwrite any file on the host filesystem via path traversal in multipart upload endpoints. The vulnerability exists in the default configuration with no authentication required. The upload handler fails to sanitize the directory component of the request path, enabling attackers to escape the webroot using URL-encoded traversal sequences (e.g., /../../target/upload) while the server validates only that paths end with '/upload'. Functional proof-of-concept exploit code is publicly available. EPSS data not available, not listed in CISA KEV.

Path Traversal Suse
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Arbitrary file write in goshs HTTP server allows unauthenticated remote attackers to overwrite any file on the target system via path traversal in PUT requests. The PUT upload handler in goshs (a Go-based simple HTTP server) performs no path sanitization on user-supplied URL paths, enabling direct filesystem access outside the intended webroot through URL-encoded directory traversal sequences (%2e%2e/). CVSS 9.8 reflects network-accessible exploitation requiring no authentication or user interaction. No public exploit identified at time of analysis beyond the proof-of-concept in the security advisory. EPSS data not available, but the trivial exploit complexity (single curl command with --path-as-is flag) and default-vulnerable configuration present significant risk to exposed instances.

Path Traversal Suse
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Roundcube Webmail 1.6.0 through 1.6.13 allows Server-Side Request Forgery (SSRF) and Information Disclosure through insufficient CSS sanitization in HTML email messages, enabling attackers to craft malicious stylesheets that reference local network hosts. The vulnerability affects all instances processing HTML emails with external stylesheet links, and does not require authentication due to the unauthenticated attack vector (AV:N, PR:N in CVSS). Vendor-released patch: versions 1.6.14, 1.7-rc5, and later.

Information Disclosure SSRF Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Cookie attribute injection in Tornado web framework versions before 6.5.5 allows unauthenticated remote attackers to manipulate cookie security attributes through crafted characters in domain, path, and samesite parameters of RequestHandler.set_cookie. With CVSS 7.2 and EPSS data unavailable, this represents a moderate integrity and confidentiality risk for web applications using affected Tornado versions. No public exploit identified at time of analysis, though the vulnerability mechanism is straightforward for exploitation.

Code Injection Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

HTTP response desynchronization in Rack web server framework versions prior to 2.2.23, 3.1.21, and 3.2.6 allows remote attackers to cause Content-Length header mismatches by requesting non-existent paths with percent-encoded UTF-8 characters. The vulnerability stems from Rack::Files#fail using String#size instead of String#bytesize when setting Content-Length, causing declared header values to be smaller than actual bytes transmitted, potentially leading to response framing errors and information disclosure in deployments sensitive to Content-Length validation. No public exploit code or confirmed active exploitation identified at time of analysis.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Rack::Sendfile in versions prior to 2.2.23, 3.1.21, and 3.2.6 allows remote attackers to inject regex metacharacters into X-Accel-Mapping request headers, enabling unescaped interpolation that manipulates the X-Accel-Redirect response header and causes nginx to serve unintended files from internal locations. No public exploit code or active exploitation has been confirmed; patch versions are available from the vendor.

Nginx Code Injection Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Denial of service in Rack versions prior to 2.2.23, 3.1.21, and 3.2.6 allows unauthenticated remote attackers to consume disproportionate CPU, memory, I/O, and bandwidth by supplying many small overlapping byte ranges in HTTP Range headers, bypassing the existing CVE-2024-26141 fix that only validates total byte coverage. The vulnerability affects Rack's file-serving paths that process multipart byte range responses, enabling attackers to degrade service availability with minimal request complexity.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Rack::Static fails to apply security-relevant response headers to URL-encoded variants of static file paths, allowing attackers to bypass header-based security controls by requesting percent-encoded forms of protected resources. This affects Rack versions prior to 2.2.23, 3.1.21, and 3.2.6, and is particularly dangerous in deployments relying on Rack::Static to enforce Content-Security-Policy, X-Frame-Options, or similar protective headers on static content. No public exploit code or active exploitation has been confirmed at time of analysis.

Authentication Bypass Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Rack web server interface versions prior to 2.2.23, 3.1.21, and 3.2.6 fail to properly escape regex metacharacters when constructing directory path filtering expressions, causing the Rack::Directory component to expose full filesystem paths in HTML directory listings. An unauthenticated remote attacker can retrieve sensitive path information by requesting directory listings when the configured root path contains regex special characters such as +, *, or ., achieving low-confidentiality impact with CVSS 5.3. No public exploit code or active exploitation has been confirmed at time of analysis.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Denial of service in Rack::Utils.select_best_encoding allows unauthenticated remote attackers to consume disproportionate CPU resources via a crafted Accept-Encoding header containing multiple wildcard entries, affecting Rack versions prior to 2.2.23, 3.1.21, and 3.2.6. The vulnerability exploits quadratic time complexity in the encoding selection algorithm used by Rack::Deflater middleware, enabling a single HTTP request to trigger sustained CPU exhaustion and application unavailability.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Host header validation bypass in Rack 3.0.0.beta1-3.1.20 and 3.2.0-3.2.5 allows unauthenticated remote attackers to poison Host headers by injecting RFC-noncompliant characters (/, ?, #, @) that pass the AUTHORITY regex but are accepted by req.host, req.url, and req.base_url. Applications relying on naive prefix or suffix matching for host validation, link generation, or origin checks can be bypassed, enabling host header poisoning attacks. No public exploit code or active exploitation has been confirmed at the time of analysis.

Authentication Bypass Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

OpenSSH before version 10.3 mishandles the authorized_keys principals option when a principals list is combined with a Certificate Authority that uses certain comma character patterns, allowing authenticated local or remote users to disclose sensitive authorization information or manipulate authentication decisions. This vulnerability affects all OpenSSH versions prior to 10.3p1 and requires authenticated access (PR:L) with non-trivial attack complexity (AC:H), resulting in partial confidentiality and integrity impact. No public exploit code or active exploitation has been identified at time of analysis.

SSH Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Path traversal in Poetry's wheel installer (versions prior to 2.3.3) allows malicious Python packages to write arbitrary files outside the installation directory during package installation. Attackers can craft wheel files containing ../ directory traversal sequences that bypass containment checks, enabling file overwrite with Poetry process privileges. This directly threatens CI/CD pipelines and developer workstations installing untrusted packages from PyPI or private repositories. No active exploitation confirmed at time of analysis, but a functional proof-of-concept is publicly documented in the GitHub advisory.

Path Traversal Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Heap memory disclosure in OpenEXR 3.4.0 through 3.4.7 allows remote attackers to extract sensitive information through decoded pixel data when processing malicious EXR image files. The vulnerability requires no authentication (PR:N) or user interaction (UI:N), triggering automatically during file parsing under default configurations. With CVSS 8.7 and high confidentiality impact (VC:H), this represents significant risk for applications processing untrusted EXR files. No public exploit identified at time of analysis, though the low attack complexity (AC:L) suggests straightforward exploitation once attack methods are documented.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Out-of-bounds heap write in OpenEXR 3.4.0-3.4.7 allows local attackers to crash applications or corrupt memory when processing malicious B44/B44A compressed EXR files. Attack requires user interaction to open a crafted image file. Patched in version 3.4.8. CVSS 8.4 (High) reflects local attack vector with no privileges required but mandatory user action. No confirmed active exploitation or public POC identified at time of analysis, though proof-of-concept development is feasible given the detailed GitHub advisory and commit.

Buffer Overflow Integer Overflow Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

AIOHTTP prior to version 3.13.4 allows multiple Host headers in HTTP requests, enabling information disclosure through header injection attacks. An unauthenticated remote attacker can exploit this by crafting malicious requests with duplicate Host headers to potentially bypass security controls or extract sensitive information from affected applications. The vulnerability has been patched in version 3.13.4, and no public exploit code or active exploitation has been identified at the time of analysis.

Python Information Disclosure Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Memory exhaustion vulnerability in AIOHTTP prior to version 3.13.4 allows unauthenticated remote attackers to trigger denial of service via specially crafted HTTP responses containing excessive multipart headers. The vulnerability exploits insufficient memory limits during multipart header parsing, causing the server or client to consume more memory than intended. CVSS 6.6 (medium-high availability impact) with no public exploit code identified at time of analysis.

Python Denial Of Service Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

AIOHTTP static resource handler on Windows exposes NTLMv2 remote path information to unauthenticated remote attackers, allowing information disclosure with high confidentiality impact. Versions prior to 3.13.4 are affected. The vulnerability has been patched and no active exploitation has been confirmed at this time.

Python Information Disclosure Microsoft +2
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Memory exhaustion in aiohttp's header and trailer handling allows remote attackers to cause denial of service by sending attacker-controlled HTTP requests or responses with uncapped header/trailer values. The vulnerability affects aiohttp Python library across affected versions, enabling attackers to exhaust application memory without authentication. A mitigation is available via reverse proxy configuration, and upstream patch has been released.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

ONNX versions prior to 1.21.0 allow local attackers to read arbitrary files outside the model directory through symlink traversal during external data loading, requiring user interaction to load a malicious model file. The vulnerability has a CVSS score of 5.5 (medium severity) and is classified as information disclosure with confirmed patch availability in version 1.21.0.

Information Disclosure Microsoft Suse
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

ONNX versions prior to 1.21.0 allow local attackers to read arbitrary files by exploiting a hardlink-based path traversal vulnerability in onnx.load(). The vulnerability bypasses existing symlink protections because hardlinks appear as regular files to filesystem checks. An attacker with local file system access can craft a malicious ONNX model file using hardlinks to access sensitive data outside the intended directory, requiring user interaction to load the crafted model. No public exploit code has been identified; EPSS score of 4.7 indicates low exploitation probability despite moderate CVSS impact.

Path Traversal Microsoft Red Hat +1
NVD GitHub
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Arbitrary attribute injection in ONNX Python library (versions prior to 1.21.0) allows unauthenticated remote attackers to manipulate internal object properties by embedding malicious metadata in ONNX model files, resulting in potential information disclosure, data integrity violations, and high availability impact (CVSS 8.6). The vulnerability stems from unchecked use of Python's setattr() with externally-controlled keys during ExternalDataInfo deserialization. No public exploit code or CISA KEV listing identified at time of analysis, but proof-of-concept development is trivial given the straightforward nature of Python attribute manipulation. EPSS data not provided, but the unauthenticated network-accessible attack vector and low complexity suggest material risk for organizations processing untrusted ONNX models.

Python Microsoft Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Local privilege escalation in Himmelblau versions 2.0.0-alpha through 2.3.8 and 3.0.0-alpha through 3.1.0 allows authenticated users to assume privileged group membership when their Azure Entra ID-mapped CN or short name collides with system group names (sudo, wheel, docker, adm, etc.). The NSS module resolves the collision to the attacker's fake primary group, potentially granting group-level privileges if the system uses NSS for authorization decisions. CVSS 6.3 (medium); no public exploit identified at time of analysis.

Microsoft Privilege Escalation Docker +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds read in WebCodecs component of Google Chrome prior to version 146.0.7680.178 allows remote attackers to read arbitrary memory contents via specially crafted HTML pages. The vulnerability affects all Chrome versions below the patched release and requires only HTML delivery (no authentication); exploitation could disclose sensitive data from the browser process memory, though the Chromium project assessed this as Medium severity.

Google Information Disclosure Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Information disclosure in Google Chrome's WebGL implementation prior to version 146.0.7680.178 allows remote attackers to extract potentially sensitive data from process memory by serving a crafted HTML page. The vulnerability affects all Chrome versions before the patched release and requires only user interaction (visiting a malicious webpage) to trigger memory disclosure via WebGL rendering.

Google Information Disclosure Debian +3
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Use-after-free in Chrome's compositing engine allows remote attackers who have compromised the renderer process to escape the sandbox via crafted HTML pages in Google Chrome prior to version 146.0.7680.178. This high-severity vulnerability requires prior renderer compromise but enables privilege escalation from the sandboxed renderer to system-level access, making it a critical sandbox bypass vector. Vendor-released patch addresses the issue in Chrome 146.0.7680.178 and later.

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Use-after-free in Google Chrome's Navigation component prior to version 146.0.7680.178 enables sandbox escape for attackers who have already compromised the renderer process, allowing them to potentially execute arbitrary code with elevated privileges via a malicious HTML page. Chromium rates this as high severity; patch availability confirmed from vendor.

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Use-after-free in Chrome's WebView on Android prior to version 146.0.7680.178 allows a remote attacker with a compromised renderer process to escape the sandbox via crafted HTML, potentially leading to arbitrary code execution outside the browser's security boundary. This vulnerability requires prior renderer compromise but eliminates a critical containment layer, classified as High severity by Chromium.

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome prior to version 146.0.7680.178 via use-after-free vulnerability in the Dawn graphics library allows unauthenticated remote attackers to execute arbitrary code through a crafted HTML page. The vulnerability affects all Chrome versions below the patched release and carries high severity per Chromium's assessment.

Google Use After Free RCE +6
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Google Chrome prior to 146.0.7680.178 via use-after-free vulnerability in Dawn graphics subsystem allows an attacker who has already compromised the renderer process to execute arbitrary code through a crafted HTML page. This vulnerability requires prior renderer compromise but presents significant risk in multi-process exploitation chains; vendor has released patched version 146.0.7680.178 to address the issue.

Google Use After Free RCE +6
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Information disclosure in ANGLE (graphics abstraction layer) within Google Chrome prior to version 146.0.7680.178 enables remote attackers to leak cross-origin data through crafted HTML pages. The vulnerability affects all Chrome versions before the patched release and requires only network access and user interaction (visiting a malicious page), posing a moderate real-world risk to users who may inadvertently access attacker-controlled content.

Google Authentication Bypass Debian +3
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Out-of-bounds read in WebCodecs functionality in Google Chrome prior to version 146.0.7680.178 allows remote attackers to read arbitrary memory contents via a crafted HTML page. The vulnerability affects all Chrome versions before the patched release and requires only user interaction (visiting a malicious webpage) to trigger. No public exploit code or active exploitation has been confirmed at time of analysis.

Google Information Disclosure Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on Android via use-after-free vulnerability in Web MIDI allows unauthenticated remote attackers to execute arbitrary code through a crafted HTML page. The vulnerability affects Chrome versions prior to 146.0.7680.178 and carries high severity per Chromium's security classification. A vendor-released patch is available.

Google Use After Free RCE +6
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Integer overflow in ANGLE (Google's OpenGL abstraction layer) in Chrome on Windows before version 146.0.7680.178 enables out-of-bounds memory writes if the renderer process is compromised, allowing an attacker to execute arbitrary code with renderer privileges. The vulnerability requires prior renderer process compromise, limiting the immediate attack surface but representing a critical post-compromise escalation vector. Chromium severity is rated High; patch availability confirms vendor remediation.

Google Buffer Overflow Microsoft +4
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Information disclosure in Google Chrome's WebUSB implementation prior to version 146.0.7680.178 allows remote attackers to extract sensitive data from process memory by delivering a crafted HTML page, exploiting insufficient policy enforcement in the WebUSB API. The vulnerability affects all Chrome versions before 146.0.7680.178 across all platforms. No public exploit code or active exploitation has been confirmed at the time of this analysis.

Google Information Disclosure Debian +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in ANGLE (Almost Native Graphics Layer Engine) within Google Chrome on macOS prior to version 146.0.7680.178 allows unauthenticated remote attackers to execute arbitrary code by crafting a malicious HTML page that triggers a heap buffer overflow. This vulnerability affects all Chrome versions below the patched release and poses an immediate risk to macOS users who visit compromised or malicious websites.

Google Heap Overflow RCE +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Integer overflow in Google Chrome's Codecs component prior to version 146.0.7680.178 enables remote code execution and arbitrary memory read/write operations when a user visits a malicious HTML page. The vulnerability affects all versions before the patch release and requires no user interaction beyond visiting a crafted webpage. Chromium security team classified this as High severity; no public exploit code or active exploitation has been confirmed at the time of analysis.

Google RCE Debian +3
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Finite-field Diffie-Hellman (FFDH) in Mbed TLS 3.5.x, 3.6.0 through 3.6.5, and TF-PSA-Crypto 1.0 lacks contributory behavior due to improper validation of peer-supplied parameters, allowing an attacker to restrict the shared secret to a small set of predictable values. While the vulnerability does not directly impact TLS (which does not depend on contributory behavior), it poses a significant risk to protocols that do rely on this property, including those where an active network attacker or malicious peer can exploit the weakness. No CVSS score or public exploit code has been assigned at the time of analysis.

Information Disclosure Jwt Attack Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

HTTP Request Smuggling in cpp-httplib prior to 0.40.0 allows remote attackers to inject arbitrary HTTP requests on HTTP/1.1 keep-alive connections by embedding malicious request data in the body of GET requests that the static file handler does not consume. The unread body bytes remain on the TCP stream and are interpreted as a new request, enabling information disclosure and request manipulation without authentication or user interaction.

Request Smuggling Information Disclosure Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Memory corruption leading to arbitrary code execution affects AWS C Event Stream library versions before 0.6.0 when clients process malicious event-stream messages from attacker-controlled servers. The out-of-bounds write vulnerability in the streaming decoder requires high attack complexity and user interaction (CVSS:3.1/AV:N/AC:H/PR:N/UI:R), but grants complete control over confidentiality, integrity, and availability if successfully exploited. No public exploit identified at time of analysis, with EPSS data unavailable for this 2026-dated CVE. Vendor-released patch version 0.6.0 addresses the issue.

Buffer Overflow RCE Memory Corruption +1
NVD GitHub VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Authorization bypass in scitokens-cpp library (all versions prior to 1.4.1) allows authenticated attackers to escape path-based scope restrictions via parent-directory traversal in token scope claims. The library incorrectly normalizes '..' components instead of rejecting them, enabling privilege escalation to access resources outside intended directories. EPSS data not provided, but the vulnerability is network-exploitable with low attack complexity (CVSS 8.3). No confirmed active exploitation (CISA KEV) or public exploit code identified at time of analysis, though the fix commit is publicly documented.

Path Traversal Suse
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Authorization bypass in SciTokens C++ library (versions prior to 1.4.1) allows authenticated attackers to access unauthorized filesystem paths via flawed scope validation. The library's path-prefix matching does not enforce path-segment boundaries, enabling a token scoped to '/data/project1' to incorrectly authorize access to '/data/project10' or '/data/project1-backup'. CVSS 8.1 (High) reflects the significant confidentiality and integrity impact, though exploitation requires low-privilege authenticated access (PR:L). No public exploit identified at time of analysis, with EPSS data not available for recent CVE. Vendor-released patch available in version 1.4.1.

Authentication Bypass Suse
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

FreeRDP prior to version 3.24.2 contains a double-free vulnerability in Kerberos authentication handling that crashes FreeRDP clients during NLA connection teardown following failed authentication attempts on systems with Kerberos configured. The vulnerability affects all versions before 3.24.2 across multiple Linux distributions (Debian, Ubuntu) and requires network access but no authentication credentials, presenting a denial-of-service vector against RDP clients in enterprise environments using Kerberos or Kerberos U2U authentication. No public exploit code has been identified, and the impact is limited to availability (denial of service) rather than confidentiality or integrity.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Heap buffer overflow in FreeRDP's persistent bitmap cache handling allows local attackers to corrupt memory integrity and crash the RDP client. Affecting all versions prior to 3.24.2, the vulnerability (CWE-122) occurs when memory reallocation fails but the buffer size variable is prematurely updated, creating a size/pointer mismatch. EPSS data not available, but marked medium priority by Ubuntu. No public exploit identified at time of analysis, though technical details are disclosed in the GitHub Security Advisory.

Heap Overflow Buffer Overflow Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

FreeRDP versions prior to 3.24.2 leak sensitive heap data to the screen during pixel rendering in remote desktop sessions, allowing unauthenticated remote attackers to obtain confidential information through a man-in-the-middle position or compromised RDP server. The vulnerability requires user interaction (UI:R) and involves out-of-bounds memory read (CWE-125), with CVSS 5.9 reflecting moderate confidentiality impact and low availability degradation. No public exploit code or active exploitation has been confirmed at time of analysis.

Information Disclosure Buffer Overflow Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Heap-buffer-overflow in FreeRDP's winpr_aligned_offset_recalloc() function allows local attackers with no privileges but requiring user interaction to trigger high-severity information disclosure and denial of service in versions prior to 3.24.2. The vulnerability involves a READ operation at 24 bytes before heap allocation boundaries (CWE-125: Out-of-bounds Read). Vendor-released patch version 3.24.2 available via GitHub commit a48dbde2c8. EPSS data not provided; no public exploit identified at time of analysis. Affects all FreeRDP installations below 3.24.2, tracked across 7 Debian releases.

Information Disclosure Buffer Overflow Suse +1
NVD GitHub VulDB
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

FreeRDP clients before version 3.24.2 crash with SIGABRT when connecting through a malicious RDP Gateway due to an unvalidated auth_length field triggering a WINPR_ASSERT() failure in rts_read_auth_verifier_no_checks(). This pre-authentication denial of service affects all FreeRDP clients using RPC-over-HTTP gateway transport, regardless of user authentication status. The vulnerability has been patched in version 3.24.2.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Denial of service in FreeRDP prior to version 3.24.2 allows remote attackers to crash the client via a malicious RDP server sending IMA ADPCM audio data with an invalid step index value (≥89). The unvalidated network-supplied index causes an out-of-bounds access into an 89-entry lookup table, triggering a WINPR_ASSERT() failure and process abort. This affects all FreeRDP clients with audio redirection enabled (the default configuration), requiring user interaction to establish an RDP connection but no authentication. No public exploit code identified at time of analysis.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Kyverno versions 1.16.0 and later contain a server-side request forgery vulnerability in unrestricted CEL HTTP functions that allow attackers to make arbitrary HTTP requests from the Kyverno controller, potentially accessing internal services and metadata endpoints. The vulnerability affects Kubernetes clusters running vulnerable Kyverno versions with policies utilizing CEL-based HTTP operations, with no CVSS or EPSS data currently available to quantify severity.

SSRF Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Botan cryptography library versions prior to 3.11.0 fail to properly validate X.509 certificate DNS name constraints due to case-sensitive comparison of the Common Name field, allowing attackers to present certificates with mixed-case Common Names that bypass name constraint restrictions and potentially establish unauthorized secure connections to restricted domains.

Information Disclosure Red Hat Suse
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Maliciously crafted `.idx` files in go-git v5 cause asymmetric memory consumption leading to Denial of Service through integer overflow vulnerabilities. Exploitation requires local write access to the `.git` directory, limiting attack surface to scenarios where an attacker has already compromised repository access or can inject files into a shared repository. No public exploit code or active exploitation has been confirmed; however, the low CVSS complexity and requirement for only low-privilege local access make this a moderate operational concern for development environments and CI/CD systems that process untrusted repositories.

Denial Of Service Integer Overflow Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Server-side request forgery in Docker Model Runner allows unprivileged containers or malicious OCI registries to make arbitrary GET requests to internal services by exploiting unvalidated realm URLs in the OCI registry token exchange flow. Affected versions prior to 1.1.25 (Docker Desktop prior to 4.67.0) permit attackers to access host-local services and reflect response bodies back to the caller, potentially exfiltrating sensitive data from internal endpoints. No public exploit code or active exploitation has been reported at time of analysis.

Docker SSRF Microsoft +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Command injection in Glances Python monitoring tool allows local authenticated users to execute arbitrary system commands via malicious configuration files. Attackers with write access to Glances configuration files can embed shell commands in backtick-enclosed strings that execute automatically during config parsing with the privileges of the Glances process. In environments where Glances runs as a system service with elevated privileges, this enables privilege escalation from low-privileged user to root. CVSS 7.8 (High) with local attack vector requiring low privileges. Public exploit code exists in the advisory. EPSS data not available, not listed in CISA KEV.

Python Command Injection Privilege Escalation +1
NVD GitHub VulDB Exploit-DB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Cross-origin data exfiltration in Glances XML-RPC server (glances -s) allows any website to steal complete system monitoring data including hostname, OS details, process lists with command-line arguments, and network configuration through CORS misconfiguration. The server sends Access-Control-Allow-Origin: * on all responses and processes XML-RPC POST requests with Content-Type: text/plain without validation, bypassing browser CORS preflight checks. Default deployments run unauthenticated, making all network-accessible instances immediately exploitable. No public exploit identified at time of analysis, though detailed proof-of-concept code is included in the advisory.

Cors Misconfiguration Python Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Remote unauthenticated nginx service takeover in nginx-ui's MCP integration allows network attackers to create, modify, or delete nginx configuration files and trigger automatic reloads without authentication. The /mcp_message endpoint lacks authentication middleware while exposing the same MCP tool handlers as the protected /mcp endpoint, and the IP whitelist defaults to empty (allow-all). Attackers can inject malicious server blocks to intercept credentials, exfiltrate backend topology, or crash nginx with invalid configs. CVSS 9.8 (Critical) with network attack vector, no authentication required, and high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, though detailed proof-of-concept HTTP request provided in advisory.

Nginx Authentication Bypass Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Insecure Direct Object Reference (IDOR) in nginx-ui up to v2.3.3 allows authenticated low-privilege users to access, modify, and delete any resource across all user accounts, including plaintext DNS provider API tokens (Cloudflare, AWS Route53, Alibaba Cloud) and ACME private keys. The application's base Model struct lacks user_id fields, and all resource endpoints query by ID without ownership verification. CVSS 8.8 reflects scope change to external services—stolen Cloudflare tokens enable DNS hijacking and fraudulent certificate issuance. No public exploit identified at time of analysis, but trivial to execute via standard HTTP requests. Vendor-released patch: v2.3.4.

Nginx Information Disclosure Command Injection +2
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Authenticated denial of service in nginx-ui 2.3.3 and earlier allows any user with settings access to submit a negative integer for the logrotate.interval parameter, triggering an infinite loop in the backend that exhausts CPU resources and renders the web interface unresponsive. Vendor-released patch available in v2.3.4. No public exploit code identified beyond proof-of-concept documentation; not confirmed as actively exploited.

Nginx Denial Of Service Docker +1
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Race condition in nginx-ui web interface allows remote authenticated attackers to corrupt the primary configuration file (app.ini) through concurrent API requests, resulting in persistent denial of service and potential remote code execution. The vulnerability affects nginx-ui versions prior to 2.3.4 deployed in production environments including Docker containers. Concurrent POST requests to /api/settings trigger unsynchronized file writes that interleave at the OS level, corrupting configuration sections and creating cross-contamination between INI fields. In non-deterministic scenarios, user-controlled input can overwrite shell command fields (ReloadCmd, RestartCmd), enabling arbitrary command execution during nginx reload operations. Public exploit code demonstrates the attack path using standard HTTP testing tools. No CISA KEV listing or EPSS data available at time of analysis, but proof-of-concept with detailed reproduction steps exists in the GitHub security advisory.

Race Condition Denial Of Service RCE +4
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Authenticated users in nginx-ui v2.3.3 and earlier can delete the entire `/etc/nginx` configuration directory via path traversal using double-encoded sequences (..%252F), causing immediate Nginx service failure and denial of service. The vulnerability exploits improper URL canonicalization combined with unsafe recursive deletion logic that resolves malicious paths to the base configuration directory instead of rejecting them.

Nginx Path Traversal Denial Of Service +2
NVD GitHub VulDB
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

Remote authenticated attackers can achieve arbitrary command execution on nginx-ui v2.3.3 servers by manipulating encrypted backup archives during restoration. The vulnerability stems from a circular trust model where backup integrity metadata is encrypted using the same AES key provided to clients, allowing attackers to decrypt backups, inject malicious configuration (including command execution directives), recompute valid hashes, and re-encrypt the archive. The restore process accepts tampered backups despite hash verification warnings. Publicly available exploit code exists with detailed proof-of-concept demonstrating configuration injection leading to arbitrary command execution. Vendor-released patch available in nginx-ui v2.3.4. This represents a regression from GHSA-g9w5-qffc-6762, which addressed backup access control but not the underlying cryptographic design flaw.

Nginx Authentication Bypass Docker +1
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Remote denial of service in tinyproxy versions through 1.11.3 allows unauthenticated attackers to exhaust all proxy worker connections via malformed HTTP chunked transfer encoding. An integer overflow in chunk size parsing (using strtol() without ERANGE validation) enables attackers to send LONG_MAX values that bypass size checks and trigger arithmetic overflow during chunklen+2 calculations. This forces the proxy to attempt reading unbounded request body data, holding worker slots indefinitely until all connections are exhausted and new clients are rejected. Upstream fix available (commits bb7edc4, 969852c) but latest stable release 1.11.3 remains unpatched. EPSS data not available; no public exploit identified at time of analysis, though attack complexity is low (CVSS AC:L) and requires no authentication (PR:N).

Integer Overflow Denial Of Service Suse +1
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Authentication bypass in MinIO allows any authenticated user with s3:PutObject permission to permanently corrupt objects by injecting fake server-side encryption metadata via crafted X-Minio-Replication-* headers. Attackers can selectively render individual objects or entire buckets permanently unreadable through the S3 API without requiring elevated ReplicateObjectAction permissions. Affects all MinIO releases from RELEASE.2024-03-30T09-41-56Z through the final open-source release. Vendor-released patch available in MinIO AIStor RELEASE.2026-03-26T21-24-40Z. No public exploit identified at time of analysis, though the attack mechanism is well-documented in the advisory.

Docker Microsoft Apple +2
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Unauthenticated remote cache poisoning in nektos/act (GitHub Actions local runner) enables arbitrary code execution by exposing the built-in actions/cache server on all network interfaces without authentication. Attackers who can reach the cache server-including from the public internet if exposed-can inject malicious cache entries with predictable keys, leading to remote code execution within Docker containers running GitHub Actions workflows. No public exploit identified at time of analysis, though EPSS data unavailable. Vendor-released patch available in act v0.2.86.

Docker RCE Authentication Bypass +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Command injection in Flannel's experimental Extension backend allows authenticated Kubernetes users with node annotation privileges to execute arbitrary commands as root on all flannel nodes in the cluster. This affects Flannel versions prior to 0.28.2 using the Extension backend; other backends (vxlan, wireguard) are unaffected. No public exploit identified at time of analysis, but CVSS 7.5 reflects high impact once node annotation access is achieved. EPSS data not available for this recent CVE (2026 designation appears to be error; actual 2025 advisory).

Kubernetes Command Injection Suse
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Fleet device management software prior to version 4.81.0 allows privilege escalation through email validation bypass in the user invitation flow. An attacker with a valid invite token can create an account using an arbitrary email address while retaining the role permissions granted by the invite, potentially obtaining global admin access. No public exploit code or active exploitation has been identified at the time of analysis.

Authentication Bypass Suse
NVD GitHub
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Command injection in nektos/act (GitHub Actions local runner) allows attackers to execute arbitrary code by embedding deprecated workflow commands in untrusted input. Act versions prior to 0.2.86 unconditionally process ::set-env:: and ::add-path:: commands that GitHub Actions disabled in 2020, enabling PATH hijacking and environment variable injection when workflows echo PR titles, branch names, or commit messages. Publicly available exploit code exists with working proof-of-concept demonstrating NODE_OPTIONS and LD_PRELOAD injection vectors. This creates a critical supply chain risk where workflows safe on GitHub Actions become exploitable when developers test them locally with act.

Docker Command Injection Ubuntu +4
NVD GitHub
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Denial-of-service vulnerability in Fleet device management software prior to version 4.81.0 allows authenticated hosts to crash the entire Fleet server process by sending a malformed log type value to the gRPC Launcher endpoint, disrupting all connected devices, MDM enrollments, and API consumers. The vulnerability requires prior authentication but affects availability across the entire infrastructure. Vendor-released patch: version 4.81.0.

Denial Of Service Suse
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

SQL injection in Fleet device management software versions prior to 4.81.0 allows authenticated Team Admin or Global Admin users to execute arbitrary SQL queries against the Fleet database via the MDM bootstrap package configuration API endpoint. Attackers with these privileges can exfiltrate sensitive data, modify arbitrary team configurations, and inject malicious content into team settings. The vulnerability requires authentication but poses significant risk to multi-tenant Fleet deployments where administrative credentials may be compromised or where insider threats exist.

SQLi Information Disclosure Suse
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

SQL injection in Fleet's Apple MDM profile delivery pipeline before version 4.81.0 allows authenticated attackers with valid MDM enrollment certificates to exfiltrate or modify database contents, including user credentials, API tokens, and device enrollment secrets. This second-order SQL injection vulnerability affects the cpe:2.3:a:fleetdm:fleet product line and requires valid MDM enrollment credentials to exploit, limiting the attack surface to adversaries who have already established trust within the MDM enrollment process. No public exploit code or active exploitation has been identified at the time of this analysis.

SQLi Apple Suse
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Fleet device management software versions prior to 4.81.1 contain a broken access control vulnerability in the host transfer API that allows authenticated team maintainers to transfer hosts from any team into their own team, circumventing team isolation boundaries and gaining full control over stolen hosts including root-level script execution capabilities. The vulnerability requires authenticated access (PR:L in CVSS vector) but presents high integrity impact due to the ability to execute privileged commands on managed endpoints. No public exploit code or active exploitation has been confirmed at time of analysis.

Authentication Bypass Suse
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

The serialize-javascript npm library versions prior to 7.0.5 contain a CPU exhaustion denial-of-service vulnerability triggered when processing specially crafted array-like objects with artificially large length properties, causing the serialization process to hang indefinitely and consume 100% CPU. The vulnerability affects npm package serialize-javascript (pkg:npm/serialize-javascript) and impacts applications that serialize untrusted or user-controlled objects, particularly those also vulnerable to prototype pollution or YAML deserialization attacks that could inject malicious payloads. No public exploit code has been identified, but the attack vector is network-accessible with high complexity, posing a moderate real-world threat in supply-chain and backend service contexts.

Denial Of Service Deserialization Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Fleet server memory exhaustion via unbounded request bodies allows unauthenticated denial-of-service against multiple HTTP endpoints. The vulnerability affects Fleet v4 (github.com/fleetdm/fleet/v4) and was responsibly disclosed by @fuzzztf. Attackers can exhaust available memory and force server restarts by sending oversized or repeated HTTP requests to unauthenticated endpoints lacking size limits. No public exploit identified at time of analysis, though the attack mechanism is straightforward given the CWE-770 resource allocation vulnerability class.

Privilege Escalation Information Disclosure Authentication Bypass +3
NVD GitHub
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Fleet's password reset token invalidation logic fails to revoke previously issued tokens when a user changes their password, allowing attackers with a captured token to perform account takeover by resetting the password again within the token's 24-hour validity window. The vulnerability affects Fleet versions distributed via the Go package github.com/fleetdm/fleet/v4 and requires prior compromise of a valid password reset token to exploit, limiting real-world impact to scenarios where token interception has already occurred.

Authentication Bypass Suse
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Denial-of-service vulnerability in python-ecdsa library allows remote attackers to crash applications parsing untrusted DER-encoded private keys through truncated or malformed DER structures. The DER parsing functions accept invalid input that declares a longer byte length than actually provided, subsequently triggering unexpected internal IndexError exceptions instead of cleanly rejecting the malformed data. Publicly available proof-of-concept code demonstrates deterministic crashes via SigningKey.from_der() on mutated DER inputs.

Python Denial Of Service Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Grafana versions prior to patching are vulnerable to denial-of-service attacks via maliciously crafted resample queries that exhaust server memory and trigger out-of-memory crashes. Authenticated users with query execution privileges can exploit this low-complexity remote vulnerability to disrupt service availability. No public exploit code or confirmed active exploitation has been identified at the time of analysis, though the attack surface is broad given Grafana's widespread deployment in monitoring infrastructure.

Grafana Denial Of Service Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Grafana's testdata data-source plugin allows authenticated users to trigger out-of-memory (OOM) crashes, causing a denial of service affecting availability. The vulnerability requires low-privilege user authentication and network access to the affected Grafana instance, enabling local or remote attackers with valid credentials to exhaust server memory resources without user interaction. No public exploit code or active exploitation has been confirmed at the time of analysis.

Grafana Denial Of Service Red Hat +1
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Path traversal in Incus system container manager allows authenticated remote attackers to write arbitrary files as root on the host via malformed systemd credential configuration keys. Affecting all versions before 6.23.0, this enables both privilege escalation from container to host and denial of service through critical file overwrites. EPSS score of 0.06% (18th percentile) indicates low observed exploitation probability, with no public exploit identified at time of analysis. The CVSS 9.9 Critical rating reflects the severe impact of container escape, though the PR:L requirement and lack of active exploitation temper immediate urgency.

Path Traversal Privilege Escalation Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Authentication bypass in Incus webui (versions prior to 6.23.0) permits local or remote attackers to gain unauthorized access to the system container and virtual machine manager via an improperly validated authentication token. The vulnerability allows attackers who can reach the temporary localhost web server to escalate privileges to the level of the user running 'incus webui', enabling control over containers, virtual machines, and potentially underlying system resources. CVSS score of 8.8 (High) reflects network attack vector with low complexity requiring user interaction; no public exploit identified at time of analysis.

Authentication Bypass Privilege Escalation Red Hat +1
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Incus system container and virtual machine manager versions prior to 6.23.0 allow authenticated users with instance access to read and write arbitrary files as root on the host system through exploitation of pongo2 template processing. The vulnerability (scored CVSS 10.0 critical) stems from a bypassed chroot isolation mechanism that was intended to confine template operations to instance filesystems but instead permits unrestricted host filesystem access. No public exploit identified at time of analysis, though the vulnerability is tagged as Server-Side Template Injection (SSTI) with a GitHub security advisory published.

Information Disclosure Ssti Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Denial of service in Incus prior to version 6.23.0 allows authenticated users with storage bucket access to crash the Incus daemon via specially crafted storage bucket backups, enabling repeated attacks to render the control plane API unavailable while leaving running workloads unaffected. The vulnerability requires local or remote authentication to the Incus system and has a CVSS score of 6.5 (medium severity) with high availability impact. Vendor-released patch available in version 6.23.0.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Incus versions prior to 6.23.0 allow local authenticated attackers to manipulate temporary screenshot files via predictable /tmp paths and symlink attacks, potentially truncating and altering permissions of arbitrary files on systems with disabled symlink protection (rare), leading to denial of service or local privilege escalation. The vulnerability requires local access and authenticated user privileges but is particularly dangerous on systems without kernel-level symlink protections enabled. An exploit proof-of-concept exists, and the vendor has released patched version 6.23.0 to address the issue.

Linux Privilege Escalation Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Incus versions prior to 6.23.0 fail to validate image fingerprints when downloading from simplestreams servers, enabling attackers with local privileges to poison the image cache and potentially cause other tenants to execute attacker-controlled container or virtual machine images instead of legitimate ones. The vulnerability requires local authentication and specific conditions but carries high integrity impact in multi-tenant environments; no active exploitation has been confirmed.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH Act Now

Malformed DICOM files with non-standard VR types trigger uncontrolled memory allocation in Grassroots DICOM (GDCM) library, enabling remote denial-of-service attacks without authentication. CISA ICS-CERT issued an ICSMA advisory (26-083-01) highlighting impacts to medical imaging systems that rely on GDCM for DICOM parsing. The vulnerability allows heap exhaustion from a single malicious file read operation, with CVSS 7.5 (High severity, network-accessible, no privileges required). No public exploit identified at time of analysis.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
Prev Page 32 of 104 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy