UBUNTU-CVE-2026-8286

A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not...

Exploit for CVE-2026-43503

CVE-2026-43503 — DirtyClone Linux local privilege escalation...

CVE-2026-13322 Kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial readline in virt-handler causes oom denial of service

A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine, which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the...

CVE-2026-13322 Kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial readline in virt-handler causes oom denial of service

A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine, which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the...

CVE-2026-56411

creationtimestamp| type| source ---|---|--- 2026-06-26 00:01:47+00:00| seen| https://bsky.app/profile/slackers.it/post/3mp5ncbgb2u2x...

CVE-2026-56407

creationtimestamp| type| source ---|---|--- 2026-06-26 00:01:44+00:00| seen| https://bsky.app/profile/slackers.it/post/3mp5ncaeykp26...

CVE-2026-56131

creationtimestamp| type| source ---|---|--- 2026-06-26 00:01:43+00:00| seen| https://bsky.app/profile/slackers.it/post/3mp5nc7dq3r2x...

CVE-2026-56132

creationtimestamp| type| source ---|---|--- 2026-06-26 00:01:43+00:00| seen| https://bsky.app/profile/slackers.it/post/3mp5nc7dq3r2x...

CVE-2026-9222

creationtimestamp| type| source ---|---|--- 2026-06-26 00:00:43+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mp5naf23d32g 2026-06-26 00:00:45+00:00| seen| https://infosec.exchange/users/offseq/statuses/116813466196592988...

CVE-2026-56786

creationtimestamp| type| source ---|---|--- 2026-06-25 23:44:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp5mddcyuc2u...

CVE-2026-45358

A flaw was found in ImageMagick, a free and open-source software for editing and manipulating digital images. A remote attacker could exploit an off-by-one error in the meta encoder to read a single byte outside of allocated memory. This out-of-bounds read could lead to the disclosure of sensitiv...

CVE-2026-56768

creationtimestamp| type| source ---|---|--- 2026-06-25 23:39:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp5m2eudfs2p...

CVE-2026-53229

A flaw was found in the Linux kernel's mlx5e driver. When an XDP eXpress Data Path transmission fails, the driver does not properly unmap DMA Direct Memory Access addresses or free allocated XDP frames. This oversight can lead to a continuous leak of DMA resources and XDP frames, potentially...

CVE-2017-14912

creationtimestamp| type| source ---|---|--- 2026-06-25 23:37:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mp5lw77mbe2y...

CVE-2026-56766

creationtimestamp| type| source ---|---|--- 2026-06-25 23:34:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp5lrgeajq2a...

CVE-2026-52971

A flaw was found in the Linux kernel's Elastic Network Adapter ENA driver, specifically within the Precision Time Protocol Hardware Clock PHC timestamp retrieval function. A race condition exists where the gettimestamp function could attempt to access memory that has already been freed by the...

CVE-2026-56770

creationtimestamp| type| source ---|---|--- 2026-06-25 23:29:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp5lihmy3u2p...

CVE-2026-9222 Setracker2 Children's Smartwatch Ecosystem Use of password hash instead of password for authentication

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access...

CVE-2026-9222 Setracker2 Children's Smartwatch Ecosystem Use of password hash instead of password for authentication

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access...

CVE-2026-9221 Setracker2 Children's Smartwatch Ecosystem Use of a Broken or Risky Cryptographic Algorithm

The Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the backend REST API. Attackers could potentially reverse the signature to recover the session ID. With the...