1282 matches found
USN-8277-1: Linux kernel vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...
9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes
Summary 9router exposes two unauthenticated API endpoints that, when chained together, allow any network-adjacent attacker to execute arbitrary OS commands as the user running the 9router process — with zero prerequisites and no credentials required. The vulnerability exists because the Next.js...
GHSA-FHH6-4QXV-RPQJ 9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes
Summary 9router exposes two unauthenticated API endpoints that, when chained together, allow any network-adjacent attacker to execute arbitrary OS commands as the user running the 9router process — with zero prerequisites and no credentials required. The vulnerability exists because the Next.js...
SUSE CVE-2026-6479
Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....
Open WebUI's chat completion API allows tool restrictions to be bypassed
Summary Open WebUI v0.6.43 contains a vulnerability in its chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access. Details In the chatcompletion API, the parameters toolids and toolservers are supplied by the user. These...
CVE-2026-6479 PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion
Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....
EUVD-2026-30288
Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....
EUVD-2026-29662
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally...
CVE-2026-40405
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network...
CVE-2026-40413 Windows TCP/IP Denial of Service Vulnerability
...
CVE-2026-40401 Windows TCP/IP Denial of Service Vulnerability
...
CVE-2026-40401
CVE-2026-40401 describes a null pointer dereference in Windows TCP/IP that can be exploited for local denial of service by an unauthorized attacker. The description in the sources states the vulnerability allows a local, unauthenticated denial of service, with a CVSS v3.1 base score of 7.1 (HIGH)...
CVE-2026-33837 Windows TCP/IP Local Elevation of Privilege Vulnerability
...
CVE-2026-40415 Windows TCP/IP Remote Code Execution Vulnerability
...
CVE-2026-40414 Windows TCP/IP Denial of Service Vulnerability
...
CVE-2026-40406
Technical details about CVE-2026-40406 are not publicly available in the provided documents; monitor for updates as additional specifics (affected products, root cause, fixes) may be released.
CVE-2026-40406 Windows TCP/IP Information Disclosure Vulnerability
...
CVE-2026-40405 Windows TCP/IP Denial of Service Vulnerability
...
CVE-2026-34351 Windows TCP/IP Elevation of Privilege Vulnerability
...
Windows TCP/IP Denial of Service Vulnerability
...