CVE-2026-57454

A flaw was found in Vim, an open source command-line text editor. A local attacker could exploit this vulnerability by providing a specially crafted undo or swap file. When Vim processes this file, an out-of-bounds read occurs, which can lead to the disclosure of sensitive information from memory...

CVE-2026-52995

A flaw was found in the Linux kernel's Reliable Datagram Sockets RDS subsystem. This vulnerability allows a local unprivileged user to disclose sensitive kernel memory. When a user queries connection information through getsockoptSOLRDS, RDSINFOIBCONNECTIONS while an RDS connection is not fully...

CVE-2026-53134

A flaw was found in the Linux kernel's netfilter component. This vulnerability, a stale stack leak, occurs when certain network filtering operations do not properly clear memory. An attacker could potentially exploit this to access sensitive information from the kernel's memory, leading to...

CVE-2026-53223

A flaw was found in the Linux kernel's networking component. This vulnerability allows a remote attacker to potentially access sensitive information or cause system instability. By sending specially crafted network packets, an attacker can exploit an issue in how the kernel handles timestamping f...

CVE-2025-15661

A flaw in libssh2's sftpsymlink function allows a malicious SSH server or man-in-the-middle attacker to trigger an out-of-bounds heap read via a crafted SSHFXPNAME response. This can disclose heap memory contents or crash the application, causing a denial of service DoS. Mitigation Implement stri...

CVE-2026-45358

A flaw was found in ImageMagick, a free and open-source software for editing and manipulating digital images. A remote attacker could exploit an off-by-one error in the meta encoder to read a single byte outside of allocated memory. This out-of-bounds read could lead to the disclosure of sensitiv...

CVE-2026-56788

RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table,...

[SECURITY] [DSA 6365-1] libssh2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6365-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 25, 2026 https://www.debian.org/security/faq -...

CVE-2026-56788 RTKLIB 2.4.3 - Out-of-bounds Read via Negative Array Index in getcodepri

RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table,...

CVE-2026-56788

RTKLIB 2.4.3 is affected by an out-of-bounds read in getcodepri when processing unrecognized RINEX observation codes. Crafted RINEX files with unknown observation types trigger negative indexing into the codepris table, causing reliable crashes and potential memory disclosure of adjacent global d...

CVE-2026-53225

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted, truncated ASCONF Address Configuration chunk. This can cause the system to read up to 16 bytes of...

CVE-2026-57454

Vim vulnerability CVE-2026-57454 affects 9.2.0320–9.2.0679. A crafted undo or swap file can store a virtual-text property with offset/length outside the line’s property data. On restore/display, Vim converts the offset to a pointer and reads the virtual text without bounds checking, causing an ou...

CVE-2026-13030

Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

CVE-2026-13023

Uninitialized Use in GPU in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

EUVD-2026-39038

Uninitialized Use in GPU in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

CVE-2026-13023

CVE-2026-13023: Uninitialized Use in Chrome’s GPU (before 149.0.7827.197). A remote attacker who already compromised the renderer could read potentially sensitive data from process memory via a crafted HTML page. Impact = memory disclosure; remediation = update to Chrome 149.0.7827.197 or newer (...

CVE-2026-52942

A flaw was found in the Linux kernel's netfilter logging component. This vulnerability occurs because the system does not properly check if a network packet's Media Access Control MAC header is valid before attempting to log it. A local attacker could send a specially crafted network packet,...

CVE-2026-52940

A flaw was found in the Linux kernel's tun driver. An unprivileged user can exploit this vulnerability by setting the virtual network vnet header size to 24 bytes. This action causes the kernel to copy partially initialized stack memory to userspace when reading non-tunnel packets, leading to the...

CVE-2026-52937

A flaw was found in the Linux kernel's tap driver. This vulnerability allows an attacker to potentially disclose sensitive kernel stack memory contents to userspace. The flaw occurs in the tapioctl function when handling the SIOCGIFHWADDR command, where uninitialized portions of a stack-allocated...

EUVD-2026-38606

A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 parser performs an out-of-bounds read of up to 8 bytes from adjacent memory. This flaw allows an attacker to craft a malicious H.266...