kernel: smb: client: fix OOB reads parsing symlink error response

A flaw was found in the Linux kernel's Server Message Block SMB client. A remote, untrusted server could send a specially crafted symlink error response, leading to an out-of-bounds read vulnerability. This could result in the disclosure of sensitive information from the kernel's memory to a loca...

kernel: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach()

A flaw was found in the Linux kernel's IPv6 ICMP error generation. A remote attacker could send a specially crafted IPv4 ICMP error packet with a Common Internet Protocol Security Option CIPSO IP option. This could lead to incorrect handling of packet control block data when generating an IPv6 IC...

CVE-2022-26758

A malicious application may cause unexpected changes in memory shared between processes. A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4...

CVE-2022-26758

A malicious application may cause unexpected changes in memory shared between processes. A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4...

CVE-2026-10740

Unbounded memory allocation in the CRYPTO frame reassembler in s2n-quic before 1.8.2 may allow an unauthenticated remote actor to cause a denial of service degraded availability by sending crafted QUIC Initial packets. To remediate this issue, users should upgrade to v1.8.2...

nebula-mesh: Decrypted CA private key persists in heap after signing

internal/pki/resolver.go:36-64 constructs a CAManager with the plaintext ed25519.PrivateKey after unwrapping via the master key; internal/pki/ca.go:13-16 stores it. Callers at internal/api/enroll.go:116, internal/api/updates.go:297, and internal/api/mobilebundle.go:40 use the manager for one Sign...

GHSA-8H84-FHQQ-Q58V nebula-mesh: Decrypted CA private key persists in heap after signing

internal/pki/resolver.go:36-64 constructs a CAManager with the plaintext ed25519.PrivateKey after unwrapping via the master key; internal/pki/ca.go:13-16 stores it. Callers at internal/api/enroll.go:116, internal/api/updates.go:297, and internal/api/mobilebundle.go:40 use the manager for one Sign...

EUVD-2026-36103

Unbounded memory allocation in the CRYPTO frame reassembler in s2n-quic before 1.8.2 may allow an unauthenticated remote actor to cause a denial of service degraded availability by sending crafted QUIC Initial packets. To remediate this issue, users should upgrade to v1.8.2...

CVE-2026-10740 Excessive memory allocation in s2n-quic

Unbounded memory allocation in the CRYPTO frame reassembler in s2n-quic before 1.8.2 may allow an unauthenticated remote actor to cause a denial of service degraded availability by sending crafted QUIC Initial packets. To remediate this issue, users should upgrade to v1.8.2...

CVE-2026-10740 Excessive memory allocation in s2n-quic

Unbounded memory allocation in the CRYPTO frame reassembler in s2n-quic before 1.8.2 may allow an unauthenticated remote actor to cause a denial of service degraded availability by sending crafted QUIC Initial packets. To remediate this issue, users should upgrade to v1.8.2...

CVE-2026-10740

CVE-2026-10740 affects s2n-quic prior to version 1.8.2, where an unbounded memory allocation in the CRYPTO frame reassembler can allow an unauthenticated remote actor to trigger a denial of service (degraded availability) by sending crafted QUIC Initial packets. The vulnerability is triggered dur...

CVE-2026-11645

An out of bounds memory access flaw was found in the V8 component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=506689381...

keycloak: Keycloak: Denial of Service via malformed LDAP password policy response

A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol LDAP server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password...

libsndfile: integer overflow in ima_reader_init()

A flaw was found in the libsndfile library. An integer overflow in the IMA ADPCM codec can occur when a specially crafted WAV audio file is processed, specifically with malicious samplesperblock and blocks values. This can lead to a heap-based buffer overflow, causing a crash to the application...

GHSA-CQGJ-H8VF-4W59 Acknowledgement extension out of memory

Impact Bad clients that always send a fixed batch value while the server is using the acknowledgement extension can cause the unacknowledged message queue to grow indefinitely, eventually resulting in an OutOfMemoryError. Such bad clients would always send: json "channel": "/meta/connect",...

Acknowledgement extension out of memory

Impact Bad clients that always send a fixed batch value while the server is using the acknowledgement extension can cause the unacknowledged message queue to grow indefinitely, eventually resulting in an OutOfMemoryError. Such bad clients would always send: json "channel": "/meta/connect",...

CVE-2026-49759

Stack-based Buffer Overflow vulnerability in Erlang OTP erts inetdrv allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctpparseerrorchunk function in erts/emulator/drivers/common/inetdrv.c parses SCTP ERROR chunks and writes cause codes int...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

CVE-2025-10237

During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions...

CVE-2026-49948

Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validati...