Linux Distros Unpatched Vulnerability : CVE-2026-28847

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe...

Linux Distros Unpatched Vulnerability : CVE-2026-28883

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5,...

CVE-2024-14036

Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 are affected by a denial-of-service vulnerability where specially crafted, unencrypted SDC discovery messages exhaust CPU resources. Network-adjacent attackers with hospital-network access can trigger high CPU load, causing subsequent SDC ...

CVE-2024-14036

Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC messages during the discovery process. Attackers with access to the hospital network ca...

CVE-2024-14036 Dräger Core 1.0.5 Denial of Service via Malformed SDC Message

Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC messages during the discovery process. Attackers with access to the hospital network ca...

CVE-2026-49143

CVE-2026-49143 affects BrowserStack Runner up to version 0.9.5. The vulnerability is in the /_log HTTP handler, permitting unauthenticated, network-adjacent attackers to achieve remote code execution by sending crafted JSON bodies that are passed to vm.runInNewContext() with eval(); attackers can...

USN-8373-1 linux, linux-aws, linux-aws-6.8, linux-aws-fips, linux-azure, linux-fips, linux-gcp, linux-gcp-6.8, linux-gcp-fips, linux-gke, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-ibm-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-nvidia-tegra, linux-oracle, linux-oracle-6.8, linux-raspi, linux-raspi-realtime, linux-realtime, linux-realtime-6.8 vulnerabilities

It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...

CVE-2026-45676

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI's replacement ELF parser trusts section offsets, counts, and string offsets from the executable file. A crafted local ELF can make OBI dereference invalid section...

EUVD-2026-33951

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI's replacement ELF parser trusts section offsets, counts, and string offsets from the executable file. A crafted local ELF can make OBI dereference invalid section...

CVE-2025-60486

A heap use-after-free in the dasherprocess function /filters/dasher.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted MPEG-2 file...

EUVD-2026-33802

In multiple locations, there is a possible way to execute code in the launcher process due to an over-privileged shell user. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-45863

Name of the Vulnerable Software and Affected Versions Dräger Core version 1.0.5 Dräger M540 Converter Service version 1.0.9 Description A denial of service issue allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC Service-oriented Device...

kernel: Linux kernel: Denial of Service in ice driver due to race condition during VSI rebuild

A flaw was found in the Linux kernel's ice network driver. A local attacker could exploit a race condition during the Virtual Station Interface VSI rebuild process. This flaw occurs when the Precision Time Protocol PTP periodic work attempts to access uninitialized memory, leading to a NULL point...

CVE-2026-0095

In l2cfcrclonebuf of l2cfcr.cc, there is a possible way to trigger controlled heap corruption within the privileged Bluetooth process due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2026-0074

In getPreferredSize of LauncherProcessImageListener.kt, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-24088 Missing Authentication for Critical Function in Boot

Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader...

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management via improper handling of user roles in the api process. An attacker can gain unauthorized administrative privileges by sending crafted requests after authenticating as a regular user. Remediation Upgrade...

CVE-2026-0095

The provided CVE-2026-0095 entries describe a vulnerability in the Bluetooth stack, specifically in the function l2c_fcr_clone_buf in l2c_fcr.cc. The issue is an integer overflow that can trigger controlled heap corruption within the privileged Bluetooth process, leading to local escalation of pr...

CVE-2026-0095

In l2cfcrclonebuf of l2cfcr.cc, there is a possible way to trigger controlled heap corruption within the privileged Bluetooth process due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2026-0095

In l2cfcrclonebuf of l2cfcr.cc, there is a possible way to trigger controlled heap corruption within the privileged Bluetooth process due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...