CVE-2026-39820

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

UBUNTU-CVE-2026-39820

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

GO-2026-4986 Quadratic string concatentation in consumeComment in net/mail

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

USN-8257-1: Linux kernel (Raspberry Pi) vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

Chromium: CVE-2026-7972 Uninitialized Use in GPU

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

USN-8251-1: libpng vulnerabilities

It was discovered that libpng incorrectly handled memory when processing certain PNG files. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possibly execute...

APEI/GHES: ARM processor Error: don't go past allocated memory

...

drm/amd/display: Add signal type check for dcn401 get_phyd32clk_src

...

SUSE CVE-2026-43204

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: q6asm: drop DSP responses for closed data streams 'Commit a354f030dbce "ASoC: qcom: q6asm: handle the responses after closing"' attempted to ignore DSP responses arriving after a stream had been closed. However, those...

SUSE CVE-2026-43258

In the Linux kernel, the following vulnerability has been resolved: alpha: fix user-space corruption during memory compaction Alpha systems can suffer sporadic user-space crashes and heap corruption when memory compaction is enabled. Symptoms include SIGSEGV, glibc allocator failures e.g...

SUSE CVE-2026-43266

In the Linux kernel, the following vulnerability has been resolved: EFI/CPER: don't go past the ARM processor CPER record buffer There's a logic inside GHES/CPER to detect if the sectionlength is too small, but it doesn't detect if it is too big. Currently, if the firmware receives an ARM process...

JeecgBoot 注入漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier have a vulnerability related to injection attacks. This vulnerability stems from the parameter condition handled by the JSON object processor in the...

Linux Distros Unpatched Vulnerability : CVE-2026-43122

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Update cpuidle driver check in acpiprocessorstart Commit 7a8c994cbb2d ACPI:...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which can be triggered by carefully crafted inputs, leading to excessive CPU consumption and memory...

PT-2026-38564

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Well-crafted inputs reaching the functions ParseAddress, ParseAddressList, and ParseDate can trigger excessive CPU exhaustion and memory allocations, leading to ...

CVE-2026-43204

A flaw was found in the Linux kernel's ASoC Qualcomm qcom q6asm component. This vulnerability occurs when the system continues to process Digital Signal Processor DSP responses for data streams that have already been closed. An attacker could potentially exploit this by sending specific DSP...

Allocation of Resources Without Limits or Throttling

Overview next is a react framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via server function endpoints. An attacker can cause out-of-memory exceptions or induce excessive CPU usage by sending malicious FormData in an HTTP request...

CVE-2026-7918

Use after free in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-43145

A flaw was found in the Linux kernel's remoteproc remote processor subsystem, specifically within the imxrproc driver. The imxrprocelffindloadedrsctable function could incorrectly report the presence of a loaded resource table even when the current firmware did not provide one. This...

CVE-2026-8020

Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...