CVE-2026-41168

Summary: CVE-2026-41168 affects the Python PDF library pypdf

CVE-2026-41168 pypdf has possible long runtimes for wrong size values in cross-reference and object streams

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values. This ha...

CVE-2026-41168 pypdf has possible long runtimes for wrong size values in cross-reference and object streams

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values. This ha...

CVE-2026-41326

creationtimestamp| type| source ---|---|--- 2026-04-22 19:55:07+00:00| published-proof-of-concept| https://github.com/kata-containers/kata-containers/security/advisories/GHSA-q49m-57vm-c8cc 2026-05-04 20:10:29+00:00| seen| https://gist.github.com/alon710/e5f670283b66e1c583d8b3f3f9d1efba 2026-05-1...

MINI-WM23-4F6G-H5PM

Bulletin has no description...

MINI-M6QW-86XC-QGP7

Bulletin has no description...

EUVD-2026-24817

In the Linux kernel, the following vulnerability has been resolved: virtionet: Fix UAF on dstops when IFFXMITDSTRELEASE is cleared and napitx is false A UAF issue occurs when the virtionet driver is configured with napitx=N and the device's IFFXMITDSTRELEASE flag is cleared e.g., during the...

CVE-2026-6355

A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This could lead to unauthorized access to sensitive information and unauthorized changes to the tenant's configuration...

CVE-2026-31530

In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use after free of parentport in cxldetachep cxldetachep is called during bottom-up removal when all CXL memory devices beneath a switch port have been removed. For each port in the hierarchy it locks both the port a...

CVE-2026-31530

The CVE-2026-31530 entry is backed by concrete details in the connected documents: in the Linux kernel’s cxl subsystem, the vulnerability stems from a use-after-free of parent_port during cxl_detach_ep() when removing CXL memory devices. The root cause is the absence of a lifetime guarantee betwe...

CVE-2026-31469 virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false

In the Linux kernel, the following vulnerability has been resolved: virtionet: Fix UAF on dstops when IFFXMITDSTRELEASE is cleared and napitx is false A UAF issue occurs when the virtionet driver is configured with napitx=N and the device's IFFXMITDSTRELEASE flag is cleared e.g., during the...

CVE-2026-5750

An insecure direct object reference IDOR vulnerability in the Fullstep V5 registration process allows authenticated users to access data belonging to other registered users through various vulnerable authenticated resources in the application. The vulnerable endpoints result from:...

CVE-2026-5750 Insecure direct object reference (IDOR) vulnerability in Fullstep

An insecure direct object reference IDOR vulnerability in the Fullstep V5 registration process allows authenticated users to access data belonging to other registered users through various vulnerable authenticated resources in the application. The vulnerable endpoints result from:...

CVE-2026-5750

CVE-2026-5750 describes an IDOR vulnerability in the Fullstep V5 registration flow. Authenticated users can access data belonging to other registered users via vulnerable endpoints, notably “/api/suppliers/v1/suppliers//false” (listing user information) and “/#/supplier-registration/supplier-regi...

CVE-2025-6016

creationtimestamp| type| source ---|---|--- 2026-04-22 12:50:07+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mk3jwdl7pl2u 2026-04-24 07:57:51+00:00| seen| https://ccb.belgium.be/advisories/warning-11-new-vulnerabilities-gitlab-ce-and-ee-editions-patch-immediately...

kernel: Linux kernel: Denial of Service via unsafe requeue in rxrpc_recvmsg

A flaw was found in the Linux kernel. A local unprivileged process can exploit an unsafe requeue path in the rxrpcrecvmsg function by using AFRXRPC sockets with MSGDONTWAIT and MSGPEEK flags. This improper handling of the receive message queue can lead to memory corruption, such as Use-After-Free...

MINI-FXVM-H6RF-J2H6

Bulletin has no description...

kernel: smc: Fix use-after-free in __pnet_find_base_ndev()

In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in pnetfindbasendev. syzbot reported use-after-free of netdevice in pnetfindbasendev, which was called during connect. 0 smcpnetfindismresource fetches skdstgetsk-dev and passes down to pnetfindbasendev,...

PT-2026-34435

In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use after free of parent port in cxl detach ep cxl detach ep is called during bottom-up removal when all CXL memory devices beneath a switch port have been removed. For each port in the hierarchy it locks both the...

UBUNTU-CVE-2026-39886

OpenEXR provides the specification and reference implementation of the...