EUVD-2026-25439

In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL deref in bonddebugrlbhashshow rlbclearslave intentionally keeps RLB hash-table entries on the rxhashtblusedhead list with slave set to NULL when no replacement slave is available. However,...

Important: ecs-service-connect-agent

Issue Overview: Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC Role-Based Access Control filter contains a logic vulnerability in how it validates HTTP headers when multiple values are present for the same header name. Instead o...

PT-2026-26916

MediaMonkey 4.1.23 contains a denial of service vulnerability that allows local attackers to crash the application by opening a specially crafted MP3 file containing an excessively long URL string. Attackers can create a malicious MP3 file with a buffer containing 4000 bytes of data appended to a...

Linux Distros Unpatched Vulnerability : CVE-2020-35652

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in respjsipdiversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0....

CVE-2025-37774

In the Linux kernel, the following vulnerability has been resolved: slab: ensure slab-objexts is clear in a newly allocated slab page ktest recently reported crashes while running several buffered io tests with alloctaggingslaballochook at the top of the crash call stack. The signature indicates ...

OSV-2022-715 Segv on unknown address in jpeg_read_scanlines

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50217 https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.htmldecode-jpeg-compressed-blp1-data-in-original-mode Crash type: Segv on unknown address Crash state: jpegreadscanlines ImagingJpegDecode decode...

go-dns:fuzz_msg_unpack: Crash with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=5674594752266240 Project: go-dns Fuzzing Engine: libFuzzer Fuzz Target: fuzzmsgunpack Job Type: libfuzzerasango-dns Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000003ee72 Crash State: NULL Sanitizer: address ASAN Recommended...

irssi:server-fuzz: Bad-free in sig_destroyed

Project: https://github.com/irssi/irssi.git Detailed Report: https://oss-fuzz.com/testcase?key=5716112825647104 Project: irssi Fuzzing Engine: afl Fuzz Target: server-fuzz Job Type: aflasanirssi Platform Id: linux Crash Type: Bad-free Crash Address: 0x6190000016e0 Crash State: sigdestroyed...

ddrLPD 1.0 - Remote Denial of Service

source: https://www.securityfocus.com/bid/39904/info ddrLPD is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. ddrLPD 1.0 is vulnerable; other versions may also be affected...