10791 matches found
CVE-2026-31805
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization bypass in the poll plugin allowed authenticated users to vote on, remove votes from, or toggle the open/closed status of polls they did not have access to. By passing...
CVE-2026-26933
Improper Validation of Array Index CWE-129 in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger...
CVE-2026-32701
Qwik is a performance-focused JavaScript framework. Versions prior to 1.19.2 improperly inferred arrays from dotted form field names during FormData parsing. By submitting mixed array-index and object-property keys for the same path, an attacker could cause user-controlled properties to be writte...
CVE-2026-33228
A flaw was found in flatted, a JavaScript Object Notation JSON parser designed for handling circular data structures. A remote attacker can exploit this vulnerability by providing specially crafted JSON input. The parse function in flatted fails to properly validate string values used as array...
PT-2026-28361
Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0 Description EVerest is an EV charging software stack. Prior to version 2026.02.0, the ISO15118 chargerImpl::handle update energy transfer modes function copies a variable-length list into a fixed-size array ...
📄 V8 BytecodeArray Swapping Sandbox Bypass
V8 suffers from a sandbox bypass due to arbitrary bytecode execution from BytecodeArray swapping before code deoptimization. Vulnerability Details When deoptimizing compiled code and resuming execution in the interpreter, V8 uses the function Deoptimizer::DoComputeOutputFrames to reconstruct the...
SUSE CVE-2026-23354
In the Linux kernel, the following vulnerability has been resolved: x86/fred: Correct speculative safety in fredextint arrayindexnospec is no use if the result gets spilled to the stack, as it makes the believed safe-under-speculation value subject to memory predictions. For all practical purpose...
SUSE CVE-2026-23386
In the Linux kernel, the following vulnerability has been resolved: gve: fix incorrect buffer cleanup in gvetxcleanpendingpackets for QPL In DQ-QPL mode, gvetxcleanpendingpackets incorrectly uses the RDA buffer cleanup path. It iterates numbufs times and attempts to unmap entries in the dma array...
EUVD-2026-15329
In the Linux kernel, the following vulnerability has been resolved: x86/fred: Correct speculative safety in fredextint arrayindexnospec is no use if the result gets spilled to the stack, as it makes the believed safe-under-speculation value subject to memory predictions. For all practical purpose...
CVE-2026-23354
In the Linux kernel, the following vulnerability has been resolved: x86/fred: Correct speculative safety in fredextint arrayindexnospec is no use if the result gets spilled to the stack, as it makes the believed safe-under-speculation value subject to memory predictions. For all practical purpose...
CVE-2026-23354
In the Linux kernel, the following vulnerability has been resolved: x86/fred: Correct speculative safety in fredextint arrayindexnospec is no use if the result gets spilled to the stack, as it makes the believed safe-under-speculation value subject to memory predictions. For all practical purpose...
UBUNTU-CVE-2026-23354
In the Linux kernel, the following vulnerability has been resolved: x86/fred: Correct speculative safety in fredextint arrayindexnospec is no use if the result gets spilled to the stack, as it makes the believed safe-under-speculation value subject to memory predictions. For all practical purpose...
CVE-2026-23390 tracing/dma: Cap dma_map_sg tracepoint arrays to prevent buffer overflow
In the Linux kernel, the following vulnerability has been resolved: tracing/dma: Cap dmamapsg tracepoint arrays to prevent buffer overflow The dmamapsg tracepoint can trigger a perf buffer overflow when tracing large scatter-gather lists. With devices like virtio-gpu creating large DRM buffers,...
CVE-2026-23386 gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL
In the Linux kernel, the following vulnerability has been resolved: gve: fix incorrect buffer cleanup in gvetxcleanpendingpackets for QPL In DQ-QPL mode, gvetxcleanpendingpackets incorrectly uses the RDA buffer cleanup path. It iterates numbufs times and attempts to unmap entries in the dma array...
CVE-2026-23354
CVE-2026-23354 concerns the Linux kernel x86/fred speculative safety. The fix removes the index variable and repositions array_index_nospec() so it’s calculated immediately before the array access, addressing the incorrect placement that allowed the result to be spilled to the stack across irqent...
CVE-2026-23354 x86/fred: Correct speculative safety in fred_extint()
In the Linux kernel, the following vulnerability has been resolved: x86/fred: Correct speculative safety in fredextint arrayindexnospec is no use if the result gets spilled to the stack, as it makes the believed safe-under-speculation value subject to memory predictions. For all practical purpose...
CVE-2026-23354
In the Linux kernel, the following vulnerability has been resolved: x86/fred: Correct speculative safety in fredextint arrayindexnospec is no use if the result gets spilled to the stack, as it makes the believed safe-under-speculation value subject to memory predictions. For all practical purpose...
CVE-2026-23354 x86/fred: Correct speculative safety in fred_extint()
In the Linux kernel, the following vulnerability has been resolved: x86/fred: Correct speculative safety in fredextint arrayindexnospec is no use if the result gets spilled to the stack, as it makes the believed safe-under-speculation value subject to memory predictions. For all practical purpose...
kernel: bpf: Don't use tnum_range on array range checking for poke descriptors
In the Linux kernel, the following vulnerability has been resolved: bpf: Don't use tnumrange on array range checking for poke descriptors Hsin-Wei reported a KASAN splat triggered by their BPF runtime fuzzer which is based on a customized syzkaller: BUG: KASAN: slab-out-of-bounds in...
kernel: bpf: Don't use tnum_range on array range checking for poke descriptors
In the Linux kernel, the following vulnerability has been resolved: bpf: Don't use tnumrange on array range checking for poke descriptors Hsin-Wei reported a KASAN splat triggered by their BPF runtime fuzzer which is based on a customized syzkaller: BUG: KASAN: slab-out-of-bounds in...