CVE-2026-52970

A flaw was found in the netfilter: nftct component of the Linux kernel. The nftctexpectobjeval function allocates an expectation but fails to release its local reference. This oversight leads to a resource leak, which could potentially allow a local attacker to cause a denial of service by...

CVE-2026-52992

A flaw was found in the Linux kernel's Advanced Disc Filing System ADFS component. This vulnerability allows a local attacker to cause an out-of-bounds write by providing a specially crafted ADFS disc record with a zero zone count. This can lead to memory corruption, potentially resulting in a...

CVE-2026-53060

A flaw was found in the Linux kernel's device-mapper dm cache metadata. This memory leak vulnerability occurs when the dmcachemetadataabort function fails to acquire the root lock because the block manager is read-only, leading to the improper release of a temporary block manager. A local attacke...

CVE-2026-53245

A flaw was found in the Linux kernel's Multiple Registration Protocol MRP implementation. An issue in the mrppduparsevecattr function, related to the incorrect parsing of vector attributes, can lead to the processing of spurious events or the corruption of the offset for subsequent Protocol Data...

CVE-2026-53154

A flaw was found in the Linux kernel's huge page hugetlb memory management. When an error occurs during the copying of huge pages, the system fails to properly restore the memory reservation. This can lead to a leak of the virtual memory area VMA reservation. A local attacker could exploit this b...

CVE-2026-53188

A flaw was found in the Linux kernel's RDMA/core component. This vulnerability arises from insufficient validation of file operations fops passed to the ibgetucaps function. A local attacker could exploit this by creating a block device with a device number devt that aliases a character device...

CVE-2026-54236

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. An unauthenticated attacker can exploit this vulnerability by sending specially crafted malformed image bytes through the Anthropic Messages API. This action causes an error message to be generated that...

CVE-2026-53210

A flaw was found in the Linux kernel's Trusted Execution Environment TEE subsystem. A shared memory shm leak occurs in the registershmhelper function when TEEIOCSHMREGISTER is called with a zero-length shared memory registration. This can be triggered by a local attacker, potentially leading to a...

perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob

A flaw was found in perl-IO-Compress, a component used for data compression and decompression. A remote attacker could exploit this vulnerability by crafting a malicious input, specifically an output glob, that bypasses the intended security measures. This could lead to the execution of...

MAL-2026-6498 Malicious code in dttfdsdee (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae565bed85ec0db27f1ff658c7e9491591ce40edc56f423cd8b1122bc209c69c package.json declares a postinstall script that runs automatically on npm install. The script walks the entire filesystem with find to locate databas...

EUVD-2026-39571

PKCS12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS12 verify path compared the locally computed HMAC against the MAC parsed from the PKCS12 structure using a length taken directly fr...

EUVD-2025-210337

Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploit this endpoint to register arbitrary accounts and authenticate to the system, gaining full API...

CVE-2026-53262

A flaw was found in the Linux kernel's pppol2tp module. This Use-After-Free UAF vulnerability arises from improper handling of session references within the pppol2tpioctl function. A local attacker could exploit this by triggering a race condition during data copying, leading to the dereferencing...

CVE-2026-53247

A flaw was found in the Linux kernel's ethernet driver for MediaTek mtkethsoc network devices. This vulnerability, a 'use-after-free', occurs when the system attempts to free a memory region while it is still being used by network packet processing. This can allow a local attacker to trigger syst...

CVE-2026-53224

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. Specifically, improper validation of embedded INIT chunk and address list lengths in SCTP cookies could allow a remote attacker to trigger out-of-bounds reads. This could lead to information disclosur...

CVE-2026-53208

A flaw was found in the Linux kernel's Bluetooth subsystem. A remote attacker within radio range, before pairing, can send specially crafted Bluetooth BR/EDR Basic Rate/Enhanced Data Rate signaling packets that exceed the maximum transmission unit MTU for signaling. This improper handling of...

CVE-2026-53257

A flaw was found in the Linux kernel. An issue within the mac80211 Wi-Fi subsystem, specifically related to the enforcement of High Efficiency HE and Extremely High Throughput EHT capabilities and operations, could lead to a system crash. This vulnerability arises when HE/EHT capabilities are set...

CVE-2026-53014

A flaw was found in the Linux kernel. When the kernel's traffic control TC subsystem processes network packets for redirection across different types of network devices, it can incorrectly handle packet headers. This can lead to corruption of network packet data. A local attacker could potentiall...

CVE-2026-53267

A flaw was found in the Linux kernel's netfilter subsystem. A local attacker can exploit this vulnerability by creating specially crafted netfilter rules. This can lead to a memory corruption issue, where data on the kernel's memory stack is overwritten. Successful exploitation could result in...

CVE-2026-53143

A flaw was found in the Linux kernel's AMD KFD Kernel Fusion Driver component. This buffer overflow vulnerability occurs due to incorrect memory buffer handling during CRIU Checkpoint/Restore in User-space operations on SDMA System Direct Memory Access queues. A local attacker can exploit this fl...