CVE-2026-45884

In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid per-cpu hold underflow in aagetbuffer When aagetbuffer pulls from the per-cpu list it unconditionally decrements cache-hold. If hold reaches 0 while count is still non-zero, the unsigned decrement wraps to UINTMAX...

CVE-2026-45884

The CVE-2026-45884 issue affects the Linux kernel’s AppArmor path, where aa_get_buffer() decrements cache->hold when pulling from the per-CPU list. If hold hits 0 while count is non-zero, the unsigned decrement can wrap to UINT_MAX, keeping hold non-zero and preventing aa_put_buffer() from ret...

CVE-2026-45878

The CVE-2026-45878 issue affects the Linux kernel’s AMD GPU driver (drm/amdkfd) where debug address watch (watch_id) handling could overflow memory due to mixing unsigned watch_id with signed checks. The root cause is insufficient bounds validation for watch_id, which could be large enough to acc...

CVE-2026-45878 drm/amdkfd: Fix watch_id bounds checking in debug address watch v2

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix watchid bounds checking in debug address watch v2 The address watch clear code receives watchid as an unsigned value u32, but some helper functions were using a signed int and checked bits by shifting with watchid...

CVE-2026-45840

In the Linux kernel, the following vulnerability has been resolved: openvswitch: cap upcall PID array size and pre-size vport replies The vport netlink reply helpers allocate a fixed-size skb with nlmsgnewNLMSGDEFAULTSIZE, ... but serialize the full upcall PID array via ovsvportgetupcallportids...

CVE-2026-45843

CVE-2026-45843 affects the Linux kernel’s SLIP/VJ-compressed TCP header handling (slip and slhc_uncompress). The vulnerability stems from decode() and pull16() not enforcing bounds against the packet end, and decode() masking its return value to 0xFFFF, causing potential over-reads when a compres...

CVE-2026-45840

In the Linux kernel, the following vulnerability has been resolved: openvswitch: cap upcall PID array size and pre-size vport replies The vport netlink reply helpers allocate a fixed-size skb with nlmsgnewNLMSGDEFAULTSIZE, ... but serialize the full upcall PID array via ovsvportgetupcallportids...

EUVD-2026-32166

In the Linux kernel, the following vulnerability has been resolved: openvswitch: cap upcall PID array size and pre-size vport replies The vport netlink reply helpers allocate a fixed-size skb with nlmsgnewNLMSGDEFAULTSIZE, ... but serialize the full upcall PID array via ovsvportgetupcallportids...

CVE-2025-12686

Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2025-12686

Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors...

EUVD-2025-209957

Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in AdminCenter in Synology BeeStation Manager BSM before 1.3.2-65648 and Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2025-12686

Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2025-12686

Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2025-12686

CVE-2025-12686 is a stack-based buffer overflow in Synology BeeStation OS and BeeStation Manager’s AdminCenter/auth_info component prior to version 1.3.2-65648. The flaw arises from a buffer copy without proper input size checking, enabling remote code execution with high impact. Public sources (...

Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums

...

net: skbuff: preserve shared-frag marker during coalescing

...

net: skbuff: propagate shared-frag marker through frag-transfer helpers

...

SUSE-SU-2026:2087-1 Security update for gnutls

This update for gnutls fixes the following issues - CVE-2026-3833: x509/name-constraints: compare domain names case-insensitive bsc1263707. - CVE-2026-5260: lib/pkcs11privkey: guard against overreading on short ciphertexts bsc1263715. - CVE-2026-33845: buffers: switch from endoffset over to...

Exploit-Framework

Exploit Framework !License: MIThttps://img.shields.io/bad...

Exploit for CVE-2026-5172

CVE20265172poc CVE-2026-5172: buffer overflow in extractaddre...