EUVD-2026-27867

Facebook React has a Denial of Service Vulnerability in React Server Components...

Facebook React has a Denial of Service Vulnerability in React Server Components

Impact A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to out-of-memory exceptions or excessive CPU usage. We recommend updating immediately. The vulnerability exists in versions 19.0.0 through 19.0.5,...

USN-8265-1: Linux kernel (NVIDIA Tegra) vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

Cowlib 资源管理错误漏洞

Cowlib is a web protocol message parsing and building library developed by Nine Nines. In versions 0.6.0 to 2.16.1 of Cowlib, there was a resource management error vulnerability. This vulnerability stemmed from the block transfer encoding parser in the cowhttpte module, which allowed unlimited...

Unity Linux 20.1070e Security Update: jetty (UTSA-2026-017755)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017755 advisory. In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. Tenable ha...

Unbreakable Enterprise kernel security update

5.4.17-2136.355.3.1 - xfrm: esp: avoid in-place decrypt on shared skb frags Kuan-Ting Chen Orabug: 39344527 CVE-2026-43284 - x86/CPU/AMD: Add a fix for AMD-SB-7052 Prathyushi Nangia Orabug: 39344576 CVE-2025-54518 5.4.17-2136.355.3 - crypto: algifaead - Fix minimum RX size check for decryption...

Unbreakable Enterprise kernel security update

6.12.0-202.76.4.1 - rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present Hyunwoo Kim Orabug: 39344513 CVE-2026-43500 - rxrpc: Fix conn-level packet handling to unshare RESPONSE packets David Howells Orabug: 39344513 - rxrpc: only handle RESPONSE during service challenge Wang Jie...

Unbreakable Enterprise kernel security update

5.15.0-320.202.8.2 - xfrm: esp: ipv4: fix up flags setting Greg Kroah-Hartman Orabug: 39344515 CVE-2026-43284 - xfrm: esp: avoid in-place decrypt on shared skb frags Kuan-Ting Chen Orabug: 39344515 CVE-2026-43284 5.15.0-320.202.8.1 - x86/CPU/AMD: Add a fix for AMD-SB-7052 Prathyushi Nangia Orabug...

CVE-2026-42245

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

CVE-2026-42245

Net::IMAP (Ruby) is affected by a performance vulnerability in Net::IMAP::ResponseReader, where reading large responses with many string literals causes quadratic time complexity. This can be exploited by a hostile server to exhaust the client’s CPU, leading to a denial of service. The issue has ...

CVE-2026-42245

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

CVE-2026-42245

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

CVE-2026-42310

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...

CVE-2026-42310

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...

CVE-2026-42310

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...

SUSE CVE-2026-39820

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

SUSE CVE-2026-43208

In the Linux kernel, the following vulnerability has been resolved: net: do not pass flowid to setrpscpu Blamed commit made the assumption that the RPS table for each receive queue would have the same size, and that it would not change. Compute flowid in setrpscpu, do not assume we can use the...

SUSE CVE-2026-43401

In the Linux kernel, the following vulnerability has been resolved: cpufreq: intelpstate: Fix NULL pointer dereference in updatecpuqosrequest The updatecpuqosrequest function attempts to initialize the 'freq' variable by dereferencing 'cpudata' before verifying if the 'policy' is valid. This issu...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: golang (UTSA-2026-016815)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016815 advisory. The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this c...

Linux Distros Unpatched Vulnerability : CVE-2026-42310

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang...