CVE-2026-33150

A flaw was found in libfuse. A use-after-free vulnerability in the iouring subsystem allows a local attacker to potentially execute arbitrary code and crash FUSE Filesystem in Userspace filesystem processes. This occurs when iouring thread creation fails due to resource exhaustion, such as limits...

CLSA-2026-1773829377 libtiff: Fix of CVE-2025-61145

CVE-2025-61145: fix double-free and memory leak in tiffcrop, avoid dangling pointer in loadImage by clearing readptr after free...

kernel: net: af_can: do not leave a dangling sk pointer in can_create()

In the Linux kernel, the following vulnerability has been resolved: net: afcan: do not leave a dangling sk pointer in cancreate On error cancreate frees the allocated sk object, but sockinitdata has already attached it to the provided sock object. This will leave a dangling sk pointer in the sock...

SUSE CVE-2026-26986

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, railwindowfree dereferences a freed xfAppWindow pointer during HashTableFree cleanup because xfrailwindowcommon calls freeappWindow on title allocation failure without first removing the entry from the...

UBUNTU-CVE-2026-26986

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, railwindowfree dereferences a freed xfAppWindow pointer during HashTableFree cleanup because xfrailwindowcommon calls freeappWindow on title allocation failure without first removing the entry from the...

CVE-2026-26986 FreeRDP has heap-use-after-free in rail_window_free

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, railwindowfree dereferences a freed xfAppWindow pointer during HashTableFree cleanup because xfrailwindowcommon calls freeappWindow on title allocation failure without first removing the entry from the...

EUVD-2026-8748

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, railwindowfree dereferences a freed xfAppWindow pointer during HashTableFree cleanup because xfrailwindowcommon calls freeappWindow on title allocation failure without first removing the entry from the...

CVE-2026-26986

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, railwindowfree dereferences a freed xfAppWindow pointer during HashTableFree cleanup because xfrailwindowcommon calls freeappWindow on title allocation failure without first removing the entry from the...

SUSE CVE-2026-25087

Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file but not an IPC stream with pre-buffering enabled, if the IPC file contains data with variadic buffers such as Binary View and String...

kernel: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy

A dangling pointer access problem was found while devlratenodesdestroy in net/devlink/rate.c in devlink in the Linux Kernel. This flaw may allow an attacker to cause a denial of service...

kernel: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy

A dangling pointer access problem was found while devlratenodesdestroy in net/devlink/rate.c in devlink in the Linux Kernel. This flaw may allow an attacker to cause a denial of service...

kernel: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy

A dangling pointer access problem was found while devlratenodesdestroy in net/devlink/rate.c in devlink in the Linux Kernel. This flaw may allow an attacker to cause a denial of service...

kernel: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy

A dangling pointer access problem was found while devlratenodesdestroy in net/devlink/rate.c in devlink in the Linux Kernel. This flaw may allow an attacker to cause a denial of service...

CVE-2026-23074 net/sched: Enforce that teql can only be used as root qdisc

In the Linux kernel, the following vulnerability has been resolved: net/sched: Enforce that teql can only be used as root qdisc Design intent of teql is that it is only supposed to be used as root qdisc. We need to check for that constraint. Although not important, I will describe the scenario th...

CVE-2026-23074 net/sched: Enforce that teql can only be used as root qdisc

In the Linux kernel, the following vulnerability has been resolved: net/sched: Enforce that teql can only be used as root qdisc Design intent of teql is that it is only supposed to be used as root qdisc. We need to check for that constraint. Although not important, I will describe the scenario th...

kernel: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy

A dangling pointer access problem was found while devlratenodesdestroy in net/devlink/rate.c in devlink in the Linux Kernel. This flaw may allow an attacker to cause a denial of service...

kernel: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy

A dangling pointer access problem was found while devlratenodesdestroy in net/devlink/rate.c in devlink in the Linux Kernel. This flaw may allow an attacker to cause a denial of service...

kernel: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy

A dangling pointer access problem was found while devlratenodesdestroy in net/devlink/rate.c in devlink in the Linux Kernel. This flaw may allow an attacker to cause a denial of service...

kernel: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy

A dangling pointer access problem was found while devlratenodesdestroy in net/devlink/rate.c in devlink in the Linux Kernel. This flaw may allow an attacker to cause a denial of service...

kernel: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy

A dangling pointer access problem was found while devlratenodesdestroy in net/devlink/rate.c in devlink in the Linux Kernel. This flaw may allow an attacker to cause a denial of service...