CVE-2026-57881

CVE-2026-57881 refers to an unauthenticated, stack-based buffer overflow in GeoVision’s vlsvr used by GV-LPC2011/LPC2211 (V1.12 and earlier). The issue stems from insufficient length validation when processing remote login data, allowing a remote attacker to send crafted input that may cause memo...

CVE-2026-57880

CVE-2026-57880 affects GeoVision ssvr in GV-LPC2011 and GV-LPC2211 (versions V1.12 and earlier). The issue is an unauthenticated, stack-based buffer overflow caused by insufficient bounds checking when parsing RTSP Digest authentication fields. An attacker could send a crafted RTSP request with o...

CVE-2026-57879

CVE-2026-57879 is an unauthenticated, stack-based buffer overflow in the ssvr component of GeoVision GV-LPC2011 and GV-LPC2211 (versions 1.12 and earlier). The issue stems from insufficient bounds checking when processing RTSP custom authentication data. An attacker could send a crafted RTSP requ...

CVE-2026-57877

Geovision GV-LPC2011/LPC2211 devices running vlsvr (affected firmware V1.12 and earlier) expose an unauthenticated format-string vulnerability in log message handling during login. The issue arises from improper handling of externally controlled input in the login processing path, potentially all...

CVE-2026-57876

The CVE-2026-57876 entry describes an unauthenticated out-of-bounds write in GeoVision GV-LPC2011/LPC2211 devices (onvif.cgi), affected firmware versions ≤ V1.12. The issue stems from insufficient bounds checking on HTTP request body data, allowing a remote attacker to send crafted input that cau...

CVE-2026-53192

A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA timer component. A race condition can occur during the release of a timer object, specifically when the SNDRVTIMERIOCTLPARAMS ioctl is called concurrently. This can lead to a use-after-free vulnerability, potentially...

EUVD-2026-39568

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks or brute-force attacks to gain unauthorized access...

EUVD-2026-39566

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers. This vulnerability may allow unauthorized users to authenticate as oth...

EUVD-2026-39574

A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission or unauthenticated when the registry runs with default...

CVE-2026-53136

A flaw was found in the Linux kernel's AMD display driver. This vulnerability occurs when the driver processes malformed VBIOS Video Basic Input/Output System data. Specifically, unvalidated register counts in the VBIOS can lead to an out-of-bounds memory write during the driver's initialization...

CVE-2026-13322

CVE-2026-13322 affects KubeVirt, specifically the virt-handler on RHEL9, where the downward metrics virtio-serial server uses textproto.Reader.ReadLine() to read guest requests. The read is unbounded: there is no maximum length or read deadline, so a user with access to a VM guest can send an ong...

CVE-2026-53257

A flaw was found in the Linux kernel. An issue within the mac80211 Wi-Fi subsystem, specifically related to the enforcement of High Efficiency HE and Extremely High Throughput EHT capabilities and operations, could lead to a system crash. This vulnerability arises when HE/EHT capabilities are set...

CVE-2026-52971

A flaw was found in the Linux kernel's Elastic Network Adapter ENA driver, specifically within the Precision Time Protocol Hardware Clock PHC timestamp retrieval function. A race condition exists where the gettimestamp function could attempt to access memory that has already been freed by the...

CVE-2026-52967

A flaw was found in the Linux kernel's Server Message Block SMB client. This vulnerability, located in the symlinkdata function, could allow a malicious SMB server to trigger an infinite loop, leading to a Denial of Service DoS condition. Additionally, an out-of-bounds read could occur, potential...

CVE-2026-52945

A flaw was found in the Linux kernel's WireGuard component. Under heavy network load, particularly when used with Cilium, the threaded NAPI New API implementation can cause the decryption side for a WireGuard peer to stop processing traffic. This leads to a complete stall of network communication...

CVE-2026-52986

A flaw was found in the Linux kernel's netfilter SIP Session Initiation Protocol connection tracking module. This vulnerability, caused by unsafe port parsing, allows a remote attacker to send specially crafted malformed packets. Such packets could lead to excessive resource consumption,...

CVE-2026-13311

A flaw was found in the shell-quote component. An attacker who can supply a specially crafted string to the parse function can exploit an inefficiency in how the component processes input. This can cause the single-threaded Node.js event loop to be blocked for an extended period, leading to a...

CVE-2026-52956

A flaw was found in the Linux kernel's libceph module. A remote attacker could trigger an out-of-bounds memory access in the cephxdecrypt function by sending a specially crafted message frame of type FRAMETAGAUTHREPLYMORE with a small ciphertext length. This vulnerability arises because the...

CVE-2026-53006

A flaw was found in the Linux kernel's IPv6 Internet Protocol version 6 implementation. This vulnerability, a Use-After-Free UAF error, occurs due to incorrect caching of network packet addresses before a memory operation. An attacker could potentially exploit this flaw to cause memory corruption...

CVE-2026-52999

A flaw was found in the Linux kernel's netfilter subsystem, specifically in the nfnetlinkosf module. When the NFOSFLOGLEVELALL option is configured, an out-of-bounds read vulnerability can occur during TCP option parsing. This issue can lead to incorrect data processing and logging failures,...