CVE-2026-45958

drm/exynos: vidi: fix to avoid directly dereferencing user pointer...

IBM HTTP Server 安全漏洞

IBM HTTP Server is an enterprise-level web server software developed by International Business Machines IBM. Versions 8.5 and 9.0 of IBM HTTP Server contain security vulnerabilities. These vulnerabilities stem from invalid pointer dereferencing, which could allow privileged users to disclose...

com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...

freerdp: FreeRDP: Denial of service due to use-after-free vulnerability

A flaw was found in FreeRDP. A remote attacker could exploit a use-after-free vulnerability in the xfSetWindowMinMaxInfo function. This occurs when a freed window pointer is dereferenced because the main thread concurrently deletes a window while the Remote Desktop Protocol RAIL channel thread is...

com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...

Astra Linux - уязвимость в libxml2

The vulnerability of the xmlStringGetNodeList function in the tree.c component of the Libxml2 library is related to pointer dereferencing errors. Exploiting this vulnerability allows an attacker to cause a service failure...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from ineffective cleanup after failed attachments. This vulnerability may lead to writes to low-I/O...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There are security vulnerabilities in the Linux kernel, which stem from improper error handling and dereferencing of empty pointers. These vulnerabilities can lead to...

ROS-20260420-73-0009

A vulnerability in the PKCS12itemdecryptd2iex function of the OpenSSL library is related to pointer dereferencing. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260417-73-0008

Vulnerability in frr related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

DocumentServer 安全漏洞

DocumentServer is an open-source online collaboration suite developed by ONLYOFFICE. It supports real-time collaborative editing of documents, spreadsheets, presentations, and other formats. Versions of DocumentServer prior to 9.3.0 contained security vulnerabilities. These vulnerabilities stemme...

ROS-20260414-73-0049

A vulnerability in the storvschostresethandler function of the drivers/scsi/storvscdrv.c module of the Linux kernel SCSI device driver is related to pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2026-6068

NASM contains a heap use after free vulnerability in response file -@ processing where a dangling pointer to freed memory is stored in the global dependfile and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption or remote code executi...

CVE-2026-39885

CVE-2026-39885 affects FrontMCP (prior to 2.3.0) via the mcp-from-openapi library, which dereferences $ref in OpenAPI specs without URL restrictions, enabling SSRF and local file reads when processing untrusted specs. Fixed in 2.3.0. CVSS v3.1 base score 7.5 (HIGH). Exploitation status not provid...

CVE-2026-39885 FrontMCP Affected by SSRF via $ref Dereferencing in Untrusted OpenAPI Specifications

FrontMCP is a TypeScript-first framework for the Model Context Protocol MCP. Prior to 2.3.0, the mcp-from-openapi library uses @apidevtools/json-schema-ref-parser to dereference $ref pointers in OpenAPI specifications without configuring any URL restrictions or custom resolvers. A malicious OpenA...

EUVD-2026-20632

mcp-from-openapi is Vulnerable to SSRF via $ref Dereferencing in Untrusted OpenAPI Specifications...

PT-2026-31451

FrontMCP is a TypeScript-first framework for the Model Context Protocol MCP. Prior to 2.3.0, the mcp-from-openapi library uses @apidevtools/json-schema-ref-parser to dereference $ref pointers in OpenAPI specifications without configuring any URL restrictions or custom resolvers. A malicious OpenA...

ROS-20260407-73-0035

A vulnerability in the smb module of the Linux kernel is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker to cause a denial of service...

ROS-20260407-73-0018

A vulnerability in the net/usb/asixdevices.c driver of the Linux kernel is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker to cause a denial of service...

ROS-20260407-73-0025

A vulnerability in the drm/amd/display component of the Linux kernel is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker to cause a denial of service...