EUVD-2025-210144

A heap use-after-free in the gfnodegettag function scenegraph/basescenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

CVE-2026-42378

Subscriber Broken Authentication in WP Full Stripe Free = 8.4.1 versions...

CVE-2026-39441

Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...

EUVD-2026-36810

Subscriber Broken Authentication in WP Full Stripe Free = 8.4.1 versions...

CVE-2026-42378 WordPress WP Full Stripe Free plugin <= 8.4.1 - Broken Authentication vulnerability

Subscriber Broken Authentication in WP Full Stripe Free = 8.4.1 versions...

CVE-2026-42378

CVE-2026-42378 concerns the WordPress plugin WP Full Stripe Free (versions

CVE-2026-39441 WordPress Feed KuantoKusta for WooCommerce – Free plugin <= 5.3 - SQL Injection vulnerability

Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...

CVE-2025-55650

A heap use-after-free in the gfnodegettag function scenegraph/basescenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

CVE-2025-55644

A heap use-after-free in the gfnodegettag function scenegraph/basescenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

CVE-2026-6040

A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed...

kernel security update

An update is available for kernel. This update affects Rocky Linux SIG Cloud 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux...

CVE-2026-6040

A heap use-after-free vulnerability (CVE-2026-6040) occurs when importing blank-width characters in an ODF number format. A position value read from the document could be used beyond the length of the format-code string, leading to memory access outside the string. The issue is mitigated in fixed...

CVE-2026-6040

A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed...

CVE-2026-10634

Zephyr's native TCP stack iterates the global connection list in nettcpforeach subsys/net/ip/tcp.c using the SYSSLISTFOREACHCONTAINERSAFE macro, which caches a pointer to the next list node. Prior to this fix the function released tcplock while invoking the per-connection callback and re-acquired...

Updated putty packages fix security vulnerabilities

ECDSA signature verification can be made to fail an assertion. Server can provoke a double free in RSA KEX code. Telnet session data is marked with trust sigils after authenticating to a proxy. PuTTY Ed25519 Signature ecc-ssh.c eddsaverify signature verification. CVE-2026-4115...

EUVD-2026-36727

Zephyr's native TCP stack iterates the global connection list in nettcpforeach subsys/net/ip/tcp.c using the SYSSLISTFOREACHCONTAINERSAFE macro, which caches a pointer to the next list node. Prior to this fix the function released tcplock while invoking the per-connection callback and re-acquired...

CVE-2026-10634 Use-after-free in Zephyr native TCP net_tcp_foreach() due to dropping tcp_lock during the callback

Zephyr's native TCP stack iterates the global connection list in nettcpforeach subsys/net/ip/tcp.c using the SYSSLISTFOREACHCONTAINERSAFE macro, which caches a pointer to the next list node. Prior to this fix the function released tcplock while invoking the per-connection callback and re-acquired...

CVE-2026-10634 Use-after-free in Zephyr native TCP net_tcp_foreach() due to dropping tcp_lock during the callback

Zephyr's native TCP stack iterates the global connection list in nettcpforeach subsys/net/ip/tcp.c using the SYSSLISTFOREACHCONTAINERSAFE macro, which caches a pointer to the next list node. Prior to this fix the function released tcplock while invoking the per-connection callback and re-acquired...

CVE-2026-10634

Zephyr's native TCP use-after-free (CVE-2026-10634) occurs in net_tcp_foreach() when the iterator releases tcp_lock before invoking the per-connection callback, allowing a concurrent tcp_conn_release() to free the next slab and cause a use-after-free on dereference. The patch moves the teardown i...

Chromium: CVE-2026-12014 Use after free  Cast

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...