CVE-2026-23262 gve: Fix stats report corruption on queue count change

In the Linux kernel, the following vulnerability has been resolved: gve: Fix stats report corruption on queue count change The driver and the NIC share a region in memory for stats reporting. The NIC calculates its offset into this region based on the total size of the stats region and the size o...

CVE-2026-23262 gve: Fix stats report corruption on queue count change

In the Linux kernel, the following vulnerability has been resolved: gve: Fix stats report corruption on queue count change The driver and the NIC share a region in memory for stats reporting. The NIC calculates its offset into this region based on the total size of the stats region and the size o...

CVE-2026-23244

In the Linux kernel, the following vulnerability has been resolved: nvme: fix memory allocation in nvmeprreadkeys nvmeprreadkeys takes numkeys from userspace and uses it to calculate the allocation size for rse via structsize. The upper limit is PRKEYSMAX 64K. A malicious or buggy userspace can...

CVE-2026-23246

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: bounds-check linkid in ieee80211mlreconfiguration linkid is taken from the ML Reconfiguration element control & 0x000f, so it can be 0..15. linkremovaltimeout has IEEE80211MLDMAXNUMLINKS 15 elements, so index 15 i...

CVE-2026-29112

DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the ensureSize function in @dicebear/converter read the width and height attributes from the input SVG to determine the output canvas size for rasterization PNG, JPEG, WebP, AVIF. An attacker who can supply a...

CVE-2026-29112

DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the ensureSize function in @dicebear/converter read the width and height attributes from the input SVG to determine the output canvas size for rasterization PNG, JPEG, WebP, AVIF. An attacker who can supply a...

CVE-2026-27980

Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image optimization disk cache /next/image did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many...

CVE-2026-27980 Next.js: Unbounded next/image disk cache growth can exhaust storage

Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image optimization disk cache /next/image did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many...

CVE-2026-27980 Next.js: Unbounded next/image disk cache growth can exhaust storage

Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image optimization disk cache /next/image did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many...

Linux Distros Unpatched Vulnerability : CVE-2026-27980

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image...

GHSA-3X4C-7XQ6-9PQ8 Next.js: Unbounded next/image disk cache growth can exhaust storage

Summary The default Next.js image optimization disk cache /next/image did not have a configurable upper bound, allowing unbounded cache growth. Impact An attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service. Note that this does not impa...

Next.js: Unbounded next/image disk cache growth can exhaust storage

Summary The default Next.js image optimization disk cache /next/image did not have a configurable upper bound, allowing unbounded cache growth. Impact An attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service. Note that this does not impa...

Uncontrolled memory allocation via crafted SVG dimensions in @dicebear/converter

Impact The ensureSize function in @dicebear/converter versions 9.4.0 read the width and height attributes from the input SVG to determine the output canvas size for rasterization PNG, JPEG, WebP, AVIF. An attacker who can supply a crafted SVG with extremely large dimensions e.g. width="999999999"...

GHSA-V3R3-4QGC-VW66 Uncontrolled memory allocation via crafted SVG dimensions in @dicebear/converter

Impact The ensureSize function in @dicebear/converter versions 9.4.0 read the width and height attributes from the input SVG to determine the output canvas size for rasterization PNG, JPEG, WebP, AVIF. An attacker who can supply a crafted SVG with extremely large dimensions e.g. width="999999999"...

CVE-2026-29775 FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap out-of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary check in bitmapcacheput. A malicious server can send a CACHEBITMAPORDER Rev1 with cacheId equal to...

Linux Distros Unpatched Vulnerability : CVE-2026-29775

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap out- of-bounds read/write occurs in FreeRDP's bitmap cache...

CVE-2026-2229

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. ...

DEBIAN-CVE-2026-31958

Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility ...

CVE-2026-31958

Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility ...

PT-2026-24661

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description libcurl may reuse an incorrect connection when handling Negotiate-authenticated HTTP or HTTPS requests. This occurs because libcurl maintains a pool of recent connections to avoid overhead. A...