CVE-2026-10994

Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-10994

Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5766

A flaw was found in Django. This vulnerability allows a remote attacker to bypass the FILEUPLOADMAXMEMORYSIZE limit by sending specially crafted ASGI Asynchronous Server Gateway Interface requests with a missing or understated Content-Length header. This can lead to large files being loaded into...

CVE-2026-48688

FastNetMon Community Edition through 1.2.9 contains multiple out-of-bounds reads in the BGP MPREACHNLRI IPv6 attribute decoder. The function decodempreachipv6 in src/bgpprotocol.cpp contains a TODO comment at line 156 explicitly acknowledging 'we should add sanity checks to avoid reads after...

Astra Linux - уязвимость в glibc

A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nssgethostbyname2r and nssgetcanonnamer hooks without...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The use-of-memory issue was fixed by using callrcu for oplockinfo. Currently, ksmbd frees oplockinfo immediately using kfree. However, oplockinfo is still accessible during critical sections of the RCU read-side, such as i...

ROS-20260520-73-0040

A vulnerability in the CSS component of the Google Chrome browser is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a specially crafted HTML page...

ROS-20260515-73-0035

A vulnerability in the TextEncoding component of Google Chrome and Microsoft Edge browser is related to memory usage after it has been freed. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service via a specially crafted HTML page as a result of a user...

PT-2026-40661

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 Description On an HTTP/2 virtual server with Layer 7 DoS Protection configured, undisclosed traffic can lead to excessive resource allocation and increased memory...

CLSA-2026-1777978787 dovecot: Fix of CVE-2026-27857

CVE-2026-27857: limit the number of open IMAP parser lists in imap-login to prevent excessive memory usage from deeply nested parentheses e.g. NOOP...

Astra Linux – Vulnerability in binutils

It has been discovered that GNU Binutils prior to version 2.40 contains a vulnerability involving excessive memory consumption, caused by the loadseparatedebugfiles function in dwarf2.c. An attacker could provide a crafted ELF file and trigger a DNS attack...

Astra Linux – Vulnerability in grub2

A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory use-after-free issue, occurs because the normalexit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: coresight: ETR: Fixed the “use-after-free” issue related to ETR buffer usage When ETR is enabled as CSMODESYSFS, if the buffer size is changed and the feature is re-enabled, currently, sysfsbuf will point to the newly allocated...

CVE-2026-33524 Zserio: Integer Overflow in BitStreamReader and Unbounded Memory Allocation in Deserialization

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, a crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, crashing any process with an OOM error Denial of Service. This vulnerability is fixed in...

CVE-2026-21728

CVE-2026-21728 affects Grafana Tempo: queries with large limits can trigger large memory allocations, potentially impacting service availability depending on deployment. Technical detail across sources confirms the issue arises from unbounded or excessive memory usage during large-limit tempo que...

Grafana Tempo 资源管理错误漏洞

Grafana Tempo is a distributed tracing data storage and querying system developed by Grafana in open source. Grafana Tempo has a resource management vulnerability, which stems from excessive query restrictions leading to excessive memory allocation, potentially affecting the availability of the...

CVE-2026-31471

A flaw was found in the Linux kernel, specifically within the xfrm: iptfs component. This vulnerability arises during the cloning of network security states, where an error in memory allocation can lead to the system attempting to use or free memory that has already been released. This memory...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007571)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007571 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix possible UAF when remounting r/o a mmp-protected file system After commit 618f003199c6...

CVE-2026-34757

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...

CVE-2026-35480

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.22.0, the DAG-CBOR decoder uses collection sizes declared in CBOR headers a...