EUVD-2026-39629

An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021xupload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of multipart upload headers when processing certificate-related upload fields. A remote attacker may...

CVE-2026-57873 GV-LPC2011/LPC2211 - unauthorized null pointer dereference vulnerability (IEEE8021x_upload.cgi)

An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021xupload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of multipart upload headers when processing certificate-related upload fields. A remote attacker may...

CVE-2026-57873

An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021xupload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of multipart upload headers when processing certificate-related upload fields. A remote attacker may...

Security update for apache2

This update for apache2 fixes the following issues Update to 2.4.66 jscPED-16334: Security issues: CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. CVE-2026-28780: heap buffer overflow in...

SUSE-SU-2026:2641-1 Security update for apache2

This update for apache2 fixes the following issues Update to 2.4.66 jscPED-16334: Security issues: - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. - CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. - CVE-2026-28780: heap buffer overflow in...

CVE-2026-53135

A flaw was found in the Linux kernel's drm/amd/display module. A local user could exploit this vulnerability by writing to the sdpmessage debugfs node. The system may experience a kernel crash due to a null pointer dereference, leading to a denial of service DoS. Additionally, the flaw could resu...

Exploit for Use After Free in Google Chrome

CVE-2026-13036 — Use-After-Free in Blink WidgetBase::UpdateS...

CVE-2026-53157

A flaw was found in the Linux kernel's phonet networking subsystem. This vulnerability occurs because a phonet device is freed immediately after being removed from a list, while other parts of the kernel RCU readers may still hold a pointer to the freed memory. This can lead to a use-after-free...

CVE-2026-53262

A flaw was found in the Linux kernel's pppol2tp module. This Use-After-Free UAF vulnerability arises from improper handling of session references within the pppol2tpioctl function. A local attacker could exploit this by triggering a race condition during data copying, leading to the dereferencing...

CVE-2026-53248

A flaw was found in the Linux kernel's airoha network driver. This use-after-free vulnerability occurs when the airohametadatadstfree function frees memory prematurely, before all references to it are released. If a network packet still holds a pointer to the freed memory, a use-after-free...

CVE-2026-53150

A flaw was found in the Linux kernel's Thunderbolt subsystem. The tbpropertyentryvalid function, which validates Thunderbolt property entries, accepts zero-length TEXT entries. This can cause an underflow in the null-termination logic, resulting in an out-of-bounds write to memory. This memory...

CVE-2026-53046

A flaw was found in the Linux kernel's ksmbd component. This vulnerability, a use-after-free, occurs when the ksmbd component incorrectly handles asynchronous async cryptographic operations, specifically with hardware crypto engines like the Qualcomm Crypto Engine QCE. When the QCE returns an...

PT-2026-52922

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Bounds-check devid in rlookup amd iommu iommu device register walks every device on the PCI bus via bus for each dev and calls amd iommu probe device for each. The inlined check device path computes the device's sbdf,...

PT-2026-52917

In the Linux kernel, the following vulnerability has been resolved: arm mpam: Check whether the config array is allocated before destroying it destroy component cfg is called to free the configuration array. It uses the embedded 'garbage' structure, which means the array has to be allocated. If...

PT-2026-52920

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid NULL pointer dereference or refcount corruption Commit 60f030f7418d "iommu/vt-d: Avoid use of NULL after WARN ON ONCE" fixed a NULL pointer dereference in an unlikely situation partly. If dev pasid is not found ...

PT-2026-52936

In the Linux kernel, the following vulnerability has been resolved: net: mana: Guard mana remove against double invocation If PM resume fails e.g., mana attach returns an error, mana probe calls mana remove, which tears down the device and sets gd-gdma context = NULL and gd-driver data = NULL...

PT-2026-52925

In the Linux kernel, the following vulnerability has been resolved: idpf: fix double free and use-after-free in aux device error paths When auxiliary device add fails in idpf plug vport aux dev or idpf plug core aux dev, the err aux dev add label calls auxiliary device uninit and falls through to...

UBUNTU-CVE-2026-53242

In the Linux kernel, the following vulnerability has been resolved: ALSA: PCM: Fix wait queue list corruption in sndpcmdrain on linked streams sndpcmdrain uses initwaitqueueentry which does not clear entry.prev/next, and addwaitqueue with a conditional removewaitqueue that is skipped when tocheck...

RockyLinux 9 : buildah (RLSA-2026:29455)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:29455 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient...

SUSE SLES15 Security Update : containerized-data-importer (SUSE-SU-2026:2493-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2493-1 advisory. - Security: re-vendor Go dependencies to address CVEs tracked against containerized-data-importer backport of upstream PR 4110,...