CVE-2026-45678 OpenTelemetry eBPF Instrumentation: Postgres BIND parsing can panic on malformed payloads

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Postgres protocol parser assumes BIND message payloads contain a valid NUL-terminated portal name. A crafted empty or unterminated payload can make OBI slice beyond th...

CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

UBUNTU-CVE-2026-44310

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify in pkg/git/verifier.go unconditionally dereferences certs0 after sd.GetCertificates without checking the slice length. A CMS/PKCS7 signed message with...

RUSTSEC-2026-0104 Reachable panic in certificate revocation list parsing

A panic was reachable when parsing certificate revocation lists via BorrowedCertRevocationList::fromder or OwnedCertRevocationList::fromder. This was the result of mishandling a syntactically valid empty BIT STRING appearing in the onlySomeReasons element of a IssuingDistributionPoint CRL...

CVE-2026-33813

Parsing a WEBP image with an invalid, large size panics on 32-bit platforms...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the smartLeftAngle function in smartypants.go file. An attacker can cause a panic or read unintended memory by providing input containing a character in the remaining text. PoC package main import "bytes" "fmt"...

RUSTSEC-2026-0037 Denial of service in Quinn endpoints

Receiving QUIC transport parameters containing invalid values could lead to a panic. Unfortunately the maintainers did not properly assess usage of unwrap calls in the transport parameters parsing code, and we did not have sufficient fuzzing coverage to find this issue. We have since added a...

CVE-2025-71222

In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: ensure skb headroom before skbpush This avoids occasional skbunderpanic Oops from wl1271txwork. In this case, headroom is less than needed typically 110 - 94 = 16 bytes...

CLEANSTART-2026-ZP68963 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process

Multiple security vulnerabilities affect the cloudnative-pg-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004009)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004009 advisory. An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dwspiirq and...

EUVD-2026-1033

The rsa crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is 1. Version 0.9.10 fixes the issue...

SUSE CVE-2023-53667

In the Linux kernel, the following vulnerability has been resolved: net: cdcncm: Deal with too low values of dwNtbOutMaxSize Currently in cdcncmchecktxmax, if dwNtbOutMaxSize is lower than the calculated "min" value, but greater than zero, the logic sets txmax to dwNtbOutMaxSize. This is then use...

SUSE CVE-2023-53623

In the Linux kernel, the following vulnerability has been resolved: mm/swap: fix swapinfostruct race between swapoff and getswappages The si-lock must be held when deleting the si from the available list. Otherwise, another thread can re-add the si to the available list, which can lead to memory...

EUVD-2009-0923

Malware in sbrugna...

PT-2025-41111

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.15.106-syzkaller-00249-g19c0ed55a470 Description The Linux kernel contains a flaw within the cdc ncm module related to handling excessively small values of dwNtbOutMaxSize. Specifically, the cdc ncm check tx ma...

EUVD-2025-29376

Malicious code in bioql PyPI...

EUVD-2025-19781

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-53339

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: fix BUGON condition in btrfscancelbalance Pausing and canceling balance can race to interrupt balance lead to BUGON panic in btrfscancelbalance. The BUG...

CVE-2025-59047 matrix-sdk-base has panic in the `RoomMember::normalized_power_level()` method

matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min. The issue is fixed in matrix-sdk-base 0.14.1. The affected method isn’t...

Ring: some aes functions may panic when overflow checking is enabled in ring

...