PT-2026-39252

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The Network Exposure Function NEF in free5GC contains a nil-pointer dereference issue within the PatchIndividualApplicationPFDManagement function. This occurs when a PATCH request is sent to the...

PT-2026-38936

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A kernel panic can occur during system reboot for certain panels. This issue happens when panels require the transmission of MIPI-DSI commands within their unprepare callback. Because th...

Linux Distros Unpatched Vulnerability : CVE-2026-43416

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - powerpc, perf: Check that current-mm is alive before getting user callchain It may happen that mm is already released, which leads to kernel panic. This adds th...

PT-2026-38930

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A panic occurs in the ext4 file system when the DOUBLE CHECK macro is defined. During the execution of mb group bb bitmap alloc, the system reads and validates the block bitmap. If...

Linux Distros Unpatched Vulnerability : CVE-2026-43294

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm: renesas: rz-du: mipidsi: fix kernel panic when rebooting for some panels Since commit 56de5e305d4b clk: renesas: r9a07g044: Add MSTOP for RZ/G2L we may get...

PT-2026-39077

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the powerpc architecture's perf subsystem where the kernel fails to verify if current-mm is active before attempting to retrieve the user callchain. This can lead to a...

PT-2026-39253

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The UDR nudr-dr handler for the endpoint "DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions" contains a nil-pointer dereference. This occurs when a request is mad...

PT-2026-39254

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The UDR nudr-dr handler in free5GC contains an issue where a single authenticated request can cause a panic. This occurs when a request is made to the endpoint "DELETE...

PT-2026-39244

Name of the Vulnerable Software and Affected Versions Gitsign versions 0.4.0 through 0.14.x Description In the CertVerifier.Verify function within pkg/git/verifier.go, the software unconditionally dereferences the first element of a certificate slice certs0 after calling sd.GetCertificates withou...

GHSA-FPW6-HRG5-Q5X5 ech0's acess tokens with expiry=never cannot be revoked: logout panics, delete does not blacklist JTI

Summary Access tokens created with the "never expire" option have no exp JWT claim. Three independent revocation mechanisms fail for this token type. Logout at internal/handler/auth/auth.go:154 and :163 dereferences claims.ExpiresAt.Time, panicking on the nil field so the token never hits the...

CVE-2026-39836

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

CVE-2026-39836

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

CVE-2026-39836

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

CVE-2026-39836

The CVE-2026-39836 entry describes a panic in Windows when using Dial and LookupPort in Go’s net package if the input contains a NUL (0) byte. Affected component: Go’s networking functions (Dial, LookupPort); root cause is handling of NUL input leading to a crash. Impact stated by CVSS is HIGH av...

CVE-2026-39836

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

Uncaught Exception

Overview std/net is a Go standard library package std/net Affected versions of this package are vulnerable to Uncaught Exception. Go Vulnerability Report: The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0. Remediation Upgrade std/net to version...

GO-2026-4971 Panic in Dial and LookupPort when handling NUL byte on Windows in net

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...

Important: Red Hat Security Advisory: buildah security update

An update for buildah is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...