CVE-2026-33203 SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocket server accepts unauthenticated connections when a specific "auth keepalive" query parameter is present. After connection, incoming messages are parsed using unchecked type assertions on...

CVE-2026-23274

A flaw was found in the Linux kernel's netfilter: xtIDLETIMER module. This vulnerability occurs when revision 0 rules attempt to reuse a timer label previously created by revision 1 with alarm timer semantics. This action can lead to calling modtimer on an uninitialized timer list. A local attack...

EUVD-2026-13610

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtIDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules reuse existing timers by label and always call modtimer on timer-timer. If the label was created first by revision 1 with XTIDLETIMERALARM...

CVE-2026-23274

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtIDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules reuse existing timers by label and always call modtimer on timer-timer. If the label was created first by revision 1 with XTIDLETIMERALARM...

CVE-2026-33064 free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sdm-subscriptions endpoint. A remote attacker can cause the UDM service to panic and crash by sending ...

CVE-2026-33022

CVE-2026-33022 (Tekton Pipelines) causes a denial-of-service by allowing any user who can create a TaskRun or PipelineRun to crash the controller cluster-wide when .spec.taskRef.resolver or .spec.pipelineRef.resolver is set to a 31+ character string. The crash stems from GenerateDeterministicName...

CVE-2026-33022 Tekton Pipelines: Controller can panic when setting long resolver names in TaskRun/PipelineRun

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Versions 0.60.0 through 1.0.0, 1.1.0 through 1.3.2, 1.4.0 through 1.6.0, 1.7.0 through 1.9.0, 1.10.0, and 1.10.1 have a denial-of-service vulnerability in that allows any user who can create a TaskRun or...

CVE-2026-33022 Tekton Pipelines: Controller can panic when setting long resolver names in TaskRun/PipelineRun

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Versions 0.60.0 through 1.0.0, 1.1.0 through 1.3.2, 1.4.0 through 1.6.0, 1.7.0 through 1.9.0, 1.10.0, and 1.10.1 have a denial-of-service vulnerability in that allows any user who can create a TaskRun or...

UBUNTU-CVE-2026-33040

libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.49.3, the Gossipsub implementation accepts attacker-controlled PRUNE backoff values and may perform unchecked time arithmetic when storing backoff state. A specially crafted PRUNE contr...

CVE-2026-33040

The CVE concerns libp2p-rust Gossipsub: prior to version 0.49.3, the Gossipsub backoff handling accepts attacker-controlled PRUNE backoff values, enabling unchecked time arithmetic that can overflow when updating backoff state. A crafted PRUNE message with a very large backoff (e.g., u64::MAX) ca...

CVE-2026-33063

free5GC is an open source 5G core network. free5GC AUSF prior to version 1.4.2 has is an Improper Null Check vulnerability leading to Denial of Service. All deployments of free5GC v4.0.1 using the AUSF UE authentication service /nausf-auth/v1/ue-authentications endpoint are affected. A remote...

CVE-2026-32937

free5GC is an open source 5G core network. free5GC CHF prior to version 1.2.2 has an out-of-bounds slice access vulnerability in the CHF nchf-convergedcharging service. A valid authenticated request to PUT /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=... can trigger a server-side panic...

CVE-2026-33063 free5GC AUSF UE Authentication Panic on Nil SuciSupiMap Interface Conversion

free5GC is an open source 5G core network. free5GC AUSF prior to version 1.4.2 has is an Improper Null Check vulnerability leading to Denial of Service. All deployments of free5GC v4.0.1 using the AUSF UE authentication service /nausf-auth/v1/ue-authentications endpoint are affected. A remote...

CVE-2026-33062 free5GC NRF Discovery EncodeGroupId Function Panics on Malformed group-id-list Parameter

free5GC is an open source 5G core network. free5GC NRF prior to version 1.4.2 has an Improper Input Validation vulnerability leading to Denial of Service. All deployments of free5GC using the NRF discovery service are affected. The EncodeGroupId function attempts to access array indices 0, 1, 2...

CVE-2026-32937

This CVE affects free5GC CHF prior to v1.2.2, where an out-of-bounds slice access in nchf-convergedcharging RechargePut(...) can be triggered by an authenticated PUT to /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=.... The result is a server-side panic converted to HTTP 500 by Gin, ena...

CVE-2026-32937 free5GC CHF has Out-of-Bounds Slice Access that Leads to DoS

free5GC is an open source 5G core network. free5GC CHF prior to version 1.2.2 has an out-of-bounds slice access vulnerability in the CHF nchf-convergedcharging service. A valid authenticated request to PUT /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=... can trigger a server-side panic...

CVE-2026-32937 free5GC CHF has Out-of-Bounds Slice Access that Leads to DoS

free5GC is an open source 5G core network. free5GC CHF prior to version 1.2.2 has an out-of-bounds slice access vulnerability in the CHF nchf-convergedcharging service. A valid authenticated request to PUT /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=... can trigger a server-side panic...

CVE-2026-32937

free5GC is an open source 5G core network. free5GC CHF prior to version 1.2.2 has an out-of-bounds slice access vulnerability in the CHF nchf-convergedcharging service. A valid authenticated request to PUT /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=... can trigger a server-side panic...

golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...

Important: Red Hat Security Advisory: podman security update

An update for podman is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...