Linux Distros Unpatched Vulnerability : CVE-2026-43294

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm: renesas: rz-du: mipidsi: fix kernel panic when rebooting for some panels Since commit 56de5e305d4b clk: renesas: r9a07g044: Add MSTOP for RZ/G2L we may get...

PT-2026-39253

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The UDR nudr-dr handler for the endpoint "DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions" contains a nil-pointer dereference. This occurs when a request is mad...

PT-2026-39254

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The UDR nudr-dr handler in free5GC contains an issue where a single authenticated request can cause a panic. This occurs when a request is made to the endpoint "DELETE...

PT-2026-39244

Name of the Vulnerable Software and Affected Versions Gitsign versions 0.4.0 through 0.14.x Description In the CertVerifier.Verify function within pkg/git/verifier.go, the software unconditionally dereferences the first element of a certificate slice certs0 after calling sd.GetCertificates withou...

GHSA-FPW6-HRG5-Q5X5 ech0's acess tokens with expiry=never cannot be revoked: logout panics, delete does not blacklist JTI

Summary Access tokens created with the "never expire" option have no exp JWT claim. Three independent revocation mechanisms fail for this token type. Logout at internal/handler/auth/auth.go:154 and :163 dereferences claims.ExpiresAt.Time, panicking on the nil field so the token never hits the...

CVE-2026-39836

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

CVE-2026-39836

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

CVE-2026-39836

The CVE-2026-39836 entry describes a panic in Windows when using Dial and LookupPort in Go’s net package if the input contains a NUL (0) byte. Affected component: Go’s networking functions (Dial, LookupPort); root cause is handling of NUL input leading to a crash. Impact stated by CVSS is HIGH av...

CVE-2026-39836

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

CVE-2026-39836

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

Uncaught Exception

Overview std/net is a Go standard library package std/net Affected versions of this package are vulnerable to Uncaught Exception. Go Vulnerability Report: The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0. Remediation Upgrade std/net to version...

GO-2026-4971 Panic in Dial and LookupPort when handling NUL byte on Windows in net

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...

Important: Red Hat Security Advisory: buildah security update

An update for buildah is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

CVE-2026-41643 GoBGP: Remote Denial of Service (Panic) in UpdatePathAttrs4ByteAs via Malformed BGP UPDATE

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error: index out of range panic. This occurs during th...

CVE-2026-42285

GoBGP CVE-2026-42285 causes a panic (nil pointer dereference) in AdjRib.Update when a remote unauthenticated BGP UPDATE message with inconsistent/short attribute lengths is processed as a withdraw, crashing the GoBGP process and causing DoS. The issue is triggered in version 4.4.0 and has a fix i...

CVE-2026-41642 GoBGP: Remote Denial of Service (Panic) via Malformed Well-known Path Attribute

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as...

CVE-2026-41642 GoBGP: Remote Denial of Service (Panic) via Malformed Well-known Path Attribute

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as...

GHSA-3V94-MW7P-V465 hickory-proto: NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses

The NSEC3 closest-encloser proof validation in hickory-proto's 0.25.0-alpha.3 ... 0.25.2 and hickory-net's 0.26.0-alpha.1 .. 0.26.0 DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of th...