CVE-2026-7422 MAC Address Validation Bypass in FreeRTOS-Plus-TCP IPv4 and IPv6 Packet Processing

Insufficient packet validation in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to bypass all checksum and minimum-size validation by spoofing the Ethernet source MAC address to match one of the device's own registered endpoints, because the loopback detection...

CVE-2026-7422 MAC Address Validation Bypass in FreeRTOS-Plus-TCP IPv4 and IPv6 Packet Processing

Insufficient packet validation in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to bypass all checksum and minimum-size validation by spoofing the Ethernet source MAC address to match one of the device's own registered endpoints, because the loopback detection...

CVE-2026-7422

CVE-2026-7422 affects FreeRTOS-Plus-TCP; insufficient packet validation in IPv4/IPv6 processing (before V4.2.6 and V4.4.1) allows an adjacent attacker to bypass checksum and minimum-size checks by spoofing the Ethernet source MAC to a local endpoint, since loopback-detection skips validation for ...

CVE-2026-22740

A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are...

Denial Of Service (DoS)

Spring Web is vulnerable to Denial of Service DoS. The vulnerability is due to improper cleanup of temporary files created during multipart request processing, where files for large parts may not be deleted after request completion, allowing attackers to exhaust disk space...

BIT-THRIFT-2026-41607 Apache Thrift: C++ JSON OOB read

Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

Vulnerabilities handled in Apache Camel

The Apache Software Foundation has identified vulnerabilities in Apache Camel. These vulnerabilities exist in various components of Apache Camel. The issues include insecure deserialization, insufficient filtering of email headers, incorrect authentication path matching, and improper processing o...

RLSA-2026:11349 Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c CVE-2025-9714 For more details about the security issues, including the impact, a CVSS...

CVE-2026-7357

An use after free flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497047552...

PT-2026-35899

Name of the Vulnerable Software and Affected Versions WebFlux server application affected versions not specified Description A WebFlux server application that processes multipart requests creates temporary files for parts larger than 10 K. Under certain conditions, these temporary files may not b...

Unity Linux 20.1050e / 20.1070e Security Update: LibRaw (UTSA-2026-015451)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015451 advisory. In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1 values. Tenable has extracted the...

FreeBSD Security Advisory - FreeBSD-SA-26:17.libnv

FreeBSD Security Advisory - When processing the header of an incoming message, libnv failed to properly validate the message size...

FreeBSD-SA-26:17.libnv

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:17.libnv Security Advisory The FreeBSD Project Topic: Heap overflow in libnv Category: core Module: libnv Announced: 2026-04-29 Credits: Mariusz Zaborski...

CVE-2026-7357

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-7333

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-7333

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-7357

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

EUVD-2026-26177

Race in MHTML in Google Chrome prior to 147.0.7727.138 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Chromium security severity: High...

CVE-2026-7357

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-7333

CVE-2026-7333 describes a use-after-free in the GPU component of Google Chrome, leading to a potential sandbox escape via a crafted HTML page on Chromium-based browsers. Affected product: Google Chrome versions earlier than 147.0.7727.138. Root cause: use-after-free in GPU handling. Impact: remot...