Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which can be triggered by carefully crafted inputs, leading to excessive CPU consumption and memory...

PT-2026-38564

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Well-crafted inputs reaching the functions ParseAddress, ParseAddressList, and ParseDate can trigger excessive CPU exhaustion and memory allocations, leading to ...

CVE-2026-43204

A flaw was found in the Linux kernel's ASoC Qualcomm qcom q6asm component. This vulnerability occurs when the system continues to process Digital Signal Processor DSP responses for data streams that have already been closed. An attacker could potentially exploit this by sending specific DSP...

Allocation of Resources Without Limits or Throttling

Overview next is a react framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via server function endpoints. An attacker can cause out-of-memory exceptions or induce excessive CPU usage by sending malicious FormData in an HTTP request...

CVE-2026-7918

Use after free in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-43145

A flaw was found in the Linux kernel's remoteproc remote processor subsystem, specifically within the imxrproc driver. The imxrprocelffindloadedrsctable function could incorrectly report the presence of a loaded resource table even when the current firmware did not provide one. This...

CVE-2026-8020

Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...

CVE-2026-7972

Uninitialized Use in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-7955

CVE-2026-7955 refers to an uninitialized use in the GPU path of Google Chrome before Chrome 148.0.7778.96. The issue could allow a remote attacker who has already compromised the renderer process to read potentially sensitive information from process memory via a crafted HTML page. Affected produ...

CVE-2026-7955

Uninitialized Use in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-43122

A flaw was found in the Linux kernel's Advanced Configuration and Power Interface ACPI cpuidle driver. Due to an update in the acpiprocessorstart function, a NULL pointer dereference can occur if acpiprocessorpowerinit is called without a cpuidle driver. This vulnerability could allow a local...

CVE-2026-23870

A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory exceptions or excessive CPU usage; affecting the following packages: react-server-dom-webpack, react-server-dom-parcel,...

CVE-2025-71285

A flaw was found in the Linux kernel's qrtr driver. A race condition in the Modem Host Interface MHI autoqueue feature for Inter-Processor Communication Router IPCR downlink channels can lead to a NULL pointer dereference. This occurs because a callback function may be invoked before the qrtr...

Duplicate Advisory: Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8mp2-v27r-99xp. This link is maintained to preserve external references. Original Description Summary Denial-of-Service DoS vulnerability in the Mistune Markdown parser. The issue occurs when processing speciall...

EUVD-2026-27665

In the Linux kernel, the following vulnerability has been resolved: EFI/CPER: don't go past the ARM processor CPER record buffer There's a logic inside GHES/CPER to detect if the sectionlength is too small, but it doesn't detect if it is too big. Currently, if the firmware receives an ARM process...

EUVD-2026-27822

In the Linux kernel, the following vulnerability has been resolved: arm64: Add support for TSV110 Spectre-BHB mitigation The TSV110 processor is vulnerable to the Spectre-BHB Branch History Buffer attack, which can be exploited to leak information through branch prediction side channels. This...

EUVD-2026-27760

In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ARM processor Error: don't go past allocated memory If the BIOS generates a very small ARM Processor Error, or an incomplete one, the current logic will fail to deferrence err-sectionlength and ctxinfo-size Add checks ...

EUVD-2026-27705

In the Linux kernel, the following vulnerability has been resolved: remoteproc: imxrproc: Fix invalid loaded resource table detection imxrprocelffindloadedrsctable may incorrectly report a loaded resource table even when the current firmware does not provide one. When the device tree contains a...

EUVD-2026-27685

In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Update cpuidle driver check in acpiprocessorstart Commit 7a8c994cbb2d "ACPI: processor: idle: Optimize ACPI idle driver registration" moved the ACPI idle driver registration to acpiprocessordriverinit and...

EUVD-2025-209674

In the Linux kernel, the following vulnerability has been resolved: rpmsg: core: fix race in driveroverrideshow and use core helper The driveroverrideshow function reads the driveroverride string without holding the devicelock. However, the store function modifies and frees the string while holdi...