Duplicate Advisory: Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8mp2-v27r-99xp. This link is maintained to preserve external references. Original Description Summary Denial-of-Service DoS vulnerability in the Mistune Markdown parser. The issue occurs when processing speciall...

Google Chrome’s silent 4GB AI download problem [updated]

Google Chrome has been quietly downloading a 4GB AI model onto users' devices without asking first. Security researcher Alexander Hanff, aka ThatPrivacyGuy, reports that Chrome has been silently installing Gemini Nano, Google's on-device AI model, as a file called weights.bin stored in the...

The Jenkins Threat Landscape

What usage patterns, plugin adoption, and configuration choices reveal about the Jenkins attack surface...

BIT-JAVA-MIN-2023-21967

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit...

EUVD-2026-27806

In the Linux kernel, the following vulnerability has been resolved: ntfs: -dcompare must not block ... so don't use getname there. Switch it and ntfsdhash, while we are at it to kmallocPATHMAX, GFPNOWAIT. Yes, ntfsdhash almost certainly can do with smaller allocations, but let ntfs folks deal wit...

EUVD-2026-27641

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ensure safe access to master conntrack Holding reference on the expectation is not sufficient, the master conntrack object can just go away, making exp-master invalid. To access exp-master safely: - Grab the...

CVE-2026-43133

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation Commit cc3ed80ae69f "KVM: nSVM: always use vmcb01 to for vmsave/vmload of guest state" made KVM always use vmcb01 for the fields controlled by VMSAVE/VMLOAD, but it missed...

CVE-2026-43259 phy: fsl-imx8mq-usb: set platform driver data

In the Linux kernel, the following vulnerability has been resolved: phy: fsl-imx8mq-usb: set platform driver data Add missing platformsetdrvdata as the data will be used in remove...

CVE-2026-43215

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix locking usage for tcon fields We used to use the cifstcpseslock to protect a lot of objects that are not just the server, ses or tcon lists. We later introduced srvlock, seslock and tclock to protect fields within the...

CVE-2026-43133

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation Commit cc3ed80ae69f "KVM: nSVM: always use vmcb01 to for vmsave/vmload of guest state" made KVM always use vmcb01 for the fields controlled by VMSAVE/VMLOAD, but it missed...

CVE-2026-43133 KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation Commit cc3ed80ae69f "KVM: nSVM: always use vmcb01 to for vmsave/vmload of guest state" made KVM always use vmcb01 for the fields controlled by VMSAVE/VMLOAD, but it missed...

CVE-2025-71273

The CVE-2025-71273 entry concerns the Linux kernel’s rtw88 Wi‑Fi driver. The issue arises from a memory leak in rtw_register_hw(), where memory allocated for supported bands was not freed on error paths. The patch standardizes memory allocation using device-managed memory (devm_kmemdup()) in rtw_...

kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsitdecsessionusagecount In iscsitdecsessionusagecount, the function calls complete while holding the sess-sessionusagelock. Similar to the connection usage count logic, the waiter...

Improper Handling of Highly Compressed Data (Data Amplification)

Overview exifreader is a Library that parses Exif metadata in images. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When...

SUSE CVE-2026-31724

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: feem: Fix netdevice lifecycle with devicemove The netdevice is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbinds, t...

SUSE CVE-2026-43036

In the Linux kernel, the following vulnerability has been resolved: net: use skbheaderpointer for TCPv4 GSO fragoff check Syzbot reported a KMSAN uninit-value warning in gsofeaturescheck called from netifskbfeatures 1. gsofeaturescheck reads iph-fragoff to decide whether to clear mangleidfeatures...

PT-2026-37448

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the rtw register hw function within the rtw88 wifi driver. This occurs because supported bands are not properly freed during the error path. The issue is addresse...

PT-2026-38272

Name of the Vulnerable Software and Affected Versions Flight versions prior to 3.18.1 Description The SimplePdo::insert, SimplePdo::update, and SimplePdo::delete functions build SQL statements by concatenating the $table argument and the keys of the $data array directly into the query without...

PT-2026-38261

Name of the Vulnerable Software and Affected Versions mistune versions prior to 3.2.1 Description A Denial-of-Service DoS issue exists in the Mistune Markdown parser. Processing specially crafted reference links can cause excessive backtracking and parsing loops within the parse link title functi...

CVE-2026-32936

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...