CVE-2026-49412

The CVE (CVE-2026-49412) affects FreeBSD’s kernel IPv6 multicast source filter (IPV6_MSFILTER) handling. The issue is a use-after-free: the handler releases a serializing lock to copy the source-filter list from userspace and later reacquires it; during the window a competing thread can free the ...

CVE-2026-49417

CVE-2026-49417 is part of multiple vulnerabilities in FreeBSD's sound(4) mmap path. The FreeBSD advisories describe two memory-safety errors: (1) dsp_mmap_single() could overflow when validating mapping offset+length, allowing a mapping that extends past the audio buffer; (2) the audio buffer bac...

Chromium: CVE-2026-13038 Use after free in Autofill

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-13036 Use after free in Blink

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-13035 Use after free in Bluetooth

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-13031 Use after free in Blink

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-13029 Use after free in Web Authentication

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-13027 Use after free in FileSystem

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-13026 Use after free in Digital Credentials

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-53300

The CVE-2026-53300 issue in the Linux kernel net: enetc driver concerns a DMA use-after-free when handling NTMP commands. If netc_xmit_ntmp_cmd() times out and a command is not explicitly aborted, ntmp_free_data_mem() frees the DMA buffer, which may have been reallocated. This could allow silent ...

CVE-2026-53296

The CVE-2026-53296 entry concerns the Linux kernel mailbox subsystem, specifically the mailbox-test path where channels are freed on probe error. The underlying issue is that channels obtained prior to a probe error must be freed to prevent resource leaks and avoidance of use-after-free (UAF) bec...

EUVD-2026-39901

In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: free channels on probe error On probe error, free the previously obtained channels. This not only prevents a leak, but also UAF scenarios because the client structure will be removed nonetheless because it...

CVE-2026-53290

The CVE-2026-53290 issue affects the Linux kernel driver path drm/xe/eustall. The vulnerability arises when drm_dev_put() is called before the stream is disabled and resources freed in xe_eu_stall_stream_close(), which can drop the last reference and lead to use-after-free as the cleanup accesses...

EUVD-2026-39895

In the Linux kernel, the following vulnerability has been resolved: drm/xe/eustall: Fix drmdevput called before stream disable in close In xeeustallstreamclose, drmdevput is called before the stream is disabled and its resources are freed. If this drops the last reference, the device structures...

CVE-2026-53286

The CVE-2026-53286 issue concerns the Linux kernel IDPF code, specifically an improper handling of auxiliary devices during error paths that can trigger a use-after-free and double-free in iadev structures. In idpf_plug_vport_aux_dev() and idpf_plug_core_aux_dev(), if auxiliary_device_add() fails...

EUVD-2026-39891

In the Linux kernel, the following vulnerability has been resolved: idpf: fix double free and use-after-free in aux device error paths When auxiliarydeviceadd fails in idpfplugvportauxdev or idpfplugcoreauxdev, the errauxdevadd label calls auxiliarydeviceuninit and falls through to errauxdevinit...

CVE-2026-52951

A flaw was found in the Linux kernel's drm/xe/dma-buf subsystem. This vulnerability involves race conditions when handling the invalidatemappings hook, particularly during buffer object initialization and attachment. An attacker, by triggering specific sequences of operations, could exploit these...

CVE-2026-48090

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, the HTTP OAuth2 filter envoy.filters.http.oauth2 can leave an in-flight async token exchange attached to a downstream stream that has already been torn down. A late...

CVE-2026-47205

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free UAF vulnerability leading to a sudden segmentation fault exists in Envoy's extauthz HTTP filter when processing per-route authorization overrides...

CVE-2026-53024

A flaw was found in the Linux kernel's Greybus raw subsystem. A local user could trigger a use-after-free vulnerability by attempting to write to a character device chardev after it has been disconnected. This can lead to a kernel panic, resulting in a Denial of Service DoS for the system...