OSV-2026-630 Use-of-uninitialized-value in JXRHandlerPrivate::readTextMeta

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=506459935 Crash type: Use-of-uninitialized-value Crash state: JXRHandlerPrivate::readTextMeta JXRHandlerPrivate::description JXRHandlerPrivate::setMetadata...

vLLM 安全漏洞

vLLM is an open-source inference and service engine designed for LLM models, featuring high throughput and efficient memory usage. Versions of vLLM prior to 0.19.0 contained a security vulnerability. This vulnerability stemmed from a function in the KV Block Handler component called...

PT-2026-35547

Values produced by $random.value are not suitable for use as secrets. $random.uuid is not affected. $random.int and $random.long should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15...

PT-2026-35393

The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...

Juniper Junos OS Vulnerability (JSA83018)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA83018 advisory. - An Unchecked Return Value vulnerability in the Routing Protocol Daemon rpd on Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows a logically adjacent,...

CVE-2026-31674

In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6trt: reject oversized addrnr in rtmt6check Reject rt match rules whose addrnr exceeds IP6TRTHOPS. rtmt6 expects addrnr to stay within the bounds of rtinfo-addrs. Validate addrnr during rule installation so malformed...

SUSE CVE-2026-31619

In the Linux kernel, the following vulnerability has been resolved: ALSA: fireworks: bound device-supplied status before string array lookup The status field in an EFW response is a 32-bit value supplied by the firewire device. efrstatusnames has 17 entries so a status value outside that range go...

OSV-2026-623 Use-of-uninitialized-value in Mat_PrintNumber

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=505903317 Crash type: Use-of-uninitialized-value Crash state: MatPrintNumber MatPrintData MatVarPrint...

OSV-2026-621 Use-of-uninitialized-value in vcardtime_from_string

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=505903588 Crash type: Use-of-uninitialized-value Crash state: vcardtimefromstring vcardvaluenewfromstring parsevcard...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the logic used in schnetem for handling data packets. This logic uses an unconstrained random val...

CVE-2026-31666

A flaw was found in the Linux kernel's btrfs filesystem. An incorrect return value in the lookupextentdataref function can lead to the system believing a lookup succeeded when it did not. This can cause operations to be performed on the wrong extent tree item, potentially resulting in data...

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the deserialization process. An attacker can cause excessive memory allocation leading to process crashes by submitting a specially crafted payload. Remediation Upgrade...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through the transformResponse and request serialization paths in the defaul...

Contour has Lua code injection via Cookie Path Rewrite Policy

Impact Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in the following fields that results in arbitrary code execution in the Envoy proxy: -...

CVE-2026-31659

In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject oversized global TT response buffers batadvttpreparetvlvglobaldata builds the allocation length for a global TT response in 16-bit temporaries. When a remote originator advertises a large enough global TT, the ...

CVE-2026-31633

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix integer overflow in rxgkverifyresponse In rxgkverifyresponse, there's a potential integer overflow due to rounding up tokenlen before checking it, thereby allowing the length check to be bypassed. Fix this by checking...

CVE-2026-31666

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix incorrect return value after changing leaf in lookupextentdataref After commit 1618aa3c2e01 "btrfs: simplify return variables in lookupextentdataref", the err and ret variables were merged into a single ret variable...

CVE-2026-31666 btrfs: fix incorrect return value after changing leaf in lookup_extent_data_ref()

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix incorrect return value after changing leaf in lookupextentdataref After commit 1618aa3c2e01 "btrfs: simplify return variables in lookupextentdataref", the err and ret variables were merged into a single ret variable...

EUVD-2026-25559

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix incorrect return value after changing leaf in lookupextentdataref After commit 1618aa3c2e01 "btrfs: simplify return variables in lookupextentdataref", the err and ret variables were merged into a single ret variable...

CVE-2026-31666

CVE-2026-31666 affects the Linux kernel’s btrfs filesystem. A defect in lookup_extent_data_ref() caused an incorrect return value when transitioning between leaves, due to merged err/ret handling: if btrfs_next_leaf() returns 0, ret could be overwritten from -ENOENT to 0, making a non-matching ke...