CoreDNS DoH GET path missing size validation causes CPU and memory amplification

...

CoreDNS transfer plugin subzone ACL bypass via lexicographic zone comparison

...

CoreDNS TSIG authentication bypass on encrypted DNS transports

...

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.

...

An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted FlowSpec component.

...

Nano: nano: format string vulnerability leads to denial of service

...

Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions

...

A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job files containing the fdp_pli option. The callback function str_fdp_pli_cb() does not validate the input pointer and calls strdup() on a NULL value when the option is specified without an argument. This results in a segmentation fault and process crash.

...

Binutils: binutils: arbitrary code execution via malformed xcoff object file processing

...

media: vidtv: fix pass-by-value structs causing MSAN warnings

...

libssh2 userauth.c userauth_password integer overflow

...

net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd()

...

smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path

...

f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io()

...

ksmbd: use check_add_overflow() to prevent u16 DACL size overflow

...

crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed

...

rxrpc: Fix missing validation of ticket length in non-XDR key preparsing

...

crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption

...

ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment

...

fuse: reject oversized dirents in page cache

...

crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed

...

smb: server: fix active_num_conn leak on transport allocation failure

...

usb: gadget: f_hid: move list and spinlock inits from bind to alloc

...

crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed

...

FRRouting < 10.5.3 Integer Overflow in OSPF TLV Parser Functions

...

Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization

...

In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.

...

In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.

...

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path to handle user input are affected and could be exploited. In particular, because sendInput() sends a string to a terminal, a control character such as \x01 can be used during injection.

...

net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption

...

Chromium: CVE-2026-7355 Use after free in Media

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-7340 Integer overflow in ANGLE

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-7339 Heap buffer overflow in WebRTC

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-7341 Use after free in WebRTC

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-7338 Use after free in Cast

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-7345 Insufficient validation of untrusted input in Feedback

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-7346 Inappropriate implementation in Tint

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-7347 Use after free in Chromoting

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-7337 Type Confusion in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-7336 Use after free in WebRTC

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-7335 Use after free in media

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-7348 Use after free in Codecs

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-7349 Use after free in Cast

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-7350 Use after free in WebMIDI

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-7351 Race in MHTML

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-7353 Heap buffer overflow in Skia

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-7354 Out of bounds read and write in Angle

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-7356 Use after free in Navigation

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-7357 Use after free in GPU

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-7334 Use after free in Views

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...