CVE-2026-42579

A flaw was found in Netty. Netty's DNS Domain Name System codec does not properly enforce domain name constraints as defined in RFC 1035 during both encoding and decoding processes. This vulnerability allows a remote attacker to exploit the decoder using malicious DNS responses or exploit the...

CVE-2026-45104

A flaw was found in MapServer. A remote attacker can exploit this vulnerability by sending a specially crafted Styled Layer Descriptor SLD via the Web Map Service WMS SLDBODY parameter. This can lead to a NULL pointer dereference, causing a Denial of Service DoS condition...

CVE-2026-9804

A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link symlink within an exported filesystem Persistent Volume Claim PVC that points...

CVE-2026-49001

Cross-site request forgery CSRF vulnerabilities allow attackers to exploit a user's authenticated session to forge cross-site requests, inducing the execution of unintended operations such as tampering with configuration data...

CVE-2026-8834

IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to execute remote code or cause a denial of service...

CVE-2026-4051

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted...

CVE-2026-9312

A server-side request forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to send crafted requests to internal services by exploiting insufficient input validation in an upload endpoint. By injecting path traversal content into request...

CVE-2026-49000

An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms...

CVE-2026-44728

Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. This vulnerability is fixed in 7.29.4 and...

CVE-2025-43306

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to gain root privileges...

CVE-2026-48999

Attackers carefully craft malicious scripts, such as JavaScript, and inject them into target systems; when other users access pages containing such malicious content, the scripts are automatically loaded and executed in the victim's browser.Attackers can thereby steal user cookies, hijack session...

CVE-2025-46284

A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to gain root privileges...

CVE-2026-44410

This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks...

CVE-2026-3660

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application...

CVE-2026-43869

A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This...

CVE-2026-4408

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...

CVE-2026-44604

A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...

CVE-2026-45847

A flaw was found in the Linux kernel's network component, specifically related to handling Internet Protocol over Internet Protocol IPIP tunnels. A local user could potentially craft a network configuration with a very long forward path, which could lead to an unexpected condition within the...

CVE-2026-45850

A flaw was found in the Linux kernel's IP Virtual Server IPVS component. A remote attacker could send specially crafted IPv6 packets with extension headers, causing the system to fail protocol checksum validation. This could lead to incorrect packet processing or a denial of service DoS, impactin...

CVE-2026-45848

A flaw was found in the Linux kernel's AppArmor security module. This vulnerability allows a local attacker to trigger a NULL pointer dereference during socket setup or teardown operations. This can lead to a kernel 'oops', resulting in a system crash and a Denial of Service DoS...

CVE-2026-45849

A flaw was found in the Linux kernel's network component, specifically within the mscc: ocelot driver. The system failed to properly secure access to shared resources during network packet injection, leading to a missing lock protection vulnerability. This oversight could allow a local attacker t...

CVE-2026-45851

A flaw was found in the Linux kernel's Extensible Firmware Interface EFI subsystem. An error in memory reservation for the unaccepted memory table can occur if its starting address is not page-aligned. This vulnerability could lead to the memory table being overwritten or inaccessible, resulting ...

CVE-2026-45854

A flaw was found in the Linux kernel's EIP93 cryptographic accelerator driver. This vulnerability occurs because the driver attempts to unregister all cryptographic algorithms, even those not supported by the hardware. This incorrect handling can lead to a system panic, effectively causing a Deni...

CVE-2026-9803

A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an...

CVE-2026-9802

A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, who has previously captured a user's refresh token, to replay that token even after it has been...

CVE-2026-45852

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA subsystem, specifically within the rxe driver. An error in the rxesrqfrominit function's memory management can lead to a double free vulnerability. This occurs when an attempt to copy data to user space fails, causing the sam...

CVE-2026-45853

A flaw was found in the Linux kernel's drm/amdgpu component. The amdgpudiscoverygetnpsinfo function incorrectly deallocates memory by using kfree instead of kvfree, even when memory was allocated with kvcalloc which may use vmalloc. This improper memory handling can lead to memory corruption. Suc...

CVE-2026-9801

A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol LDAP server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password...

CVE-2026-45855

A flaw was found in the Linux kernel's libata-scsi component. This vulnerability allows for a denial of service DoS where non-Native Command Queuing NCQ commands can experience significant delays or complete starvation. This occurs when non-NCQ commands are issued while NCQ commands are actively...

CVE-2026-45857

A flaw was found in the Linux kernel's scsi: csiostor module. This null pointer dereference vulnerability occurs in an error handling path. A local attacker could exploit this to cause a system crash, leading to a Denial of Service DoS. Mitigation To prevent exploitation, the csiostor kernel modu...

CVE-2026-45856

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA subsystem, specifically within the ibuverbspostsend function. A local user can exploit this vulnerability by providing an invalid work queue element size wqesize from userspace without proper validation. This can lead to an...

CVE-2026-9798

A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily locked due to repeated failed login attempts, an attacker with valid client credentials can exploit the Client-Initiated Backchannel Authentication CIBA flow to bypass this...

CVE-2026-45858

A flaw was found in the Linux kernel's ext4 filesystem. This vulnerability occurs during the splitting of unwritten data blocks, where a portion of the data may be incorrectly marked as written while still containing stale, uninitialized information. A local attacker could potentially exploit thi...

CVE-2026-9796

A flaw was found in Keycloak. An authenticated administrator with the manage-clients role can exploit a Time-of-check to time-of-use TOCTOU vulnerability in the name-based admin role checks. This allows the attacker to escalate their privileges to realm-admin for all users within the realm,...

CVE-2026-45859

A flaw was found in the Linux kernel's netfilter nfnetlinkqueue component. This vulnerability occurs when an application does not set the FGSO capability flag and a Generic Segmentation Offload GSO packet with an unconfirmed netfilter connection nfconn entry is received. Due to an incorrect order...

CVE-2026-45860

A flaw was found in the Linux kernel's netfilter connection counting nfconncount feature. This vulnerability occurs when the system tracks more than eight new connections per jiffy, causing the connection list to not be cleaned up efficiently. A remote attacker could exploit this by rapidly...

CVE-2026-45862

A flaw was found in the Linux kernel's IOMMU Input/Output Memory Management Unit virtualized directed I/O VT-d component. When a freshly allocated PASID Process Address Space ID table is written to a directory entry, the CPU cache flush for this table occurs too late. This creates a time window...

CVE-2026-45861

A flaw was found in the Linux kernel's GFS2 file system. During filesystem shutdown, quota data objects were freed without being properly removed from the Least Recently Used LRU list. This oversight could lead to a use-after-free vulnerability, where the system attempts to access memory that has...

CVE-2026-45864

A flaw was found in the Linux kernel's NTFS3 file system driver. This vulnerability allows a local attacker to trigger an infinite loop when the system attempts to process specific file system data. Successful exploitation can lead to a system hang, resulting in a Denial of Service DoS...

CVE-2026-45863

A flaw was found in the Linux kernel's i3c dw driver. The dwi3cmasteri2cxfers function allocates memory for a transfer structure. However, if a runtime power management operation fails, the allocated memory is not properly released. This oversight leads to a memory leak, which can degrade system...

CVE-2026-45866

A flaw was found in the Linux kernel's CAIF serial line discipline. A race condition exists between the ldiscclose function, which frees the terminal tty device, and the handletx function, which may attempt to access the freed device. This use-after-free UAF vulnerability allows a local attacker ...

CVE-2026-45867

A flaw was found in the Linux kernel, specifically within the power supply subsystem. This vulnerability, a use-after-free, occurs due to a race condition during the removal or initialization of a power supply device. An interrupt can fire after the associated memory for a power supply handle has...

CVE-2026-45865

A flaw was found in the Linux kernel's Message Control Transport Protocol MCTP over I2C Inter-Integrated Circuit implementation. A local attacker could exploit this vulnerability by performing I2C reads on an MCTP-I2C device. This could lead to the disclosure of uninitialized stack memory,...

CVE-2026-45868

A flaw was found in the Linux kernel's pinctrl: single subsystem. The pcsaddgpiofunc function does not properly release a device node reference after parsing, causing a reference count leak. This continuous leak of resources can lead to system instability and a denial of service DoS condition...

CVE-2026-45869

A flaw was found in the Linux kernel, specifically within the wm97xx power supply driver. A timing issue, known as a race condition, can occur during the driver's setup. If an interrupt is triggered at a precise moment, it can cause the system to attempt to use an uninitialized memory pointer,...

CVE-2026-45870

A flaw was found in the Linux kernel's SUNRPC Sun Remote Procedure Call authentication GSS Generic Security Service module. This vulnerability occurs due to memory leaks in the XDR eXternal Data Representation decoding error paths within functions like gssxdecctx, gssxdecstatus, and gssxdecname...

CVE-2026-45871

A flaw was found in the Linux kernel's Trusted Platform Module TPM subsystem. When the getburstcount function encounters an error, the st33zp24 driver fails to release a previously acquired resource. This oversight can lead to resource exhaustion, potentially allowing a local attacker to cause a...

CVE-2026-9795

A flaw was found in Keycloak's Fine-Grained Admin Permissions FGAPv2 feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security...

CVE-2026-45873

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: check for partial overlaps in anonymous sets Userspace provides an optimized representation in case intervals are adjacent, where the end element is omitted. The existing partial overlap detection logic...

CVE-2026-45872

A flaw was found in the Linux kernel's scsi: smartpqi driver. The pqireportphysluns function fails to properly release allocated memory buffers under certain error conditions, such as encountering an unsupported data format or failed memory allocation. This oversight leads to a memory leak, which...