CVE-2026-10020

An insufficient validation of untrusted input flaw was found in the Skia component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496565479...

CVE-2026-10019

An integer overflow flaw was found in the ANGLE component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505056913...

CVE-2026-10017

An out of bounds read flaw was found in the Headless component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=504156069...

CVE-2026-10016

An use after free flaw was found in the DOM component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=515155946...

CVE-2026-10015

An integer overflow flaw was found in the WTF component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=514746176...

CVE-2026-10014

An use after free flaw was found in the WebMIDI component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=514742327...

CVE-2026-10013

An use after free flaw was found in the WebCodecs component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=514715455...

CVE-2026-10009

An integer overflow flaw was found in the Skia component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513973560...

CVE-2026-10012

An use after free flaw was found in the Skia component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=514063977...

CVE-2026-10007

An use after free flaw was found in the SVG component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513754619...

CVE-2026-10006

A race flaw was found in the WebAudio component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513750691...

CVE-2026-10005

An use after free flaw was found in the WebAppInstalls component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513750089...

CVE-2026-10001

An use after free flaw was found in the PerformanceManager component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513505927...

CVE-2026-10003

An use after free flaw was found in the Views component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513609324...

CVE-2026-10002

An use after free flaw was found in the PDFium component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513536416...

CVE-2026-9876

An use after free flaw was found in the WebGL component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=493747593...

CVE-2026-9872

An out of bounds write flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505077859...

CVE-2026-9873

An use after free flaw was found in the Network component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=507365348...

CVE-2026-10000

An use after free flaw was found in the Passwords component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513505608...

CVE-2026-9875

An out of bounds read flaw was found in the WebGL component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=507508103...

CVE-2026-9878

An use after free flaw was found in the ANGLE component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=499054245...

CVE-2026-9874

An use after free flaw was found in the Dawn component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=500609038...

CVE-2026-9877

An use after free flaw was found in the ANGLE component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496445460...

CVE-2026-10028

A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS backend enabled and performs certificate verification. This crafted chain, which contains circular...

CVE-2025-71304

A flaw was found in the Linux kernel's Smack module. A local user with privileges to modify Smack's Domain of Interpretation DOI values could cause a denial of service. By writing a previously used DOI value to /smack/doi, networking for non-ambient labels becomes disabled. This prevents network...

CVE-2025-71303

A flaw was found in the Linux kernel. Specifically, within the accel/amdxdna component, a timing issue, known as a race condition, exists during device power management. A local application could submit commands while the device is in an inconsistent state due to an incomplete resume operation...

CVE-2025-71307

A flaw was found in the Linux kernel's drm/panthor component. This vulnerability, a NULL pointer dereference, occurs during the firmware unplug process when the Microcontroller Unit MCU is in an unexpected state or its firmware is not initialized. This can lead to system instability or a denial o...

CVE-2025-71306

A flaw was found in the Linux kernel's Integrity Measurement Architecture IMA subsystem. This vulnerability involves a stack-out-of-bounds access within the imaappraisemeasurement function during the processing of bprmcreds for execution. An attacker could potentially trigger this flaw by causing...

CVE-2025-71309

A flaw was found in the Linux kernel's ntfs3 filesystem driver. An issue with incorrect lock ordering between the inode mutex and page locks during compressed frame reading can lead to a deadlock. This vulnerability allows a local attacker to cause a system to hang, resulting in a Denial of Servi...

CVE-2025-71308

A flaw was found in the Linux kernel's accel/amdxdna module. During error handling in the aie2createcontext function, the aiedestroycontext function can be called when a mailbox channel pointer is unexpectedly null. This can lead to a NULL pointer dereference, potentially causing a system crash a...

CVE-2025-71312

A flaw was found in the Linux kernel's NTFS3 file system driver. A local user could exploit this vulnerability by mounting a specially crafted file. This issue leads to a memory leak, a type of resource management error, which can cause system instability or a denial of service DoS by exhausting...

CVE-2025-71311

A flaw was found in the Linux kernel's fs/ntfs3 component. When new memory pages folios are allocated for the NTFS3 file system without being properly initialized, and a read operation is skipped, parts of these folios may contain uninitialized memory. This can lead to a memory corruption...

CVE-2026-45909

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Drop initconst from gates Since commit 8ceff24a754a "clk: mediatek: clk-gate: Refactor mtkclkregistergate to use mtkgate struct" the mtkgate structs are no longer just used for initialization/registration, but also...

CVE-2026-46077

A flaw was found in the Linux kernel's atmel-tdes cryptographic module. This vulnerability arises from an incorrect DMA Direct Memory Access synchronization direction, which can cause the system to process outdated data from the cache on non-coherent platforms. The primary consequence is the...

CVE-2026-46108

A flaw was found in the Linux kernel's Intelligent Platform Management Interface IPMI System Interface SI driver. This vulnerability occurs when the driver fails to return to a normal operational state after a message allocation failure. This improper state handling can lead to the driver not...

CVE-2026-46110

A flaw was found in the Linux kernel's stmmac driver. When the system experiences receive RX memory exhaustion, the stmmacrx function can misinterpret already-processed data descriptors as valid, leading to a NULL pointer dereference. This vulnerability can cause the system to panic, resulting in...

CVE-2026-46109

A flaw was found in the Linux kernel's USB ULPI Ultra Low Pin Interface subsystem. This memory leak vulnerability occurs during error handling in the ulpiregister function. If certain registration failures occur, allocated memory is not properly released, which could lead to resource exhaustion a...

CVE-2026-9110

An inappropriate implementation flaw was found in the UI component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=503551154...

CVE-2026-46112

A flaw was found in the Linux kernel's RDMA/hns component. An issue exists where the hnsroceqpremove function is called without proper locking during an error handling process. This can lead to memory corruption, potentially causing system instability or a denial of service DoS condition. A local...

CVE-2026-46118

A flaw was found in the Linux kernel's pseries/papr-hvpipe component. A local user could trigger a null pointer dereference in the paprhvpipedevcreatehandle function. This occurs when srcinfo is improperly re-used after being nulled, leading to a kernel panic. This vulnerability could result in a...

CVE-2026-46122

A flaw was found in the Linux kernel's b43 Wi-Fi driver. A remote attacker could exploit this vulnerability by providing a specially crafted firmware key index that exceeds the allocated array size in the b43rx function. This out-of-bounds read could lead to information disclosure, potentially...

CVE-2026-46124

A flaw was found in the Linux kernel's isofs filesystem. An authenticated NFS Network File System peer can exploit this vulnerability by providing a specially crafted file handle. This allows the server to read arbitrary in-range blocks on the backing device, leading to information disclosure whe...

CVE-2026-46129

A flaw was found in the Linux kernel, specifically within the btrfs filesystem. This vulnerability, a double free, occurs in the createspaceinfo function's error handling path. When an internal object initialization fails, the system attempts to release memory twice for the same resource. This ca...

CVE-2026-46131

A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine x86 virtualization module. An incorrect check for nested EPT/NPT Nested Extended Page Tables/Nested Nested Page Tables in slow flush hypercalls could lead to improper handling of L2 guests. This vulnerability arises because t...

CVE-2026-46128

A flaw was found in the Linux kernel's Intelligent Platform Management Interface IPMI subsystem. This vulnerability occurs when the kernel processes event message buffer responses from Baseboard Management Controllers BMCs. Some BMCs may return an empty message instead of an expected error, which...

CVE-2026-46134

A flaw was found in the Linux kernel's crosectypec component. This vulnerability occurs because a mutex, a mechanism used to prevent simultaneous access to shared resources, was not properly initialized during Thunderbolt registration. This oversight can lead to a NULL dereference, potentially...

CVE-2026-46140

A flaw was found in the Linux kernel's Bluetooth subsystem, specifically within the btmtk driver. A remote attacker could exploit this vulnerability by sending a specially crafted Wireless Management Terminal WMT event response. The system processes these responses without properly validating the...

CVE-2026-46143

A flaw was found in the Linux kernel's ASoC Advanced Linux Sound Architecture on Chip qcom q6apm-lpass-dai component. This vulnerability occurs because the prepare function can be invoked multiple times, leading to repeated graph openings for the playback path. This can result in memory leaks,...

CVE-2026-46142

A flaw was found in the Linux kernel's libwx network driver. When a Virtual Function VF is initialized, it attempts to read a Physical Function PF restricted register, WXCFGPORTST. This illegal register access can lead to a system hang, resulting in a Denial of Service DoS...

CVE-2026-46141

A flaw was found in the Linux kernel's powerpc/xive interrupt controller. This vulnerability, identified as a kernel memory leak kmemleak, occurs when allocating Message Signaled Interrupts eXtended MSI-X vectors for NVMe devices. Due to an incorrect lookup of interrupt data, the xiveirqdata...