CVE-2026-44422

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed object's expected NDR type or ownership. When the same ref-id is reused across two...

CVE-2026-46384

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before bounds-checking, or summed them with overflow-prone signed-int arithmetic. On 32-bit targets...

CVE-2026-11099

A vulnerability flaw was found in the Skia component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=500414865...

CVE-2026-11053

A vulnerability flaw was found in the WebRTC component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=498841456...

CVE-2026-46276

A flaw was found in the Linux kernel's amdgpu graphics driver. This vulnerability occurs when the driver attempts to initialize zero-sized graphics memory resources on certain RDNA4 GFX 12 hardware. If a specific debugging option CONFIGDRMDEBUGMM is enabled in the kernel configuration, this...

CVE-2026-46277

A flaw was found in the Linux kernel's memory management, specifically within the mm/zonedevice component. This vulnerability arises when a device folio is accessed after it has been freed and potentially reallocated by a driver. This can lead to memory corruption, which a local attacker could...

CVE-2026-46278

A flaw was found in the Linux kernel's drm/imagination driver. A local user could trigger a kernel NULL pointer dereference by providing invalid data when updating the ftrace mask through a debugfs entry. This vulnerability can lead to a system crash, resulting in a Denial of Service DoS...

CVE-2026-46279

A flaw was found in the Linux kernel's memory management subsystem. Due to an initialization ordering issue, certain pages allocated before the pageext structure is fully available may have uninitialized codetag references. This can lead to a warning being triggered when these pages are later...

CVE-2026-46280

A flaw was found in the Linux kernel's Heterogeneous Memory Management HMM test module. When a device mirror dmirror structure is freed, its associated device private pages are not properly migrated back to system memory. This can lead to a use-after-free condition where a dangling pointer to the...

CVE-2026-46281

A flaw was found in the Linux kernel. When shrinking a vmalloc allocation using the vreallocnodealign function, if the requested new size is smaller than the old size, an out-of-bounds write can occur. This memory corruption vulnerability could allow a local attacker to cause a denial of service ...

CVE-2026-46282

A flaw was found in the Linux kernel's iio: frequency: admv1013 driver. This vulnerability occurs when the system attempts to read a device property, and an uninitialized string is used, leading to a NULL pointer dereference. This could allow a local attacker to trigger a system crash, resulting ...

CVE-2026-46283

A flaw was found in the Linux kernel's Trusted Platform Module TPM driver. This vulnerability arises from the driver's failure to securely clear sensitive cryptographic material, such as session keys and passphrases, from memory when a TPM device is released. A local attacker could potentially...

CVE-2026-46285

A flaw was found in the Linux kernel's mtd: docg3 module. The docg3release function attempts to access memory that has already been deallocated, leading to a use-after-free vulnerability. This issue could allow a local attacker to cause a denial of service or potentially execute arbitrary code...

CVE-2026-46284

A flaw was found in the Linux kernel's hugetlb memory management. A local user could exploit this by providing malformed kernel command-line parameters, such as hugepages or hugepagesz, without an '=' separator. This improper handling of input during early parameter parsing can lead to a system...

CVE-2026-46287

A flaw was found in the Linux kernel's txgbe network driver. When removing a module for a copper Network Interface Card NIC with an external physical layer PHY, the driver failed to acquire the necessary RTNL Routing Netlink lock before disconnecting the PHY. This oversight can lead to an RTNL...

CVE-2026-46288

A flaw was found in the Linux kernel. This vulnerability, a use-after-free UAF, occurs within the ofunittestchangeset function due to improper handling of device node references. An attacker could exploit this by causing a device node's memory to be freed while it is still in use. This could lead...

CVE-2026-46289

A flaw was found in the Linux kernel's lib/scatterlist component. Incorrect length calculations within the extractkvectosg function, when extracting data from a kvec to a scatterlist, could lead to writing beyond intended page boundaries. Additionally, when extracting a user buffer, the scatterli...

CVE-2026-46290

A flaw was found in the Linux kernel's x86/efi component. Due to changes in FPU softirq handling, the system incorrectly identifies normal task context as an interrupt context. This issue, when combined with buggy firmware that triggers page faults during EFI Extensible Firmware Interface runtime...

CVE-2026-46291

A flaw was found in the Linux kernel's crypto: caam component. This vulnerability allows for the disclosure of sensitive HMAC Hash-based Message Authentication Code key bytes at runtime. The issue occurs because the hashdigestkey function uses printhexdumpdevel without proper guarding, which can...

CVE-2026-46293

A flaw was found in the Linux kernel's clock driver for Microchip PolarFire SoC MPFS systems. This vulnerability involves an out-of-bounds memory access that occurs during the registration of clock outputs. The issue stems from incorrect memory allocation within the driver, which can lead to syst...

CVE-2026-46292

A flaw was found in the Linux kernel's generic power domain genpd component. When a virtual device is detached from a power management PM domain, the pmruntimedisable function is not called, leaving runtime PM enabled for the detached device. This oversight can lead to critical errors, including ...

CVE-2026-46294

A flaw was found in the Linux kernel, specifically within the dm-ioctl module. An improper pointer alignment in the retrievestatus function could lead to a buffer overflow, where data is written beyond the allocated buffer. Despite this, the vulnerability has no practical security implications as...

CVE-2026-46295

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM component. A race condition in the Advanced Programmable Interrupt Controller APIC interrupt handling can lead to an incorrect state during interrupt synchronization. This issue, occurring between a sender and target virtual...

CVE-2026-46296

A flaw was found in the Linux kernel's s3c64xx Serial Peripheral Interface SPI driver. An issue with incorrect DMA Direct Memory Access channel deallocation during driver unbind could lead to a NULL-pointer dereference. This vulnerability can cause a system crash, resulting in a denial of service...

CVE-2026-46297

A flaw was found in the Linux kernel's libwx network driver. Incorrect handling of virtual function VF miscellaneous interrupts, specifically using requestthreadedirq with a null threaded handler and the IRQFONESHOT flag, can trigger a kernel warning. This issue may lead to system instability or...

CVE-2026-46298

A flaw was found in the Linux kernel, specifically within the pseries/papr-hvpipe component. This vulnerability is a race condition that can occur when an interrupt fires on the same central processing unit CPU while the ioctl or release handlers are executing. This can lead to a deadlock,...

CVE-2026-46301

A flaw was found in the Linux kernel's spi-topcliff-pch driver. This vulnerability, a use-after-free error, occurs when the driver attempts to release Direct Memory Access DMA buffers during an unbind operation without properly flushing its queue. An attacker could potentially exploit this memory...

CVE-2026-46299

A flaw was found in the hfsplus filesystem component of the Linux kernel. An issue exists in the hfsplusfillsuper function where a lock is not properly released during an error handling path. This can occur when certain conditions cause hfspluscatbuildkey to fail during filesystem initialization....

CVE-2026-46302

A flaw was found in the Linux kernel's Security-Enhanced Linux SELinux policy handling. A local attacker could exploit this by opening the /sys/fs/selinux/policy file, which prevents other processes from accessing or reading the kernel's security policy. This could lead to a denial of service DoS...

CVE-2026-46305

A flaw was found in the Linux kernel, specifically within the rtl8723bs staging driver's osdep module. The rtwcbufalloc function does not properly validate the return value of a memory allocation, leading to an unconditional dereference of a potentially NULL pointer. This vulnerability could allo...

CVE-2026-46304

A flaw was found in the Linux kernel's NVMe over TCP nvmet target subsystem. A recursive locking issue can occur when nvmettcpreleasequeuework attempts to flush ctrl-asynceventwork on the same workqueue nvmet-wq that is already processing a task. This can lead to a deadlock, causing a Denial of...

CVE-2020-37248

A flaw was found in OfflineIMAP. This vulnerability allows a remote attacker to perform a man-in-the-middle attack by exploiting the client's trust in the server's STARTTLS capability before authentication. This can lead to the attacker taking over the connection and extracting sensitive account...

CVE-2026-11487

A flaw was found in Neovim. A local user could exploit this vulnerability by manipulating the argument path in the M.read function within the runtime/lua/vim/secure.lua file. This can lead to command injection, allowing the attacker to execute arbitrary commands on the local system...

CVE-2026-46306

A flaw was found in the Linux kernel's flow dissector. This vulnerability allows a remote attacker to cause a Denial of Service DoS by sending a specially crafted Point-to-Point Protocol over Ethernet PPPoE Protocol Field Compression PFC frame to an affected system. The incorrect processing of...

CVE-2026-46308

A flaw was found in the Linux kernel, specifically within the pmdomain: mediatek component. An issue in the scpsysgetbusprotectionlegacy function's error handling could lead to a use-after-free vulnerability. This occurs when memory is prematurely released before error checks are completed, which...

CVE-2026-46307

A flaw was found in the Linux kernel's ath5k Wi-Fi driver. This vulnerability allows for an array-index-out-of-bounds write in the ath5ktasklettx function. An attacker could potentially trigger this by manipulating specific index values, leading to a minor data corruption. The immediate impact of...

CVE-2026-46309

A flaw was found in the Linux kernel's drm/xe/uapi component. This vulnerability allows a Graphics Processing Unit GPU using cohnone coherency mode to bypass CPU caches and read stale sensitive data directly from Dynamic Random-Access Memory DRAM. This can lead to information disclosure, where da...

CVE-2026-46310

A flaw was found in the Linux kernel's media: renesas: vsp1 component. When unloading the module on generation 4 hardware, an incorrect cleanup function is called, leading to a NULL pointer dereference. This vulnerability can be triggered by a local attacker, potentially causing a system crash an...

CVE-2026-46311

A flaw was found in the Linux kernel. This vulnerability, located in the drm/amdgpu/userq component, involves improper handling of memory mappings. A local attacker could potentially exploit a race condition during queue creation, where a memory object is unmapped while another is being assigned ...

CVE-2026-46314

A flaw was found in the Linux kernel's drm/v3d component. A local user can exploit this vulnerability by crafting a self-referential multisync extension with zero synchronization counts. This bypasses existing guards, leading to an infinite loop within the kernel. The consequence is a Denial of...

CVE-2026-46313

A flaw was found in the Linux kernel's media subsystem, specifically within the Intel IPU6 driver. This vulnerability occurs when an error pointer is incorrectly dereferenced in an error handling path. An attacker could potentially exploit this flaw to cause a system crash, leading to a Denial of...

CVE-2026-46312

A flaw was found in the videobuf2 subsystem of the Linux kernel. The vb2dmasgmmap function did not correctly set Virtual Memory Area VMA flags, specifically VMDONTEXPAND and VMDONTDUMP. This oversight could lead to a kernel warning and system crash when mapping an imported Direct Memory Access DM...

CVE-2026-48827

A flaw was found in Apache MINA SSHD bundle sshd-git. This path traversal vulnerability allows authenticated users to access Git repositories located outside the intended server root directory. The lack of proper path validation during Git operations, such as git-upload-pack and git-receive-pack,...

CVE-2026-10532

A flaw was found in the logback-core component of QOS.CH Sarl logback. This deserialization of untrusted data vulnerability allows a remote attacker, by influencing serialized data sent to SimpleSocketServer or SimpleSSLSocketServer, to instantiate Proxy objects. Although heavily restricted by...

CVE-2025-71315

In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Convert to DRM's vblank timer Replace vkms' vblank timer with the DRM implementation. The DRM code is identical in concept, but differs in implementation. Vblank timers are covered in vblank helpers and initializer...

CVE-2026-46275

A flaw was found in the Linux kernel's Bluetooth hciuart component. Lifecycle management issues, including Use-After-Free UAF and race conditions, were identified during the closing and initialization paths. These issues can lead to the dereferencing of freed memory, potentially causing system...

CVE-2026-43973

A flaw was found in gun. A malicious server can exploit this uncontrolled resource consumption vulnerability by sending a partial HTTP/1.1 response that never completes. This causes the client's memory buffer to grow without bounds, leading to unbounded heap growth and potentially exhausting all...

CVE-2026-43974

A flaw was found in gun. A malicious HTTP server can exploit this vulnerability by sending an unsolicited '101 Switching Protocols' response to a gun client. This action forces the client into a raw protocol mode, allowing the server to flood the client with arbitrary data. This uncontrolled data...

CVE-2026-43972

A flaw was found in gun. A malicious or compromised HTTP/2 server can exploit an Origin Validation Error vulnerability by injecting unvalidated HTTP/2 PUSHPROMISE authority. This allows the server to plant cookies scoped to arbitrary third-party domains into the client's shared cookie store. This...

CVE-2026-46274

A flaw was found in the Linux kernel's input/output work queue io-wq component. This vulnerability occurs because the system incorrectly handles work queue entries, leading to a stale pointer. A local attacker could exploit this issue by manipulating work queue operations. Successful exploitation...