24h | 7d | 30d

Overview

  • Linux
  • Linux

13 Jan 2026
Published
09 Feb 2026
Updated

CVSS
Pending
EPSS
0.06%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex (instead of RTNL) to protect the multicast route list, so that it will not change while the driver periodically traverses it in order to update the kernel about multicast route stats that were queried from the device. One instance of list entry deletion (during route replace) was missed and it can result in a use-after-free [1]. Fix by acquiring the mutex before deleting the entry from the list and releasing it afterwards. [1] BUG: KASAN: slab-use-after-free in mlxsw_sp_mr_stats_update+0x4a5/0x540 drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c:1006 [mlxsw_spectrum] Read of size 8 at addr ffff8881523c2fa8 by task kworker/2:5/22043 CPU: 2 UID: 0 PID: 22043 Comm: kworker/2:5 Not tainted 6.18.0-rc1-custom-g1a3d6d7cd014 #1 PREEMPT(full) Hardware name: Mellanox Technologies Ltd. MSN2010/SA002610, BIOS 5.6.5 08/24/2017 Workqueue: mlxsw_core mlxsw_sp_mr_stats_update [mlxsw_spectrum] Call Trace: <TASK> dump_stack_lvl+0xba/0x110 print_report+0x174/0x4f5 kasan_report+0xdf/0x110 mlxsw_sp_mr_stats_update+0x4a5/0x540 drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c:1006 [mlxsw_spectrum] process_one_work+0x9cc/0x18e0 worker_thread+0x5df/0xe40 kthread+0x3b8/0x730 ret_from_fork+0x3e9/0x560 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 29933: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x8f/0xa0 mlxsw_sp_mr_route_add+0xd8/0x4770 [mlxsw_spectrum] mlxsw_sp_router_fibmr_event_work+0x371/0xad0 drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c:7965 [mlxsw_spectrum] process_one_work+0x9cc/0x18e0 worker_thread+0x5df/0xe40 kthread+0x3b8/0x730 ret_from_fork+0x3e9/0x560 ret_from_fork_asm+0x1a/0x30 Freed by task 29933: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 __kasan_save_free_info+0x3b/0x70 __kasan_slab_free+0x43/0x70 kfree+0x14e/0x700 mlxsw_sp_mr_route_add+0x2dea/0x4770 drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c:444 [mlxsw_spectrum] mlxsw_sp_router_fibmr_event_work+0x371/0xad0 drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c:7965 [mlxsw_spectrum] process_one_work+0x9cc/0x18e0 worker_thread+0x5df/0xe40 kthread+0x3b8/0x730 ret_from_fork+0x3e9/0x560 ret_from_fork_asm+0x1a/0x30

Statistics

  • 1 Post

Last activity: 19 hours ago

Bluesky

Profile picture fallback
Critical patch drop for #openSUSE Leap 16.0! The new kernel update squashes 150+ security bugs, with a heavy focus on access race vulnerabilities (looking at you, CVE-2025-68800). Read more: πŸ‘‰ tinyurl.com/4hkvkesf #Security
  • 0
  • 0
  • 0
  • 19h ago

Overview

  • ZoneMinder
  • zoneminder

21 Feb 2026
Published
24 Feb 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.03%

KEV

Description

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents() function. Event field values (specifically Name and Cause) are stored safely via parameterized queries but are later retrieved and concatenated directly into SQL WHERE clauses without escaping. An authenticated user with Events edit and view permissions can exploit this to execute arbitrary SQL queries.

Statistics

  • 1 Post

Last activity: 12 hours ago

Bluesky

Profile picture fallback
[Backport release-25.11] zoneminder: 1.36.36 -> 1.36.38, fixes CVE-2026-27470 https://github.com/NixOS/nixpkgs/pull/495332 #security
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • FreeRDP
  • FreeRDP

25 Feb 2026
Published
26 Feb 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.04%

KEV

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode path, `planar_decompress_plane_rle()` writes into `pDstData` at `((nYDst+y) * nDstStep) + (4*nXDst) + nChannel` without verifying that `(nYDst+nSrcHeight)` fits in the destination height or that `(nXDst+nSrcWidth)` fits in the destination stride. When `TempFormat != DstFormat`, `pDstData` becomes `planar->pTempData` (sized for the desktop), while `nYDst` is only validated against the **surface** by `is_within_surface()`. A malicious RDP server can exploit this to perform a heap out-of-bounds write with attacker-controlled offset and pixel data on any connecting FreeRDP client. The OOB write reaches up to 132,096 bytes past the temp buffer end, and on the brk heap (desktop ≀ 128Γ—128), an adjacent `NSC_CONTEXT` struct's `decode` function pointer is overwritten with attacker-controlled pixel data β€” control-flow–relevant corruption (function pointer overwritten) demonstrated under deterministic heap layout (`nsc->decode = 0xFF414141FF414141`). Version 3.23.0 fixes the vulnerability.

Statistics

  • 1 Post

Last activity: 20 hours ago

Bluesky

Profile picture fallback
πŸ“Œ CVE-2026-26965 - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode path, `planar_decompress_plane_rle(... https://www.cyberhub.blog/cves/CVE-2026-26965
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • rustfs
  • rustfs

25 Feb 2026
Published
25 Feb 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.08%

KEV

Description

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.56 through 1.0.0-alpha.82, RustFS does not validate policy conditions in presigned POST uploads (PostObject), allowing attackers to bypass content-length-range, starts-with, and Content-Type constraints. This enables unauthorized file uploads exceeding size limits, uploads to arbitrary object keys, and content-type spoofing, potentially leading to storage exhaustion, unauthorized data access, and security bypasses. Version 1.0.0-alpha.83 fixes the issue.

Statistics

  • 1 Post

Last activity: 10 hours ago

Bluesky

Profile picture fallback
πŸ“Œ CVE-2026-27607 - RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.56 through 1.0.0-alpha.82, RustFS does not validate policy condit... https://www.cyberhub.blog/cves/CVE-2026-27607
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Wireshark Foundation
  • Wireshark

25 Feb 2026
Published
25 Feb 2026
Updated

CVSS v3.1
MEDIUM (4.7)
EPSS
Pending

KEV

Description

USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service

Statistics

  • 1 Post

Last activity: Last hour

Fediverse

Profile picture fallback

RE: infosec.exchange/@geraldcombs/

4.6.4 resolves 3 denial of service vulnerabilities in the following protocol dissectors:

The new release also includes a bug fix for fingerprints of TLS handshakes with odd ALPN values as well as an important update of the parser, which now enables more reliable extraction of data from within SOCKS tunnels.

  • 0
  • 0
  • 0
  • Last hour

Overview

  • Wireshark Foundation
  • Wireshark

25 Feb 2026
Published
25 Feb 2026
Updated

CVSS v3.1
MEDIUM (4.7)
EPSS
Pending

KEV

Description

NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service

Statistics

  • 1 Post

Last activity: Last hour

Fediverse

Profile picture fallback

RE: infosec.exchange/@geraldcombs/

4.6.4 resolves 3 denial of service vulnerabilities in the following protocol dissectors:

The new release also includes a bug fix for fingerprints of TLS handshakes with odd ALPN values as well as an important update of the parser, which now enables more reliable extraction of data from within SOCKS tunnels.

  • 0
  • 0
  • 0
  • Last hour

Overview

  • Wireshark Foundation
  • Wireshark

25 Feb 2026
Published
25 Feb 2026
Updated

CVSS v3.1
MEDIUM (5.5)
EPSS
Pending

KEV

Description

RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service

Statistics

  • 1 Post

Last activity: Last hour

Fediverse

Profile picture fallback

RE: infosec.exchange/@geraldcombs/

4.6.4 resolves 3 denial of service vulnerabilities in the following protocol dissectors:

The new release also includes a bug fix for fingerprints of TLS handshakes with odd ALPN values as well as an important update of the parser, which now enables more reliable extraction of data from within SOCKS tunnels.

  • 0
  • 0
  • 0
  • Last hour
Showing 31 to 37 of 37 CVEs