Wed, Jun 24 · 08:16 AM CDTCVE-2026-52914
9.8/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix fragment reassembly length accounting batman-adv keeps a running payload length for queued fragments and uses it to validate a fragment chain before reassembly. That accounting currently allows the accumulated fragment length to be trun
CVECVE-2026-52914
SeverityCRITICAL
TypeUPDATED
PublishedWed, Jun 24 · 08:16 AM CDT
ModifiedSun, Jun 28 · 08:16 AM CDT
Wed, Jun 24 · 08:16 AM CDTCVE-2026-52924
9.8/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO handling sctp_stream_update() is only invoked when the association is moved into COOKIE_WAIT during association setup/reconfiguration. In this path, the outbound stream scheduler state (stream->out_curr) is exp
CVECVE-2026-52924
SeverityCRITICAL
TypeUPDATED
PublishedWed, Jun 24 · 08:16 AM CDT
ModifiedSun, Jun 28 · 08:16 AM CDT
Wed, Jun 24 · 08:16 AM CDTCVE-2026-52931
9.8/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: batman-adv: tp_meter: avoid use of uninit sender vars batadv_tp_recv_ack() and batadv_tp_stop() are only valid for tp_vars in the BATADV_TP_SENDER role. When called with a BATADV_TP_RECEIVER role, it proceeds to read sender-only members that were never
CVECVE-2026-52931
SeverityCRITICAL
TypeUPDATED
PublishedWed, Jun 24 · 08:16 AM CDT
ModifiedSun, Jun 28 · 08:16 AM CDT
Wed, Jun 24 · 05:17 PM CDTCVE-2026-52955
9.8/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in crush_decode() A message of type CEPH_MSG_OSD_MAP containing a crush map with at least one bucket has two fields holding the bucket algorithm. If the values in these two fields differ, an out-of-bounds acc
CVECVE-2026-52955
SeverityCRITICAL
TypeUPDATED
PublishedWed, Jun 24 · 05:17 PM CDT
ModifiedSun, Jun 28 · 08:16 AM CDT
Wed, Jun 24 · 05:17 PM CDTCVE-2026-52982
9.8/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix use-after-free in rtl8150_start_xmit() syzbot reported a KASAN slab-use-after-free read in rtl8150_start_xmit() when accessing skb->len for tx statistics after usb_submit_urb() has been called: BUG: KASAN: slab-use-after-free in
CVECVE-2026-52982
SeverityCRITICAL
TypeUPDATED
PublishedWed, Jun 24 · 05:17 PM CDT
ModifiedSun, Jun 28 · 08:16 AM CDT
Wed, Jun 24 · 05:17 PM CDTCVE-2026-52986
9.8/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_sip: don't use simple_strtoul Replace unsafe port parsing in epaddr_len(), ct_sip_parse_header_uri(), and ct_sip_parse_request() with a new sip_parse_port() helper that validates each digit against the buffer limit, eliminating
CVECVE-2026-52986
SeverityCRITICAL
TypeUPDATED
PublishedWed, Jun 24 · 05:17 PM CDT
ModifiedSun, Jun 28 · 08:16 AM CDT
Wed, Jun 24 · 05:17 PM CDTCVE-2026-52989
9.8/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: propagate nvmet_tcp_build_pdu_iovec() errors to its callers Currently, when nvmet_tcp_build_pdu_iovec() detects an out-of-bounds PDU length or offset, it triggers nvmet_tcp_fatal_error(cmd->queue) and returns early. However, because the func
CVECVE-2026-52989
SeverityCRITICAL
TypeUPDATED
PublishedWed, Jun 24 · 05:17 PM CDT
ModifiedSun, Jun 28 · 08:16 AM CDT
Wed, Jun 24 · 05:17 PM CDTCVE-2026-52993
9.8/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: tipc: fix double-free in tipc_buf_append() tipc_msg_validate() can potentially reallocate the skb it is validating, freeing the old one. In tipc_buf_append(), it was being called with a pointer to a local variable which was a copy of the caller's skb p
CVECVE-2026-52993
SeverityCRITICAL
TypeUPDATED
PublishedWed, Jun 24 · 05:17 PM CDT
ModifiedSun, Jun 28 · 08:16 AM CDT
Wed, Jun 24 · 05:17 PM CDTCVE-2026-53002
9.8/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: remove sprintf usage Replace it with scnprintf, the buffer sizes are expected to be large enough to hold the result, no need for snprintf+overflow check. Increase buffer size in mangle_content_len() while at it. BUG: KASAN: stack-
CVECVE-2026-53002
SeverityCRITICAL
TypeUPDATED
PublishedWed, Jun 24 · 05:17 PM CDT
ModifiedSun, Jun 28 · 08:16 AM CDT
Wed, Jun 24 · 05:17 PM CDTCVE-2026-53006
9.8/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in icmpv6_rcv() Caching saddr and daddr before pskb_pull() is problematic since skb->head can change. Remove these temporary variables: - We only access &ipv6_hdr(skb)->saddr and &ipv6_hdr(skb)->daddr when net_dbg_ratelimited() i
CVECVE-2026-53006
SeverityCRITICAL
TypeUPDATED
PublishedWed, Jun 24 · 05:17 PM CDT
ModifiedSun, Jun 28 · 08:16 AM CDT
Wed, Jun 24 · 05:17 PM CDTCVE-2026-52958
9.1/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in osdmap_decode() When decoding osd_state and osd_weight from an incoming osdmap in osdmap_decode(), both are decoded for each osd, i.e., map->max_osd times. The ceph_decode_need() check only accounts for si
CVECVE-2026-52958
SeverityCRITICAL
TypeUPDATED
PublishedWed, Jun 24 · 05:17 PM CDT
ModifiedSun, Jun 28 · 08:16 AM CDT
Wed, Jun 24 · 05:17 PM CDTCVE-2026-52999
9.1/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_osf: fix out-of-bounds read on option matching In nf_osf_match(), the nf_osf_hdr_ctx structure is initialized once and passed by reference to nf_osf_match_one() for each fingerprint checked. During TCP option parsing, nf_osf_match_
CVECVE-2026-52999
SeverityCRITICAL
TypeUPDATED
PublishedWed, Jun 24 · 05:17 PM CDT
ModifiedSun, Jun 28 · 08:16 AM CDT
Tue, Apr 28 · 08:16 AM CDTCVE-2024-54013
8.8/10 · Worth your timeNVDvuln
Summary
Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for
CVECVE-2024-54013
SeverityHIGH
TypeUPDATED
PublishedTue, Apr 28 · 08:16 AM CDT
ModifiedSat, Jun 27 · 06:12 PM CDT
Sun, Jun 21 · 08:16 AM CDTCVE-2026-52911
8.8/10 · Worth your timeNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: ksmbd: scope conn->binding slowpath to bound sessions only When the binding SESSION_SETUP sets conn->binding = true, the flag stays set after the call so that the global session lookup in ksmbd_session_lookup_all() can find the session, which was not a
CVECVE-2026-52911
SeverityHIGH
TypeUPDATED
PublishedSun, Jun 21 · 08:16 AM CDT
ModifiedSun, Jun 28 · 08:16 AM CDT
Wed, Jun 24 · 08:16 AM CDTCVE-2026-52918
8.8/10 · Worth your timeNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: serialize accept_q access bt_sock_poll() walks the accept queue without synchronization, while child teardown can unlink the same socket and drop its last reference. The unsynchronized accept queue walk has existed since the initial Bluetoot
CVECVE-2026-52918
SeverityHIGH
TypeUPDATED
PublishedWed, Jun 24 · 08:16 AM CDT
ModifiedSun, Jun 28 · 08:16 AM CDT
Wed, Jun 24 · 08:16 AM CDTCVE-2026-52934
8.8/10 · Worth your timeNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: batman-adv: tvlv: reject oversized TVLV packets batadv_tvlv_container_ogm_append() builds a TVLV packet section from the tvlv.container_list. The total size of this section is computed by batadv_tvlv_container_list_size(), which sums the sizes of all r
CVECVE-2026-52934
SeverityHIGH
TypeUPDATED
PublishedWed, Jun 24 · 08:16 AM CDT
ModifiedSun, Jun 28 · 08:16 AM CDT
Wed, Jun 24 · 05:17 PM CDTCVE-2026-52952
8.8/10 · Worth your timeNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: iommu: Fix WARN_ON in __iommu_group_set_domain_nofail() due to reset In __iommu_group_set_domain_internal(), concurrent domain attachments are rejected when any device in the group is recovering. This is necessary to fence concurrent attachments to a m
CVECVE-2026-52952
SeverityHIGH
TypeUPDATED
PublishedWed, Jun 24 · 05:17 PM CDT
ModifiedSun, Jun 28 · 08:16 AM CDT
Tue, Jun 23 · 05:17 PM CDTCVE-2026-56115
8.8/10 · Worth your timeNVDvuln
Summary
Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function in internal/auth/auth.go, which validates JWT tokens and account status but fails to inspect the is
CVECVE-2026-56115
SeverityHIGH
TypeUPDATED
PublishedTue, Jun 23 · 05:17 PM CDT
ModifiedSun, Jun 28 · 12:28 AM CDT
Wed, Jun 24 · 08:16 AM CDTCVE-2026-52920
8.3/10 · Worth your timeNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_policy: fix strict mode inbound policy matching match_policy_in() walks sec_path entries from the last transform to the first one, but strict policy matching needs to consume info->pol[] in the same forward order as the rule layout. Deriv
CVECVE-2026-52920
SeverityHIGH
TypeUPDATED
PublishedWed, Jun 24 · 08:16 AM CDT
ModifiedSun, Jun 28 · 08:16 AM CDT
Mon, Jun 22 · 04:16 PM CDTCVE-2026-41045
8.1/10 · Worth your timeNVDvuln
Summary
A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user.
CVECVE-2026-41045
SeverityHIGH
TypeUPDATED
PublishedMon, Jun 22 · 04:16 PM CDT
ModifiedSun, Jun 28 · 12:10 AM CDT
Wed, Jun 10 · 12:16 AM CDTCVE-2026-41731
8.1/10 · Worth your timeNVDvuln
Summary
JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Combined with Jackson's default bean deserialization, a producer could supply crafted header values that caus
CVECVE-2026-41731
SeverityHIGH
TypeUPDATED
PublishedWed, Jun 10 · 12:16 AM CDT
ModifiedSat, Jun 27 · 10:16 PM CDT
Wed, Jun 10 · 12:16 AM CDTCVE-2026-41732
8.1/10 · Worth your timeNVDvuln
Summary
JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Additionally, an empty trusted-packages configuration fell back to trusting all packages rather than applying a safe default allow-list. Affected versio
CVECVE-2026-41732
SeverityHIGH
TypeUPDATED
PublishedWed, Jun 10 · 12:16 AM CDT
ModifiedSat, Jun 27 · 10:16 PM CDT
Tue, Jun 09 · 05:16 AM CDTCVE-2026-41855
8.1/10 · Worth your timeNVDvuln
Summary
In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and org.springframework.jms.support.converter.JacksonJsonMessageConverter allow arbitrary class instantiation, which can lead to unauthorized actions via gadget class deserialization. Affected versions: Spring Fra
CVECVE-2026-41855
SeverityHIGH
TypeUPDATED
PublishedTue, Jun 09 · 05:16 AM CDT
ModifiedSat, Jun 27 · 09:16 PM CDT
Wed, Jun 24 · 05:17 PM CDTCVE-2026-52967
8.1/10 · Worth your timeNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: smb/client: fix possible infinite loop and oob read in symlink_data() On 32-bit architectures, the infinite loop is as follows: len = p->ErrorDataLength == 0xfffffff8 u8 *next = p->ErrorContextData + len next == p On 32-bit architectures, the out-of-bo
CVECVE-2026-52967
SeverityHIGH
TypeUPDATED
PublishedWed, Jun 24 · 05:17 PM CDT
ModifiedSun, Jun 28 · 08:16 AM CDT
Tue, Jun 23 · 09:17 PM CDTCVE-2026-54512
8.1/10 · Worth your timeNVDvuln
Summary
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, jackson-databind's PolymorphicTypeValidator (PTV) is the primary safety mechanism guarding polymorphic deserialization. When polymorphic typing is enabled and
CVECVE-2026-54512
SeverityHIGH
TypeUPDATED
PublishedTue, Jun 23 · 09:17 PM CDT
ModifiedSat, Jun 27 · 09:01 PM CDT