8.4
CVE-2026-30363 - Stack Overflow in Main Function of Flipper Zero Firmware
flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in the "Main" function.
9.8
CVE-2026-42472 - Serialization Vulnerability in MixPHP Framework Causing Potential Remote Code Execution
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from Redis in the RedisHandler object.
5.5
CVE-2026-31752 - bridge: br_nd_send: validate ND option lengths
In the Linux kernel, the following vulnerability has been resolved: bridge: br_nd_send: validate ND option lengths br_nd_send() walks ND options according to option-provided lengths. A malformed option can make the parser advance beyond the computed option span or use a too-short source LLADDR opโฆ
5.5
CVE-2026-42479 - OutโofโBounds Read in OpenโฏCASCADE VRML Parser Causing Denial of Service
An out-of-bounds read vulnerability in VrmlData_IndexedLineSet::TShape in the VRML parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because coordIndex values from parsed input are used as direct array indicesโฆ
8
CVE-2026-43003 -
An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-install from within a chroot of the deployed partition image, leading to code execution in the case of a malicious image.
9.8
CVE-2026-42473 - Unsafe Deserialization Resulting in Remote Code Execution in MixPHP Framework
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from the filesystem in the FileHandler object.
4.7
CVE-2026-43053 - xfs: close crash window in attr dabtree inactivation
In the Linux kernel, the following vulnerability has been resolved: xfs: close crash window in attr dabtree inactivation When inactivating an inode with node-format extended attributes, xfs_attr3_node_inactive() invalidates all child leaf/node blocks via xfs_trans_binval(), but intentionally doesโฆ
5.5
CVE-2026-43010 - bpf: Reject sleepable kprobe_multi programs at attach time
In the Linux kernel, the following vulnerability has been resolved: bpf: Reject sleepable kprobe_multi programs at attach time kprobe.multi programs run in atomic/RCU context and cannot sleep. However, bpf_kprobe_multi_link_attach() did not validate whether the program being attached had the sleeโฆ
5.5
CVE-2026-31741 - counter: rz-mtu3-cnt: prevent counter from being toggled multiple times
In the Linux kernel, the following vulnerability has been resolved: counter: rz-mtu3-cnt: prevent counter from being toggled multiple times Runtime PM counter is incremented / decremented each time the sysfs enable file is written to. If user writes 0 to the sysfs enable file multiple times, runโฆ
9.8
CVE-2026-43011 - net/x25: Fix potential double free of skb
In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix potential double free of skb When alloc_skb fails in x25_queue_rx_frame it calls kfree_skb(skb) at line 48 and returns 1 (error). This error propagates back through the call chain: x25_queue_rx_frame returns 1 |โฆ