7.5
CVE-2026-28815 - Out-of-Bounds Read in HPKE Decapsulation Leading to Potential Memory Disclosure
A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1.
5.4
CVE-2026-35508 - CrossβSite Scripting via urldisplay and iconify Filters in Shynet before v0.14.0
Shynet before 0.14.0 allows XSS in urldisplay and iconify template filters,
6.4
CVE-2026-35507 - Host Header Injection in Shynet Password Reset Flow
Shynet before 0.14.0 allows Host header injection in the password reset flow.
5.5
CVE-2026-23419 - net/rds: Fix circular locking dependency in rds_tcp_tune
In the Linux kernel, the following vulnerability has been resolved: net/rds: Fix circular locking dependency in rds_tcp_tune syzbot reported a circular locking dependency in rds_tcp_tune() where sk_net_refcnt_upgrade() is called while holding the socket lock: ====================================β¦
5.5
CVE-2026-23423 - btrfs: free pages on error in btrfs_uring_read_extent()
In the Linux kernel, the following vulnerability has been resolved: btrfs: free pages on error in btrfs_uring_read_extent() In this function the 'pages' object is never freed in the hopes that it is picked up by btrfs_uring_read_finished() whenever that executes in the future. But that's just theβ¦
5.5
CVE-2026-23449 - net/sched: teql: Fix double-free in teql_master_xmit
In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: Fix double-free in teql_master_xmit Whenever a TEQL devices has a lockless Qdisc as root, qdisc_reset should be called using the seq_lock to avoid racing with the datapath. Failure to do so may cause crashes likeβ¦
0.0
CVE-2026-23427 - ksmbd: fix use-after-free in durable v2 replay of active file handles
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in durable v2 replay of active file handles parse_durable_handle_context() unconditionally assigns dh_info->fp->conn to the current connection when handling a DURABLE_REQ_V2 context with SMB2_FLAGS_REPLAβ¦
7.0
CVE-2026-31403 - NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd
In the Linux kernel, the following vulnerability has been resolved: NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd The /proc/fs/nfs/exports proc entry is created at module init and persists for the module's lifetime. exports_proc_open() captures the caller's current network β¦
7.0
CVE-2026-31395 - bnxt_en: fix OOB access in DBG_BUF_PRODUCER async event handler
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: fix OOB access in DBG_BUF_PRODUCER async event handler The ASYNC_EVENT_CMPL_EVENT_ID_DBG_BUF_PRODUCER handler in bnxt_async_event_process() uses a firmware-supplied 'type' field directly as an index into bp->bs_trace[] wβ¦
7.0
CVE-2026-23441 - net/mlx5e: Prevent concurrent access to IPSec ASO context
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent concurrent access to IPSec ASO context The query or updating IPSec offload object is through Access ASO WQE. The driver uses a single mlx5e_ipsec_aso struct for each PF, which contains a shared DMA-mapped conteβ¦