0.0
CVE-2026-5398 - Kernel use-after-free bug in the TIOCNOTTY handler
The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the calling process' session. If the invoking process then exits, the terminal structure may end up containing a pointer to freed memory. A malicious process can abuse the daβ¦
2.7
CVE-2026-6408 - Tanium addressed an information disclosure vulnerability in Tanium Server.
Tanium addressed an information disclosure vulnerability in Tanium Server.
2.7
CVE-2026-6392 - Tanium addressed an information disclosure vulnerability in Threat Response.
Tanium addressed an information disclosure vulnerability in Threat Response.
8.2
CVE-2026-41458 - OwnTone Server < 29.1 Race Condition DoS via DAAP Login
OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login handler that allows unauthenticated attackers to crash the server by exploiting unsynchronized access to the global DAAP session list. Attackers can flood the DAAP /login endpoint with concurrent requβ¦
2.7
CVE-2026-6416 - Tanium addressed an uncontrolled resource consumption vulnerability in Interact.
Tanium addressed an uncontrolled resource consumption vulnerability in Interact.
6.9
CVE-2026-41457 - OwnTone Server < 29.1 SQL Injection via query and filter Parameters
OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit iβ¦
8.7
CVE-2026-41146 - facil.io and downstream iodine ruby gem vulnerable to uncontrolled resource consumption and loop wiβ¦
facil.io is a C micro-framework for web applications. Prior to commit 5128747363055201d3ecf0e29bf0a961703c9fa0, `fio_json_parse` can enter an infinite loop when it encounters a nested JSON value starting with `i` or `I`. The process spins in user space and pegs one CPU core at ~100% instead of retuβ¦
8.8
CVE-2026-41145 - MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-β¦
MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's `STREAMING-UNSIGNED-PAYLOAD-TRAILER` code path allows any user who knows a valid access key to write arbitrary objβ¦
8.8
CVE-2026-40344 - MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Upβ¦
MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler (`PutObjectExtractHandler`) allows any user who knows a valid access key to write arβ¦
0
CVE-2026-41144 - FΒ΄ (F Prime) has Integer Overflow in FileUplink
FΒ΄ (F Prime) is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize > fileSize uses U32 addition that wraps around on overflow. An attacker-crafted DataPacket with byteOffset=0xFFβ¦