5.5
CVE-2026-31496 - netfilter: nf_conntrack_expect: skip expectations in other netns via proc
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_expect: skip expectations in other netns via proc Skip expectations that do not reside in this netns. Similar to e77e6ff502ea ("netfilter: conntrack: do not dump other netns's conntrack entries via proc").
5.5
CVE-2026-31458 - mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0]
In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0] Multiple sysfs command paths dereference contexts_arr[0] without first verifying that kdamond->contexts->nr == 1. A user can set nr_contexts to 0 via sysfs whilβ¦
5.5
CVE-2026-31452 - ext4: convert inline data to extents when truncate exceeds inline size
In the Linux kernel, the following vulnerability has been resolved: ext4: convert inline data to extents when truncate exceeds inline size Add a check in ext4_setattr() to convert files from inline data storage to extent-based storage when truncate() grows the file size beyond the inline capacityβ¦
5.5
CVE-2026-31441 - dmaengine: idxd: Fix memory leak when a wq is reset
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix memory leak when a wq is reset idxd_wq_disable_cleanup() which is called from the reset path for a workqueue, sets the wq type to NONE, which for other parts of the driver mean that the wq is empty (all its rβ¦
8.5
CVE-2026-35548 - Logic Flaw in ODBC Enrichment Plugins Allows SSRF via Reused Credentials
An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5.2.1 (5.2.1 is used in guardsix 7.9.0.0). A logic flaw allowed stored database credentials to be reused after modification of the target Host, IP address, or Port. When editing an existing Enrichment Source, preβ¦
6.1
CVE-2026-30139 - Reflected XSS in Silverpeas AdvancedSearch That Enables Arbitrary JavaScript Execution
A reflected cross-site scripting (XSS) vulnerability in the AdvancedSearch functionality of Silverpeas Core before version 6.4.6 allows attackers to execute arbitrary JavaScript in the context of a user's browser via crafted input.
6.5
CVE-2026-31192 - Insufficient Validation of Chrome Extension Identifiers Leading to Sensitive Data Exposure
Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5.6.76.0 allows attackers to obtain sensitive user data via a crafted request.
0
CVE-2026-41144 - FΒ΄ (F Prime) has Integer Overflow in FileUplink
FΒ΄ (F Prime) is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize > fileSize uses U32 addition that wraps around on overflow. An attacker-crafted DataPacket with byteOffset=0xFFβ¦
5.5
CVE-2026-41136 - free5GC AMF missing default case in Content-Type switch in HTTPUEContextTransfer
free5GC AMF provides Access & Mobility Management Function (AMF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. Prior to version 1.4.3, the `HTTPUEContextTransfer` handler in `internal/sbi/api_communication.go` does not include a `default` case in the `Content-β¦
7.5
CVE-2026-41135 - free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service
free5GC UDR is the Policy Control Function (PCF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. A memory leak vulnerability in versions prior to 1.4.3 allows any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory β¦