2.7
CVE-2026-6392 - Tanium addressed an information disclosure vulnerability in Threat Response.
Tanium addressed an information disclosure vulnerability in Threat Response.
8.2
CVE-2026-41458 - OwnTone Server < 29.1 Race Condition DoS via DAAP Login
OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login handler that allows unauthenticated attackers to crash the server by exploiting unsynchronized access to the global DAAP session list. Attackers can flood the DAAP /login endpoint with concurrent requβ¦
2.7
CVE-2026-6416 - Tanium addressed an uncontrolled resource consumption vulnerability in Interact.
Tanium addressed an uncontrolled resource consumption vulnerability in Interact.
6.9
CVE-2026-41457 - OwnTone Server < 29.1 SQL Injection via query and filter Parameters
OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit iβ¦
8.7
CVE-2026-41146 - facil.io and downstream iodine ruby gem vulnerable to uncontrolled resource consumption and loop wiβ¦
facil.io is a C micro-framework for web applications. Prior to commit 5128747363055201d3ecf0e29bf0a961703c9fa0, `fio_json_parse` can enter an infinite loop when it encounters a nested JSON value starting with `i` or `I`. The process spins in user space and pegs one CPU core at ~100% instead of retuβ¦
8.8
CVE-2026-41145 - MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-β¦
MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's `STREAMING-UNSIGNED-PAYLOAD-TRAILER` code path allows any user who knows a valid access key to write arbitrary objβ¦
8.8
CVE-2026-40344 - MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Upβ¦
MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler (`PutObjectExtractHandler`) allows any user who knows a valid access key to write arβ¦
7.8
CVE-2026-31516 - xfrm: prevent policy_hthresh.work from racing with netns teardown
In the Linux kernel, the following vulnerability has been resolved: xfrm: prevent policy_hthresh.work from racing with netns teardown A XFRM_MSG_NEWSPDINFO request can queue the per-net work item policy_hthresh.work onto the system workqueue. The queued callback, xfrm_hash_rebuild(), retrieves tβ¦
8.1
CVE-2026-31513 - Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2cap_ecred_conn_req
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2cap_ecred_conn_req Syzbot reported a KASAN stack-out-of-bounds read in l2cap_build_cmd() that is triggered by a malformed Enhanced Credit Based Connection Request. The vulnerabβ¦
7.8
CVE-2026-31494 - net: macb: use the current queue number for stats
In the Linux kernel, the following vulnerability has been resolved: net: macb: use the current queue number for stats There's a potential mismatch between the memory reserved for statistics and the amount of memory written. gem_get_sset_count() correctly computes the number of stats based on theβ¦