4.6
CVE-2025-48517 -
Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potentially resulting in a partial loss of confidentiality.
5.9
CVE-2025-29948 -
Improper access control in AMD Secure Encrypted Virtualization (SEV) firmware could allow a malicious hypervisor to bypass RMP protections, potentially resulting in a loss of SEV-SNP guest memory integrity.
6.9
CVE-2026-2303 - Heap Out-of-Bounds Read in Go Driver GSSAPI C Wrappers enables application crash or information leak
The mongo-go-driver repositoryΒ contains CGo bindings for GSSAPI (Kerberos) authentication on Linux and macOS. The C wrapper implementation contains a heap out-of-bounds read vulnerability due to incorrect assumptions about string termination in the GSSAPI standard. Since GSSAPI buffers are not guarβ¦
6.9
CVE-2026-2302 - Unsafe Reflection in Mongoid::Criteria.from_hash
Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.from_hash may allow for executing arbitrary Ruby code.
10
CVE-2026-26009 - Catalyst Affected by Remote Code Execution as Root via Containerized Install Script Execution
Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or containerization. Any user with template.create or teβ¦
7.7
CVE-2026-25506 - MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery
MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged (the MUNGE authentication daemon) to leak cryptographic key material from process memory. With the leaked key material, the attacβ¦
7.1
CVE-2026-25613 - An unsafe cast in the MongoDB query planner can result in a segmentation fault.
An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compound wildcard index.
7.1
CVE-2026-1849 - Mongod can run out of stack memory when expressions create deeply nested documents
MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression.
7.8
CVE-2025-14821 - libssh: libssh: Insecure default configuration leads to local man-in-the-middle attacks on Windows
A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH (Secure Shell) connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an inseβ¦
7.1
CVE-2026-1850 - An authorized user may disable the MongoDB server by issuing a certain type of complex query due toβ¦
Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash.