0.0
CVE-2026-23404 - apparmor: replace recursive profile removal with iterative approach
In the Linux kernel, the following vulnerability has been resolved: apparmor: replace recursive profile removal with iterative approach The profile removal code uses recursion when removing nested profiles, which can lead to kernel stack exhaustion and system crashes. Reproducer: $ pf='a'; forβ¦
6.5
CVE-2026-25834 - mbedtls: Mbed TLS: Algorithm downgrade vulnerability
Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
5.5
CVE-2026-23402 - KVM: x86/mmu: Only WARN in direct MMUs when overwriting shadow-present SPTE
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Only WARN in direct MMUs when overwriting shadow-present SPTE Adjust KVM's sanity check against overwriting a shadow-present SPTE with a another SPTE with a different target PFN to only apply to direct MMUs, i.e. onβ¦
9.8
CVE-2026-31027 - Buffer Overflow in A3600R Root SSID Configuration Enables Remote Code Execution
TOTOlink A3600R v5.9c.4959 contains a buffer overflow vulnerability in the setAppEasyWizardConfig interface of /lib/cste_modules/app.so. The vulnerability occurs because the rootSsid parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow, potentially β¦
7.8
CVE-2026-23410 - apparmor: fix race on rawdata dereference
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race on rawdata dereference There is a race condition that leads to a use-after-free situation: because the rawdata inodes are not refcounted, an attacker can start open()ing one of the rawdata files, and at the samβ¦
9.8
CVE-2024-40489 - Injection Vulnerability Allowing Arbitrary Code Execution in Jeecg Boot
There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests.
6.5
CVE-2026-30523 - Negative Duration Loan Plan Allowance
A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to the lack of proper input validation. The application allows administrators to define "Loan Plans" which determine the duration of a loan (in months). However, the backend fails to validate that the duration mβ¦
3.3
CVE-2026-35094 - Libinput: libinput: information disclosure via dangling pointer in lua plugin handling
A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could potenβ¦
7.8
CVE-2026-23411 - apparmor: fix race between freeing data and fs accessing it
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race between freeing data and fs accessing it AppArmor was putting the reference to i_private data on its end after removing the original entry from the file system. However the inode can aand does live beyond that β¦
5.1
CVE-2025-66442 - mbedtls: Mbed TLS and TF-PSA-Crypto: Information disclosure via compiler-induced timing side channel
In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.