8.7
CVE-2026-41146 - facil.io and downstream iodine ruby gem vulnerable to uncontrolled resource consumption and loop wiβ¦
facil.io is a C micro-framework for web applications. Prior to commit 5128747363055201d3ecf0e29bf0a961703c9fa0, `fio_json_parse` can enter an infinite loop when it encounters a nested JSON value starting with `i` or `I`. The process spins in user space and pegs one CPU core at ~100% instead of retuβ¦
8.8
CVE-2026-41145 - MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-β¦
MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's `STREAMING-UNSIGNED-PAYLOAD-TRAILER` code path allows any user who knows a valid access key to write arbitrary objβ¦
8.8
CVE-2026-40344 - MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Upβ¦
MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler (`PutObjectExtractHandler`) allows any user who knows a valid access key to write arβ¦
0.0
CVE-2026-31476 - ksmbd: do not expire session on binding failure
In the Linux kernel, the following vulnerability has been resolved: ksmbd: do not expire session on binding failure When a multichannel session binding request fails (e.g. wrong password), the error path unconditionally sets sess->state = SMB2_SESSION_EXPIRED. However, during binding, sess pointsβ¦
7.0
CVE-2026-31512 - Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() l2cap_ecred_data_rcv() reads the SDU length field from skb->data using get_unaligned_le16() without first verifying that skb contains at leβ¦
7.0
CVE-2026-31487 - spi: use generic driver_override infrastructure
In the Linux kernel, the following vulnerability has been resolved: spi: use generic driver_override infrastructure When a driver is probed through __driver_attach(), the bus' match() callback is called without the device lock held, thus accessing the driver_override field without a lock, which cβ¦
5.5
CVE-2026-31520 - HID: apple: avoid memory leak in apple_report_fixup()
In the Linux kernel, the following vulnerability has been resolved: HID: apple: avoid memory leak in apple_report_fixup() The apple_report_fixup() function was returning a newly kmemdup()-allocated buffer, but never freeing it. The caller of report_fixup() does not take ownership of the returnedβ¦
5.5
CVE-2026-31514 - erofs: set fileio bio failed in short read case
In the Linux kernel, the following vulnerability has been resolved: erofs: set fileio bio failed in short read case For file-backed mount, IO requests are handled by vfs_iocb_iter_read(). However, it can be interrupted by SIGKILL, returning the number of bytes actually copied. Unused folios in biβ¦
5.5
CVE-2026-31458 - mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0]
In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0] Multiple sysfs command paths dereference contexts_arr[0] without first verifying that kdamond->contexts->nr == 1. A user can set nr_contexts to 0 via sysfs whilβ¦
5.5
CVE-2026-31496 - netfilter: nf_conntrack_expect: skip expectations in other netns via proc
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_expect: skip expectations in other netns via proc Skip expectations that do not reside in this netns. Similar to e77e6ff502ea ("netfilter: conntrack: do not dump other netns's conntrack entries via proc").