7.0
CVE-2026-31493 - RDMA/efa: Fix use of completion ctx after free
In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix use of completion ctx after free On admin queue completion handling, if the admin command completed with error we print data from the completion context. The issue is that we already freed the completion context in โฆ
7.0
CVE-2026-31473 - media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex
In the Linux kernel, the following vulnerability has been resolved: media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex MEDIA_REQUEST_IOC_REINIT can run concurrently with VIDIOC_REQBUFS(0) queue teardown paths. This can race request object cleanup against vb2 queue cancellation andโฆ
7.0
CVE-2026-31525 - bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN The BPF interpreter's signed 32-bit division and modulo handlers use the kernel abs() macro on s32 operands. The abs() macro documentation (include/linux/math.h) exโฆ
0.0
CVE-2026-31484 - io_uring/fdinfo: fix OOB read in SQE_MIXED wrap check
In the Linux kernel, the following vulnerability has been resolved: io_uring/fdinfo: fix OOB read in SQE_MIXED wrap check __io_uring_show_fdinfo() iterates over pending SQEs and, for 128-byte SQEs on an IORING_SETUP_SQE_MIXED ring, needs to detect when the second half of the SQE would be past theโฆ
0
CVE-2026-41144 - Fยด (F Prime) has Integer Overflow in FileUplink
Fยด (F Prime) is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize > fileSize uses U32 addition that wraps around on overflow. An attacker-crafted DataPacket with byteOffset=0xFFโฆ
5.5
CVE-2026-41136 - free5GC AMF missing default case in Content-Type switch in HTTPUEContextTransfer
free5GC AMF provides Access & Mobility Management Function (AMF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. Prior to version 1.4.3, the `HTTPUEContextTransfer` handler in `internal/sbi/api_communication.go` does not include a `default` case in the `Content-โฆ
7.5
CVE-2026-41135 - free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service
free5GC UDR is the Policy Control Function (PCF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. A memory leak vulnerability in versions prior to 1.4.3 allows any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory โฆ
6.9
CVE-2026-40343 - free5GC UDR: Fail-open handling in PolicyDataSubsToNotifyPost allows unintended subscription creatiโฆ
free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.2, a fail-open request handling flaw in the UDR service causes the `/nudr-dr/v2/policy-data/subs-to-notify` POST handler to continueโฆ
8.8
CVE-2026-41133 - pyLoad has Stale Session Privilege After Role/Permission Change (Privilege Revocation Bypass)
pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.5.0b3.dev97 cache `role` and `permission` in the session at login and continues to authorize requests using these cached values, even after an admin changes the user's role/permissions in the databasโฆ
5
CVE-2026-41131 - OpenFGA has Improper Policy Enforcement
OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in specific scenarios, models using conditions with caching enabled can result in two different check requests producing the same cache key. This could result in OpenFGA reusing an earlier cached result forโฆ