9.8
CVE-2026-26832 - nodeβtesseractβocr OS Command Injection via Unsanitized File Path
node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize() function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to child_process.execβ¦
7.8
CVE-2026-23372 - nfc: rawsock: cancel tx_work before socket teardown
In the Linux kernel, the following vulnerability has been resolved: nfc: rawsock: cancel tx_work before socket teardown In rawsock_release(), cancel any pending tx_work and purge the write queue before orphaning the socket. rawsock_tx_work runs on the system workqueue and calls nfc_data_exchangeβ¦
5.5
CVE-2026-23339 - nfc: nci: free skb on nci_transceive early error paths
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free skb on nci_transceive early error paths nci_transceive() takes ownership of the skb passed by the caller, but the -EPROTO, -EINVAL, and -EBUSY error paths return without freeing it. Due to issues clearing NCI_DATAβ¦
5.5
CVE-2026-23337 - pinctrl: pinconf-generic: Fix memory leak in pinconf_generic_parse_dt_config()
In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fix memory leak in pinconf_generic_parse_dt_config() In pinconf_generic_parse_dt_config(), if parse_dt_cfg() fails, it returns directly. This bypasses the cleanup logic and results in a memory leak of thβ¦
5.5
CVE-2026-23332 - cpufreq: intel_pstate: Fix crash during turbo disable
In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix crash during turbo disable When the system is booted with kernel command line argument "nosmt" or "maxcpus" to limit the number of CPUs, disabling turbo via: echo 1 > /sys/devices/system/cpu/intel_pstβ¦
5.5
CVE-2026-23331 - udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected.
In the Linux kernel, the following vulnerability has been resolved: udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected. Let's say we bind() an UDP socket to the wildcard address with a non-zero port, connect() it to an address, and disconnect it from the address. bind(β¦
5.5
CVE-2026-23330 - nfc: nci: complete pending data exchange on device close
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: complete pending data exchange on device close In nci_close_device(), complete any pending data exchange before closing. The data exchange callback (e.g. rawsock_data_exchange_complete) holds a socket reference. NIPA oβ¦
5.5
CVE-2026-23328 - accel/amdxdna: Fix NULL pointer dereference of mgmt_chann
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix NULL pointer dereference of mgmt_chann mgmt_chann may be set to NULL if the firmware returns an unexpected error in aie2_send_mgmt_msg_wait(). This can later lead to a NULL pointer dereference in aie2_hw_stop()β¦
7.8
CVE-2026-23326 - xsk: Fix fragment node deletion to prevent buffer leak
In the Linux kernel, the following vulnerability has been resolved: xsk: Fix fragment node deletion to prevent buffer leak After commit b692bf9a7543 ("xsk: Get rid of xdp_buff_xsk::xskb_list_node"), the list_node field is reused for both the xskb pool list and the buffer free list, this causes a β¦
7.1
CVE-2026-23325 - wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211()
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() Check frame length before accessing the mgmt fields in mt7996_mac_write_txwi_80211 in order to avoid a possible oob access.