7.8
CVE-2026-23271 - perf: Fix __perf_event_overflow() vs perf_remove_from_context() race
In the Linux kernel, the following vulnerability has been resolved: perf: Fix __perf_event_overflow() vs perf_remove_from_context() race Make sure that __perf_event_overflow() runs with IRQs disabled for all possible callchains. Specifically the software events can end up running it with only preโฆ
7.5
CVE-2026-23538 - feast: Resource exhaustion via WebSocket endpoint
A vulnerability was identified in the Feast Feature Server's `/ws/chat` endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resourcesโsuch as memory, CPUโฆ
5.3
CVE-2025-46598 -
Bitcoin Core through 29.0 allows a denial of service via a crafted transaction.
7.8
CVE-2026-23272 - netfilter: nf_tables: unconditionally bump set->nelems before insertion
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unconditionally bump set->nelems before insertion In case that the set is full, a new element gets published then removed without waiting for the RCU grace period, while RCU reader can be walking over it alrโฆ
8.8
CVE-2025-67260 -
The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.20200914, Terrapack TKServerCGI 2.5.4.150, and Terrapack Tpโฆ
5.9
CVE-2026-22737 - Spring Framework Improper Path Limitation with Script View Templates
Use of Java scripting engine enabled (e.g. JRuby, Jython) template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views.ย This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0โฆ
6.5
CVE-2026-32761 - File Browser has an Authorization Policy Bypass in its Public Share Download Flow
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.0 and below contain a permission enforcement bypass which allows users who are denied download privileges (perm.download = false) but granted share โฆ
10
CVE-2026-32760 - File Browser Self Registration Grants Any User Admin Access When Default Permissions Include Admin
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, any unauthenticated visitor can register a full administrator account when self-registration (signup = true) is enabled and the defaโฆ
2.6
CVE-2026-22735 - Server Sent Event stream corruption
Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE).ย This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46.
5.3
CVE-2026-32759 - File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, the TUS resumable upload handler parses the Upload-Length header as a signed 64-bit integer without validating that the value is nonโฆ