Common Vulnerabilities and Exposures (CVE)

CVE-2026-43037

Jul 2, 2026 12:05:09 UTC

In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() Oskar Kjos reported the following problem. ip4ip6_err() calls icmp_send() on a cloned skb whose cb[] was written by the IPv6...

CVE-2026-46243

Jul 2, 2026 12:05:08 UTC

In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcall_target that cif...

CVE-2026-46300

Jul 2, 2026 12:05:08 UTC

In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() can attach paged frags from @from to @to. If @from has SKBFL_SHARED_FRAG set, the resulting...

CVE-2026-33845

Jul 2, 2026 12:05:08 UTC

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may ca...

CVE-2026-33846

Jul 2, 2026 12:05:07 UTC

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, wi...

CVE-2026-42009

Jul 2, 2026 12:05:07 UTC

A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correc...

CVE-2026-32285

Jul 2, 2026 12:05:07 UTC

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.

CVE-2026-39820

Jul 2, 2026 12:05:06 UTC

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.

CVE-2026-42499

Jul 2, 2026 12:05:06 UTC

Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.

CVE-2026-39829

Jul 2, 2026 12:05:06 UTC

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This cou...

CVE-2026-42508

Jul 2, 2026 12:05:05 UTC

Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked.

CVE-2026-42264

Jul 2, 2026 12:05:05 UTC

Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties (auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser) in the HTTP adapter are read via dire...

CVE-2026-12143

Jul 2, 2026 12:05:05 UTC

form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the `field` argument to `FormData#append` and the `filename` option are concatenated verbatim into the `Content-Disposition` header without...

CVE-2026-27137

Jul 2, 2026 12:05:04 UTC

When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last...

CVE-2026-39835

Jul 2, 2026 12:05:04 UTC

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these ca...