vulnerability

An integer overflow discovered in FreeType’s variable-font parsing code has been assigned CVE-2026-23865 and fixed in upstream FreeType 2.14.2; administrators, packagers, and application maintainers should treat this as a prompt to verify and, where necessary, deploy updated packages immediately...

A recently assigned CVE, CVE‑2026‑1979, exposes a use‑after‑free (UAF) in mruby’s virtual machine caused by an over‑aggressive bytecode optimization that converts JMPNOT instructions into JMPIF instructions — a logic error that corrupts compiled bytecode and can lead to memory corruption when...

The Linux kernel received a small but consequential bugfix in the Ceph client library (libceph) that corrects a missing error return in the authentication completion path — a change tracked as CVE‑2026‑22992 that, if left unpatched, can leave higher layers confused about authentication state and...

Vitess operators and cloud teams must treat their backups like a live attack surface: a recently disclosed vulnerability shows that anyone with read/write access to backup storage can weaponize manifest metadata to execute arbitrary commands during restore and gain unauthorized access to...

Chromium’s CVE-2026-3061 is an out‑of‑bounds read in the browser’s Media component, and Microsoft has listed the CVE in its Security Update Guide not because Microsoft introduced the bug but because Microsoft Edge (Chromium‑based) consumes upstream Chromium code — the entry tells Edge customers...

A Time‑of‑Check/Time‑of‑Use (TOCTOU) race in the SoftFileLock implementation of the widely used Python package filelock (tracked as CVE‑2026‑22701) allows a local attacker who can create symbolic links to interpose between permission checks and file creation, producing silent lock failures...

Oracle's MySQL Server contains a stability flaw in its query optimizer that can be triggered by a low‑privileged, network‑accessible account to hang or repeatedly crash the server process—producing a reliable denial‑of‑service condition tracked as CVE‑2024‑20961. Background / Overview MySQL...

A subtle type‑confusion in the X.Org cursor code — tracked as CVE‑2024‑0409 — can corrupt the SELinux labeling context and has been patched upstream; administrators running Xorg, Xwayland, Xephyr or affected VNC stacks should treat this as an availability‑first, high‑impact bug and apply vendor...

A subtle integer overflow in the Go standard library’s scanner can be weaponized to hang processes: CVE-2023-24537 causes the go/scanner parser to enter an infinite loop when it encounters //line directives with abnormally large line numbers, producing a reliable denial‑of‑service (DoS)...

When a single character — the humble tilde (~) — is handled incorrectly, the result can be more than just a parsing glitch: it can be a pathway out of intended restrictions and into other users’ files. CVE‑2023‑27534 is exactly that kind of bug: a path‑traversal flaw in curl’s SFTP path handling...

A quiet but serious vulnerability in BIND 9 — tracked as CVE-2024-1975 — lets a remote attacker use DNS SIG(0) signatures to drive a resolver or server into sustained CPU exhaustion, effectively denying DNS service to legitimate users until the vulnerable process is patched or otherwise...

A critical denial‑of‑service vulnerability in Oracle’s MySQL Server—tracked as CVE‑2025‑50083—allows an actor with already elevated database privileges to repeatedly hang or crash the MySQL server process, producing a sustained or persistent loss of availability that can render dependent...

A small, two-byte mistake in a Linux Wi‑Fi driver has quietly become a reminder that even trivial-looking changes in kernel code can carry outsized risk: CVE-2025-38159 is an out‑of‑bounds read in the Realtek rtw88 Wi‑Fi driver that was introduced years ago, affects a broad set of devices...

A double‑free in GnuTLS’s Subject Alternative Name export logic — tracked as CVE‑2025‑32988 — can be triggered by a crafted certificate containing an otherName SAN with a malformed type‑id OID, allowing the library to free the same ASN.1 node twice (via asn1_delete_structure()), which in real...

Redis users should treat this as urgent: a newly disclosed vulnerability in HyperLogLog handling can be triggered by an authenticated client to cause stack or heap out-of-bounds writes — and those memory corruptions can be turned into remote code execution or persistent service loss if left...

A subtle race in the Linux SCSI qla2xxx driver that could crash hosts during NPIV or firmware reset sequences has been publicly documented as CVE-2024-42287; upstream maintainers have issued a targeted fix (complete command handling while holding the driver lock) and major distributions have...

A subtle but consequential race in the Linux kernel’s memory-control-group (memcg) ID management has been fixed: CVE-2024-43892 describes an insufficiently synchronized idr_remove() path on mem_cgroup_idr that could let multiple memcgs acquire the same ID and, in concrete fleets, has been linked...

A recently disclosed Linux-kernel vulnerability, tracked as CVE-2025-21945, fixes a subtle but consequential use‑after‑free in the in‑kernel SMB server (ksmbd) — the bug can reliably produce kernel instability and therefore presents a high availability risk for any system whose kernel includes...

The Go standard library’s math/big package contained a subtle but dangerous bug in the Rat.SetString function that could be triggered by crafted input to force unbounded memory growth and crash services that parse or accept user-controlled rational numbers. The flaw — tracked as CVE-2022-23772 —...

A subtle ordering mistake in CUPS’ connection-handling code quietly opened a wide door for disruption: a use‑after‑free in the cupsdAcceptClient() path (tracked as CVE‑2023‑34241) can crash the printing daemon and, under some conditions, expose sensitive in‑process data — a practical...