vulnerability

Microsoft has recorded CVE‑2026‑20827 — an information disclosure vulnerability in the Tablet Windows User Interface (TWINUI) subsystem — and it is included in the vendor’s Update Guide as part of the January 2026 security rollup, meaning administrators and power users should treat this as an...

The Linux kernel CVE-2025-38483 disclosure fixes a small but meaningful defensive-programming error in the COMEDI das16m1 driver that could lead to an out‑of‑bounds left-shift when a user-supplied IRQ number is used without sanity checks. The upstream patch enforces explicit bounds on the...

A recently recorded Linux-kernel vulnerability affects the FORE200E ATM driver: a small but meaningful synchronization bug in fore200e_open that can corrupt the driver’s bandwidth accounting when error paths run concurrently with normal control operations. The upstream fix is straightforward —...

A remotely triggerable NULL pointer dereference in FRRouting’s OSPF implementation has been cataloged as CVE-2025-61099 and can crash the OSPF daemon (ospfd) when a crafted Link-State (LS) Update packet is processed while detailed OSPF packet debugging is enabled. The bug, present in upstream...

FRRouting's OSPF implementation contains a NULL-pointer dereference that can be triggered by a crafted OSPF packet, allowing remote attackers to crash the OSPF daemon (ospfd) and cause a Denial of Service (DoS) for routers and appliances using vulnerable FRR releases. Background FRRouting (FRR)...

FRRouting has been flagged for a serious Denial-of-Service hole: a NULL pointer dereference in OSPF packet handling (CVE-2025-61107) that can crash the ospfd daemon when a crafted LSA Update containing an opaque LSA is processed, and the problem was patched upstream via a targeted set of checks...

filelock, the widely used platform‑independent file‑locking library for Python, is the subject of a newly public vulnerability — CVE‑2025‑68146 — that exposes a classic Time‑of‑Check‑Time‑of‑Use (TOCTOU) race condition in lock file creation. The flaw allows a local attacker who can create...

A stack-based buffer overflow affecting libcoap’s address-resolution path has been publicly disclosed as CVE-2025-34468; the defect allows attacker-controlled hostnames to overflow a fixed 256-byte stack buffer in certain code paths, producing reliable Denial‑of‑Service and an...

A small but concrete libpcap memory-safety bug—assigned CVE‑2025‑11964—was disclosed at the end of December 2025: on Windows systems, the library’s UTF-16LE → UTF-8 conversion helper can undercount the space consumed by four‑byte UTF‑8 sequences and write past the end of a provided buffer. The...

Libsodium's ed25519 point-validation routine contains a subtle but important bug that can let malformed points slip past validation in niche workflows, a flaw tracked as CVE-2025-69277 and fixed in the commit ad3004e. Background Libsodium has long been the portable, easy-to-use cryptography...

GNU GRUB (GRUB2) contains a timing side‑channel in its cryptographic comparison routine: CVE‑2024‑56738 identifies that versions through 2.12 implement grub_crypto_memcmp in a non‑constant‑time way, which can leak sensitive verification information via timing differences and has prompted vendor...

InfluxDB OSS contains a business‑logic weakness — tracked as CVE‑2024‑30896 — that allowed an authorized user with an allAccess token in the same organization to enumerate and retrieve the administrative operator token, effectively enabling full administrative takeover of affected InfluxDB OSS...

MariaDB servers across multiple release lines are vulnerable to a denial‑of‑service crash (CVE‑2023‑52970) when processing certain queries that exercise the Item_direct_view_ref::derived_field_transformer_for_where logic, and operators should treat this as an immediate patching priority...

A subtle formatting quirk in GnuPG’s clearsign handling lets an attacker append unsigned data to a signed message while still passing GnuPG’s verification routine — a signature‑verification bypass tracked as CVE‑2025‑68972 that affects GnuPG releases up to and including 2.4.8 and has been...

A new Linux kernel vulnerability, tracked as CVE‑2025‑68374, corrects a subtle but serious RCU lifetime bug in the md (multiple‑device / software RAID) subsystem: maintainers attempted to use RCU to protect a pointer named thread, but passed that raw pointer into md_wakeup_thread before entering...

The Linux kernel team has assigned CVE-2025-68724 to a recently patched integer‑overflow bug in the asymmetric_keys subsystem — a defensive fix that uses explicit overflow checks (check_add_overflow/size_add/struct_size) in asymmetric_key_generate_id to prevent a potential buffer overflow when...

A newly assigned CVE — CVE-2025-68371 — tracks a Linux kernel race-condition in the smartpqi SCSI driver where a scheduled LUN reset work item could run after the device it targets has already been removed, creating a use‑after‑free and related resource-access hazards that were patched in the...

A critical memory‑corruption flaw in PyTorch’s low‑level LSTM cell implementation — tracked as CVE‑2025‑3001 — has been publicly disclosed and reproduced, creating an urgent, if narrowly scoped, operational risk for systems that run untrusted or local model code built against the affected...

A newly assigned Linux kernel vulnerability, tracked as CVE‑2025‑68366, affects the Network Block Device (NBD) driver and stems from a race that can produce a use‑after‑free when handling NBD control messages. The short technical summary is simple: code in nbd_genl_connect increments a...

CVE-2024-7883 is a low-severity but meaningful LLVM/Clang compiler issue that can leak a small slice of a Cortex‑M Secure stack into Non‑secure state via floating‑point registers when certain Arm Cortex‑M Security Extensions (CMSE) calling patterns occur — and while Microsoft’s MSRC has attested...