|
511
|
7.0 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/dma-buf: fix UAF with retry loop
Retry doesn't work here, since bo will be freed on error, leading to
UAF. However, now th…
Update
|
CWE-825
Expired Pointer Dereference
|
CVE-2026-52950
|
2026-06-30 12:20 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
512
|
7.8 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
net: skbuff: fix missing zerocopy reference in pskb_carve helpers
pskb_carve_inside_header() and pskb_carve_inside_nonlinear() bo…
Update
|
CWE-911
Improper Update of Reference Count
|
CVE-2026-52943
|
2026-06-30 12:20 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
513
|
7.0 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
sctp: purge outqueue on stale COOKIE-ECHO handling
sctp_stream_update() is only invoked when the association is moved into
COOKIE…
Update
|
CWE-825
Expired Pointer Dereference
|
CVE-2026-52924
|
2026-06-30 12:20 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
514
|
7.0 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
ipc: limit next_id allocation to the valid ID range
The checkpoint/restore sysctl path can request the next SysV IPC id
through i…
Update
|
CWE-825
Expired Pointer Dereference
|
CVE-2026-52923
|
2026-06-30 12:20 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
515
|
8.1 |
HIGH
Network
|
caddyserver
|
caddy
|
Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forward_auth copy_headers deletes the exact client-supplied identity header before copying the trusted value from the…
Update
|
CWE-287 CWE-290 CWE-444
Improper Authentication Authentication Bypass by Spoofing HTTP Request Smuggling
|
CVE-2026-52845
|
2026-06-30 12:20 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
516
|
7.5 |
HIGH
Network
|
-
|
-
|
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear (approximately O(n²)) behavior in parse_link_text. Whe…
Update
|
CWE-400 CWE-407 CWE-770 CWE-1333
Uncontrolled Resource Consumption Inefficient Algorithmic Complexity Allocation of Resources Without Limits or Throttling Inefficient Regular Expression Complexity
|
CVE-2026-49851
|
2026-06-30 12:20 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
517
|
8.1 |
HIGH
Network
|
litellm
|
litellm
|
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, This vulnerability is fixed in 1.84.0.
Update
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-49468
|
2026-06-30 12:20 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
518
|
7.5 |
HIGH
Network
|
nodejs
|
node.js
|
A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB.
This vulnerability affects all supported release lines: **Node.js 22**, *…
Update
|
CWE-190 CWE-770
Integer Overflow or Wraparound Allocation of Resources Without Limits or Throttling
|
CVE-2026-48933
|
2026-06-30 12:20 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
519
|
9.1 |
CRITICAL
Network
|
vllm
|
vllm
|
vLLM is an inference and serving engine for large language models (LLMs). From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentica…
Update
|
CWE-444 CWE-501
HTTP Request Smuggling Trust Boundary Violation
|
CVE-2026-48746
|
2026-06-30 12:20 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
520
|
9.1 |
CRITICAL
Network
|
traefik
|
traefik
|
Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection (SNICheck) that allows an unauthenticated cl…
Update
|
CWE-288 CWE-807
Authentication Bypass Using an Alternate Path or Channel Reliance on Untrusted Inputs in a Security Decision
|
CVE-2026-48491
|
2026-06-30 12:20 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|