CVE-2026-23208 - In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Prevent excessive number of frames In this case, the user constructed the parameters with maxpacksize 40 for rate 22050 / pps 1000, and packsize[0] 22 packsize[... read CVE-2026-23208
Published: February 14, 2026; 12:15:58 PM -0500

V3.1: 7.8 HIGH

CVE-2026-23209 - In the Linux kernel, the following vulnerability has been resolved: macvlan: fix error recovery in macvlan_common_newlink() valis provided a nice repro to crash the kernel: ip link add p1 type veth peer p2 ip link set address 00:00:00:00:00:20 ... read CVE-2026-23209
Published: February 14, 2026; 12:15:58 PM -0500

V3.1: 7.8 HIGH

CVE-2025-71225 - In the Linux kernel, the following vulnerability has been resolved: md: suspend array while updating raid_disks via sysfs In raid1_reshape(), freeze_array() is called before modifying the r1bio memory pool (conf->r1bio_pool) and conf->raid_disks... read CVE-2025-71225
Published: February 18, 2026; 10:18:40 AM -0500

V3.1: 5.3 MEDIUM

CVE-2025-52643 - HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment. This may expose the application to potential security risks, including unintended behaviour or integri... read CVE-2025-52643
Published: March 16, 2026; 11:16:18 AM -0400

V3.1: 7.8 HIGH

CVE-2025-71227 - In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't WARN for connections on invalid channels It's not clear (to me) how exactly syzbot managed to hit this, but it seems conceivable that e.g. regulatory chang... read CVE-2025-71227
Published: February 18, 2026; 10:18:40 AM -0500

V3.1: 5.5 MEDIUM

CVE-2025-52644 - HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, ... read CVE-2025-52644
Published: March 16, 2026; 11:16:18 AM -0400

V3.1: 8.2 HIGH

CVE-2026-23211 - In the Linux kernel, the following vulnerability has been resolved: mm, swap: restore swap_space attr aviod kernel panic commit 8b47299a411a ("mm, swap: mark swap address space ro and add context debug check") made the swap address space read-on... read CVE-2026-23211
Published: February 18, 2026; 10:18:42 AM -0500

V3.1: 5.5 MEDIUM

CVE-2025-52645 - HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leadin... read CVE-2025-52645
Published: March 16, 2026; 11:16:18 AM -0400

V3.1: 5.3 MEDIUM

CVE-2026-23212 - In the Linux kernel, the following vulnerability has been resolved: bonding: annotate data-races around slave->last_rx slave->last_rx and slave->target_last_arp_rx[...] can be read and written locklessly. Add READ_ONCE() and WRITE_ONCE() annotat... read CVE-2026-23212
Published: February 18, 2026; 10:18:42 AM -0500

V3.1: 4.7 MEDIUM

CVE-2025-52646 - HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactio... read CVE-2025-52646
Published: March 16, 2026; 11:16:18 AM -0400

V3.1: 5.3 MEDIUM

CVE-2026-23213 - In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Disable MMIO access during SMU Mode 1 reset During Mode 1 reset, the ASIC undergoes a reset cycle and becomes temporarily inaccessible via PCIe. Any attempt to acces... read CVE-2026-23213
Published: February 18, 2026; 10:18:42 AM -0500

V3.1: 5.5 MEDIUM

CVE-2026-23214 - In the Linux kernel, the following vulnerability has been resolved: btrfs: reject new transactions if the fs is fully read-only [BUG] There is a bug report where a heavily fuzzed fs is mounted with all rescue mount options, which leads to the fo... read CVE-2026-23214
Published: February 18, 2026; 10:18:42 AM -0500

V3.1: 5.5 MEDIUM

CVE-2025-52649 - HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature. Predictable identifiers may allow an attacker to infer or guess system-generated values, potentially leading to limited information disclosure or unint... read CVE-2025-52649
Published: March 16, 2026; 11:16:19 AM -0400

V3.1: 5.3 MEDIUM

CVE-2026-23215 - In the Linux kernel, the following vulnerability has been resolved: x86/vmware: Fix hypercall clobbers Fedora QA reported the following panic: BUG: unable to handle page fault for address: 0000000040003e54 #PF: supervisor write access in ke... read CVE-2026-23215
Published: February 18, 2026; 10:18:42 AM -0500

V3.1: 5.5 MEDIUM

CVE-2025-13726 - IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in furthe... read CVE-2025-13726
Published: March 13, 2026; 3:53:48 PM -0400

V3.1: 7.5 HIGH

CVE-2026-23216 - In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() In iscsit_dec_conn_usage_count(), the function calls complete() while holding the conn->conn_usage_lock.... read CVE-2026-23216
Published: February 18, 2026; 10:18:42 AM -0500

V3.1: 7.8 HIGH

CVE-2026-29078 - Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx->buffer_used -= size with a stale size = 3 causes an integer underflow that ... read CVE-2026-29078
Published: March 13, 2026; 3:54:32 PM -0400

V3.1: 7.5 HIGH

CVE-2026-29079 - Lexbor is a web browser engine library. Prior to 2.7.0, a type‑confusion vulnerability exists in Lexbor’s HTML fragment parser. When ns = UNDEF, a comment is created using the “unknown element” constructor. The comment’s data are written into the ... read CVE-2026-29079
Published: March 13, 2026; 3:54:32 PM -0400

V3.1: 7.5 HIGH

CVE-2026-30914 - SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An au... read CVE-2026-30914
Published: March 13, 2026; 3:54:35 PM -0400

V3.1: 8.1 HIGH

CVE-2026-30915 - SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a... read CVE-2026-30915
Published: March 13, 2026; 3:54:35 PM -0400

V3.1: 4.3 MEDIUM