● Live advisory feed
Security Advisory Fusion for CSIRTs, SOCs & Defenders
Security advisories from 24 sources — CISA, CERT-EU, NCSC-UK, BSI, CERT-FR, NCSC-NL, JPCERT/CC, JVN, HKCERT, the Canadian Cyber Centre, NVD, GitHub, Microsoft, Cisco, Fortinet, Palo Alto Networks and more — normalized, translated to English and flagged against the CISA KEV catalog. One global feed for CSIRTs, SOCs and defenders.
CVE-2026-52946: fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling
CVE-2026-52931: batman-adv: tp_meter: avoid use of uninit sender vars
CVE-2026-52968: KVM: s390: pci: fix GAIT table indexing due to double-scaling pointer arithmetic
CVE-2026-53168: fuse: reject fuse_notify() pagecache ops on directories
CVE-2026-53122: btrfs: fix deadlock between reflink and transaction commit when using flushoncommit
CVE-2026-52923: ipc: limit next_id allocation to the valid ID range
CVE-2026-53077: net/rds: Restrict use of RDS/IB to the initial network namespace
CVE-2026-53061: dm cache: fix dirty mapping checking in passthrough mode switching
CVE-2026-53088: net: bcmgenet: fix off-by-one in bcmgenet_put_txcb
CVE-2026-53184: udp: clear skb->dev before running a sockmap verdict
CVE-2026-53000: netfilter: nat: use kfree_rcu to release ops
CVE-2026-12030: Chromium: CVE-2026-12031 Inappropriate implementation Views
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-53225: sctp: fix uninit-value in __sctp_rcv_asconf_lookup()
CVE-2025-15661: libssh2 - Heap Buffer Over-read via sftp_symlink() in sftp.c
CVE-2026-53262: l2tp: pppol2tp: hold reference to session in pppol2tp_ioctl()
CVE-2026-53245: net/802/mrp: fix vector attribute parsing in mrp_pdu_parse_vecattr
CVE-2026-52969: KVM: Reject wrapped offset in kvm_reset_dirty_gfn()
CVE-2026-53018: f2fs: avoid reading already updated pages during GC
CVE-2026-52925: vrf: Fix a potential NPD when removing a port from a VRF
CVE-2026-53107: wifi: libertas: don't kill URBs in interrupt context
CVE-2026-57438: Nokogiri: Possible Use-After-Free in XInclude Processing
CVE-2026-47241: Net::IMAP: Denial of Service via incomplete raw argument validation
CVE-2026-57437: Nokogiri: Possible Use-After-Free when directly using `NokogirI::XML::XPathContext` beyond document lifetime
CVE-2026-53181: vsock/vmci: fix sk_ack_backlog leak on failed handshake
CVE-2026-53160: misc: fastrpc: fix use-after-free race in fastrpc_map_create
CVE-2026-11647: Chromium: CVE-2026-11647 Use after free in Printing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
CVE-2026-53128: drbd: Balance RCU calls in drbd_adm_dump_devices()
CVE-2026-53002: netfilter: conntrack: remove sprintf usage
CVE-2026-53023: fs/ntfs3: terminate the cached volume label after UTF-8 conversion
CVE-2026-52928: af_unix: Reject SIOCATMARK on non-stream sockets
CVE-2026-53226: gpio: rockchip: fix generic IRQ chip leak on remove
CVE-2026-53130: fs/omfs: reject s_sys_blocksize smaller than OMFS_DIR_START
CVE-2026-52964: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans
CVE-2026-53149: thunderbolt: Bound root directory content to block size
CVE-2026-57236: Nokogiri: Possible Use-After-Free when `Nokogiri::XML::Document#encoding=` raises an exception
CVE-2026-52930: ipc/shm: serialize orphan cleanup with shm_nattch updates
CVE-2026-52970: netfilter: nft_ct: fix missing expect put in obj eval
CVE-2026-57234: Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247
CVE-2026-53135: drm/amd/display: Fix NULL deref and buffer over-read in SDP debugfs
CVE-2026-53080: net/sched: cls_fw: fix NULL dereference of "old" filters before change()
CVE-2026-53108: powerpc/64s: Fix unmap race with PMD migration entries
CVE-2026-53150: thunderbolt: Reject zero-length property entries in validator
CVE-2026-52998: netfilter: nfnetlink_osf: fix potential NULL dereference in ttl check
CVE-2026-57434: Nokogiri: Null Pointer Dereference calling methods on uninitialized wrapper classes
CVE-2026-53232: net: phy: clean the sfp upstream if phy probing fails
CVE-2026-12028: Chromium: CVE-2026-12028 Use after free GPU
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.