From Our Security Partners
CVE-2026-25588 RedisTimeSeries RESTORE invalid memory access may allow remote code execution
Information published.
CVE-2026-23479 redis-server use-after-free in unblock client flow may allow remote code execution
Information published.
CVE-2026-31718 ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger
Information published.
CVE-2026-31717 ksmbd: validate owner of durable handle on reconnect
Information published.
CVE-2026-23631 redis-server Lua use-after-free may allow remote code execution
Information published.
CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution
Information published.
CVE-2026-41673 xmldom: Denial of service via uncontrolled recursion in XML serialization
Information published.
CVE-2026-41675 xmldom: XML node injection through unvalidated processing instruction serialization
Information published.
CVE-2026-41674 xmldom: XML injection through unvalidated DocumentType serialization
Information published.
CVE-2026-41672 xmldom: XML node injection through unvalidated comment serialization
Information published.