CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2026-35233
https://notcve.org/view.php?id=CVE-2026-35233
01 May 2026 — An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range sh_link field. When root-level dtrace attaches to -- or instruments -- that process (via dtrace -p , pid probes, or USDT), the ELF parser reads heap memory beyond the allocated section cache array without any bounds check. This results in an uninitialized/out-of-bounds heap read that can cause a NULL pointer dereference crash of the dtrace process (DoS), or -- depending on heap layout -- a read-the... • https://linux.oracle.com/cve/CVE-2026-35233.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-21996
https://notcve.org/view.php?id=CVE-2026-21996
01 May 2026 — An unprivileged attacker can reliably trigger a crash of the dtrace process with a malicious ELF binary due to an integer Divide-by-Zero in Pbuild_file_symtab() • https://linux.oracle.com/cve/CVE-2026-21996.html • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-21991
https://notcve.org/view.php?id=CVE-2026-21991
16 Mar 2026 — A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names. • https://linux.oracle.com/cve/CVE-2026-21991.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 1%CPEs: 31EXPL: 0CVE-2026-1761 – Libsoup: stack-based buffer overflow in libsoup multipart response parsingmultipart http response
https://notcve.org/view.php?id=CVE-2026-1761
02 Feb 2026 — A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction. This update for libsoup2... • https://access.redhat.com/security/cve/CVE-2026-1761 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2026-21990
https://notcve.org/view.php?id=CVE-2026-21990
20 Jan 2026 — Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of O... • https://www.oracle.com/security-alerts/cpujan2026.html •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2026-21989
https://notcve.org/view.php?id=CVE-2026-21989
20 Jan 2026 — Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ... • https://www.oracle.com/security-alerts/cpujan2026.html •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2026-21988
https://notcve.org/view.php?id=CVE-2026-21988
20 Jan 2026 — Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of O... • https://www.oracle.com/security-alerts/cpujan2026.html •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2026-21987
https://notcve.org/view.php?id=CVE-2026-21987
20 Jan 2026 — Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of O... • https://www.oracle.com/security-alerts/cpujan2026.html •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2026-21986
https://notcve.org/view.php?id=CVE-2026-21986
20 Jan 2026 — Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ... • https://www.oracle.com/security-alerts/cpujan2026.html •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2026-21985 – Oracle VirtualBox LsiLogic Uninitialized Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2026-21985
20 Jan 2026 — Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ... • https://www.oracle.com/security-alerts/cpujan2026.html •