diff --git a/vulns/CVE-2025-71120.yml b/vulns/CVE-2025-71120.yml
new file mode 100644
index 0000000..e159e17
--- /dev/null
+++ b/vulns/CVE-2025-71120.yml
@@ -0,0 +1,11 @@
+reachability: Remote
+memory_corruption: false
+bug_class: NULL pointer dereference
+impact: DoS
+privileges_required: false
+notes: |2-
+   NULL pointer dereference in net/sunrpc/auth_gss leading to Remote DoS.
+  Reachable remotely through an existing Kerberos enabled NFS/SUNRPC connection
+  (module RPCSEC_GSS_KRB5 loaded).
+author: Oracle Corporation
+version: v0.1
diff --git a/vulns/CVE-2026-23161.yml b/vulns/CVE-2026-23161.yml
new file mode 100644
index 0000000..9354885
--- /dev/null
+++ b/vulns/CVE-2026-23161.yml
@@ -0,0 +1,10 @@
+reachability: Local
+memory_corruption: true
+bug_class: Improper Locking
+impact: LPE
+privileges_required: false
+notes: |2-
+   Race condition in mm/shmem swap truncation leading to swap-map corruption,
+  DoS and potentially LPE that can be triggered by an unprivileged user
+author: Oracle Corporation
+version: v0.1