CVE-2026-39821 affecting package coredns for versions less than 1.11.4-17

CVE-2026-39821 affecting package coredns for versions less than 1.11.4-17. A patched version of the package is available...

CVE-2026-35579 affecting package coredns for versions less than 1.11.4-16

CVE-2026-35579 affecting package coredns for versions less than 1.11.4-16. A patched version of the package is available...

CVE-2026-33489 affecting package coredns for versions less than 1.11.4-16

CVE-2026-33489 affecting package coredns for versions less than 1.11.4-16. A patched version of the package is available...

CVE-2026-32936 affecting package coredns for versions less than 1.11.4-16

CVE-2026-32936 affecting package coredns for versions less than 1.11.4-16. A patched version of the package is available...

CVE-2026-33190 affecting package coredns for versions less than 1.11.4-16

CVE-2026-33190 affecting package coredns for versions less than 1.11.4-16. A patched version of the package is available...

CVE-2026-32934 affecting package coredns for versions less than 1.11.4-16

CVE-2026-32934 affecting package coredns for versions less than 1.11.4-16. A patched version of the package is available...

CLEANSTART-2026-OM95908 Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61727, CVE-2025-61729, CVE-2026-1229, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-2464-8j7c-4cjm, ghsa-2x5j-vhc8-9cwm, ghsa-6v2p-p543-phr9, ghsa-c6gw-w398-hv78, ghsa-fv92-fjc5-jj9h, ghsa-hcg3-q754-cr77, ghsa-jc7w-c686-c4v9, ghsa-mh63-6h87-95cp, ghsa-p77j-4mvh-x3m3, ghsa-qxp5-gwg8-xv66, ghsa-r92c-9c7f-3pj8, ghsa-vvgc-356p-c3xw, ghsa-wjrx-6529-hcj3 applied in versions: 1.10.7-r0, 1.10.7-r1, 1.11.4-r0, 1.11.5-r0, 1.11.5-r1, 1.11.5-r2, 1.9.4-r0

Multiple security vulnerabilities affect the opentofu-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-26017 affecting package coredns for versions less than 1.11.4-15

CVE-2026-26017 affecting package coredns for versions less than 1.11.4-15. A patched version of the package is available...

CVE-2026-26018 affecting package coredns for versions less than 1.11.4-15

CVE-2026-26018 affecting package coredns for versions less than 1.11.4-15. A patched version of the package is available...

CVE-2025-11065 affecting package coredns for versions less than 1.11.4-14

CVE-2025-11065 affecting package coredns for versions less than 1.11.4-14. A patched version of the package is available...

Apache Avro Java SDK is Vulnerable to Code Injection

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...

PYSEC-2026-26

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas.This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version1.12.0.Users are recommended to upgrade to version 1.12.1 or...

EUVD-2025-206910

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...

CVE-2025-33042

CVE-2025-33042 : Improper control of generation of code (Code Injection) in the Apache Avro Java SDK. Affects all versions up to 1.11.4 and 1.12.0; upgrading to 1.12.1 or 1.11.5 fixes the issue. CVSS v3.1 base score 7.3 (HIGH). Connected IBM advisories confirm the same vulnerability and the recom...

Apache Avro Java SDK 安全漏洞

The Apache Avro Java SDK is a data processing toolkit developed by the Apache Foundation. Versions of the Apache Avro Java SDK prior to 1.11.4 and 1.12.0 have security vulnerabilities. These vulnerabilities stem from improper control over the generation of specific record schema code from the...

PT-2026-7986

Name of the Vulnerable Software and Affected Versions Apache Avro Java SDK versions through 1.11.4 and version 1.12.0 Description An Improper Control of Generation of Code 'Code Injection' issue exists in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. The flaw...

CVE-2025-68151 affecting package coredns for versions less than 1.11.4-13

CVE-2025-68151 affecting package coredns for versions less than 1.11.4-13. A patched version of the package is available...

AZL-75407 CVE-2025-11065 affecting package coredns 1.11.4-13

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

CVE-2026-22244

OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection SSTI in FreeMarker email templates. An attacker must have administrative privileges to exploit the vulnerability. Version 1.11.4 contains a patch...

CVE-2023-25168

Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with GHSA-p8r3-83r8-jwj5 to overwrite files on the host system. In order to use this exploit, an attacker must have an...