CVE-2026-9121

An out of bounds read flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=488064108...

EUVD-2026-33017

Vulnerability in Oracle REST Data Services component: Core. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle REST Data Services. While the vulnerability is in Oracle REST Data...

CVE-2026-38930

OpenRapid RapidCMS v1.3.1 was discovered to contain an authentication bypass in the /template/default/menu.php component. This vulnerability is exploited via injecting a crafted SQL payload into the name cookie parameter...

CVE-2026-44837

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

CVE-2026-48149

Budibase is an open-source low-code platform. Prior to 3.39.0, the Budibase Text component renders markdown by assigning marked.parsemarkdown straight to innerHTML with no sanitizer packages/bbui/src/Markdown/MarkdownViewer.svelte:22. Any column a builder binds to a Text component in Markdown mod...

CVE-2026-46126

A flaw was found in the Linux kernel's RDMA/mana component. This issue occurs during the error unwind flow in the manaibcreateqprss function, specifically related to the Work Queue WQ table cleanup. Incorrect handling of the cleanup process, including a double decrement and an undone operation,...

USN-8341-1: OpenJDK 26 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 26 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

USN-8341-1 openjdk-26 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 26 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

CVE-2026-46136

A flaw was found in the Linux kernel's wifi: mt76: mt7921 component. A buffer length underflow in the CLC Country Logic Control mechanism can occur due to changes in the power table. This issue may lead to an almost infinite loop or an invalid power setting, resulting in a Denial of Service DoS b...

Path traversal and reflected XSS in Flag and Icon Twig components

More info at https://github.com/EasyCorp/EasyAdminBundle/security/advisories/GHSA-2wwr-9x6f-88gp...

CVE-2026-46117

A flaw was found in the Linux kernel's RDMA/mana component. A local user could trigger a kernel corruption by providing specific configurations through the user Application Programming Interface uAPI that cause an internal error. This issue arises when Work Queues WQs are specified to share the...

CVE-2026-9119

A heap buffer overflow flaw was found in the WebRTC component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502661101...

CVE-2026-9118

An use after free flaw was found in the XR component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=498702233...

CVE-2026-9117

A type confusion flaw was found in the GFX component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497542537...

CVE-2026-9115

An insufficient policy enforcement flaw was found in the Service Worker component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=495999481...

CVE-2026-9114

An use after free flaw was found in the QUIC component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=495798630...

CVE-2026-9112

An use after free flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=489791425...

CVE-2026-46125

A flaw was found in the Linux kernel's mac80211 Wi-Fi subsystem. When Multi-Link Operation MLO connection preparation fails, the system may not correctly remove the associated station. This can lead to a use-after-free or double-free vulnerability in the debugfs component, potentially causing...

USN-8339-1: OpenJDK 25 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 25 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. Security...