39483 matches found
CVE-2026-9883 vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-10015 vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-W395-2Q8G-22PX vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-RMRV-48GV-336H vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-QP24-9C29-MR6G vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-H292-V482-XHXH vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-F6H3-CPVJ-2XP3 vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-9GGG-9FQ9-QXVG vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-5F28-4VHP-7F3H vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-9990 vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-10001 vulnerabilities
Vulnerabilities for packages: chromium...
Sync-in Server: SSRF protection bypass via IPv4-mapped IPv6 addresses in regExpPrivateIP
Summary: The private IP blocklist regex used in the URL download feature does not match IPv4-mapped IPv6 addresses e.g. ::ffff:127.0.0.1, allowing SSRF protection to be bypassed on dual-stack systems. Affected components backend/src/applications/files/services/files-manager.service.ts –...
GHSA-Q4X5-8CJ6-52WG Sync-in Server: SSRF protection bypass via IPv4-mapped IPv6 addresses in regExpPrivateIP
Summary: The private IP blocklist regex used in the URL download feature does not match IPv4-mapped IPv6 addresses e.g. ::ffff:127.0.0.1, allowing SSRF protection to be bypassed on dual-stack systems. Affected components backend/src/applications/files/services/files-manager.service.ts –...
CVE-2026-48111
7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an off-by-one out-of-bounds read vulnerability in the ParseDepedencyExpression function of the UEFI firmware image parserCPP/7zip/Archive/UefiHandler.cpp. The function validates an attacker-controlled opco...
CVE-2026-48092
7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain a heap memory disclosure via SquashFS fragment offset integer overflow on 32-bit builds. 32-bit integer overflow in the SquashFS ReadBlock function allows an attacker-controlled node.Offset value to bypass...
CVE-2026-33846 affecting package gnutls for versions less than 3.8.3-11
CVE-2026-33846 affecting package gnutls for versions less than 3.8.3-11. A patched version of the package is available...
CVE-2026-0899 affecting package nodejs for versions less than 24.14.1-3
CVE-2026-0899 affecting package nodejs for versions less than 24.14.1-3. An upgraded version of the package is available that resolves this issue...
CVE-2026-40612 affecting package jq for versions less than 1.7.1-6
CVE-2026-40612 affecting package jq for versions less than 1.7.1-6. A patched version of the package is available...
CVE-2026-43895 affecting package jq for versions less than 1.7.1-6
CVE-2026-43895 affecting package jq for versions less than 1.7.1-6. A patched version of the package is available...
CVE-2026-44644 vulnerabilities
Vulnerabilities for packages: kibana...