GHSA-97JF-46M3-8953 vulnerabilities

Vulnerabilities for packages: apache-nifi...

NAVTOR NavBox

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow a local attacker to gain unauthorized access to SOAP methods, resulting in a disruption of operations. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

CVE-2026-46338 vulnerabilities

Vulnerabilities for packages: open-webui...

Linux Distros Unpatched Vulnerability : CVE-2026-37462

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer underflow in the BGPUpdate.DecodeFromBytes function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a...

CVE-2026-48681

OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image...

Linux Distros Unpatched Vulnerability : CVE-2025-71314

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/panthor: Recover from panthorgpuflushcaches failures We have seen a few cases where the whole memory subsystem is blocked and flush operations never complet...

auto-survey (>=0.1.0 <=0.2.4), gptparse (=0.3.0) +12 more potentially affected by CVE-2026-44018 via docling (>=2.51.0 <=2.90.0)

docling PYPI version =2.51.0, =0.1.0, =0.19.2, =1.40.0, =0.6.2, =0.0.1, =0.3.0, =1.0.0, =1.6.2, =1.6.2, =0.0.1, =0.0.2 Source cves: CVE-2026-44018 Source advisory: OSV:GHSA-R3XG-RG9J-67FV...

auto-survey (>=0.1.0 <=0.2.4), gptparse (=0.3.0) +5 more potentially affected by CVE-2026-44016 via docling (>=2.87.0 <=2.90.0)

docling PYPI version =2.87.0, =0.1.0, =0.40.0, =0.6.2, =0.0.1, =0.0.1, =0.0.2 Source cves: CVE-2026-44016 Source advisory: SNYK:PYTHON-DOCLING-17151857...

CVE-2026-46273

A flaw was found in the Linux kernel's ibmveth driver. This vulnerability occurs when physical adapters on Power systems attempt to perform Generic Segmentation Offload GSO with a Maximum Segment Size MSS less than 224 bytes. A remote attacker could exploit this by sending specially crafted netwo...

CVE-2026-46273

In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do not support segmentation offload when the MSS is less than 224 bytes. Attempting to send such packets causes the adapter to freeze, stoppi...

CVE-2026-46261

In the Linux kernel, the following vulnerability has been resolved: spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcmfiuprobe platformgetresourcebyname can return NULL, which would cause a crash when passed the pointer to resourcesize. Move the fiu-memorysize assignment after the erro...

CVE-2026-46252

In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulatorresolvesupply error path If late enabling of a supply regulator fails in regulatorresolvesupply, the code currently triggers a lockdep warning: WARNING: drivers/regulator/core.c:2649 at...

CVE-2026-6657

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This allow...

CVE-2026-46483 vulnerabilities

Vulnerabilities for packages: vim...

CVE-2026-7666

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

GHSA-W5PP-99CH-QJ29 vulnerabilities

Vulnerabilities for packages: teleport, guac, argo-cd, gitaly...

Linux Distros Unpatched Vulnerability : CVE-2026-43660

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A validation issue was addressed with improved logic. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe...

Linux Distros Unpatched Vulnerability : CVE-2026-28847

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe...

CISA: CISA and Partners Urge Hardening Automatic Tank Gauge Systems

The Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, the National Security Agency NSA, the Department of Energy DOE, the Environmental Protection Agency EPA, the Transportation Security Administration TSA, the Department of Transportation DOT, and th...

Linux Distros Unpatched Vulnerability : CVE-2026-10701

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 151.0.3. CVE-2026-10701 Note that Nessus relies on the...