CVE-2026-6733 vulnerabilities

Vulnerabilities for packages: vitess, prism, code-server, node-gyp, npm...

Linux Distros Unpatched Vulnerability : CVE-2026-12805

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a...

Linux Distros Unpatched Vulnerability : CVE-2026-50269

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker- controlled input included into multipart/payload...

CVE-2026-56410

xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId...

CVE-2026-56409

xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used...

CVE-2026-54904 vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.3-rails, ruby3.4-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, ruby3.4-rails, kube-fluentd-operator...

GHSA-5V8H-3H3Q-446P vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.3-rails, kube-logging-operator, logstash, ruby3.4-rails...

Linux Distros Unpatched Vulnerability : CVE-2026-56408

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libexpat before 2.8.2 has an integer overflow in copyString. CVE-2026-56408 Note that Nessus relies on the presence of the package as reported by the vendor...

SUSE CVE-2026-54278

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. An attacker may be able to send a compressed payload in specific situations that could be...

CVE-2026-9697 vulnerabilities

Vulnerabilities for packages: vitess, langfuse, code-server...

Linux Distros Unpatched Vulnerability : CVE-2026-48937

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a GOAWAY frame. This vulnerability affects two supported release...

Linux Distros Unpatched Vulnerability : CVE-2026-48935

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2026-9679

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into the...

CVE-2026-3196

An integer overflow vulnerability was found in the virtio-snd device via PCMINFO requests from the guest. A malicious guest can provide out-of-bounds stream counts, potentially leading to unbounded memory allocation on the host and a denial of service condition...

GHSA-8JVR-397X-XQH9 vulnerabilities

Vulnerabilities for packages: python...

Astra Linux – Vulnerability in hdf5

The HDF5 library from version 1.14.3 has a segmentation fault in the H5VM.c function H5VMmemcpyvv...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: dell-wmi-sysman: Fixed the retrieval of WMI data blocks in sysfs callbacks. After retrieving WMI data blocks through sysfs callbacks, it is necessary to check the validity of these data blocks before dereferencing...

Astra Linux – Vulnerability in qtbase-opensource-src

In Qt 5.9.x through 5.15.x before 5.15.9, and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when it was not found in the PATH...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rtc: tps6594: Fixed integer overflow on 32-bit systems The issue arises from the multiplication in tps6594rtcsetoffset. c tmp = offset TICKSPERHOUR; The tmp variable is of type s64, but offset is of type long and lies in the rang...

Astra Linux – Vulnerability in Python 3.7, Python 2.7, Pypy

A vulnerability was discovered in Python before version 3.8.18, 3.9.x before version 3.9.18, 3.10.x before version 3.10.13, and 3.11.x before version 3.11.5. This vulnerability primarily affects servers such as HTTP servers that use TLS client authentication. When a TLS server-side socket is...