SUSE CVE-2026-27145

x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...

CVE-2026-46483 vulnerabilities

Vulnerabilities for packages: vim...

CVE-2026-9256 vulnerabilities

Vulnerabilities for packages: nginx-stable, nginx-mainline...

CVE-2026-9256 vulnerabilities

Vulnerabilities for packages: nginx-stable, nginx-mainline...

php: denial of service via DOMNode::C14N()

A flaw was found in PHP. The DOMNode::C14N method may incorrectly process XML data due to the improper removal of an xmlns attribute from the underlying libxml2 data structure, corrupting the linked list representing the XML document and causing an infinite loop. This issue can lead to excessive...

GHSA-6G8R-74QP-6859 vulnerabilities

Vulnerabilities for packages: uutils...

GHSA-MH5C-XRMH-M794 vulnerabilities

Vulnerabilities for packages: uutils...

GHSA-XH5H-P8C5-4W4X vulnerabilities

Vulnerabilities for packages: uutils...

GHSA-VCHC-9GGH-3236 vulnerabilities

Vulnerabilities for packages: uutils...

SUSE CVE-2026-25680

Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...

CVE-2026-38978

transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths...

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...

CVE-2026-44740

Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficien...

GHSA-9857-6MW7-FQ2M vulnerabilities

Vulnerabilities for packages: cargo-c...

php: signed integer overflow in metaphone()

A flaw was found in PHP. The metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. When an input string is longer than 2,147,483,647 bytes, a signed integer overflow can occur, leading to undefined behavior and an...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

CVE-2026-10194

A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the...

CVE-2025-65502

Null pointer dereference in addcacerts in Cesanta Mongoose before...