GHSA-69CC-CV78-QC8G vulnerabilities

Vulnerabilities for packages: thingsboard...

CVE-2026-39852 vulnerabilities

Vulnerabilities for packages: apicurio-registry, keycloak...

GHSA-W5P8-4JCX-2J6R vulnerabilities

Vulnerabilities for packages: zola...

CVE-2026-46483

Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tarVimuntar in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescapetartail without the...

CVE-2026-46483

Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tarVimuntar in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescapetartail without the...

CVE-2026-6966 vulnerabilities

Vulnerabilities for packages: mise...

CVE-2025-54518

Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation...

PT-2026-41308

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0479 Description A command injection issue exists in the tarVimuntar function within runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function constructs :!gunzip and :!gzip -d...

CVE-2026-7258 affecting package php for versions less than 8.3.31-1

CVE-2026-7258 affecting package php for versions less than 8.3.31-1. A patched version of the package is available...

CVE-2026-46470

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxaudiocaps function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero...

CVE-2026-40466 vulnerabilities

Vulnerabilities for packages: geoserver...

CVE-2026-8280

Removed by vendor...

GHSA-H7MW-GPVR-XQ4M vulnerabilities

Vulnerabilities for packages: opensearch-dashboards...

GHSA-RPMF-866Q-6P89 vulnerabilities

Vulnerabilities for packages: code-server...

CVE-2026-42189 vulnerabilities

Vulnerabilities for packages: yazi...

GHSA-Q29P-9PFR-J652 vulnerabilities

Vulnerabilities for packages: yazi...

GHSA-86C9-4W26-QF4C vulnerabilities

Vulnerabilities for packages: linux-vmware, linux-aws...

CVE-2026-43220 vulnerabilities

Vulnerabilities for packages: linux-vmware, linux-aws...

CVE-2026-5766 vulnerabilities

Vulnerabilities for packages: py3-django, authentik, authentik-fips...

CVE-2026-42926

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...