CVE-2026-9277 vulnerabilities

Vulnerabilities for packages: code-server, langfuse...

CVE-2026-47166

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process. This issue has been patched in versio...

CVE-2026-47165

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally designed to operate without a challenge–response authentication model. This has been changed in versions 6.9.13-48 an...

CVE-2026-48855

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh sshsftpd module allows File Discovery. The SSHFXPREADLINK handler in sshsftpd sends the raw result of file:readlink/2 to the client without calling chrootfilename/2 to strip the backend root prefix. An...

GHSA-9V76-4QCC-FRGH vulnerabilities

Vulnerabilities for packages: dotnet-bootstrap...

CVE-2026-11645 vulnerabilities

Vulnerabilities for packages: chromium...

GHSA-X2HH-W9MW-3VQ2 vulnerabilities

Vulnerabilities for packages: chromium...

CVE-2026-46644 vulnerabilities

Vulnerabilities for packages: nextcloud-server...

GHSA-2XF4-CG6J-VHGQ vulnerabilities

Vulnerabilities for packages: nextcloud-server...

CVE-2026-42764

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...

CVE-2026-34181

Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...

CVE-2026-7383

Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1mbstringncopy can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead to a crash or possibly attacker controlled code execution or other undefined behaviour. In...

GHSA-HV4R-MVR4-25VW vulnerabilities

Vulnerabilities for packages: minio...

GHSA-H749-FXX7-PWPG vulnerabilities

Vulnerabilities for packages: minio...

CVE-2026-45674 vulnerabilities

Vulnerabilities for packages: keycloak, trino, infinispan, flyway...

CVE-2026-47244 vulnerabilities

Vulnerabilities for packages: strimzi-kafka-operator-fips, localstack, elasticsearch, management-api-for-apache-cassandra-4.1, infinispan, apache-camel-karavan-devmode, keycloak, request-9047-keycloak-fips, management-api-for-apache-cassandra-4.0, seata, camunda-zeebe, trino, elasticsearch-fips,...

CVE-2026-46325

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGESIZE The current implementation incorrectly handles memory regions MRs with page sizes different from the system PAGESIZE. The core issue is that rxesetpage is called...

GHSA-J86X-FWP2-QH7V vulnerabilities

Vulnerabilities for packages: airflow-core, airflow...

CVE-2026-41843

Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

Linux Distros Unpatched Vulnerability : CVE-2026-11633

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a malicious peripheral...