CVE-2026-42328 vulnerabilities

Vulnerabilities for packages: ipfs-cluster, rke2-runtime, rke2-runtime-fips, ipfs-cluster-fips, k3s, spegel, spegel-fips...

CVE-2026-41647

Incus is a system container and virtual machine manager. Prior to version 7.0.0, a missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a truncated storage bucket backup file. This issue has been patched in version 7.0.0...

GHSA-CM99-M826-VGG7 vulnerabilities

Vulnerabilities for packages: tiff...

CVE-2026-42338 vulnerabilities

Vulnerabilities for packages: prism, sqlpad, code-server, tileserver-gl, lerna, langfuse, npm, opensearch-dashboards, renovate, kubeflow-pipelines, pulumi, saf...

GHSA-FGW5-HP8F-XFHC vulnerabilities

Vulnerabilities for packages: cert-manager-istio-csr...

CVE-2026-40195

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. The vulnerability is present in the backup...

CVE-2026-40197

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The custom volume backup import subsystem...

CVE-2026-41305 vulnerabilities

Vulnerabilities for packages: keep-fips, vitess, renovate, langfuse, homepage, pelias-api, keep, vite, langfuse-fips, saf, jitsucom-jitsu...

GHSA-QX2V-QP2M-JG93 vulnerabilities

Vulnerabilities for packages: keep-fips, vitess, renovate, langfuse, homepage, pelias-api, keep, vite, langfuse-fips, saf, jitsucom-jitsu...

CVE-2026-42203 vulnerabilities

Vulnerabilities for packages: litellm...

GHSA-57J5-QWP2-VQP6 vulnerabilities

Vulnerabilities for packages: grafana, grafana-fips...

CVE-2026-41131 vulnerabilities

Vulnerabilities for packages: grafana, grafana-fips...

CVE-2026-7953

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via malicious network traffic. Chromium security severity: Medium...

CVE-2026-6691

The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...

CVE-2026-41168 vulnerabilities

Vulnerabilities for packages: open-webui...

CVE-2026-21728 vulnerabilities

Vulnerabilities for packages: grafana...

CVE-2026-41491 vulnerabilities

Vulnerabilities for packages: dapr...

CVE-2026-42215 vulnerabilities

Vulnerabilities for packages: open-webui, mlflow, checkov...

CVE-2026-43256

In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: vfe: Fix out-of-bounds access in vfeisrregupdate vfeisr iterates using MSMVFEIMAGEMASTERSNUM7 as the loop bound and passes the index to vfeisrregupdate. However, vfe-line array is defined with VFELINENUMMAX4:...

CVE-2026-43245

In the Linux kernel, the following vulnerability has been resolved: ntfs: -dcompare must not block ... so don't use getname there. Switch it and ntfsdhash, while we are at it to kmallocPATHMAX, GFPNOWAIT. Yes, ntfsdhash almost certainly can do with smaller allocations, but let ntfs folks deal wit...