CVE-2026-42507 vulnerabilities

Vulnerabilities for packages: net-kourier, dynamic-localpv-provisioner, sftpgo-plugin-eventstore, victoriametrics-cluster, cluster-proportional-autoscaler, pulumi-kubernetes-operator, temporal, cloud-provider-azure, fluent-bit-plugin-loki, frp, percona-server-mongodb-operator, manifest-tool,...

GHSA-PJWX-R37V-7724 vulnerabilities

Vulnerabilities for packages: py3-langchain, py3-langchain-core...

CVE-2026-39821 affecting package vitess for versions less than 19.0.4-10

CVE-2026-39821 affecting package vitess for versions less than 19.0.4-10. A patched version of the package is available...

GHSA-654M-C8P4-X5FP vulnerabilities

Vulnerabilities for packages: langfuse-fips, kibana, lerna, unleash, langfuse, kubeflow-centraldashboard, opensearch-dashboards, prism, opensearch-dashboards-fips, librechat, jitsucom-jitsu...

CVE-2026-39835 affecting package cert-manager for versions less than 1.12.15-8

CVE-2026-39835 affecting package cert-manager for versions less than 1.12.15-8. A patched version of the package is available...

CVE-2026-39821 affecting package prometheus-adapter for versions less than 0.12.0-6

CVE-2026-39821 affecting package prometheus-adapter for versions less than 0.12.0-6. A patched version of the package is available...

GHSA-5P55-QCQV-882W vulnerabilities

Vulnerabilities for packages: gitlab-cng, gitlab-rails-ce-fips, gitlab-cng-fips, gitlab-runner-fips, gitlab-runner, gitlab-rails-ce...

CVE-2026-39834 vulnerabilities

Vulnerabilities for packages: opentelemetry-collector, crossplane-provider-aws-lightsail, kyverno-policy-reporter-plugins-kyverno, frankenphp-8.2, crossplane-provider-aws-autoscaling, crossplane-provider-aws-servicediscovery-fips, podman, gitlab-pages, traefik, kaf, flux-operator-fips, chisel-fip...

CVE-2026-46096

In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix missing tpmbufdestroy in tpm2readpublic tpm2readpublic calls tpmbufinit but fails to call tpmbufdestroy on two exit paths, leaking a page allocation: 1. When namesize returns an error unrecognized hash algorith...

CVE-2026-46088

In the Linux kernel, the following vulnerability has been resolved: ALSA: control: Validate buflen before strnlen in sndctleleminitenumnames sndctleleminitenumnames advances pointer p through the names buffer while decrementing buflen. If buflen reaches zero but items remain, the next iteration...

CVE-2026-45972

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2openfile Zero out @erriov and @errbuftype before retrying SMB2open to prevent an UAF bug if @data != NULL, otherwise a double free...

CVE-2026-45854

crypto: inside-secure/eip93 - unregister only available algorithm...

CVE-2026-48696

FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vulnerability than CVE-2026-48686 and CVE-2026-48689...

GHSA-4J38-F5CW-54H7 vulnerabilities

Vulnerabilities for packages: drupal...

CVE-2026-39829

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

CVE-2026-39830

A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close, resulting in a resource leak per connection. Unsolicited global responses are now discarded...

CVE-2026-8558 vulnerabilities

Vulnerabilities for packages: chromium...

CVE-2025-71305 affecting package kernel for versions less than 6.6.139.1-1

CVE-2025-71305 affecting package kernel for versions less than 6.6.139.1-1. A patched version of the package is available...

firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Libraries component in NSS...

CVE-2026-8836

A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmpparseinboundframe of the file src/apps/snmp/snmpmsg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be...