EUVD-2025-206554

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper allocation of resources...

GHSA-W2PG-HW7V-F7M9 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2026-22796

Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS7 data where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS7 data. Impact summary: An application...

GHSA-6475-R3VJ-M8VF vulnerabilities

Vulnerabilities for packages: opensearch-dashboards, langfuse...

CVE-2025-6816 affecting package hdf5 for versions less than 1.14.6-1

CVE-2025-6816 affecting package hdf5 for versions less than 1.14.6-1. A patched version of the package is available...

CVE-2025-12735 vulnerabilities

Vulnerabilities for packages: kibana...

GHSA-VXMC-5X29-H64V vulnerabilities

Vulnerabilities for packages: grafana-fips, grafana...

CVE-2022-50868

In the Linux kernel, the following vulnerability has been resolved: hwrng: amd - Fix PCI device refcount leak foreachpcidev is implemented by pcigetdevice. The comment of pcigetdevice says that it will increase the reference count for the returned pcidev and also decrease the reference count for...

CVE-2023-54227

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix tags leak when shrink nrhwqueues Although we don't need to realloc set-tags when shrink nrhwqueues, we need to free them. Or these tags will be leaked. How to reproduce: 1. mount -t configfs configfs /mnt 2. modprobe...

CVE-2023-54201

In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix wrong resources deallocation order When trying to destroy QP or CQ, we first decrease the refcount and potentially free memory regions allocated for the object and then request the device to destroy the object. If t...

GHSA-GPHJ-4H6P-37XQ vulnerabilities

Vulnerabilities for packages: sonarqube, ruby4.0-elasticsearch...

CVE-2025-68130 vulnerabilities

Vulnerabilities for packages: langfuse...

GHSA-CFPF-HRX2-8RV6 vulnerabilities

Vulnerabilities for packages: aws-otel-collector, kubeflow-pipelines, amazon-cloudwatch-agent, opentelemetry-collector-contrib, coredns, tempo, vale, grafana-alloy, kine, k8sgateway, k8sgpt, datadog-agent, argo-cd, jaeger, kserve, argo-rollouts, splunk-otel-collector, verticadb-operator,...

GHSA-9WWW-PQCC-JM28 vulnerabilities

Vulnerabilities for packages: chromium...

CVE-2023-53744

In the Linux kernel, the following vulnerability has been resolved: soc: ti: pm33xx: Fix refcount leak in am33xxpmprobe wkupm3ipcget takes refcount, which should be freed by wkupm3ipcput. Add missing refcount release in the error paths...

CVE-2025-40297

In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix use-after-free due to MST port state bypass syzbot reported1 a use-after-free when deleting an expired fdb. It is due to a race condition between learning still happening and a port being deleted, after all its...

CVE-2025-12385

Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick...

IBM DB2 Information Disclosure and Credential Exposure (7250484) (Unix)

According to its self-reported version number, IBM Db2 on Unix may be affected by a vulnerability: - IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server clpplus command exposes user credentials to the terminal...

CVE-2025-11935

With TLS 1.3 pre-shared key PSK a malicious or faulty server could ignore the request for PFS perfect forward secrecy and the client would continue on with the connection using PSK without PFS. This happened when a server responded to a ClientHello containing pskdheke without a keyshare...

CVE-2024-47866

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...