dotnet: .NET: Local file tampering via link following vulnerability

A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash

A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash...

CVE-2026-56403

libexpat before 2.8.2 has an integer overflow in storeAtts...

GHSA-CF98-J28V-49V6 vulnerabilities

Vulnerabilities for packages: grafana...

CVE-2026-52908

In the Linux kernel, the following vulnerability has been resolved: RDMA: During reregmr ensure that REREGACCESS is compatible If IBMRREREGACCESS changes from RO to RW then the umem has to be re-evaluated to ensure it is properly pinned as RW. Since the umem is hidden inside each driver's mr stru...

CVE-2026-56131

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur similar to the CVE-2026-50219 situation...

GHSA-X4VX-RJVF-J5P4 vulnerabilities

Vulnerabilities for packages: langfuse, langfuse-fips...

GHSA-RP9W-3FW7-7CWQ vulnerabilities

Vulnerabilities for packages: langfuse, langfuse-fips...

GHSA-X4VX-RJVF-J5P4 vulnerabilities

Vulnerabilities for packages: langfuse...

GHSA-JQ35-7PRP-9V3F vulnerabilities

Vulnerabilities for packages: datadog-agent...

GHSA-5XF4-F2FQ-F69J vulnerabilities

Vulnerabilities for packages: yarn...

CVE-2026-22018 vulnerabilities

Vulnerabilities for packages: openjdk...

GHSA-5CCW-23GM-2H2F vulnerabilities

Vulnerabilities for packages: openjdk...

GHSA-HPM9-74QX-6X32 vulnerabilities

Vulnerabilities for packages: openjdk...

GHSA-HMW2-7CC7-3QXX vulnerabilities

Vulnerabilities for packages: saf, kubeflow-centraldashboard, jitsucom-jitsu, kubeflow-pipelines, langfuse...

CVE-2026-9679

Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into their literal byte equivalents. RFC 6265 §5.4 does not specify any decoding and browsers do not decode either. Applications that parse a...

CVE-2026-9697

Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...

firefox: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...