4069 matches found
crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...
CVE-2026-3536
Integer overflow in ANGLE in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: Critical...
GHSA-QJWF-H778-47MM vulnerabilities
Vulnerabilities for packages: libvips...
GHSA-33R2-HFPX-FX7H vulnerabilities
Vulnerabilities for packages: libvips...
GHSA-33R2-HFPX-FX7H vulnerabilities
Vulnerabilities for packages: libvips...
GHSA-QJWF-H778-47MM vulnerabilities
Vulnerabilities for packages: libvips...
ROS-20260304-73-0020
A vulnerability in the wledconfigure function of the Linux kernel is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
CVE-2026-25884
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8...
firefox: thunderbird: Use-after-free in the Graphics: ImageLib component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Graphics: ImageLib component...
firefox: thunderbird: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component...
firefox: thunderbird: Integer overflow in the Libraries component in NSS
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Integer overflow in the Libraries component in NSS...
firefox: thunderbird: Use-after-free in the JavaScript: GC component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript: GC component...
cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy
A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled cgo binary. An attacker could exploit this to embed and execute arbitrary...
GHSA-23C5-XMQV-RM74 vulnerabilities
Vulnerabilities for packages: eslint, node-gyp, saf, pnpm-stage0, tileserver-gl, renovate, argo-workflows, prism, lerna, opensearch-dashboards, code-server, ts-patch, pulumi, vitess, kubeflow-centraldashboard, npm, serve...
CVE-2026-28420
Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue...
CVE-2026-28419
Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding...
CVE-2025-61143 affecting package libtiff for versions less than 4.6.0-12
CVE-2025-61143 affecting package libtiff for versions less than 4.6.0-12. A patched version of the package is available...
SUSE CVE-2026-27727
mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an...
GHSA-M7RX-Q9F3-3P96 vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-M568-C33V-G59Q vulnerabilities
Vulnerabilities for packages: chromium...