CVE-2026-2781

Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, Thunderbird 140.8, and Firefox ESR 115.35...

CVE-2026-2805

Invalid pointer in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

CVE-2026-2802

Race condition in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

CVE-2026-2786

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

CVE-2026-2765

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

CVE-2026-2758

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

GHSA-M7JM-9GC2-MPF2 vulnerabilities

Vulnerabilities for packages: tileserver-gl, renovate, saf, prism...

CVE-2026-2006 affecting package postgresql for versions less than 16.12-1

CVE-2026-2006 affecting package postgresql for versions less than 16.12-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-32049 affecting package libsoup for versions less than 3.4.4-12

CVE-2025-32049 affecting package libsoup for versions less than 3.4.4-12. A patched version of the package is available...

SUSE CVE-2026-27026

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. This vulnerability is fixed in 6.7.1...

ROS-20260224-73-0017

Vulnerability in moodle due to insufficient limitation of authentication attempts. Exploitation of the vulnerability could allow a remote attacker to launch a brute force attack...

ROS-20260224-73-0007

Vulnerability in gimp related to stack buffer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260224-73-0004

Vulnerability in gimp related to buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

freerdp: FreeRDP: Arbitrary code execution and denial of service via malicious server

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious server can exploit a use-after-free vulnerability by enticing a client to connect to it. This can lead to a client-side crash, resulting in a Denial of Service DoS, and potentially allow for arbitrary...

GHSA-QQ5R-98HH-RXC9 vulnerabilities

Vulnerabilities for packages: thingsboard...

GHSA-GQ3J-XVXP-8HRF vulnerabilities

Vulnerabilities for packages: librechat, langfuse, langfuse-fips, opensearch-dashboards, kibana, opensearch-dashboards-fips...

CVE-2026-26157 affecting package busybox for versions less than 1.35.0-17

CVE-2026-26157 affecting package busybox for versions less than 1.35.0-17. A patched version of the package is available...

GHSA-27JP-WM6Q-GP25 vulnerabilities

Vulnerabilities for packages: superset...

java-11-openjdk security update

1:11.0.31.0.1-1.0.1 - Update to jdk-11.0.31+1 Orabug: 38950473 - Fixes CVE-2025-64720 CVE-2025-65018 CVE-2026-21925 - CVE-2026-21933 CVE-2026-21945...

CVE-2026-27171

zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because x2nmodp can do right shifts within a loop that has no termination condition...