CVE-2024-31884

Incorrect usage of certificate checking via Pybind...

CVE-2025-12748 affecting package libvirt for versions less than 10.0.0-7

CVE-2025-12748 affecting package libvirt for versions less than 10.0.0-7. A patched version of the package is available...

CVE-2026-21441 affecting package tensorflow for versions less than 2.16.1-10

CVE-2026-21441 affecting package tensorflow for versions less than 2.16.1-10. A patched version of the package is available...

CVE-2025-59465

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...

CVE-2026-21637

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

CVE-2025-59466

We have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when asynchooks.createHook is enabled. Instead of reaching process.on'uncaughtException', the process terminates, making the crash unrecoverable. Applications that rely on...

CVE-2026-21226 vulnerabilities

Vulnerabilities for packages: request-1276, az, authentik, authentik-fips, py3-cassandra-medusa, barman, open-webui, duplicity, airflow, kserve, pgadmin4, awx...

CVE-2025-36115 Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system...

CVE-2025-36113 Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

net-snmp: buffer overflow via a specially crafted packet can cause a crash in snmptrapd

A flaw was found in net-snmp. A remote attacker can trigger a buffer overflow in the snmptrapd daemon by sending a specially crafted SNMP packet, causing the daemon to crash and resulting in a denial of service...

CVE-2026-23745 vulnerabilities

Vulnerabilities for packages: pulumi, tileserver-gl, kubeflow-pipelines, opensearch-dashboards, vitess, prism, sqlpad, node-gyp, saf, renovate, code-server, npm, lerna, kubeflow-centraldashboard...

PT-2026-3581

IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication,...

brotli security update

1.1.0-7 - Resolves: RHEL-133984 CVE-2025-6176 Brotli decompression bomb DoS in scrapy...

ROS-20260120-7303

Vulnerability in kernel-lt related to memory usage after memory release. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260120-7319

Vulnerability in kernel-lt related to incorrect resource locking. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

GHSA-G59M-GF8J-GJF5 vulnerabilities

Vulnerabilities for packages: wasmcloud, nushell, vector, zed...

CVE-2026-1145

A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by this vulnerability is the function jstypedarrayconstructorta of the file quickjs.c. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may ...

CVE-2026-22797

An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The externaloauth2token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged...

CVE-2025-15534

A vulnerability was identified in raysan5 raylib up to 909f040. Affected by this issue is the function LoadFontData of the file src/rtext.c. The manipulation leads to integer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used...

SUSE CVE-2026-0960

HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service...