GHSA-8XX9-69P8-7JP3 vulnerabilities

Vulnerabilities for packages: kibana...

GHSA-GF2Q-C269-PQGC vulnerabilities

Vulnerabilities for packages: kibana...

ROS-20260605-73-0040

The vulnerability in Tomcat is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...

ROS-20260605-73-0011

The vulnerability in ImageMagick7 is related to incorrect calculations. Exploiting this vulnerability can allow an attacker to cause a service failure...

ROS-20260605-73-0028

The vulnerability in Tomcat is related to manipulating an unknown input, resulting in a time mismatch. Exploiting this vulnerability can allow an attacker who operates remotely to gain unauthorized access to protected information...

ROS-20260605-73-0066

The vulnerability in Firefox is related to errors in data type mixing. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2026-11304

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: Low...

CVE-2026-11238

Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. Chromium security severity: Low...

CVE-2026-11096

Out of bounds read in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

GHSA-HC4F-JC7G-W997 vulnerabilities

Vulnerabilities for packages: openjpeg...

CVE-2026-34993 vulnerabilities

Vulnerabilities for packages: kubeflow-katib, dask-kubernetes, open-webui, airflow, checkov...

GHSA-WV26-88M5-6H59 vulnerabilities

Vulnerabilities for packages: external-secrets-operator...

GHSA-6M68-W836-P72W vulnerabilities

Vulnerabilities for packages: binutils...

SUSE CVE-2026-27145

x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...

CVE-2026-46483 vulnerabilities

Vulnerabilities for packages: vim...

CVE-2026-9256 vulnerabilities

Vulnerabilities for packages: nginx-stable, nginx-mainline...

CVE-2026-9256 vulnerabilities

Vulnerabilities for packages: nginx-mainline, nginx-stable...

php: denial of service via DOMNode::C14N()

A flaw was found in PHP. The DOMNode::C14N method may incorrectly process XML data due to the improper removal of an xmlns attribute from the underlying libxml2 data structure, corrupting the linked list representing the XML document and causing an infinite loop. This issue can lead to excessive...

GHSA-MH5C-XRMH-M794 vulnerabilities

Vulnerabilities for packages: uutils...

GHSA-6G8R-74QP-6859 vulnerabilities

Vulnerabilities for packages: uutils...