GHSA-XH5H-P8C5-4W4X vulnerabilities

Vulnerabilities for packages: uutils...

GHSA-VCHC-9GGH-3236 vulnerabilities

Vulnerabilities for packages: uutils...

SUSE CVE-2026-25680

Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...

CVE-2026-38978

transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths...

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...

CVE-2026-44740

Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficien...

GHSA-9857-6MW7-FQ2M vulnerabilities

Vulnerabilities for packages: cargo-audit, cargo-c...

php: signed integer overflow in metaphone()

A flaw was found in PHP. The metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. When an input string is longer than 2,147,483,647 bytes, a signed integer overflow can occur, leading to undefined behavior and an...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash...

CVE-2026-10194

A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the...

CVE-2025-65502

Null pointer dereference in addcacerts in Cesanta Mongoose before...

CVE-2026-10194

A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages of the file dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched...

CVE-2026-39832 affecting package packer for versions less than 1.9.5-14

CVE-2026-39832 affecting package packer for versions less than 1.9.5-14. A patched version of the package is available...

CVE-2026-39829 affecting package cert-manager for versions less than 1.12.15-8

CVE-2026-39829 affecting package cert-manager for versions less than 1.12.15-8. A patched version of the package is available...

CVE-2026-39830 affecting package kubevirt for versions less than 1.7.1-5

CVE-2026-39830 affecting package kubevirt for versions less than 1.7.1-5. A patched version of the package is available...

CVE-2026-27136 affecting package kubevirt for versions less than 1.7.1-5

CVE-2026-27136 affecting package kubevirt for versions less than 1.7.1-5. A patched version of the package is available...

CVE-2026-27136 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6

CVE-2026-27136 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6. A patched version of the package is available...

CVE-2026-42502 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6

CVE-2026-42502 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6. A patched version of the package is available...