CVE-2026-12328

Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...

GHSA-99F4-GRH7-6PCQ vulnerabilities

Vulnerabilities for packages: langfuse, pulumi, jitsucom-jitsu...

GHSA-5375-PQ7M-F5R2 vulnerabilities

Vulnerabilities for packages: langfuse, pulumi, jitsucom-jitsu...

CVE-2026-1766

A flaw was found in GNOME localsearch previously known as tracker-miners MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM Comment tags. An attacker cou...

CVE-2026-6047

LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...

CVE-2026-6039

LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it, so a polyline whose...

webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to a validation issue with improper logic...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash

A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash...

ROS-20260615-73-0010

The vulnerability of the RDP client FreeRDP is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

ROS-20260615-73-0036

The vulnerability of the RDP client FreeRDP relates to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality and accessibility of protected information...

ROS-20260615-73-0034

The vulnerability of the freerdpbitmapdecompressplanar function in the RDP client FreeRDP is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures...

CVE-2026-47162 affecting package vim for versions less than 9.2.0620-1

CVE-2026-47162 affecting package vim for versions less than 9.2.0620-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-43958 affecting package rrdtool for versions less than 1.8.0-3

CVE-2026-43958 affecting package rrdtool for versions less than 1.8.0-3. A patched version of the package is available...

CVE-2026-5223 affecting package rust for versions less than 1.90.0-9

CVE-2026-5223 affecting package rust for versions less than 1.90.0-9. A patched version of the package is available...

GHSA-4H64-69GW-4PGG vulnerabilities

Vulnerabilities for packages: chromium...

GHSA-H2QV-FJ59-J46J vulnerabilities

Vulnerabilities for packages: hono, pinot-fips, request-9047-keycloak-fips, neo4j, pinot, apache-hop, knative-kafka-broker-fips, thingsboard, apache-hop-fips, apicurio-registry, keycloak-fips, knative-kafka-broker, management-api-for-apache-cassandra-5.0, apache-activemq-artemis, zipkin, celeborn...

CVE-2026-48022 vulnerabilities

Vulnerabilities for packages: kibana...

CVE-2026-54057

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 color-control query reply reflects attacker-controlled bytes, including newlines, into the shell's input without sanitization. Version 0.47.3 fixes the issue...

CVE-2026-9638

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

CVE-2026-48006

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate...