4024 matches found
CVE-2026-43492
In the Linux kernel, the following vulnerability has been resolved: lib/crypto: mpi: Fix integer underflow in mpireadrawfromsgl Yiming reports an integer underflow in mpireadrawfromsgl when subtracting "lzeros" from the unsigned "nbytes". For this to happen, the scatterlist "sgl" needs to occupy...
CVE-2026-35469 affecting package cri-tools for versions less than 1.32.0-5
CVE-2026-35469 affecting package cri-tools for versions less than 1.32.0-5. A patched version of the package is available...
CVE-2026-42154 affecting package telegraf for versions less than 1.31.0-20
CVE-2026-42154 affecting package telegraf for versions less than 1.31.0-20. A patched version of the package is available...
CVE-2026-6477 affecting package postgresql for versions less than 16.14-1
CVE-2026-6477 affecting package postgresql for versions less than 16.14-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-6473 affecting package postgresql for versions less than 16.14-1
CVE-2026-6473 affecting package postgresql for versions less than 16.14-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-24072 affecting package httpd for versions less than 2.4.67-1
CVE-2026-24072 affecting package httpd for versions less than 2.4.67-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-44898 affecting package python-mistune for versions less than 3.2.1-1
CVE-2026-44898 affecting package python-mistune for versions less than 3.2.1-1. A patched version of the package is available...
CVE-2026-32936 affecting package coredns for versions less than 1.11.4-16
CVE-2026-32936 affecting package coredns for versions less than 1.11.4-16. A patched version of the package is available...
GHSA-Q7RR-3CGH-J5R3 vulnerabilities
Vulnerabilities for packages: langfuse...
SUSE CVE-2026-6637
Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitate...
erb: ERB: Arbitrary code execution via deserialization bypass
A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...
Critical: nginx security update
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 For more details about the security issues, including the impact, a CVSS...
CVE-2026-42217 vulnerabilities
Vulnerabilities for packages: openexr...
CVE-2026-40976 vulnerabilities
Vulnerabilities for packages: apache-nifi-registry...
SUSE CVE-2026-8528
Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2026-8575
Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...
SUSE CVE-2026-44283
etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...
GHSA-QW64-3X98-G7Q2 vulnerabilities
Vulnerabilities for packages: telegraf, teleport, argo-cd, rclone, scorecard, terragrunt, rancher-fleet, cerbos, syft, gitaly...
SUSE CVE-2026-33381
When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this...
ROS-20260515-73-0013
Vulnerability in grafana related to synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker to escalate their privileges...