ROS-20260515-73-0013

Vulnerability in grafana related to synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker to escalate their privileges...

CVE-2026-41603 affecting package thrift for versions less than 0.15.0-6

CVE-2026-41603 affecting package thrift for versions less than 0.15.0-6. A patched version of the package is available...

firefox: thunderbird: Use-after-free in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the DOM: Core & HTML component...

CVE-2026-8511

Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

curl: Fix of 2 CVEs

CVE-2018-1000120: fix buffer overflow exists in the FTP URL handling - CVE-2018-1000007: fix leak authentication data to third parties in HTTP requests...

libssh2: Fix of CVE-2026-7598

CVE-2026-7598: add usernamelen/passwordlen bounds checks in userauthlist and userauthpassword to prevent integer overflow when allocating the SSH USERAUTHREQUEST packet buffer...

CVE-2026-44348

PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...

CVE-2026-6637

Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitate...

Updated flatpak packages fix security vulnerabilities

Complete sandbox escape leading to host file access and code execution in the host context. CVE-2026-34078 Arbitrary file deletion on the host filesystem. CVE-2026-34079...

CVE-2026-42199 vulnerabilities

Vulnerabilities for packages: zed...

GHSA-66FF-XGX4-VCHM vulnerabilities

Vulnerabilities for packages: pulumi, kubeflow-centraldashboard, renovate, vitess...

GHSA-F5V4-2WR6-HQMG vulnerabilities

Vulnerabilities for packages: yazi...

GHSA-V974-2CJF-22Q5 vulnerabilities

Vulnerabilities for packages: linux-vmware, linux-aws...

CVE-2026-43234 vulnerabilities

Vulnerabilities for packages: linux-vmware, linux-aws...

CVE-2026-43219 vulnerabilities

Vulnerabilities for packages: linux-vmware, linux-aws...

CVE-2026-28374

Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations...

CVE-2026-44243 vulnerabilities

Vulnerabilities for packages: awx, datahub-ingestion-fips...

GHSA-7H2M-M8VJ-598H vulnerabilities

Vulnerabilities for packages: authentik, authentik-fips, py3-django...

GHSA-C75F-55F6-F63Q vulnerabilities

Vulnerabilities for packages: libarchive...

CVE-2026-43320 affecting package kernel for versions less than 6.6.138.1-1

CVE-2026-43320 affecting package kernel for versions less than 6.6.138.1-1. An upgraded version of the package is available that resolves this issue...