GHSA-7H2M-M8VJ-598H vulnerabilities

Vulnerabilities for packages: py3-django, authentik, authentik-fips...

GHSA-C75F-55F6-F63Q vulnerabilities

Vulnerabilities for packages: libarchive...

CVE-2026-43320 affecting package kernel for versions less than 6.6.138.1-1

CVE-2026-43320 affecting package kernel for versions less than 6.6.138.1-1. An upgraded version of the package is available that resolves this issue...

GHSA-3G8H-86W9-WVMQ vulnerabilities

Vulnerabilities for packages: keep...

CVE-2026-45109 vulnerabilities

Vulnerabilities for packages: keep, jitsucom-jitsu...

jq security update

1.6-12 - Fix CVE-2026-40164 - Denial of Service via crafted JSON object causing hash collisions - Fix CVE-2026-39979 out-of-bounds read in jvparsesized - Resolves: RHEL-168174 - Resolves: RHEL-168192...

freerdp: FreeRDP: Denial of Service via double free vulnerability during disconnect

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. This double free vulnerability occurs during the cleanup process when a remote desktop session disconnects. Specifically, if a title allocation fails, a pointer to an application window is freed but not removed fro...

CVE-2026-42404 vulnerabilities

Vulnerabilities for packages: wildfly...

CVE-2026-8430

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability through specific nginx...

CVE-2026-32175

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the...

CVE-2026-32177

Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally...

CVE-2026-8388

Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11...

CVE-2026-40016

Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...

CVE-2026-40016

Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...

CVE-2026-33603

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...

CVE-2026-8389

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3...

GHSA-W657-MVR6-952M vulnerabilities

Vulnerabilities for packages: chromium...

GHSA-W4X3-2225-F6C3 vulnerabilities

Vulnerabilities for packages: chromium...

GHSA-5FHX-V47P-X6J3 vulnerabilities

Vulnerabilities for packages: chromium...

GHSA-2CVQ-G96P-GGFW vulnerabilities

Vulnerabilities for packages: chromium...