4027 matches found
ROS-20260512-73-0030
A vulnerability in the Core component of Oracle VM VirtualBox virtual machine is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker to gain full control over the application...
ROS-20260512-73-0016
A vulnerability in the Core component of Oracle VM VirtualBox virtual machine is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker to gain full control over the application...
ROS-20260512-73-0010
Vulnerability in beats related to reading beyond buffer boundaries in memory. Exploitation of the vulnerability may allow an attacker to cause a denial of service...
ROS-20260512-73-0011
Vulnerability in hdf5 related to memory usage after memory release. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...
webkitgtk: A malicious website may be able to process restricted web content outside the sandbox
A flaw was found in WebKitGTK. A maliciously crafted web page may be able to process restricted web content outside the sandbox due to improper memory handling...
CVE-2026-43895
jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during module and data-file lookup. This creates a mismatch between the logical import string that policy o...
CVE-2026-2291
dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS...
CVE-2026-5172
A buffer overflow in dnsmasq’s extractaddresses function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extractname to advance the pointer past the record’s end...
GHSA-7PWC-H2J2-RJGJ vulnerabilities
Vulnerabilities for packages: zipkin, spark...
CVE-2026-44458 vulnerabilities
Vulnerabilities for packages: langfuse, opensearch-dashboards, librechat, wazuh-dashboard-fips, langfuse-fips, opensearch-dashboards-fips, wazuh-dashboard, kibana...
GHSA-HM8Q-7F3Q-5F36 vulnerabilities
Vulnerabilities for packages: langfuse, opensearch-dashboards, librechat, wazuh-dashboard-fips, langfuse-fips, opensearch-dashboards-fips, wazuh-dashboard, kibana...
GHSA-QP7P-654G-CW7P vulnerabilities
Vulnerabilities for packages: langfuse, opensearch-dashboards, librechat, wazuh-dashboard-fips, langfuse-fips, opensearch-dashboards-fips, wazuh-dashboard, kibana...
GHSA-V8VW-GW5J-W7M6 vulnerabilities
Vulnerabilities for packages: goreleaser...
CVE-2026-44664 vulnerabilities
Vulnerabilities for packages: renovate...
GHSA-JP94-3292-C3XV vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce, gitlab-rails-ce-fips...
CVE-2026-42308
Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0...
CVE-2026-31694 affecting package kernel for versions less than 6.6.137.1-2
CVE-2026-31694 affecting package kernel for versions less than 6.6.137.1-2. An upgraded version of the package is available that resolves this issue...
CVE-2026-43267 affecting package kernel for versions less than 6.6.137.1-2
CVE-2026-43267 affecting package kernel for versions less than 6.6.137.1-2. An upgraded version of the package is available that resolves this issue...