CVE-2026-42037 vulnerabilities

Vulnerabilities for packages: jitsucom-jitsu, langfuse, prism, saf, opensearch-dashboards, lerna, kubeflow-centraldashboard...

CVE-2026-42258 vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, gitlab-rails-ce-fips, ruby4.0-rails, ruby3.3-rails, logstash, ruby3.4-rails, ruby3.2-net-imap, gitlab-rails-ce, kube-fluentd-operator, ruby3.3-net-imap, logstash-fips, ruby3.4-net-imap, kube-logging-operator, ruby4.0-net-imap...

ROS-20260506-73-0008

Vulnerability in binutils related to execution of a loop with an unreachable exit condition. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260506-73-0035

Vulnerability in tomcat10 related to a flaw in the output encoding or escaping mechanism. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...

curl: Fix of 2 CVEs

CVE-2019-5436: tftp: use the current blksize for recvfrom - CVE-2016-8615: cookie: replace use of fgets with custom version...

vim: Fix of CVE-2026-39881

CVE-2026-39881: fix command injection in netbeans interface by validating defineAnnoType typeName/fg/bg and specialKeys tokens against an allowlist of safe characters before interpolating them into Ex commands...

GHSA-QQ3R-W4HJ-GJP6 vulnerabilities

Vulnerabilities for packages: dagdotdev...

GHSA-M7HM-VM4X-28JF vulnerabilities

Vulnerabilities for packages: dagdotdev...

dovecot: denial of service via specially crafted NOOP command

A flaw was found in dovecot. An unauthenticated and remote attacker can send a specially crafted "NOOP" command containing numerous open and close parentheses without a command-ending line feed, causing the server to allocate an excessive amount of memory, resulting in a denial of service...

GHSA-PWV6-VV43-88GR vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, superset...

GHSA-HCWR-PQ9G-RQ3M vulnerabilities

Vulnerabilities for packages: amazon-ssm-agent-fips, dagdotdev...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

CVE-2026-44029

An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory traversal. The fixed versions are 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7 introduced in 2.24.7;...

ROS-20260505-73-0055

Vulnerability in python3 related to insufficient neutralization of special elements in a request. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

LibRaw security update

0.19.5-6 - Backport fix for CVE-2026-24660 from upstream Resolves: RHEL-165412 0.19.5-5 - Backport fixes for CVE-2026-20889 and CVE-2026-21413 from upstream - Migrate to SPDX license Resolves: RHEL-165404, RHEL-165408...

ROS-20260505-73-0026

A vulnerability in the appendChild and clearidcache functions of the Python programming language interpreter CPython is related to algorithmic complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260505-73-0018

A vulnerability in the ElementDeclHandler component of the Python Programming Language Interpreter CPython is related to uncontrolled recursion. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260505-73-0059

Vulnerability in python3.13 related to insufficient neutralization of special elements in a request. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260505-73-0047

A vulnerability in the urllib.request.DataHandler component of the Python programming language interpreter is related to the failure to take measures to neutralize CRLF sequences. Exploitation of the vulnerability may allow a remote attacker to affect the integrity of protected information...

ROS-20260505-73-0046

A vulnerability in the urllib.request.DataHandler component of the Python programming language interpreter is related to the failure to take measures to neutralize CRLF sequences. Exploitation of the vulnerability may allow a remote attacker to affect the integrity of protected information...