CVE-2026-27143

Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption...

nodejs22 security update

1:22.22.2-1 - Update to version 22.22.2 - introduced patch updating deps/nghttp2 to v 1.68.1 for CVE-2026-27135 - disabled failing tests in nghttp2 due to newer version - patch for npm/braces CVE-2026-25547 1:22.22.0-4 - sources: changed ICU version syntax...

CVE-2026-28389 affecting package openssl for versions less than 3.3.5-5

CVE-2026-28389 affecting package openssl for versions less than 3.3.5-5. A patched version of the package is available...

CVE-2026-31790

Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process whi...

GHSA-H762-RHV3-H25V vulnerabilities

Vulnerabilities for packages: openexr...

NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file

A flaw was found in NGINX Open Source, specifically within the ngxhttpmp4module. An attacker can exploit this memory corruption vulnerability by providing a specially crafted MP4 file. This can lead to an over-read or over-write of NGINX worker memory, causing the worker to terminate and resultin...

CVE-2026-33816

Memory-safety vulnerability in github.com/jackc/pgx/v5...

CVE-2026-33033

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series such as...

GHSA-Q6VJ-WXVF-5M8C vulnerabilities

Vulnerabilities for packages: openexr...

CVE-2026-5734

Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was...

GHSA-F2G3-HH2R-CWGC vulnerabilities

Vulnerabilities for packages: gitness, portieris, zot, kots, envoy-gateway...

GHSA-3P65-76G6-3W7R vulnerabilities

Vulnerabilities for packages: envoy-gateway, portieris-fips, gitlab-rails-ce, kots, zot, portieris, gitness, gitlab-rails-ce-fips, envoy-gateway-fips...

GHSA-MWH4-6H8G-PG8W vulnerabilities

Vulnerabilities for packages: airflow, kserve, py3-cassandra-medusa, kubeflow-pipelines-visualization-server, checkov, open-webui, dask-kubernetes...

CVE-2026-31790

Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process whi...

CVE-2026-28389

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of...

CVE-2026-33055 affecting package trident for versions less than 0.22.0-1

CVE-2026-33055 affecting package trident for versions less than 0.22.0-1. A patched version of the package is available...

CVE-2026-25541 affecting package trident for versions less than 0.22.0-1

CVE-2026-25541 affecting package trident for versions less than 0.22.0-1. A patched version of the package is available...

CVE-2026-2443 affecting package libsoup for versions less than 3.4.4-14

CVE-2026-2443 affecting package libsoup for versions less than 3.4.4-14. A patched version of the package is available...

CVE-2025-0838 affecting package mysql for versions less than 8.0.45-2

CVE-2025-0838 affecting package mysql for versions less than 8.0.45-2. A patched version of the package is available...

CVE-2025-71161 affecting package kernel for versions less than 6.6.130.1-3

CVE-2025-71161 affecting package kernel for versions less than 6.6.130.1-3. A patched version of the package is available...