GHSA-3P65-76G6-3W7R vulnerabilities

Vulnerabilities for packages: envoy-gateway, portieris-fips, gitlab-rails-ce, kots, zot, portieris, gitness, gitlab-rails-ce-fips, envoy-gateway-fips...

GHSA-MWH4-6H8G-PG8W vulnerabilities

Vulnerabilities for packages: airflow, kserve, py3-cassandra-medusa, kubeflow-pipelines-visualization-server, checkov, open-webui, dask-kubernetes...

CVE-2026-31790

Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process whi...

CVE-2026-28389

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of...

CVE-2025-71161 affecting package kernel for versions less than 6.6.130.1-3

CVE-2025-71161 affecting package kernel for versions less than 6.6.130.1-3. A patched version of the package is available...

CVE-2026-2443 affecting package libsoup for versions less than 3.4.4-14

CVE-2026-2443 affecting package libsoup for versions less than 3.4.4-14. A patched version of the package is available...

CVE-2026-25541 affecting package trident for versions less than 0.22.0-1

CVE-2026-25541 affecting package trident for versions less than 0.22.0-1. A patched version of the package is available...

CVE-2026-33055 affecting package trident for versions less than 0.22.0-1

CVE-2026-33055 affecting package trident for versions less than 0.22.0-1. A patched version of the package is available...

CVE-2025-0838 affecting package mysql for versions less than 8.0.45-2

CVE-2025-0838 affecting package mysql for versions less than 8.0.45-2. A patched version of the package is available...

CVE-2026-3119 affecting package bind for versions less than 9.20.21-1

CVE-2026-3119 affecting package bind for versions less than 9.20.21-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-34786 vulnerabilities

Vulnerabilities for packages: pact-broker-docker-fips, pact-broker-docker, ruby3.4-rack, logstash, ruby3.2-rack, ruby3.4-rails, ruby4.0-rack, gitlab-rails-ce, kube-fluentd-operator, ruby3.3-rack, ruby3.2-rails, gitlab-rails-ce-fips, gitlab-cng...

CVE-2026-34826 vulnerabilities

Vulnerabilities for packages: pact-broker-docker-fips, pact-broker-docker, ruby3.4-rack, logstash, ruby3.2-rack, ruby3.4-rails, ruby4.0-rack, gitlab-rails-ce, kube-fluentd-operator, ruby3.3-rack, ruby3.2-rails, gitlab-rails-ce-fips, gitlab-cng...

CVE-2019-25656

R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to trigger a structured exception handler SEH overwrite by supplying malicious input. Attackers can craft a payload string in the 'Language for menus and messages' field to...

GHSA-XPG8-3HHP-P7W8 vulnerabilities

Vulnerabilities for packages: temporal, temporal-fips...

GHSA-F2HX-5FX3-HMCV vulnerabilities

Vulnerabilities for packages: keycloak, keycloak-fips...

GHSA-P5RH-VMHP-GVCW vulnerabilities

Vulnerabilities for packages: dgraph...

CVE-2026-35542

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. This may lead to information disclosure or access-control bypass...

ROS-20260403-73-0038

A vulnerability in the sound/soc/soc-core.c component of the Linux kernel is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause a denial-of-service condition...

SUSE CVE-2026-34525

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4...

CVE-2026-34518 vulnerabilities

Vulnerabilities for packages: authentik-fips, keep, checkov, tritonserver-backend-vllm-cuda-12.9, kubeflow-pipelines-visualization-server, dask-kubernetes, open-webui, airflow, awx, airflow-core, authentik, py3.13-scanner-test-libraries-aiohttp, datahub-ingestion, datahub-ingestion-fips,...