CVE-2026-44055

A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code...

CVE-2025-6590

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLUserTextField.Php. This issue affects MediaWiki: from through 1.39.12, 1.42.76 1.43.1, 1.44.0...

thunderbird security update

140.6.0-1.0.1 - Fix prefs for new nss Orabug: 37079820 - Add Oracle prefs file 140.6.0 - Add OpenELA debranding 140.6.0-1 - Update to 140.6.0 ESR...

[SECURITY] Fedora 42 Update: nginx-mod-brotli-1.0.0~rc-4.fc42

NGINX module for Brotli compression...

webkit2gtk3 security update

2.50.0-1 - Update to 2.50.0...

CVE-2023-53678

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix system suspend without fbdev being initialized If fbdev is not initialized for some reason - in practice on platforms without display - suspending fbdev should be skipped during system suspend, fix this up. While at...

perl-JSON-XS security update

1:4.04-1 - Update to 4.04 - Fix CVE-2025-40928...

CVE-2025-38567

In the Linux kernel, the following vulnerability has been resolved: nfsd: avoid ref leak in nfsdopenlocalfh If two calls to nfsdopenlocalfh race and both successfully call nfsdfileacquirelocal, they will both get an extra reference to the net to accompany the file reference stored in pnf. One of...

CVE-2025-38474

In the Linux kernel, the following vulnerability has been resolved: usb: net: sierra: check for no status endpoint The driver checks for having three endpoints and having bulk in and out endpoints, but not that the third endpoint is interrupt input. Rectify the omission...

CVE-2025-38492

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix race between cache write completion and ALLQUEUED being set When netfslib is issuing subrequests, the subrequests start processing immediately and may complete before we reach the end of the issuing function. At the en...

CVE-2025-38379

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix warning when reconnecting channel When reconnecting a channel in smb2reconnectserver, a dummy tcon is passed down to smb2reconnect with -queryinterface uninitialized, so we can't call queuedelayedwork on it. Fix...

CVE-2025-46334

Git GUI allows you to use the Git source control management tools via a GUI. A malicious repository can ship versions of sh.exe or typical textconv filter programs such as astextplain. Due to the unfortunate design of Tcl on Windows, the search path when looking for an executable always includes...

CVE-2024-25177

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IRFSTORE for NULL metatable, which leads to Denial of Service DoS...

CVE-2024-25176

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in ljstrfmtwfnum in ljstrfmtnum.c...

CVE-2025-38160

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Add NULL check in raspberrypiclkregister devmkasprintf returns NULL when memory allocation fails. Currently, raspberrypiclkregister does not check for this case, which results in a NULL pointer dereference. Add NUL...

CVE-2025-38155

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7915: Fix null-ptr-deref in mt7915mmiowedinit devmioremap returns NULL on error. Currently, mt7915mmiowedinit does not check for this case, which results in a NULL pointer dereference. Prevent null pointer dereferen...

CVE-2022-50112

In the Linux kernel, the following vulnerability has been resolved: rpmsg: qcomsmd: Fix refcount leak in qcomsmdparseedge ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when done...

CVE-2025-1088

In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher...

CVE-2024-38824

Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...

CVE-2025-49146

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...