CVE-2026-9121 vulnerabilities

Vulnerabilities for packages: chromium...

CVE-2026-9117 vulnerabilities

Vulnerabilities for packages: chromium...

CVE-2026-9115 vulnerabilities

Vulnerabilities for packages: chromium...

CVE-2026-9114 vulnerabilities

Vulnerabilities for packages: chromium...

CVE-2026-9111 vulnerabilities

Vulnerabilities for packages: chromium...

[SECURITY] Fedora 44 Update: python-uv-build-0.11.15-1.fc44

This package is a slimmed down version of uv containing only the build backend...

[SECURITY] Fedora 44 Update: rust-astral_async_zip-0.0.18~rc4-2.fc44

An asynchronous ZIP archive reading/writing crate...

[SECURITY] Fedora 43 Update: rust-astral_async_zip-0.0.18~rc4-2.fc43

An asynchronous ZIP archive reading/writing crate...

[SECURITY] Fedora 43 Update: rust-astral_async_http_range_reader-0.11.0-2.fc43

A library for streaming reading of files over HTTP using range requests...

PT-2026-47181

Albatross-console doesn't properly terminate when looping over the ringbuffer. This leads to denial of service and memory exhaustion. Scenario A user that has access to albatross-console either via the unix domain socket requires root:albatross by default or via albatross-tls-endpoint requires a...

PT-2026-44549

Summary The nono Landlock/seccomp policies allow access to local Unix domain sockets concrete and abstract. This allows an easy sandbox escape by talking to the per-user systemd dbus socket. Threat scenario: Running Aider, Claude Code, OpenCode or similar tools with "allow bash" policy so that it...

CloudNativePG 代码问题漏洞

CloudNativePG is an open-source platform developed by CloudNativePG for managing the entire lifecycle of PostgreSQL databases on Kubernetes. Versions of CloudNativePG prior to 1.29.1 and 1.28.3 contained code vulnerabilities. These vulnerabilities stemmed from the metric exporter using the pod’s...

CVE-2026-42998

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their own application...

MariaDB -- Multiple vulnerabilities

The MariaDB project reports: Multiple vulnerabilities in MariaDB Cluster Galera...

CVE-2026-44660

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operatio...

CVE-2026-45108

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...

CVE-2025-36122

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service using a specially crafted SQL query due to improper allocation of system resources...

GHSA-PH9P-34F9-6G65 vulnerabilities

Vulnerabilities for packages: saf, prism, pulumi, lerna, renovate, opensearch-dashboards, vitess...

CVE-2026-46625 vulnerabilities

Vulnerabilities for packages: opensearch-dashboards, saf...

GHSA-QJX8-664M-686J vulnerabilities

Vulnerabilities for packages: opensearch-dashboards, saf...