CVE-2026-48961 IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID

IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...

CVE-2026-48961 IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID

IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...

CVE-2026-48959

IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit count of the offset, 1 to 19 against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes per iteration...

CVE-2025-15649

IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the local-file-header last-modification date field and calls Time::Local::timelocal without an eval guard. A header whose date field decodes to ...

CVE-2026-41054 affecting package haveged for versions less than 1.9.22-1

CVE-2026-41054 affecting package haveged for versions less than 1.9.22-1. An upgraded version of the package is available that resolves this issue...

GHSA-76P7-773F-R4Q5 vulnerabilities

Vulnerabilities for packages: opensearch-dashboards...

CVE-2024-53382 vulnerabilities

Vulnerabilities for packages: opensearch-dashboards...

GHSA-X7HR-W5R2-H6WG vulnerabilities

Vulnerabilities for packages: opensearch-dashboards...

CVE-2024-11831 vulnerabilities

Vulnerabilities for packages: opensearch-dashboards...

GHSA-QP7P-654G-CW7P vulnerabilities

Vulnerabilities for packages: langfuse...

CVE-2026-44459 vulnerabilities

Vulnerabilities for packages: langfuse...

GHSA-P77W-8QQV-26RM vulnerabilities

Vulnerabilities for packages: langfuse...

GHSA-HM8Q-7F3Q-5F36 vulnerabilities

Vulnerabilities for packages: langfuse...

CVE-2026-44458 vulnerabilities

Vulnerabilities for packages: langfuse...

CVE-2026-44457 vulnerabilities

Vulnerabilities for packages: langfuse...

CVE-2026-49014

In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry...

[SECURITY] Fedora 43 Update: rust-afterburn-5.10.0-7.fc43

A simple cloud provider agent...

[SECURITY] Fedora 43 Update: rust-sequoia-octopus-librnp-1.11.1-6.fc43

Reimplementation of RNP's interface using Sequoia for use with Thunderbird...

[SECURITY] Fedora 43 Update: rust-sequoia-sop-0.37.3-3.fc43

An implementation of the Stateless OpenPGP Interface using Sequoia...

[SECURITY] Fedora 43 Update: rust-sequoia-sqv-1.3.0-6.fc43

A simple OpenPGP signature verification program...