GHSA-RGXP-2HWP-JWGG vulnerabilities

Vulnerabilities for packages: open-webui, text-generation-inference, dbt-bigquery...

CVE-2026-25087 vulnerabilities

Vulnerabilities for packages: open-webui, text-generation-inference, dbt-bigquery...

CVE-2026-26158 vulnerabilities

Vulnerabilities for packages: busybox...

GHSA-R8F8-4PGH-4M8V vulnerabilities

Vulnerabilities for packages: busybox...

CVE-2026-26157 vulnerabilities

Vulnerabilities for packages: busybox...

GHSA-XM63-5PJX-VRHP vulnerabilities

Vulnerabilities for packages: busybox...

CVE-2026-48914

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an...

CVE-2026-48068 vulnerabilities

Vulnerabilities for packages: jitsucom-jitsu, langfuse-fips, langfuse, pulumi, opentelemetry-auto-instrumentations-node, cadence-web, kibana...

CVE-2026-48069 vulnerabilities

Vulnerabilities for packages: jitsucom-jitsu, langfuse-fips, langfuse, pulumi, opentelemetry-auto-instrumentations-node, cadence-web, kibana...

GHSA-5375-PQ7M-F5R2 vulnerabilities

Vulnerabilities for packages: jitsucom-jitsu, langfuse-fips, langfuse, pulumi, opentelemetry-auto-instrumentations-node, cadence-web, kibana...

GHSA-99F4-GRH7-6PCQ vulnerabilities

Vulnerabilities for packages: jitsucom-jitsu, langfuse-fips, langfuse, pulumi, opentelemetry-auto-instrumentations-node, cadence-web, kibana...

CVE-2026-47701 vulnerabilities

Vulnerabilities for packages: kube-logging-operator-fips, kube-logging-operator...

GHSA-CXH2-4639-VMC5 vulnerabilities

Vulnerabilities for packages: kube-logging-operator-fips, kube-logging-operator...

CVE-2026-44892

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, the default configuration of the Http3ConnectionHandler in the Netty HTTP/3 codec lacks an enforced maximum header size limit. When a peer does not explicitly specify...

SUSE CVE-2026-3886

unknown...

SUSE CVE-2026-11787

A flaw was found in 389 Directory Server. The ldaputf8prev function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior...

SUSE CVE-2026-11791

A flaw was found in 389 Directory Server. During schema reload, the attrsyntaxswapht function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while...

SUSE CVE-2026-42487

HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model via XENDOMCTLioportmapping, and hence the linked list used may changed at any time. Traversal of those lists while handling guest I/O port accesses therefore needs...

SUSE CVE-2026-42488

Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache...

SUSE CVE-2026-42489

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these...