762 matches found
Fedora 43 : python-uv-build / rust-astral-tokio-tar / uv (2026-a8100094df)
The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-a8100094df advisory. Update uv and python-uv-build to 0.11.11. Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA- xx64-wwv2-hcqq and GHSA-...
GHSA-6M6C-36F7-FHXH Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS
Impact Mermaid v11.14.0 and earlier are vulnerable to a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. Example: gantt excludes monday,tuesday,wednesday,thursday,friday,saturday,sunday DoS :2025-01-01, 1d mermaid.parse is unaffected,...
PT-2026-39823
Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 18.7.9 iPadOS versions prior to 26.5 macOS Sequoia versions prior to 15.7.7 macOS Sonoma versions prior to 14.8.7 macOS Tahoe versions prior to 26.5 tvOS versions...
TencentOS Server 3: freerdp (TSSA-2026:0266)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0266 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
PT-2026-35931
Name of the Vulnerable Software and Affected Versions PhpSpreadsheet versions prior to 1.30.4 PhpSpreadsheet versions 2.0.0 through 2.1.15 PhpSpreadsheet versions 2.2.0 through 2.4.4 PhpSpreadsheet versions 3.3.0 through 3.10.4 PhpSpreadsheet versions 4.0.0 through 5.6.0 Description The HTML Writ...
CVE-2026-22565
An Improper Input Validation vulnerability could allow a malicious actor with access to the UniFi Play network to cause the device to stop responding. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Port Version 1.0.24 and earlier Mitigation: Update UniFi Play...
CLEANSTART-2026-UY60586 Security fixes for CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61729, CVE-2026-1229, CVE-2026-25679, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27141, CVE-2026-27142 applied in versions: 3.19.0-r0, 4.0.0-r0, 4.0.1-r0, 4.1.1-r1, 4.1.1-r2
Multiple security vulnerabilities affect the helm package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-XH83206 Security fixes for CVE-2025-55190, CVE-2025-55191, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-59537, CVE-2025-59538, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61732, CVE-2025-68121, CVE-2026-1229, CVE-2026-24051, CVE-2026-25934, ghsa-2v5j-vhc3-9cwm, ghsa-2vgg-9h3w-qbr4, ghsa-2xsj-vh29-9cwm, ghsa-3wgm-2mw2-vh5m, ghsa-4x4m-3c2p-qppc, ghsa-6v2p-p543-phr9, ghsa-92cp-5422-2m47, ghsa-93mq-9ffx-83m2, ghsa-f6x5-jh6r-wrfv, ghsa-hj2p-8wj8-pfq4, ghsa-j5w8-q4qc-rx2x, ghsa-mh63-6h87-95cp, ghsa-mw99-9chc-xw7r applied in versions: 2.13.9-r0, 2.14.20-r0, 3.0.16-r0, 3.0.19-r0, 3.1.11-r0, 3.1.11-r1, 3.1.4-r0, 3.1.8.-r0, 3.1.9-r4
Multiple security vulnerabilities affect the argo-cd-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-OX06978 Security fixes for CVE-2025-55190, CVE-2025-55191, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-59537, CVE-2025-59538, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2026-1229, CVE-2026-24051, CVE-2026-25934, ghsa-2v5j-vhc3-9cwm, ghsa-2vgg-9h3w-qbr4, ghsa-2xsj-vh29-9cwm, ghsa-37cx-329c-33x3, ghsa-3wgm-2mw2-vh5m, ghsa-4x4m-3c2p-qppc, ghsa-6v2p-p543-phr9, ghsa-92cp-5422-2m47, ghsa-93mq-9ffx-83m2, ghsa-f6x5-jh6r-wrfv, ghsa-hj2p-8wj8-pfq4, ghsa-j5w8-q4qc-rx2x, ghsa-mh63-6h87-95cp, ghsa-mw99-9chc-xw7r applied in versions: 2.13.9-r0, 2.14.20-r0, 3.0.16-r0, 3.0.19-r0, 3.1.4-r0, 3.1.8.-r0, 3.1.9-r4, 3.2.7-r0, 3.3.1-r1
Multiple security vulnerabilities affect the argo-cd-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-KW24478 Security fixes for CVE-2021-3538, CVE-2025-15558, CVE-2025-29923, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 2.14.2-r0, 2.14.2-r1, 2.15.0-r0, 2.15.0-r1
Multiple security vulnerabilities affect the harbor-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-TS54009 Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61727, CVE-2025-61729, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186 applied in versions: 1.24.4-r0, 1.27.3-r0, 1.27.3-r1
Multiple security vulnerabilities affect the cloudnative-pg-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-MF20926 Security fixes for CVE-2021-38561, CVE-2022-27191, CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-58190, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 3.1.2-r3, 3.1.2-r4, 3.7.0-r0, 3.7.0-r2
Multiple security vulnerabilities affect the git-lfs-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-PW57640 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-1229, CVE-2026-24051, CVE-2026-25679, CVE-2026-25934, CVE-2026-26958, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, CVE-2026-4427, ghsa-37cx-329c-33x3, ghsa-6g7g-w4f8-9c9x, ghsa-9h8m-3fm2-qjrq, ghsa-9mj6-hxhv-w67j, ghsa-cfpf-hrx2-8rv6, ghsa-f6x5-jh6r-wrfv, ghsa-fw7p-63qq-7hpr, ghsa-j5w8-q4qc-rx2x, ghsa-jqcq-xjh3-6g23, ghsa-p77j-4mvh-x3m3, ghsa-q9hv-hpm4-hj6x, ghsa-x6gf-mpr2-68h6 applied in versions: 1.12.1-r0, 1.12.1-r1, 1.12.1-r2
Multiple security vulnerabilities affect the grafana-alloy-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-JM60128 Security fixes for CVE-2026-4428, ghsa-2gh3-rmm4-6rq5, ghsa-394x-vwmw-crm3, ghsa-434x-w66g-qw3r, ghsa-65p9-r9h6-22vj, ghsa-9f94-5g5w-gf6r, ghsa-hfpc-8r3f-gw53, ghsa-pwjx-qhcg-rvj4, ghsa-r6v5-fh4h-64xc, ghsa-vw5v-4f2q-w9xf, ghsa-xwfj-jgwm-7wp5 applied in versions: 1.28.2-r0, 1.28.4-r0, 1.28.4-r1
Multiple security vulnerabilities affect the ztunnel-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
Ruby LSP has arbitrary code execution through branch setting
Summary The rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a user opens a project containing a malicious .vscode/settings.json. Other editors that support workspace setting that get automatically...
BIT-DISCOURSE-2026-33410 Discourse hardens chat DM channel creation and expansion
Discourse is an open-source discussion platform. Versions prior to 2026.3.0, 2026.2.1, and 2026.1.2 have two authorization issues in the chat direct message API. First, when creating a direct message channel or adding users to an existing one, the targetgroups parameter was passed directly to the...
CVE-2026-28852
A stack overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to cause a denial-of-service...
PT-2026-26938
Name of the Vulnerable Software and Affected Versions Suricata affected versions not specified Description This relates to security issues addressed in the libsuricata8 0 4-8.0.4-1.1 package on openSUSE Tumbleweed. Recommendations At the moment, there is no information about a newer version that...
container-tools:rhel8 security update
aardvark-dns 2:1.10.1-2 - build off the RHEL maintenance branch - Resolves: RHEL-59129 2:1.10.0-1 - update to https://github.com/containers/aardvark-dns/releases/tag/v1.10.0 - Related: Jira:RHEL-2110 2:1.9.0-1 - update to https://github.com/containers/aardvark-dns/releases/tag/v1.9.0 - Related:...
CVE-2026-26207 DIscourse's discourse-policy plugin lacks post access check
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, discourse-policy plugin allows any authenticated user to interact with policies on posts they do not have permission to view. The PolicyController loads posts by ID without verifying the current...