Important: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVE-2026-4775 For more details about the security issues,...

CVE-2026-37630

An issue in QuickJS-NG v.0.12.1 allows an attacker to execute arbitrary code via the jsmappedargumentsmark function...

ALSA-2026:15887 Important: openexr security update

OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR. Security Fixes:...

CVE-2026-31253

The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 2025-13-04 contains an insecure deserialization vulnerability CWE-502 in its checkpoint loading mechanism. The loadcheckpoint function in checkpoint.py and the checkpoint loading code in eval.py use...

MiracleLinux 8 : mingw-libtiff-4.0.9-4.el8_10 (AXSA:2026-594:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-594:01 advisory. libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVE-2026-4775 Tenable has extracted the...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the SWSDfldsrch function. An attacker can execute arbitrary code or cause a denial of service by providing crafted input that triggers a heap-based buffer overflow. Remediation Upgrade gdal to version 3.13....

KLA91043 Multiple vulnerabilities in Apache Tomcat

Multiple vulnerabilities were found in Apache Tomcat. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Security vulnerability can be exploited to bypass security...

CVE-2026-42311

Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0...

CVE-2026-42311

Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0...

SUSE CVE-2023-47268

In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is sliced and G-code exported...

Unity Linux 20.1070e Security Update: gstreamer1-plugins-good (UTSA-2026-017385)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017385 advisory. Integer overflow in matroskademux element in gstmatroskademuxaddwvpkheader function which allows a heap overwrite while parsing matroska files. Potential for arbitra...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: postgresql-13 (UTSA-2026-017347)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017347 advisory. A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification...

CVE-2026-42298 Postiz: Arbitrary Code Execution and Token Exfiltration in pr-docker-build.yml via untrusted Dockerfile.dev

Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Request" vulnerability in the Build and Publish PR Docker Image workflow .github/workflows/pr-docker-build.yml allows any unauthenticated user to execute arbitrary code during the Docker build process and exfiltrate a...

CVE-2026-42298

CVE-2026-42298 affects Postiz (AI social media scheduling tool). The issue arises in the Build and Publish PR Docker Image workflow (.github/workflows/pr-docker-build.yml), where an unauthenticated user can cause arbitrary code execution during Docker image build by submitting a fork with a malic...

EUVD-2026-28828

Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types ray.data.arrowtensor, ray.data.arrowtensorv2, ray.data.arrowvariableshapedtensor globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension type...

CVE-2026-41486

Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types ray.data.arrowtensor, ray.data.arrowtensorv2, ray.data.arrowvariableshapedtensor globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension type...

CVE-2026-43378

A flaw was found in the Linux kernel. Specifically, within the Server Message Block SMB server component, a use-after-free vulnerability exists in the smb2open function. This issue arises when an opinfo pointer is accessed after its memory has been deallocated, creating a window for potential...

@babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input

Impact Using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. Known affected plugins are: - @babel/plugin-transform-modules-systemjs - @babel/preset-env when using the modules: "systemjs" option, as it delegat...

CVE-2026-8178

An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application...

[SECURITY] [DSA 6256-1] php8.4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6256-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 08, 2026 https://www.debian.org/security/faq -...