Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues: CVE-2026-33999: XKB integer underflow in XkbSetCompatMap bsc1260922. CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom bsc1260923. CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence bsc1260924. CVE-2026-34002: XKB...

Linux Distros Unpatched Vulnerability : CVE-2026-32766

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX extensions were silently skipped when...

CVE-2025-61653 Extension:TextExtracts does not check for authorizeRead when returning extracts

Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability is associated with program files includes/ApiQueryExtracts.Php. This issue affects TextExtracts: from before 1.39.14, 1.43.4, 1.44.1...

CVE-2025-55083

CVE-2025-55083 affects NetX Duo (Eclipse Foundation ThreadX component) in versions before 6.4.4. A bound-check error leads to an out-of-bounds read (two units). Affected scope and impact are stated across multiple sources (NVD, Red Hat, OSV, CVE lists). Root cause: incorrect bound check in the re...

EUVD-2019-3807

Malware in sbrugna...

EUVD-2018-10410

Malware in sbrugna...

EUVD-2021-12714

Malware in sbrugna...

EUVD-2009-2142

Malware in sbrugna...

EUVD-2017-2780

Malware in sbrugna...

EUVD-2013-1094

Malware in sbrugna...

EUVD-2021-12716

Malware in sbrugna...

EUVD-2021-22758

Malware in sbrugna...

EUVD-2013-4209

Malware in sbrugna...

EUVD-2022-28987

Malicious code in bioql PyPI...

EUVD-2023-49663

Malicious code in bioql PyPI...

EUVD-2022-43301

Malicious code in bioql PyPI...

EUVD-2021-30884

Malicious code in bioql PyPI...

CVE-2025-54895 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Elevation of Privilege Vulnerability

...

CVE-2025-8217

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...

CVE-2025-6435

If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the .download file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability was fixed in Firefox 140 and...