CLEANSTART-2026-PV98664 Security fixes for CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-68119, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x, ghsa-m6hq-p25p-ffr2, ghsa-p77j-4mvh-x3m3, ghsa-pwhc-rpq9-4c8w applied in versions: 0.6.4-r5, 0.6.4-r6, 0.7.0-r4

Multiple security vulnerabilities affect the k8ssandra-client-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-PW57640 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-1229, CVE-2026-24051, CVE-2026-25679, CVE-2026-25934, CVE-2026-26958, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, CVE-2026-4427, ghsa-37cx-329c-33x3, ghsa-6g7g-w4f8-9c9x, ghsa-9h8m-3fm2-qjrq, ghsa-9mj6-hxhv-w67j, ghsa-cfpf-hrx2-8rv6, ghsa-f6x5-jh6r-wrfv, ghsa-fw7p-63qq-7hpr, ghsa-j5w8-q4qc-rx2x, ghsa-jqcq-xjh3-6g23, ghsa-p77j-4mvh-x3m3, ghsa-q9hv-hpm4-hj6x, ghsa-x6gf-mpr2-68h6 applied in versions: 1.12.1-r0, 1.12.1-r1, 1.12.1-r2

Multiple security vulnerabilities affect the grafana-alloy-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-KJ02127 Security fixes for CVE-2025-47911, CVE-2025-58190, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142 applied in versions: 1.8.6-r0, 1.8.6-r1

Multiple security vulnerabilities affect the karpenter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-21629 Joomla! Core - [20260301] - ACL hardening in com_ajax

The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers...

CVE-2026-21629

The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers...

CVE-2026-5273

Use after free in CSS in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-5283

CVE-2026-5283 concerns an inappropriate ANGLE implementation in Google Chrome before 146.0.7680.178 that could allow a remote attacker to leak cross-origin data via a crafted HTML page. The connected documents indicate this is fixed in Chrome/Chromium around the 146.0.7680.178 update, with relate...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

Astra Linux – Vulnerability in Firefox

Memory safety bugs exist in Firefox 146 and Thunderbird 146. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability has been fixed in Firefox 147 and Thunderbird...

Astra Linux – Vulnerability in Firefox

JIT compilation errors, use-after-free in the JavaScript Engine: JIT components. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

Astra Linux – Vulnerability in Chromium

The incorrect security UI in PictureInPicture in Google Chrome prior to version 146.0.7680.71 allowed a remote attacker to perform UI spoofing through a crafted HTML page. Chromium security severity: Medium...

Astra Linux – Vulnerability in Firefox

Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections

A flaw was found in NGINX. When NGINX is configured to proxy to upstream Transport Layer Security TLS servers, An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the form title input field. An attacker can execute arbitrary JavaScript code in the browser of users who view the affected page by injecting malicious scripts into the form title field, which are then store...

CVE-2026-25833

Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509inetptonipv6 function...

PT-2026-35854

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.138 Description An out of bounds read and write issue exists in Angle, which could allow a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Recommendations Update ...

CVE-2026-25833

Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509inetptonipv6 function...

CVE-2026-34872

In Mbed TLS versions 3.5.x and 3.6.x up to 3.6.5, and TF-PSA-Crypto 1.0, there is a fault in finite-field Diffie-Hellman (FFDH) due to improper input validation that results in a lack of contributory behavior. The peer can force the shared secret into a small set of values, which matters for prot...

PT-2026-29605

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description A response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially leading to a denial-of-service condition. Multipart headers were not subject to...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of recursion in file configuration files. This vulnerability may lead to exhaustion of th...