AZL-78579 CVE-2026-22796 affecting package openssl-fips-provider 3.1.2-1

Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS7 data where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS7 data. Impact summary: An application...

CVE-2026-22796

Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS7 data where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS7 data. Impact summary: An application...

RethinkDB security vulnerabilities

RethinkDB is an open-source database developed by RethinkDB. RethinkDB versions 2.4.4 and earlier have a security vulnerability. This vulnerability stems from a buffer overflow in the JSON parsing component cJSON.Cc, which could allow for the execution of arbitrary code...

EUVD-2026-4322

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

SUSE CVE-2026-23736

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, due to improper input validation, a malicious object key can lead to prototype pollution during JSON deserialization. This vulnerability affects only JSON...

[SECURITY] Fedora 42 Update: rpki-client-9.7-1.fc42

The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...

EUVD-2026-3806

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

EUVD-2026-3679

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. Exploitation is possible via overriding consta...

CVE-2026-23737 seroval Affected by Remote Code Execution via JSON Deserialization

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. Exploitation is possible via overriding consta...

seroval Affected by Remote Code Execution via JSON Deserialization

Improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. The vulnerability can be exploited via overriding constant value and error deserialization, which allows indirect access to unsafe JS evaluation. This requires at least the ability to...

EUVD-2026-3680

seroval Affected by Prototype Pollution via JSON Deserialization...

GHSA-HJ76-42VX-JWP4 seroval Affected by Prototype Pollution via JSON Deserialization

Due to improper input validation, a malicious object key can lead to prototype pollution during JSON deserialization. This affects only JSON deserialization functionality. As there is no known workaround, please upgrade to the latest version...

[SECURITY] Fedora 42 Update: musescore-4.3.2-20.fc42

MuseScore is a free cross platform WYSIWYG music notation program. Some highlights: WYSIWYG, notes are entered on a "virtual note sheet" Unlimited number of staves Up to four voices per staff Easy and fast note entry with mouse, keyboard or MIDI Integrated sequencer and FluidSynth software...

Directory Traversal

Overview MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Directory Traversal via the PUT handler in the file upload API, which directly joins user-supplied input into a filesystem path without proper...

[SECURITY] Fedora 43 Update: musescore-4.6.5-32.fc43

MuseScore is a free cross platform WYSIWYG music notation program. Some highlights: WYSIWYG, notes are entered on a "virtual note sheet" Unlimited number of staves Up to four voices per staff Easy and fast note entry with mouse, keyboard or MIDI Integrated sequencer and FluidSynth software...

TencentOS Server 4: grafana (TSSA-2026:0007)

"The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0007 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2021-22008

The vCenter Server contains an information disclosure vulnerability in VAPI vCenter API service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information...

CVE-2024-34474

Clario through 2024-04-11 for Desktop has weak permissions for %PROGRAMDATA%\Clario and tries to load DLLs from there as SYSTEM...

SUSE CVE-2026-21869

llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the ndiscard parameter is parsed directly from JSON input in the llama.cpp server's completion endpoints without validation to ensure it's non-negative. When a negative value is supplied and the context fill...

UBUNTU-CVE-2025-67858

A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to nft. This issue affects Foomuuri: from ? before 0.31...