CVE-2026-50128

Mastodon vulnerability CVE-2026-50128 affects versions 4.3.0 through 4.5.11 and 4.4.18, where an error in the attributionDomains JSON-LD handling allows an attacker to arbitrarily modify the attributionDomains value on a legitimately signed Update and bypass signature verification. This can under...

CVE-2026-52933

A flaw was found in the Linux kernel's iouring/poll component. A logic error exists in the iopollgetownership function due to an incorrect signed comparison. This flaw prevents the necessary slowpath from being triggered when the IOPOLLCANCELFLAG is set, potentially leading to unexpected behavior...

CVE-2026-52933

In the Linux kernel, the following vulnerability has been resolved: iouring/poll: fix signed comparison in iopollgetownership iopollgetownership uses a signed comparison to check whether pollrefs has reached the threshold for the slowpath: if unlikelyatomicread&req-pollrefs = IOPOLLREFBIAS...

CVE-2026-52933

CVE-2026-52933 affects the Linux kernel’s io_uring/poll path. The vulnerability stems from a signed comparison in io_poll_get_ownership(): it compares an atomic_read(&req->poll_refs) against IO_POLL_REF_BIAS using signed arithmetic. If the IO_POLL_CANCEL_FLAG (BIT(31)) is set, the read value b...

CVE-2026-56384

Craft CMS contains a missing authorization vulnerability in the assets/preview-thumb endpoint. A Control Panel user without permission to view a target private asset can call the endpoint with an attacker-controlled assetId and receive preview HTML containing a signed fallback transform preview...

CVE-2026-49346 libde265 has a heap buffer overflow in de265_image_get_buffer via SPS dimension integer overflow

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in de265imagegetbuffer libde265/image.cc:128. The overflow wraps the plane allocation size to a sma...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Fixed the incorrect assignment of a signed error value to unsigned fwlevel. Although the acpifindlastcachelevel function always returns a signed value, and the documentation states that it will return any errors...

Astra Linux – Vulnerability in Thunderbird

When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text is never displayed to the user. This is because the text is interpreted as a MIME message, and the first paragraph is always treated as part of an email header section. A digitally signed text...

Astra Linux – Vulnerability in libass

In libass 0.14.0, the call to assoutlineconstruct's outlinestroke function causes a signed integer overflow...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Regulator: Core – Prevent integer underflow By using a ratio of delay to pollEnabledTime that is not an integer, timeRemaining underflows may occur, causing the loop not to exit as expected. Since delay can be derived from DT, an...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ftruncate: passing a signed offset. The old ftruncate system call, which used the 32-bit offt type, missed a sign extension when called in compat mode on 64-bit architectures. As a result, passing a negative length accidentally...

CVE-2026-48783

Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and applied subscription-enforcement side effects to the organization referenced in that token's claims, without verifying the token's intended purpose. The...

openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

A flaw was found in OpenSSL. When processing a specially crafted PKCS7 or S/MIME Secure/Multipurpose Internet Mail Extensions signed message, a heap use-after-free vulnerability in the PKCS7verify function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an emp...

PT-2026-50122

Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and applied subscription-enforcement side effects to the organization referenced in that token's claims, without verifying the token's intended purpose. The...

EUVD-2026-36804

A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a...

CVE-2026-52722

GStreamer VMnc decoder in gstreamer1-plugins-bad-free contains a signed integer overflow in cursor payload handling. A crafted VMnc stream with large cursor dimensions can cause signed payload-size arithmetic overflow, bypass a length check, and lead to out-of-bounds reads. This may allow a remot...

CVE-2026-52722 Gstreamer1-plugins-bad-free: gstreamer: signed integer overflow in vmnc decoder cursor payload handling

A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a...

CVE-2026-52722

A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a...

Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential Interception

Summary Nodemailer disables TLS certificate verification in its internal HTTPS fetch client through the use of rejectUnauthorized: false inside lib/fetch/index.js. As a result, OAuth2 token requests trust invalid or self-signed HTTPS certificates and transmit sensitive OAuth credentials over...

GHSA-R7G4-QG5F-QQM2 Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential Interception

Summary Nodemailer disables TLS certificate verification in its internal HTTPS fetch client through the use of rejectUnauthorized: false inside lib/fetch/index.js. As a result, OAuth2 token requests trust invalid or self-signed HTTPS certificates and transmit sensitive OAuth credentials over...