54 matches found
GHSA-CX83-HXFR-M85V vulnerabilities
Vulnerabilities for packages: linux-qemu-melange, linux-azure, linux-qemu, linux-gcp...
GHSA-XJCW-CWPV-WFVX vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-PXF9-8XFQ-9XVG vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-14104 vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-6CV4-3H2G-632H vulnerabilities
Vulnerabilities for packages: firefox...
GHSA-V4QX-H7R5-6QC8 vulnerabilities
Vulnerabilities for packages: firefox...
GHSA-V9F3-9MFG-CC55 vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-13757
A flaw was found in p11-kit. The RPC message attribute parsing functions p11rpcmessagegetattribute and p11rpcmessagegetattributearrayvalue form a mutually-recursive call chain with no recursion depth limit when processing nested CKAWRAPTEMPLATE, CKAUNWRAPTEMPLATE, and CKADERIVETEMPLATE attributes...
CVE-2026-53113
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix memory leaks in beacon template setup The functions ath11kmacsetupbcntmplema and ath11kmacsetupbcntmplmbssid allocate memory for beacon templates but fail to free it when parameter setup returns an error. Since...
CVE-2026-44169
MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been...
CVE-2026-49261
MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...
CVE-2026-42502 affecting package docker-compose for versions less than 2.27.0-13
CVE-2026-42502 affecting package docker-compose for versions less than 2.27.0-13. A patched version of the package is available...
CVE-2026-34355
A buffer overflow in modproxyhtml in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue...
GHSA-X8MH-94WC-33GV vulnerabilities
Vulnerabilities for packages: airflow...
CVE-2026-49157
Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin low-privilege web-login accounts access to Jolokia operations which allowed executing broker...
GHSA-8Q93-326V-3M7G vulnerabilities
Vulnerabilities for packages: synapse...
GHSA-7G25-3CHF-PPWR vulnerabilities
Vulnerabilities for packages: linux-aws, linux-vmware...
CVE-2026-31221
PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...
GHSA-HX6P-XPX3-JVVV vulnerabilities
Vulnerabilities for packages: zed, yara-x, wasmcloud, wizer...
CVE-2026-6842
A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions 0777 instead of 0700 for the /.local directory. This allows the attacker to inject a malicious .desktop launcher, which could lead to unintended actions or...