SUSE CVE-2026-54282

Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating scheme://hostpath and re-parsing the result, a path that does not begin with / for example...

SUSE CVE-2026-11791

A flaw was found in 389 Directory Server. During schema reload, the attrsyntaxswapht function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while...

openpaw-graveyard (=3.0.0) potentially affected by unknown CVE via @solana-launchpad/sdk (=1.0.13)

@solana-launchpad/sdk NPM version =1.0.13 is affected by a known vulnerability. The following packages have a transitive dependency on @solana-launchpad/sdk and may be impacted: - openpaw-graveyard =3.0.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-5495...

@meme-sdk/trade (>=1.0.0 <=1.0.1), @solana-launchpad/sdk (>=1.0.10 <=1.0.13) +2 more potentially affected by unknown CVE via @validate-sdk/v2 (>=1.22.11 <=1.22.31)

@validate-sdk/v2 NPM version =1.22.11, =1.0.0, =1.0.10, =1.0.5, =1.0.6 - openpaw-graveyard =3.0.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-5497...

magique-ai (>=0.1.0 <=0.4.3), pantheon-agents (>=0.3.0 <=0.3.3rc1) +2 more potentially affected by unknown CVE via magique (=0.6.7)

magique PYPI version =0.6.7 is affected by a known vulnerability. The following packages have a transitive dependency on magique and may be impacted: - magique-ai =0.1.0, =0.3.0, =0.1.1, =0.5.0, =0.5.4 Source cves: unknown CVE Source advisory: SNYK:PYTHON-MAGIQUE-17220140...

napari-ufish (=0.0.1) potentially affected by unknown CVE via ufish (=0.1.1)

ufish PYPI version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on ufish and may be impacted: - napari-ufish =0.0.1 Source cves: unknown CVE Source advisory: SNYK:PYTHON-UFISH-17220150...

IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +369 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.2.12)

diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0172...

crypt_guard (=0.1.4), env_encryption_tool (=0.9.17) +7 more potentially affected by unknown CVE via pqcrypto (>=0.11.1 <=0.18.1)

pqcrypto CARGO version =0.11.1, =0.1.0, =0.1.0, =0.1.2, =0.1.0, =0.23.0, =0.23.0, =12.0.2 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0164...

adx (>=4.0.0 <=4.1.0), aicommits-rs (>=0.1.0 <=0.2.0) +301 more potentially affected by unknown CVE via surf (>=1.0.1 <=2.3.2)

surf CARGO version =1.0.1, =4.0.0, =0.1.0, =1.0.0, =0.3.0, =0.10.0, =0.3.0, =0.5.0, =0.1.0, =0.6.0, =0.3.0, =0.1.0, =0.0.1, =0.2.4 - async-bybit =0.0.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0169...

autotel-cli (>=0.8.10 <=0.8.11) potentially affected by unknown CVE via autotel-mcp (>=0.1.10 <=0.1.11)

autotel-mcp NPM version =0.1.10, =0.8.10, =0.8.11 Source cves: unknown CVE Source advisory: SNYK:JS-AUTOTELMCP-17146470...

@agentic-dev-library/control (=1.2.0), @agentic-dev-library/triage (>=1.0.2 <=1.1.0) +38 more potentially affected by unknown CVE via ai-sdk-ollama (>=3.0.0 <=3.8.4)

ai-sdk-ollama NPM version =3.0.0, =1.0.2, =0.1.0, =0.1.1, =0.1.0, =1.3.0, =0.1.1, =0.2.0, =0.1.0, =0.1.0, =0.1.0, =0.4.3 and more Source cves: unknown CVE Source advisory: SNYK:JS-AISDKOLLAMA-17146454...

@redhat-cloud-services/frontend-components-config (>=6.3.6 <=6.11.2) potentially affected by unknown CVE via @redhat-cloud-services/frontend-components-config-utilities (=4.11.1)

@redhat-cloud-services/frontend-components-config-utilities NPM version =4.11.1 is affected by a known vulnerability. The following packages have a transitive dependency on @redhat-cloud-services/frontend-components-config-utilities and may be impacted: -...

@redhat-cloud-services/frontend-components-config (>=6.0.0 <=6.11.2) potentially affected by unknown CVE via @redhat-cloud-services/tsc-transform-imports (=1.2.1)

@redhat-cloud-services/tsc-transform-imports NPM version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on @redhat-cloud-services/tsc-transform-imports and may be impacted: - @redhat-cloud-services/frontend-components-config =6.0.0, =6.11.2 Source...

edgetest (>=2026.4.0 <=2026.5.0), r7-surcom-sdk (>=0.12.15 <=0.14.16) +1 more potentially affected by unknown CVE via uv (>=0.10.0 <=0.10.7)

uv PYPI version =0.10.0, =2026.4.0, =0.12.15, =3.10.18, =3.10.21 Source cves: unknown CVE Source advisory: OSV:GHSA-4GG8-GXPX-9RPH...

dicom-transfer-syntax-registry (>=0.8.2 <=0.9.1), dset (>=0.1.0 <=0.1.2) +10 more potentially affected by unknown CVE via jxl-grid (>=0.1.1 <=0.5.3)

jxl-grid CARGO version =0.1.1, =0.8.2, =0.1.0, =0.1.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.5.0-rc0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0151...

SUSE CVE-2026-44168

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

ether-bn.js (>=1.4.0 <=1.4.1) potentially affected by unknown CVE via unique-id-64 (=1.0.0)

unique-id-64 NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on unique-id-64 and may be impacted: - ether-bn.js =1.4.0, =1.4.1 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4781...

claude-content-writer (=2.1.0) potentially affected by unknown CVE via claude-content-writer (=2.2.0)

claude-content-writer NPM version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on claude-content-writer and may be impacted: - claude-content-writer =2.1.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4524...

CVE-2026-44069

An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption via crafted volume translation input...

CVE-2026-44056

A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2.2 allows a remote authenticated attacker to cause a denial of service, obtain limited information, or modify limited data...