208 matches found
EUVD-2026-43063
Missing Authorization vulnerability in Drupal WissKI allows Forceful Browsing. This issue affects WissKI versions: from 0.0.0 to 4.2.0...
PT-2026-56849
Name of the Vulnerable Software and Affected Versions libmbedtls2 affected versions not specified libeverest affected versions not specified Description Security issues were identified in the libmbedtls2 and libeverest packages within the openSUSE Tumbleweed GA media. Recommendations Update...
PT-2026-56845
Name of the Vulnerable Software and Affected Versions libmbedtls2 affected versions not specified libeverest affected versions not specified Description Security issues were identified and subsequently fixed in the libmbedtls23-4.2.0-1.1 and libeverest-3.6.7-1.1 packages on the GA media of openSU...
PT-2026-56838
Name of the Vulnerable Software and Affected Versions libmbedtls23 affected versions not specified libeverest affected versions not specified Description Security issues were identified and subsequently fixed in the libmbedtls23 and libeverest packages within the openSUSE Tumbleweed GA media...
OPENSUSE-SU-2026:11215-1 libmbedtls23-4.2.0-1.1 on GA media
These are all security issues fixed in the libmbedtls23-4.2.0-1.1 package on the GA media of openSUSE Tumbleweed...
CVE-2026-53550 js-yaml: Quadratic-complexity DoS in merge key handling via repeated aliases
js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...
PT-2026-50568
Name of the Vulnerable Software and Affected Versions Steeltoe.Configuration.Encryption versions 4.0.0 through 4.1.0 Description Steeltoe is an open source project providing libraries for building cloud-native applications. An issue exists where configuring the encrypt:rsa:algorithm variable with...
DEBIAN-CVE-2026-46374
SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to...
UBUNTU-CVE-2026-46374
SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to...
CVE-2026-46374 SQLFluff: Uncontrolled Resource Consumption in Parser
SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to...
Astra Linux – Vulnerability in Wireshark
The NTLMSSP dissector crash in Wireshark versions 4.2.0 to 4.0.6, as well as 4.0.0 to 4.0.16, allows for denial of service through packet injection or malicious capture files...
CLEANSTART-2026-JU62349 Security fixes for CVE-2018-10237, CVE-2020-8908, CVE-2021-22569, CVE-2021-22570, CVE-2022-3171, CVE-2022-3509, CVE-2022-3510, CVE-2023-2976, CVE-2023-44981, CVE-2024-23454, CVE-2024-23944, CVE-2024-38827, CVE-2024-47554, CVE-2024-6763, CVE-2024-7254, CVE-2025-11143, CVE-2025-24970, CVE-2025-25193, CVE-2025-27821, CVE-2025-41249, CVE-2025-48734, CVE-2025-48924, CVE-2025-49128, CVE-2025-52999, CVE-2025-53864, CVE-2025-55163, CVE-2025-58056, CVE-2025-58057, CVE-2025-59419, CVE-2025-67735, CVE-2025-68161, CVE-2025-8916, CVE-2026-24281, CVE-2026-24308, CVE-2026-33870, CVE-2026-33871, CVE-2026-40490, CVE-2026-41417, CVE-2026-5588, ghsa-72hv-8253-57qq, ghsa-cmxv-58fp-fm3g applied in versions: 4.2.0-r0, 4.2.0-r1, 4.2.0-r2
Multiple security vulnerabilities affect the apache-hive package. These issues are resolved in later releases. See references for individual vulnerability details...
SUSE CVE-2026-42310
Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...
PT-2026-40314
Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...
CVE-2026-42310 Pillow: PDF Parsing Trailer Infinite Loop (DoS)
Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...
ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2921 more potentially affected by CVE-2026-42581 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.12.Final)
io.netty:netty-codec-http MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2026-42581 Source advisory: SNYK:JAVA-IONETTY-16438934...
ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2921 more potentially affected by CVE-2026-42580 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.12.Final)
io.netty:netty-codec-http MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2026-42580 Source advisory: SNYK:JAVA-IONETTY-16438926...
CVE-2026-40586 blueprintUE: Login Endpoint Has No Rate Limiting, Lockout, or Brute-Force Protection
blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts are processed at full network speed with no IP-based rate limiting, no per-account attempt counter, no temporary lockout, no progressiv...
CVE-2026-35554 Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition
A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics. When a produce batch expires due to delivery.timeout.ms while a network request containing that batch is still in flight, the batch’s ByteBuffer is...
EUVD-2026-14889
An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function HandleAuthenticationFailure of the component AMF...