CVE-2026-33307 mod_gnutils has stack-based buffer overflow caused by a long client certificate chain

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size gnutlsx509crtt x509 array without checking the number of certificates is less than or...

Security update for gitea-tea (moderate)

openSUSE Security Update: Security update for gitea-tea Announcement ID: openSUSE-SU-2026:0074-1 Rating: moderate References: Cross-References: CVE-2025-47911 CVE-2025-58190 CVSS scores: CVE-2025-47911 SUSE: 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-58190 SUSE:...

OPENSUSE-SU-2026:20318-1 Security update for gitea-tea

This update for gitea-tea fixes the following issues: Changes in gitea-tea: - update to 0.12.0: New Features - Add tea actions commands for managing workflow runs and workflows in 880, 796 - Add tea api subcommand for arbitrary API calls not covered by existing commands in 879 - Add repository...

GHSA-FR8M-434R-G3XP gnark-crypto doesn't range check input values during ECDSA and EdDSA signature deserialization

Impact During deserialization of ECDSA and EdDSA signatures gnark-crypto did not check that the values are in the range 1, n-1 with n being the corresponding modulus either base field modulus in case of R in EdDSA, and scalar field modulus in case of s,r in ECDSA and s in EdDSA. As this also...

SUSE CVE-2025-53549

The Matrix Rust SDK is a collection of libraries that make it easier to build Matrix clients in Rust. An SQL injection vulnerability in the EventCache::findeventwithrelations method of matrix-sdk 0.11 and 0.12 allows malicious room members to execute arbitrary SQL commands in Matrix clients that...

Matrix Rust SDK SQL注入漏洞

Matrix Rust SDK is an open source Rust-based Matrix client server development toolkit from The Matrix.org Foundation. A SQL injection vulnerability exists in Matrix Rust SDK versions 0.11 and 0.12, which stems from SQL injection in the EventCache::findeventwithrelations method, and could lead to...

LlamaIndex SQL注入漏洞

LlamaIndex is a data framework for LLM applications from LlamaIndex open source. A SQL injection vulnerability exists in LlamaIndex v0.12.3 and earlier versions, which stems from an unvalidated SQL query and could lead to a SQL injection attack...

Malicious code in rechtspraak.huwelijksgoederenregister (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0cf3169f51f3ee6c09021cf60f11a4171fed6a0655488a89f8b916c949cbd03b The OpenSSF Package Analysis project identified 'rechtspraak.huwelijksgoederenregister' @ 0.12.0 npm as malicious. It is considered malicious...

`MaybeUninit` misuse in `simd-json-derive`

An invalid use of MaybeUninit::uninit.assumeinit in simd-json-derive's derive macro can cause undefined behavior. The original code used MaybeUninit to avoid initialisation of the struct and then set the fields using ptr::write. The undefined behavior triggered by this misuse of MaybeUninit can...

GHSA-HC92-9H3M-C39J Incorrect cast in anymap

An issue was discovered in the anymap crate through 0.12.1 for Rust. It violates soundness via conversion of a u8 to a u64...

CVE-2012-6709

ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation...