UBUNTU-CVE-2026-42581

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both Transfer-Encoding: chunked and Content-Length, but only for HTTP/1.1 messages. The guard is absen...

CVE-2026-30906

Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...

CVE-2026-42581 Netty: HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both Transfer-Encoding: chunked and Content-Length, but only for HTTP/1.1 messages. The guard is absen...

CVE-2026-42581

Netty vulnerability CVE-2026-42581 affects Netty in HTTP handling. Before 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder does not clear a conflicting Content-Length header when a request carries both Transfer-Encoding: chunked and Content-Length for HTTP/1.1; HTTP/1.0 requests lack this guard....

CVE-2026-44004 vm2: Host Process OOM DoS via Buffer.alloc (Timeout Bypass)

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single request can exhaust ho...

CVE-2026-44000 vm2: sandbox boundary bypass via host Promise resolution preserving host object identity

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox boundary violation in vm2 allows host object identity to cross into the sandbox through host Promise resolution. When a host-side Promise that resolves to a host object is exposed to the sandbox, the value delivered to the...

GHSA-27QC-M5GF-JV5R SiYuan Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution

Summary SiYuan's Bazaar community marketplace renders the name and version fields of a package's plugin.json and the equivalent theme.json / template.json / widget.json / icon.json into the Settings → Marketplace UI without HTML escaping. The kernel-side helper sanitizePackageDisplayStrings in...

SiYuan Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution

Summary SiYuan's Bazaar community marketplace renders the name and version fields of a package's plugin.json and the equivalent theme.json / template.json / widget.json / icon.json into the Settings → Marketplace UI without HTML escaping. The kernel-side helper sanitizePackageDisplayStrings in...

CVE-2026-44432 urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

CVE-2026-42266

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager allowedextensionsuris is not correctly enforced by JupyterLab. The Py...

CVE-2026-44294 protobufjs: Denial of service from crafted field names in generated code

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped before being embedded into generated functio...

CVE-2026-44293 protobufjs: Code injection through bytes field defaults in generated toObject code

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default...

CVE-2026-44292

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated message constructors copied enumerable properties from a provided properties object without filtering the proto key. If an application constructed a message from an...

CVE-2026-44292 protobufjs: Prototype injection in generated message constructors

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated message constructors copied enumerable properties from a provided properties object without filtering the proto key. If an application constructed a message from an...

CVE-2026-44290 protobufjs: Process-wide denial of service through unsafe option paths

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write...

CVE-2026-44288 protobufjs: Overlong UTF-8 decoding

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder that accepted overlong UTF-8 byte sequences and decoded them to their canonical characters instead of replacing them. An attacker who can provide protobuf...

freerdp security update

An update is available for freerdp. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FreeRDP is a free implementation of the Remote Desktop Protocol RDP, release...

RLSA-2026:16014 Moderate: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: FreeRDP: Denial of service via heap use-after-free during...