Python -- HTTP proxy CONNECT tunnel does not sanitize CR/LF

Seth Larson reports: HTTP proxy via "CONNECT" tunneling doesn't sanitize CR/LF CVE-2026-1502...

Python -- The webbrowser.open() API allows leading dashes

https://github.com/python/cpython/pull/143931 reports: The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to...

traefik -- Multiple vulnerabilities

The traefik project releases a new version addressing multiple CVEs: CVE-2026-32595 BasicAuth Middleware Timing Attack CVE-2026-32305 Potential mTLS Bypass via Fragmented TLS ClientHello CVE-2026-32695 Details not yet available...

UniFi Network Application - Multiple vulnerabilities

https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b reports: An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges. A...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory 2026-03-18: SECURITY-3657 / CVE-2026-33001: Arbitrary file write vulnerability through specially crafted archives in Jenkins High SECURITY-3674 / CVE-2026-33002: DNS rebinding vulnerability in WebSocket CLI origin validation in Jenkins High...

chromium -- security fixes

Chrome Releases reports: This update includes 26 security fixes: 475877320 Critical CVE-2026-4439: Out of bounds memory access in WebGL. Reported by Goodluck on 2026-01-15 485935305 Critical CVE-2026-4440: Out of bounds read and write in WebGL. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on...

nghttp2 -- CWE-617: Reachable Assertion

https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6 reports: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API nghttp2sessionterminatesessi...

Roundcube -- Multiple vulnerabilities

The Roundcube project reports: pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler password could get changed without providing the old password IMAP Injection + CSRF bypass in mail search remote image blocking bypass via various SVG animate attributes remot...

chromium -- security fix

Chrome Releases reports: This update includes 1 security fix: 491421267 High CVE-2026-3909: Out of bounds write in Skia. Reported by Google Threat Analysis Group on 2026-03-10...

OpenSSL -- key agreement vulnerability

The OpenSSL project reports: TLS 1.3 server may choose unexpected key agreement group Low An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the "DEFAULT" keyword...

chromium -- security fixes

Chrome Releases reports: This update includes 2 security fixes: 491421267 High CVE-2026-3909: Out of bounds write in Skia. Reported by Google on 2026-03-10 491410818 High CVE-2026-3910: Inappropriate implementation in V8. Reported by Google on 2026-03-10...

curl -- Multiple vulnerabilties

The curl project reports: use after free in SMB connection reuse wrong proxy connection reuse with credentials token leak with redirect and netrc bad reuse of HTTP Negotiate connection...

Gitlab -- vulnerabilities

Gitlab reports: Cross-site Scripting issue in Markdown placeholder processing impacts GitLab CE/EE Denial of Service issue in GraphQL API impacts GitLab CE/EE Denial of Service issue in repository archive endpoint impacts GitLab CE/EE Denial of Service issue in protected branches API impacts GitL...

Firefox -- Same-origin policy bypass

https://bugzilla.mozilla.org/showbug.cgi?id=2018400 reports: Same-origin policy bypass in the CSS Parsing and Computation component...

firefox -- Memory safety bugs

https://bugzilla.mozilla.org/buglist.cgi?bugid=2017513%2C2017622%2C2019341 reports: Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

chromium -- security fixes

Chrome Releases reports: This update includes 29 security fixes: 483445078 Critical CVE-2026-3913: Heap buffer overflow in WebML. Reported by Tobias Wienand on 2026-02-10 481776048 High CVE-2026-3914: Integer overflow in WebML. Reported by cinzinga on 2026-02-04 483971526 High CVE-2026-3915: Heap...

xrdp -- Multiple vulnerabilities

xrdp project reports: This release includes 8 security fixes: CVE-2026-32105 CVE-2026-32107 CVE-2026-32623 CVE-2026-32624 CVE-2026-33145 CVE-2026-32516 CVE-2026-32689 CVE-2026-35512...

homebox -- multiple vulnerabilities

Homebox reports: HIGH CVE-2026-27981: Auth Rate Limit Bypass via IP Spoofing MODERATE CVE-2026-27600: Blind SSRF MODERATE CVE-2026-26272: Stored XSS via HTML/SVG Attachment Upload...

gstreamer1 -- multiple vulnerabilities

The GStreamer project reports multiple security vulnerabilities fixed in the 1.28.1 release: Twelve security vulnerabilities were addressed, including: Out-of-bounds reads and writes in the H.266 video parser, WAV parser, MP4 and ASF demuxers, and DVB subtitle decoder. Integer overflows in the RI...

Gitlab -- vulnerabilities

Gitlab reports: Cross-site Scripting issue in Mermaid sandbox impacts GitLab CE/EE Denial of Service issue in container registry impacts GitLab CE/EE Denial of Service issue in Jira events endpoint impacts GitLab CE/EE Regular Expression Denial of Service issue in GitLab merge requests impacts...

mail/mailpit -- Server-Side Request Forgery (SSRF) via Link Check API

Mailpit author reports: The Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering private/internal IP addresses. The response returns status...

Firefox -- Multiple vulnerabilities

CVE-2026-2807: Memory safety bugs present in Firefox 147 and Thunderbird 147 CVE-2026-2806: Uninitialized memory in the Graphics: Text component. CVE-2026-2805: Invalid pointer in the DOM: Core & HTML component. CVE-2026-2804: Use-after-free in the JavaScript: WebAssembly component. CVE-2026-2803...

Mozilla -- Integer overflow

https://bugzilla.mozilla.org/showbug.cgi?id=2009552 reports: Integer overflow in the Libraries component in NSS...

FreeBSD -- Jail chroot escape via fd exchange with a different jail

Problem Description: If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has...

FreeBSD -- Local DoS and possible privilege escalation via routing sockets

Problem Description: The rtsockmsgbuffer function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddrstorage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not necessarily...

Mozilla -- Undefined behavior in the DOM: Core & HTML component

https://bugzilla.mozilla.org/showbug.cgi?id=2014593 reports: Undefined behavior in the DOM: Core & HTML component...

Mozilla -- Multiple vulnerabilities

CVE-2026-2809: Memory safety bug in the JavaScript: WebAssembly component. CVE-2026-2808: Integer overflow in the JavaScript: Standard Library component...

Vaultwarden -- Multiple vulnerabilities

The Vaultwarden project reports: GHSA-w9f8-m526-h7fh. This vulnerability would allow an attacker to access a cipher from a different user fully encrypted if they already know its internal UUID. GHSA-h4hq-rgvh-wh27. This vulnerability allows an attacker with manager-level access within an...

py-ormar -- vulnerabilities

https://github.com/ormar-orm/ormar/security/advisories reports: SQL Injection in aggregate functions min and max Pydantic Validation Bypass via pkonly and excluded Kwargs Injection in Model Constructor...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description High SECURITY-3669 / CVE-2026-27099 Stored XSS vulnerability in node offline cause description Medium SECURITY-3658 / CVE-2026-27100 Build information disclosure vulnerability through Run Parameter...

chromium -- security fixes

Chrome Releases reports: This update includes 3 security fixes: 477033835 High CVE-2026-2648: Heap buffer overflow in PDFium. Reported by soiax on 2026-01-19 481074858 High CVE-2026-2649: Integer overflow in V8. Reported by JunYoung Park@candymate of KAIST Hacking Lab on 2026-02-03 476461867 Medi...

go-ethereum -- vulnerabilities

https://github.com/ethereum/go-ethereum/security/advisories reports: DoS via malicious p2p message CVE-2026-26313 DoS via malicious p2p message CVE-2026-26314 Improper ECIES Public Key Validation in RLPx Handshake CVE-2026-26315...

Mozilla -- Heap buffer overflow

https://bugzilla.mozilla.org/showbug.cgi?id=2014390 reports: Heap buffer overflow in libvpx...

openexr -- buffer overflow in istream_nonparallel_read on invalid input data

Cary Phillips reports: openexr v3.4.5 ... fixes an incorrect size check in istreamnonparallelread that could lead to a buffer overflow on invalid input data...

chromium -- security fix

Chrome Releases reports: This update includes 1 security fix: 483569511 High CVE-2026-2441: Use after free in CSS. Reported by Shaheen Fazim on 2026-02-11...

PostgreSQL -- Multiple vulnerabilities

The PostgreSQL project reports: Improper validation of type oidvector in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Missing...

Grafana -- Public Dashboards time range restriction on annotations can be bypassed

https://grafana.com/security/security-advisories/cve-2026-21722 reports: Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific...

Grafana -- XSS in Grafana Explore stack trace

https://grafana.com/security/security-advisories/cve-2025-41117 reports: Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasourc...

traefik -- TCP readTimeout bypass via STARTTLS on Postgres

The traefik project reports: There is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending the 8-byte Postgres SSLRequest STARTTLS prelude and then stalling, causing connections to remain...

Gitlab -- vulnerabilities

Gitlab reports: Incomplete Validation issue in Web IDE impacts GitLab CE/EE Denial of Service issue in GraphQL introspection impacts GitLab CE/EE Denial of Service issue in JSON validation middleware impacts GitLab CE/EE Cross-site Scripting issue in Code Flow impacts GitLab CE/EE HTML Injection...

MongoDB Server -- Multiple vulnerabilities

https://jira.mongodb.org/browse/SERVER-114126 reports: Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash. https://jira.mongodb.org/browse/SERVER-102364 reports: MongoDB Server may experience an out-of-memory failure while evaluating...

png -- CWE-122: Heap-based Buffer Overflow

https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3 reports: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the...

MongoDB Server -- CWE-704 Incorrect Type Conversion or Cast

https://jira.mongodb.org/browse/SERVER-113685 reports: An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compound wildcard index...

munge -- CWE-787: Out-of-bounds Write

https://github.com/dun/munge/security/advisories/GHSA-r9cr-jf4v-75gh reports: MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak...

FreeBSD -- blocklistd(8) socket leak

Problem Description: Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a null...

MongoDB Server -- CWE-617 Reachable Assertion

https://jira.mongodb.org/browse/SERVER-99119 reports: An authorized user may trigger a server crash by running a $geoNear pipeline with certain invalid index hints...

Roundcube -- Multiple vulnerabilities

The Roundcube project reports: Unspecified CSS injection vulnerability. Remote image blocking bypass via SVG content...

oauth2-proxy -- multiple vulnerabilities

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed...

navidrome -- multiple vulnerabilities

An XSS vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials. Authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 2 security fixes: 478942410 High CVE-2026-1861: Heap buffer overflow in libvpx. Reported by Google on 2026-01-26 479726070 High CVE-2026-1862: Type Confusion in V8. Reported by Chaoyuan Peng @ret2happy on 2026-01-29...