Osv - Vulnerabilities List

OSV•added 1 hour ago•0 views

MGASA-2026-0205 Updated libpng packages fix security vulnerabilities

LIBPNG has a use-after-free in pngsetPLTE, pngsettRNS and pngsethIST leading to corrupted chunk data and potential heap information disclosure. CVE-2026-34757 Chunk smuggling in push-mode APNG parser via unconsumed chunk body. CVE-2026-40930...

5.4CVSS0.00034EPSS

Exploits0References6

6.2CVSS4.8AI score0.00013EPSS

CGA-C55G-JGQW-3V6Q

Bulletin has no description...

4.3CVSS4.8AI score0.00124EPSS

CGA-M28X-2C36-RG9C

Bulletin has no description...

CGA-45WC-63WV-9FR5

Bulletin has no description...

4.3CVSS0.00039EPSS

8.8CVSS4.8AI score0.01387EPSS

CGA-5F93-P45J-4M35

Bulletin has no description...

Exploits1

CGA-JQH9-97GX-P457

Bulletin has no description...

4.3CVSS0.0003EPSS

CGA-25VR-95WG-P22J

Bulletin has no description...

5.3CVSS0.00026EPSS

9.1CVSS5.8AI score0.00096EPSS

RLSA-2026:25237 Important: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing CVE-2026-73...

Exploits0References16

RLSA-2026:25191 Critical: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service CVE-2026-31419 kernel: Linux kernel: Denial of Service in erofs filesystem CVE-2026-31467 kernel: can: raw: fix...

8.8CVSS0.00096EPSS

Exploits0References8

8.8CVSS6.7AI score0.00119EPSS

RLSA-2026:25216 Important: valkey security update

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

Exploits4References4

RLSA-2026:25112 Important: .NET 9.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.118 and .NET Runtime...

7.5CVSS0.01663EPSS

7.5CVSS5.3AI score0.00421EPSS

RLSA-2026:25225 Important: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 For more details about the security issues, including the impact, a...

Exploits2References2

7.8CVSS5.6AI score0.00136EPSS

RLSA-2026:24985 Important: poppler security update

Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication CVE-2026-10118 For more details about the...

Exploits0References2

RLSA-2026:25051 Important: libyang security update

Libyang is YANG data modeling language parser and toolkit written and providing API in C. Security Fixes: libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob CVE-2026-44673 For more details about the security issues, including the impact, a CVSS...

7.5CVSS0.00068EPSS

Exploits0References2

RLSA-2026:25057 Important: mod_http2 security update

7.5CVSS0.00421EPSS

Exploits2References2

OSV•added 3 hours ago•1 views

RLSA-2026:25049 Critical: samba security update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fixes: samba: Missing access check on reparse point operations...

9CVSS0.01022EPSS

Exploits6References7

RLSA-2026:25219 Important: redis:7 security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

8.8CVSS6.7AI score0.00119EPSS

Exploits4References4

OSV•added 3 hours ago•1 views

RLSA-2026:25058 Important: poppler security update

7.8CVSS0.00136EPSS

Exploits0References2

RLSA-2026:25222 Important: .NET 10.0 security update

7.5CVSS5.3AI score0.01663EPSS

OSV•added 3 hours ago•1 views

RLSA-2026:25239 Important: openssl security update

9.1CVSS5.8AI score0.00096EPSS

Exploits0References16

RLSA-2026:25217 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount CVE-2026-23216 kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service CVE-2026-31419 kernel:...

8.8CVSS0.00096EPSS

Exploits0References12

RLSA-2026:25221 Important: .NET 9.0 security update

7.5CVSS0.01663EPSS

RLSA-2026:25220 Important: .NET 8.0 security update

7.5CVSS0.01663EPSS

OSV•added yesterday•1 views

MGASA-2026-0203 Updated memcached packages fix security vulnerabilities

CVE-2026-47784 In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdbcheckpass. CVE-2026-47783 In memcached before 1.6.42, username data for SASL password database authentication has a timing side...

8.1CVSS5.2AI score0.00085EPSS

OSV•added yesterday•1 views

MGASA-2026-0201 Updated cups packages fix security vulnerabilities

CVE-2026-27447, Authorization bypass via case-insensitive group-member lookup. CVE-2026-39314, Integer underflow in ppdCreateFromIPP causes root cupsd crash via negative job-password-supported CVE-2026-39316, Use-after-free in cupsdDeleteTemporaryPrinters via dangling subscription pointer...

7.8CVSS5.7AI score0.00036EPSS

Exploits7References12

OSV•added yesterday•0 views

MGASA-2026-0200 Updated proftpd packages fix security vulnerabilities

CVE-2026-42167 modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM. CVE-2026-44331 a SQL injection vulnerabili...

8.1CVSS0.0699EPSS

Exploits6References3

OSV•added yesterday•1 views

CGA-9228-HH88-RQCJ

Bulletin has no description...

8.7CVSS4.8AI score0.00042EPSS

OSV•added yesterday•0 views

GHSA-8C9Q-7855-WFXQ File Browser has a Command Execution Allowlist Bypass via Shell Metacharacter Injection

!NOTE This feature has been disabled by default for all installations from v2.33.8 onwards, including for existent installations. To exploit this vulnerability, the instance administrator must turn on a feature and ignore all the warnings about known vulnerabilities. We're publishing this new...

8.7CVSS0.00023EPSS