VIR Vulnerability Intelligence Relay

Search

Found 2,417 results in 257ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-43341 critical 9.8 9.8 FIX slesdebian debian linux-kernel google 26d ago In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: prevent schema length wraparound in trace fill ioam6_fill_trace_data() stores the schema contribution to the tra…
CVE-2026-43304 critical 9.8 9.8 FIX slesdebian debian linux-kernel 26d ago In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPH_MAX_KEY_LEN When decoding the key, verify that the key material would fit into a fixed-size buff…
CVE-2013-10075 critical 9.1 9.1 debian debian chorny 27d ago Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DB_File will create a session that does not ex…
CVE-2026-42264 critical 9.1 9.1 FIX slesdebian debian axios 27d ago Axios has prototype pollution read-side gadgets in HTTP adapter that allow credential injection and request hijacking
CVE-2026-42284 critical 9.8 9.8 FIX slesdebian debian gitpython_project 27d ago GitPython: Unsafe option check validates multi_options before shlex.split transformation
CVE-2026-8091 critical 9.8 9.8 FIX debian debian sles mozilla 28d ago Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.…
CVE-2026-44603 critical 9.1 9.1 FIX debian debian torproject 28d ago Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007.
CVE-2026-42217 critical 9.8 9.8 slesdebian debian openexr 28d ago OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3…
CVE-2026-42216 critical 9.1 9.1 slesdebian debian openexr 28d ago OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3…
CVE-2026-44597 critical 9.1 9.1 FIX debian debian torproject 28d ago Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011.
CVE-2026-7910 critical 9.6 9.6 FIX debian debian linux-kernelmacos macos google 28d ago Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security…
CVE-2026-7908 critical 9.6 9.6 FIX debian debian linux-kernelmacos macos google 28d ago Use after free in Fullscreen in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-5081 critical 9.1 9.1 debian debian 29d ago Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId (added in version 1.54) uses the value of the UNIQUE_…
CVE-2026-43208 critical 9.8 9.8 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: net: do not pass flow_id to set_rps_cpu() Blamed commit made the assumption that the RPS table for each receive queue would have …
CVE-2026-43198 critical 9.8 9.8 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: tcp: fix potential race in tcp_v6_syn_recv_sock() Code in tcp_v6_syn_recv_sock() after the call to tcp_v4_syn_recv_sock() is done…
CVE-2026-43197 critical 9.1 9.1 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: netconsole: avoid OOB reads, msg is not nul-terminated msg passed to netconsole from the console subsystem is not guaranteed to b…
CVE-2026-43186 critical 9.8 9.8 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data() On the receive path, __ioam6_fill_trace_data() uses trace->node…
CVE-2026-43185 critical 9.8 9.8 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix signededness bug in smb_direct_prepare_negotiation() smb_direct_prepare_negotiation() casts an unsigned __u32 value fr…
CVE-2026-43125 critical 9.8 9.8 FIX slesdebian debian linux-kernel 29d ago In the Linux kernel, the following vulnerability has been resolved: dlm: validate length in dlm_search_rsb_tree The len parameter in dlm_dump_rsb_name() is not validated and comes from network mess…
CVE-2026-43117 critical 9.1 9.1 FIX slesdebian debian linux-kernel google 29d ago In the Linux kernel, the following vulnerability has been resolved: btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() If overlay is used on top of btrfs, dentry->d_s…
CVE-2026-43114 critical 9.4 9.4 FIX slesdebian debian linux-kernel google 29d ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry New test case fails unexpectedly when avx2 matching fun…
CVE-2026-43083 critical 9.1 9.1 FIX slesdebian debianwindows windows 29d ago In the Linux kernel, the following vulnerability has been resolved: net: ioam6: fix OOB and missing lock When trace->type.bit6 is set: if (trace->type.bit6) { ... queue = skb_g…
CVE-2026-28780 critical 9.8 9.8 FIX debian debian rhel sles apache 29d ago Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy…
CVE-2026-43071 critical 9.1 9.1 FIX slesdebian debian linux-kernel google 29d ago In the Linux kernel, the following vulnerability has been resolved: dcache: Limit the minimal number of bucket to two There is an OOB read problem on dentry_hashtable when user sets 'dhash_entries=…
CVE-2026-43067 critical 9.8 9.8 FIX slesdebian debian linux-kernel google 29d ago In the Linux kernel, the following vulnerability has been resolved: ext4: handle wraparound when searching for blocks for indirect mapped blocks Commit 4865c768b563 ("ext4: always allocate blocks o…
CVE-2026-42027 critical 9.8 9.8 FIX debian debian apache 1mo ago Apache OpenNLP ExtensionLoader Vulnerable to Arbitrary Class Instantiation via Model Manifest
CVE-2026-40682 critical 9.1 9.1 FIX debian debian apache 1mo ago Apache OpenNLP DictionaryEntryPersistor Vulnerable to XML External Entity (XXE) via Unsanitized Dictionary Parsing
CVE-2025-70067 critical 9.8 9.8 debian debian sles 1mo ago Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryProperty, where a property key string from a crafted FBX file…
CVE-2026-42258 critical 9.8 9.8 debian debianwindows windows ruby-lang 1mo ago net-imap vulnerable to command Injection via unvalidated Symbol inputs
CVE-2026-42257 critical 9.8 9.8 debian debianwindows windows ruby-lang 1mo ago net-imap vulnerable to command Injection via "raw" arguments to multiple commands
CVE-2026-31402 critical 9.8 9.8 FIX rhel sles rocky 1mo ago In the Linux kernel, the following vulnerability has been resolved: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache The NFSv4.0 replay cache uses a fixed 112-byte inline buffer (rp_ibuf[NFSD4_…
CVE-2026-43039 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix missing data copy and wrong recycle in ZC RX dispatch emac_dispatch_skb_zc() allocates a new skb via n…
CVE-2026-43038 critical 9.8 9.8 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() Sashiko AI-review observed: In ip6_err_gen_icmpv6_unreach(), the …
CVE-2026-43037 critical 9.8 9.8 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() Oskar Kjos reported the following problem. ip4ip6_err() calls icmp_send() on a clon…
CVE-2026-43011 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix potential double free of skb When alloc_skb fails in x25_queue_rx_frame it calls kfree_skb(skb) at line 48 and retur…
CVE-2026-42484 critical 9.8 9.8 debian debian hashcat 1mo ago A heap-based buffer overflow in hex_to_binary in the PKZIP hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted PKZIP hash fi…
CVE-2026-42483 critical 9.8 9.8 debian debian hashcat 1mo ago A heap-based buffer overflow in the Kerberos hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted Kerberos hash file. The iss…
CVE-2026-42482 critical 9.8 9.8 debian debian sles hashcat 1mo ago A stack-based buffer overflow in mangle_to_hex_lower() and mangle_to_hex_upper() in src/rp_cpu.c in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code v…
CVE-2026-31718 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger When a durable file handle survives session disconnect (TCP…
CVE-2026-31705 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment smb2_get_ea() applies 4-byte alignment padding via memset() after wr…
CVE-2026-40687 critical 9.1 9.1 FIX debian debian exim 1mo ago In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data process…
CVE-2026-40685 critical 9.8 9.8 FIX debian debian exim 1mo ago In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation…
CVE-2026-7381 critical 9.1 9.1 debian debian miyagawa 1mo ago Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting (sendfile type) to be set by the c…
CVE-2026-7333 critical 9.6 9.6 FIX debian debian linux-kernelmacos macos google 1mo ago Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-41409 critical 9.8 9.8 FIX debian debian apache 1mo ago Apache MINA Vulnerable to Deserialization of Untrusted Data (CVE-2024-52046 Incomplete Fix)
CVE-2026-41635 critical 9.8 9.8 debian debian apache 1mo ago Apache MINA vulnerable to Deserialization of Untrusted Data
CVE-2026-4800 critical 9.8 9.8 FIX rheldebian debian rocky lodash 1mo ago Important: pcs security update
CVE-2026-31685 critical 9.4 9.4 FIX sles rheldebian debian 1mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6t_eui64: reject invalid MAC header for all packets `eui64_mt6()` derives a modified EUI-64 from the Ethernet source…
CVE-2026-31682 critical 9.1 9.1 FIX slesdebian debian linux-kernel google 1mo ago In the Linux kernel, the following vulnerability has been resolved: bridge: br_nd_send: linearize skb before parsing ND options br_nd_send() parses neighbour discovery options from ns->opt[] and as…
CVE-2026-41415 critical 9.1 9.1 debian debian teluu 1mo ago PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-bounds read when parsing a malformed Content-ID URI in SIP multipart message bod…
CVE-2026-42044 critical 9.1 9.1 FIX debian debian axios 1mo ago Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`
CVE-2026-42043 critical 10.0 10.0 FIX debian debian sles axios 1mo ago Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0
CVE-2026-41898 critical 9.8 9.8 FIX debian debian rust-openssl_project 1mo ago rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callbac…
CVE-2026-41681 critical 9.8 9.8 FIX debian debian rust-openssl_project 1mo ago rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller th…
CVE-2026-41678 critical 9.8 9.8 FIX debian debian rust-openssl_project 1mo ago rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrap_key() contains an incorrect assertion: it checks that out.len() + 8 <= in_.len(), but t…
CVE-2026-41677 critical 9.1 9.1 FIX debian debian rust-openssl_project 1mo ago rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user's callback. A pa…
CVE-2026-41676 critical 9.8 9.8 FIX debian debian rust-openssl_project 1mo ago rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out len…
CVE-2026-31669 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in __inet_lookup_established The ehash table lookups are lockless and rely on SLAB_TYPESAFE_BY_RCU…
CVE-2026-31668 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: seg6: separate dst_cache for input and output paths in seg6 lwtunnel The seg6 lwtunnel uses a single dst_cache per encap route, s…
CVE-2026-31659 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject oversized global TT response buffers batadv_tt_prepare_tvlv_global_data() builds the allocation length for a g…
CVE-2026-31657 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim backbone gateways by reference batadv_bla_add_claim() can replace claim->backbone_gw and drop the old gate…
CVE-2026-31649 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix integer underflow in chain mode The jumbo_frm() chain-mode implementation unconditionally computes len = no…
CVE-2026-31637 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: reject undecryptable rxkad response tickets rxkad_decrypt_ticket() decrypts the RXKAD response ticket and then parses the …
CVE-2026-31636 critical 9.1 9.1 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix RESPONSE authenticator parser OOB read rxgk_verify_authenticator() copies auth_len bytes into a temporary buffer and t…
CVE-2026-31633 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix integer overflow in rxgk_verify_response() In rxgk_verify_response(), there's a potential integer overflow due to roun…
CVE-2026-31609 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush() smbd_send_batch_flush() already calls smbd_fr…
CVE-2026-31608 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list() smb_direct_flush_send_list() already…
CVE-2026-31589 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: mm: call ->free_folio() directly in folio_unmap_invalidate() We can only call filemap_free_folio() if we have a reference to (or …
CVE-2026-31536 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: smb: server: let send_done handle a completion without IB_SEND_SIGNALED With smbdirect_send_batch processing we likely have reque…
CVE-2026-6920 critical 9.6 9.6 FIX debian debian linux-kernel google 1mo ago Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted …
CVE-2026-6919 critical 9.6 9.6 FIX debian debian linux-kernel google 1mo ago Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.…
CVE-2026-31533 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption The -EBUSY handling in tls_do_encryption(), introduced by c…
CVE-2026-41196 critical 10.0 10.0 FIX debian debian minetest 1mo ago Luanti (formerly Minetest) is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to…
CVE-2026-41179 critical 9.8 9.8 debian debian rclone 1mo ago RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution
CVE-2026-41176 critical 9.5 debian debian 1mo ago Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution
CVE-2026-31501 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix use-after-free of CPPI descriptor in RX path cppi5_hdesc_get_psdata() returns a pointer into the CPPI …
CVE-2026-31478 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len() After this commit (e2b76ab8b5c9 "ksmbd: add supp…
CVE-2026-31463 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: iomap: fix invalid folio access when i_blkbits differs from I/O granularity Commit aa35dd5cbc06 ("iomap: fix invalid folio access…
CVE-2026-31448 critical 9.4 9.4 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ext4: avoid infinite loops caused by residual data On the mkdir/mknod path, when mapping logical blocks to physical blocks, if in…
CVE-2026-31444 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free and NULL deref in smb_grant_oplock() smb_grant_oplock() has two issues in the oplock publication sequen…
CVE-2026-31436 critical 9.8 9.8 FIX slesdebian debian linux-kernel 1mo ago In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() At the end of this function, d is the traversal c…
CVE-2026-5720 critical 9.1 9.1 FIX debian debian miniupnp_project 2mo ago miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPActio…
CVE-2026-29013 critical 9.8 9.8 FIX debian debian libcoap 2mo ago libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which i…
CVE-2026-40959 critical 9.3 9.3 FIX slesdebian debian 2mo ago Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.
CVE-2026-6296 critical 9.6 9.6 FIX debian debian linux-kernelmacos macos google 2mo ago Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-31414 critical 9.8 9.8 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_expect: use expect->helper Use expect->helper in ctnetlink and /proc to dump the helper name. Using nfct_…
CVE-2026-6068 critical 9.6 9.6 slesdebian debian nasm 2mo ago NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response…
CVE-2026-5393 critical 9.1 9.1 FIX debian debian wolfssl 2mo ago Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-ex…
CVE-2026-4631 critical 10.0 EXPFIX rheldebian debian sles 2mo ago Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit…
CVE-2026-5264 critical 9.8 9.8 FIX debian debian wolfssl 2mo ago Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow.
CVE-2026-29145 critical 9.5 FIX slesdebian debian 2mo ago CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0…
CVE-2026-5194 critical 9.1 9.1 FIX debian debian wolfssl 2mo ago Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature ver…
CVE-2025-62718 critical 9.9 9.9 FIX slesdebian debian axios 2mo ago Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback…
CVE-2026-39324 critical 9.5 FIX slesdebian debian 2mo ago Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization
CVE-2026-31789 critical 9.8 9.8 FIX slesdebian debian opensslgoogle 2mo ago Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a cr…
CVE-2026-33816 critical 9.8 9.8 FIX debian debian sles jackc 2mo ago Memory-safety vulnerability in github.com/jackc/pgx/v5.
CVE-2026-33815 critical 9.8 9.8 FIX debian debian sles jackc 2mo ago Memory-safety vulnerability in github.com/jackc/pgx/v5.
CVE-2026-34444 critical 10.0 10.0 debian debian scoder 2mo ago Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr
CVE-2026-5735 critical 9.8 9.8 FIX debian debian sles mozilla 2mo ago Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exp…
CVE-2026-31405 critical 9.8 9.8 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ule_mandatory_ext_handlers[] and ule_optional_ext_handlers[] ta…