VIR Vulnerability Intelligence Relay

Search

Found 16,405 results in 5196ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-31461 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix drm_edid leak in amdgpu_dm [WHAT] When a sink is connected, aconnector->drm_edid was overwritten without fre…
CVE-2026-31460 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check if ext_caps is valid in BL setup LVDS connectors don't have extended backlight caps so check if the pointe…
CVE-2026-31459 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fix param_ctx leak on damon_sysfs_new_test_ctx() failure Patch series "mm/damon/sysfs: fix memory leak and NULL d…
CVE-2026-31458 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0] Multiple sysfs command paths dereference contexts_arr[0] with…
CVE-2026-31457 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts->nr in repeat_call_fn damon_sysfs_repeat_call_fn() calls damon_sysfs_upd_tuned_intervals(), damon_…
CVE-2026-31456 medium 4.7 4.7 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between concurrent split and refault The splitting of a PUD entry in walk_pud_range() can race with a concu…
CVE-2026-31451 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio Replace BUG_ON() with proper error handling when inline…
CVE-2026-31448 critical 9.4 9.4 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: ext4: avoid infinite loops caused by residual data On the mkdir/mknod path, when mapping logical blocks to physical blocks, if in…
CVE-2026-31445 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: avoid use of half-online-committed context One major usage of damon_call() is online DAMON parameters update. It …
CVE-2026-31444 critical 9.8 9.8 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free and NULL deref in smb_grant_oplock() smb_grant_oplock() has two issues in the oplock publication sequen…
CVE-2026-31443 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix crash when the event log is disabled If reporting errors to the event log is not supported by the hardware, …
CVE-2026-31441 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix memory leak when a wq is reset idxd_wq_disable_cleanup() which is called from the reset path for a workqueue…
CVE-2026-31440 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix leaking event log memory During the device remove process, the device is reset, causing the configuration re…
CVE-2026-31439 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix regmap init error handling devm_regmap_init_mmio returns an ERR_PTR() upon error, not NULL. Fix the …
CVE-2026-31438 medium 5.5 5.5 FIX debian debian linux-kernel sles 2mo ago In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel BUG in netfs_limit_iter() for ITER_KVEC iterators When a process crashes and the kernel writes a core dump to a…
CVE-2026-31437 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: netfs: Fix NULL pointer dereference in netfs_unbuffered_write() on retry When a write subrequest is marked NETFS_SREQ_NEED_RETRY,…
CVE-2026-31436 critical 9.8 9.8 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() At the end of this function, d is the traversal c…
CVE-2026-31434 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: btrfs: fix leak of kobject name for sub-group space_info When create_space_info_sub_group() allocates elements of space_info->sub…
CVE-2026-6845 medium 5.0 5.0 debian debian sles rhel gnuredhat 2mo ago A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially c…
CVE-2026-6844 medium 5.5 5.5 debian debian sles rhel gnuredhat 2mo ago A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable …
CVE-2026-6843 medium 5.5 5.5 FIX debian debian rhel gnuredhat 2mo ago A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application …
CVE-2026-34319 medium 5.0 5.0 FIX debian debian oracle 2mo ago Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vuln…
CVE-2026-34318 medium 5.8 5.8 FIX debian debian oracle 2mo ago Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Difficult to exploit vu…
CVE-2026-34317 medium 5.0 5.0 FIX debian debian oracle 2mo ago Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vuln…
CVE-2026-33812 medium 6.1 6.1 FIX debian debian golang 2mo ago Parsing a malicious font file can cause excessive memory allocation.
CVE-2026-32147 medium 4.3 4.3 FIX debian debian sles erlang 2mo ago Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to modify file attributes outside t…
CVE-2026-3219 medium 5.5 FIX slesdebian debian 2mo ago pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as ins…
CVE-2026-31429 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 2mo ago In the Linux kernel, the following vulnerability has been resolved: net: skb: fix cross-cache free of KFENCE-allocated skb head SKB_SMALL_HEAD_CACHE_SIZE is intentionally set to a non-power-of-2 va…
CVE-2026-5720 critical 9.1 9.1 FIX debian debian miniupnp_project 2mo ago miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPActio…
CVE-2026-29013 critical 9.8 9.8 FIX debian debian libcoap 2mo ago libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which i…
CVE-2026-6491 medium 5.3 5.3 debian debian 2mo ago A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function im_minpos_vec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such…
CVE-2026-41313 medium 6.5 6.5 debian debian pypdf_project 2mo ago pypdf: Possible long runtimes for wrong size values in incremental mode
CVE-2026-41312 medium 6.5 6.5 debian debian pypdf_project 2mo ago pypdf: Manipulated FlateDecode predictor parameters can exhaust RAM
CVE-2026-40505 low 3.3 3.3 FIX debian debian artifex 2mo ago MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious…
CVE-2026-40959 critical 9.3 9.3 FIX slesdebian debian 2mo ago Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.
CVE-2026-6364 medium 6.5 6.5 FIX debian debian google 2mo ago Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted file. (Chromium security se…
CVE-2026-6362 medium 4.3 4.3 FIX debian debian google 2mo ago Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted video file. (Chromium security severity: H…
CVE-2026-6312 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 2mo ago Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML p…
CVE-2026-6296 critical 9.6 9.6 FIX debian debian linux-kernelmacos macos google 2mo ago Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-40919 medium 5.5 5.5 FIX debian debian rhel gimp 2mo ago A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacke…
CVE-2026-40918 medium 5.5 5.5 FIX debian debian rhel gimp 2mo ago A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service (DoS). This occurs due to a stack-based buffer overflow and an out-of-bou…
CVE-2026-40916 medium 5.5 5.5 FIX debian debian rhel gimp 2mo ago A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a local user to cause a Denial of Service (DoS). By opening a specially crafted TIM…
CVE-2026-6298 medium 4.3 4.3 FIX debian debian linux-kernelmacos macos google 2mo ago Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium secu…
CVE-2026-28421 medium 5.3 5.3 FIX rocky rhel sles 2mo ago Important: vim security update
CVE-2026-28417 medium 4.4 4.4 FIX rocky rhel sles 2mo ago Important: vim security update
CVE-2026-40311 medium 5.5 FIX debian debian sles 2mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash…
CVE-2026-6654 medium 5.1 5.1 FIX debian debian mozilla 2mo ago Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting the length to zero.
CVE-2026-6192 low 3.3 3.3 FIX slesdebian debian 2mo ago A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. T…
CVE-2026-31428 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD __build_packet_message() manually constructs the NFULA_…
CVE-2026-31427 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp process_sdp() declares union nf_inet_addr rtp_addr …
CVE-2026-31425 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: rds: ib: reject FRMR registration before IB connection is established rds_ib_get_mr() extracts the rds_ib_connection from conn->c…
CVE-2026-31424 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP Weiming Shi says: xt_match and xt_target…
CVE-2026-31423 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_hfsc: fix divide-by-zero in rtsc_min() m2sm() converts a u32 slope to a u64 scaled value. For large inputs (e.g. …
CVE-2026-31422 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_flow: fix NULL pointer dereference on shared blocks flow_change() calls tcf_block_q() and dereferences q->handle t…
CVE-2026-31421 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_fw: fix NULL pointer dereference on shared blocks The old-method path in fw_classify() calls tcf_block_q() and der…
CVE-2026-31420 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: bridge: mrp: reject zero test interval to avoid OOM panic br_mrp_start_test() and br_mrp_start_in_test() accept the user-supplied…
CVE-2026-31418 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: drop logically empty buckets in mtype_del mtype_del() counts empty slots below n->pos in k, but it only drops t…
CVE-2026-31416 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_log: account for netlink header size This is a followup to an old bug fix: NLMSG_DONE needs to account for t…
CVE-2026-31415 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid overflows in ip6_datagram_send_ctl() Yiming Qian reported : <quote> I believe I found a locally triggerable kernel b…
CVE-2026-31414 critical 9.8 9.8 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_expect: use expect->helper Use expect->helper in ctnetlink and /proc to dump the helper name. Using nfct_…
CVE-2026-40354 medium 6.3 6.3 FIX slesdebian debian flatpak 2mo ago Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on g_file_trash.
CVE-2026-40194 low 3.7 3.7 FIX debian debian phpseclib 2mo ago phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()
CVE-2026-40175 medium 4.8 4.8 FIX debian debian axios 2mo ago Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
CVE-2026-40228 low 3.3 3.3 slesdebian debian systemd_project 2mo ago In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set.
CVE-2026-34477 medium 5.9 5.9 FIX debian debian sles apache 2mo ago Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration
CVE-2026-6068 critical 9.6 9.6 slesdebian debian nasm 2mo ago NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response…
CVE-2026-31412 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() The `check_command_size_in_blocks()…
CVE-2026-33551 medium 5.3 5.3 FIX debian debian openstack 2mo ago An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application…
CVE-2026-5460 medium 6.5 6.5 FIX debian debian wolfssl 2mo ago A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography (PQC) hybrid KeyShare processing. In the error handling path of TLSX_KeyShare_ProcessPqcHybridClient() in src/tls.c, the in…
CVE-2026-5448 medium 4.3 4.3 FIX debian debian wolfssl 2mo ago X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow may occur when parsing date fields from a crafted X.509 certificate via the compatibility layer API. Th…
CVE-2026-5393 critical 9.1 9.1 FIX debian debian wolfssl 2mo ago Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-ex…
CVE-2026-5392 medium 5.4 5.4 FIX debian debian wolfssl 2mo ago Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the heap. The missing bounds check is in the indefinite-length end-of-content verification loop in PKCS7_V…
CVE-2026-4631 critical 10.0 EXPFIX rheldebian debian sles 2mo ago Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit…
CVE-2026-5507 medium 4.0 4.0 FIX debian debian wolfssl 2mo ago When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary…
CVE-2026-5504 medium 5.3 5.3 FIX debian debian wolfssl 2mo ago A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfS…
CVE-2026-5778 medium 6.5 6.5 FIX debian debian wolfssl 2mo ago Integer underflow in wolfSSL packet sniffer <= 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication…
CVE-2026-5772 medium 5.3 5.3 FIX debian debian wolfssl 2mo ago A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active. If a wildcard * e…
CVE-2026-5264 critical 9.8 9.8 FIX debian debian wolfssl 2mo ago Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow.
CVE-2026-5263 medium 6.5 6.5 FIX debian debian wolfssl 2mo ago URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf cert…
CVE-2026-34500 medium 5.5 FIX slesdebian debian 2mo ago CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20…
CVE-2026-29145 critical 9.5 FIX slesdebian debian 2mo ago CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0…
CVE-2026-5194 critical 9.1 9.1 FIX debian debian wolfssl 2mo ago Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature ver…
CVE-2026-34757 medium 4.4 4.4 FIX debian debian sles libpng 2mo ago LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained fro…
CVE-2025-62718 critical 9.9 9.9 FIX slesdebian debian axios 2mo ago Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback…
CVE-2026-21717 medium 5.9 5.9 FIX rhel slesdebian debian 2mo ago RHSA-2026:7670: nodejs:24 security update (Important)
CVE-2026-21713 medium 5.9 5.9 FIX rhel slesdebian debian 2mo ago RHSA-2026:7670: nodejs:24 security update (Important)
CVE-2026-21712 medium 5.7 5.7 FIX rhel slesdebian debian 2mo ago RHSA-2026:7670: nodejs:24 security update (Important)
CVE-2026-5919 medium 6.5 6.5 FIX debian debian linux-kernelmacos macos google 2mo ago Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a …
CVE-2026-5911 medium 4.3 4.3 FIX debian debian linux-kernelmacos macos google 2mo ago Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-5890 medium 5.3 5.3 FIX debian debianmacos macos linux-kernel google 2mo ago Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severit…
CVE-2026-5867 medium 4.3 4.3 FIX debian debian linux-kernelmacos macos google 2mo ago Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium secu…
CVE-2026-31411 medium 5.5 5.5 FIX slesdebian debian linux-kernel 2mo ago In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unvalidated vcc pointer in sigd_send() Reproducer available at [1]. The ATM send path (sendmsg -> vcc…
CVE-2026-39324 critical 9.5 FIX slesdebian debian 2mo ago Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization
CVE-2026-31789 critical 9.8 9.8 FIX slesdebian debian opensslgoogle 2mo ago Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a cr…
CVE-2026-5745 medium 5.5 5.5 debian debian sles rhel libarchiveredhat 2mo ago A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL …
CVE-2026-33816 critical 9.8 9.8 FIX debian debian sles jackc 2mo ago Memory-safety vulnerability in github.com/jackc/pgx/v5.
CVE-2026-33815 critical 9.8 9.8 FIX debian debian sles jackc 2mo ago Memory-safety vulnerability in github.com/jackc/pgx/v5.
CVE-2026-34444 critical 10.0 10.0 debian debian scoder 2mo ago Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr
CVE-2026-5735 critical 9.8 9.8 FIX debian debian sles mozilla 2mo ago Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exp…
CVE-2026-22675 medium 6.1 6.1 debian debian ocsinventory-ng 2mo ago OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User…