CVE-2026-13601
- EPSS 0.12%
- Veröffentlicht 29.06.2026 10:16:30
- Zuletzt bearbeitet 08.07.2026 03:36:15
A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet...
CVE-2026-13595
- EPSS 0.11%
- Veröffentlicht 29.06.2026 08:06:09
- Zuletzt bearbeitet 08.07.2026 03:37:21
A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw pointer to a parent partition entry in a dynamically allocated array. When subsequent par...
CVE-2026-57966
- EPSS 0.14%
- Veröffentlicht 29.06.2026 07:53:45
- Zuletzt bearbeitet 08.07.2026 03:36:29
A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host duri...
CVE-2026-57965
- EPSS 0.12%
- Veröffentlicht 29.06.2026 07:53:39
- Zuletzt bearbeitet 08.07.2026 03:36:51
A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This vulnerability can lead to a heap buffer overflow, causing the spice-vdagent daemon to crash and resu...
CVE-2026-53153
- EPSS 0.11%
- Veröffentlicht 25.06.2026 08:38:37
- Zuletzt bearbeitet 08.07.2026 13:51:05
In the Linux kernel, the following vulnerability has been resolved: mm/list_lru: drain before clearing xarray entry on reparent memcg_reparent_list_lrus() clears the dying memcg's xarray entry with xas_store(&xas, NULL) before reparenting its per-n...
CVE-2026-53145
- EPSS 0.11%
- Veröffentlicht 25.06.2026 08:38:32
- Zuletzt bearbeitet 08.07.2026 14:57:03
In the Linux kernel, the following vulnerability has been resolved: drm/gem: Try to fix change_handle ioctl, attempt 4 [airlied: just added some comments on how to reenable] On-list because the cat is out of the bag and we're clearly not good enoug...
CVE-2026-12892
- EPSS 0.12%
- Veröffentlicht 23.06.2026 19:53:23
- Zuletzt bearbeitet 06.07.2026 18:02:05
A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file containing malformed MVC or SVC extension slice NAL units, a 1-byte heap out-of-bounds read can occur during parsing. This happens when the ...
CVE-2026-12891
- EPSS 0.28%
- Veröffentlicht 23.06.2026 19:53:21
- Zuletzt bearbeitet 01.07.2026 18:02:08
A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 parser performs an out-of-bounds read of up to 8 bytes from adjacent memory. This fla...
CVE-2026-11820
- EPSS 0.29%
- Veröffentlicht 23.06.2026 19:53:19
- Zuletzt bearbeitet 01.07.2026 18:27:53
A flaw was found in the community.general Ansible collection's nexmo module. The module constructs HTTP requests to the Vonage/Nexmo SMS API by encoding API credentials (api_key and api_secret) into URL query parameters and sending them via GET reque...
CVE-2026-11819
- EPSS 0.12%
- Veröffentlicht 23.06.2026 19:53:17
- Zuletzt bearbeitet 08.07.2026 15:11:07
Module: plugins/modules/keyring_info.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase from the OS native keyring (GNOME Keyring, macOS Keychain, Windows Credential Manager) and places it direc...