oss-sec: by date
RSS Feed
About List
All Lists
Previous period
874 messages
starting Apr 01 26 and
ending Jun 10 26
Date index |
Thread index |
Author index
Wednesday, 01 April
Re: [vim-security] Vim modeline bypass via various options affects Vim < 9.2.0276 Salvatore Bonaccorso
Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt
Re: Multiple vulnerabilities in AppArmor Greg KH
[vim-security] Path traversal issue with zip.vim and special crafted zip archives in Vim < v9.2.0280 Christian Brabandt
[oss-security][CVE-2026-5271] Python install manager script aliases search path hijack Alan Coopersmith
FW: libinput Security Advisory: multiple security issues in libinput Peter Hutterer
Thursday, 02 April
Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt
Announce: OpenSSH 10.3 released Damien Miller
Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt
Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Tianyu Chen
[ANNOUNCE] ATS is vulnerable to HTTP requests with body Masakazu Kitajo
Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 David A. Wheeler
Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt
Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Solar Designer
[libc musl] - Algorithmic complexity DoS in iconv GB18030 decoder Jens Jarl Nestén Hansen-Nord
Re: [libc musl] - Algorithmic complexity DoS in iconv GB18030 decoder Rich Felker
Re: [libc musl] - Algorithmic complexity DoS in iconv GB18030 decoder Rich Felker
Friday, 03 April
Re: Announce: OpenSSH 10.3 released Agostino Sarubbo
Re: Announce: OpenSSH 10.3 released Salvatore Bonaccorso
Re: Re: Multiple vulnerabilities in AppArmor Salvatore Bonaccorso
Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Salvatore Bonaccorso
Re: Announce: OpenSSH 10.3 released Demi Marie Obenour
Sunday, 05 April
Heads-up: Upcoming Samba security releases (2026-04-09) Douglas Bagnall
Monday, 06 April
Re: Announce: OpenSSH 10.3 released Damien Miller
CVE-2026-34197: Apache ActiveMQ Broker, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans Christopher L. Shannon
CVE-2026-33227: Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ Web: Improper Limitation of a Pathname to a Restricted Directory Christopher L. Shannon
Tuesday, 07 April
Re: Announce: OpenSSH 10.3 released Demi Marie Obenour
Re: Announce: OpenSSH 10.3 released Damien Miller
Re: Announce: OpenSSH 10.3 released Demi Marie Obenour
libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Andrew G. Morgan
Re: Heads-up: Upcoming Samba security releases (2026-04-09) Douglas Bagnall
CVE-2026-35554: Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition Manikumar
CVE-2026-27314: Apache Cassandra: Privilege escalation via ADD IDENTITY authorization bypass Michael Semb Wever
CVE-2026-27315: Apache Cassandra: cqlsh history sensitive information leak Michael Semb Wever
CASSANDRA-21202: CVE-2026-32588: Apache Cassandra: Authenticated DoS via ALTER ROLE Password Hashing Michael Semb Wever
Django CVE-2026-3902, CVE-2026-4277, CVE-2026-4292, CVE-2026-33033, and CVE-2026-33034 Jacob Walls
OpenSSL Security Advisory Tomas Mraz
[OSSA-2026-005] Keystone: Restricted application credentials can create EC2 credentials (CVE-2026-33551) Jeremy Stanley
[vim-security] Netbeans command injection in Vim < v9.2.0316 Christian Brabandt
Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Christian Göttsche
systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Aaron Rainbolt
Multiple CVEs disclosed in CUPS Alan Coopersmith
Re: Multiple CVEs disclosed in CUPS Peter Gutmann
Fwd: [siren] Severity: High – Potential Malicious Campaign Underway Targeting Open Source Developers via Slack Solar Designer
Re: Axios Supply-Chain Attack [v1.14.1] [0.30.4] --> plain-crypto-js [4.2.0][4.2.1] Solar Designer
Wednesday, 08 April
CVE-2026-5082: Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id Robert Rothenberg
CVE-2026-5083: Ado::Sessions versions through 0.935 for Perl generates insecure session ids Robert Rothenberg
Re: [EXTERN] Re: [oss-security] Multiple CVEs disclosed in CUPS Schwedas, Sven
Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Andrew G. Morgan
Re: systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Aaron Rainbolt
Re: Fwd: [siren] Severity: High – Potential Malicious Campaign Underway Targeting Open Source Developers via Slack Stuart D Gathman
PyCA cryptography 46.0.7 released, fixes CVE-2026-39892 Alan Coopersmith
Re: Re: Heads-up: Upcoming Samba security releases (2026-04-09) Douglas Bagnall
Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Alan Coopersmith
X41 Advisory X41-2026-001: Guardrail Sandbox Escape in LiteLLM Markus Vervier
libpng 1.6.57: Use-after-free vulnerability fixed: CVE-2026-34757 Cosmin Truta
4 security fixes in Flatpak, including critical CVE-2026-34078: Complete sandbox escape leading to host file access and code execution in the host context Solar Designer
lftp 4.9.3 does not filter non-printable characters in the output to the terminal Vincent Lefevre
Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Solar Designer
Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Andrew G. Morgan
Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Solar Designer
Thursday, 09 April
Re: 4 security fixes in Flatpak, including critical CVE-2026-34078: Complete sandbox escape leading to host file access and code execution in the host context Simon McVittie
CVE-2026-34538: Apache Airflow: Authorization bypass in DagRun wait endpoint (XCom exposure) Rahul Vats
CVE-2026-33005: Apache OpenMeetings: Insufficient checks in FileWebService Maxim Solodovnik
CVE-2026-33266: Apache OpenMeetings: Hardcoded Remember-Me Cookie Encryption Key and Salt Maxim Solodovnik
CVE-2026-34020: Apache OpenMeetings: Login Credentials Passed via GET Query Parameters Maxim Solodovnik
Re: systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Salvatore Bonaccorso
Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Andrew G. Morgan
Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Tianyu Chen
CVE-2025-57735: Apache Airflow: Airflow Logout Not Invalidating JWT Rahul Vats
CVE-2026-39304: Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incorrect handling of TLSv1.3 KeyUpdate can be exploited to cause DoS via OOM Christopher L. Shannon
CVE-2026-40046: Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT: Missing fix for CVE-2025-66168: MQTT control packet remaining length field is not properly validated Christopher L. Shannon
Re: [libc musl] - Algorithmic complexity DoS in iconv GB18030 decoder Jens Jarl Nestén Hansen-Nord
CVE-2026-24880: Apache Tomcat: Request smuggling via invalid chunk extension Mark Thomas
CVE-2026-25854: Apache Tomcat: Occasionally open redirect Mark Thomas
CVE-2026-29129: Apache Tomcat: TLS cipher order is not preserved Mark Thomas
CVE-2026-29145: Apache Tomcat, Apache Tomcat Native: OCSP checks sometimes soft-fail even when soft-fail is disabled Mark Thomas
CVE-2026-29146: Apache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default Mark Thomas
CVE-2026-32990: Apache Tomcat: Fix for CVE-2025-66614 is incomplete Mark Thomas
CVE-2026-34483: Apache Tomcat: Incomplete escaping of JSON access logs Mark Thomas
CVE-2026-34486: Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor Mark Thomas
CVE-2026-34487: Apache Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer token Mark Thomas
CVE-2026-34500: Apache Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled Mark Thomas
[OSSA-2026-006] OpenStack Skyline: DOM-based XSS in Skyline Console via unsanitized instance console log rendering (CVE-2026-pending) Goutham Pacha Ravi
Re: systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Aaron Rainbolt
Re: X41 Advisory X41-2026-001: Guardrail Sandbox Escape in LiteLLM Solar Designer
Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Solar Designer
Friday, 10 April
Re: systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Vincent Lefevre
CVE-2026-4631 [cockpit] Unauthenticated remote code execution due to SSH command-line argument injection Jelle van der Waa
CVE-2026-34477: Apache Log4j Core: verifyHostName attribute silently ignored in TLS configuration, allowing hostname verification bypass Piotr Karwasz
CVE-2026-34478: Apache Log4j Core: Log injection in Rfc5424Layout due to silent configuration incompatibility Piotr Karwasz
CVE-2026-34479: Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters Piotr Karwasz
CVE-2026-34480: Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters Piotr Karwasz
xdg-desktop-portal GHSA-rqr9-jwwf-wxgj: Trashing of arbitrary host files Simon McVittie
xdg-dbus-proxy CVE-2026-34080: Eavesdrop filter bypass allows message interception Simon McVittie
CVE-2026-40198: Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass Stig Palmquist
CVE-2026-40199: Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass Stig Palmquist
[kubernetes] CVE-2026-3865: CSI Driver for SMB path traversal via subDir may delete unintended directories on the SMB server Vinayak Goyal
CPython [CVE-2026-1502] HTTP client proxy tunnel headers not validated for CR/LF Alan Coopersmith
CPython [CVE-2026-3446] Base64 decoding stops at first padded quad by default Alan Coopersmith
Saturday, 11 April
CVE-2026-35537+more: Roundcube arbitrary write + ID/XSS/etc. prior to 1.6.14 Valtteri Vuorikoski
Re: CVE-2026-35537+more: Roundcube arbitrary write + ID/XSS/etc. prior to 1.6.14 Valtteri Vuorikoski
LibRaw 0.22.1 Release with security fixes Alan Coopersmith
Avahi: Reachable assertion in transport_flags_from_domain (CVE-2026-34933) Alan Coopersmith
GNU tar: listing/extraction desynchronization allows hidden file injection Alan Coopersmith
Re: GNU tar: listing/extraction desynchronization allows hidden file injection Collin Funk
Re: GNU tar: listing/extraction desynchronization allows hidden file injection Alan Coopersmith
Re: GNU tar: listing/extraction desynchronization allows hidden file injection Solar Designer
Re: GNU tar: listing/extraction desynchronization allows hidden file injection Collin Funk
Sunday, 12 April
Security Audit of Hex, the Erlang package manager Alan Coopersmith
Re: GNU tar: listing/extraction desynchronization allows hidden file injection Paul Eggert
CVE-2026-35337: Apache Storm Client: RCE through Unsafe Deserialization via Kerberos TGT Credential Handling Richard Zowalla
CVE-2026-35565: Apache Storm UI: Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Storm UI Richard Zowalla
Re: Security Audit of Hex, the Erlang package manager Alexander Patrakov
Monday, 13 April
CVE-2026-5085: Solstice::Session versions through 1440 for Perl generates session ids insecurely Robert Rothenberg
CVE-2025-54057: Apache SkyWalking: Stored XSS vulnerability Zhenxu Ke
CVE-2026-34476: Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server Qiuxia Fan
CVE-2026-34884: Apache SkyWalking MCP: SSRF via set_skywalking_url Tool and GraphQL Expression Injection in MCP Server Qiuxia Fan
CVE-2025-66236: Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI Rahul Vats
CVE-2026-33858: Apache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API Rahul Vats
CVE-2026-39816: Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService David Handermann
Re: Security Audit of Hex, the Erlang package manager Alan Coopersmith
[oss-security][CVE-2026-6100] CPython: Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure Alan Coopersmith
[oss-security][CVE-2026-4786] CPython: Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open() Alan Coopersmith
CVE-2026-5086: Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks Robert Rothenberg
CVE-2026-31923: Apache APISIX: Openid-connect `tls_verify` field is disabled by default Abhishek Choudhary
CVE-2026-31924: Apache APISIX: Plugin tencent-cloud-cls log export uses plaintext HTTP Abhishek Choudhary
CVE-2026-31908: Apache APISIX: forward auth plugin allows header injection Abhishek Choudhary
CVE-2026-33929: Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code Tilman Hausherr
wolfSSL ML-DSA: same-process heap reuse exposes private signing material, enabling signature forgery Abhinav Agarwal
wolfSSL 5.9.1 CVE and non-CVE fixes Solar Designer
Tuesday, 14 April
[disclosure] Multiple unpatched CVEs in libav (unmaintained FFmpeg fork, last update 2019) yangjincheng1998
Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland Olivier Fourdan
[OSSA-2026-007] OpenStack Keystone: LDAP identity backend does not convert enabled attribute to boolean (CVE PENDING) Goutham Pacha Ravi
CVE-2025-54550: Apache Airflow: RCE by race condition in example_xcom dag Jarek Potiuk
CVE-2026-30778: Apache SkyWalking: The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. Kai Wan
Wednesday, 15 April
CVE-2026-25219: Apache Airlfow: Sensitive Azure Service Bus connection string (and possibly other providers) exposed to users with view access Jarek Potiuk
CVE-2026-5088: Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts Robert Rothenberg
Re: CVE-2026-5088: Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts Jacques Deguest
[oss-security][CVE-2026-5713] CPython: Out-of-bounds read/write during remote debugging when connecting to malicious target Alan Coopersmith
[vim-security] Command injection via backtick expansion in tag filenames in Vim < v9.2.0357 Christian Brabandt
7 vulnerabilities disclosed & patched in jq Alan Coopersmith
Re: Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland Alan Coopersmith
Re: 7 vulnerabilities disclosed & patched in jq Collin Funk
UAF in rsync 3.4.1 and below Przemyslaw Frasunek
Thursday, 16 April
cosmic-greeter: Unsafe File System Operations in User Home Directories (CVE-2026-25704) Matthias Gerstner
Re: UAF in rsync 3.4.1 and below Alan Coopersmith
CVE-2025-27363: FontForge affected by FreeType heap-buffer-overflow; upstream maintainer declines under Community-guidelines #D1 yangjincheng1998
Apache Kvrocks affected by CVE-2024-31449 and CVE-2025-49844 (Redis Lua); fixed but no formal advisory yangjincheng1998
CVE-2026-31987: Apache Airflow: JWT token appearing in logs Rahul Vats
Re: Apache Kvrocks affected by CVE-2024-31449 and CVE-2025-49844 (Redis Lua); fixed but no formal advisory Alan Coopersmith
Re: UAF in rsync 3.4.1 and below Salvatore Bonaccorso
Re: Apache Kvrocks affected by CVE-2024-31449 and CVE-2025-49844 (Redis Lua); fixed but no formal advisory yangjincheng1998
Re: Apache Kvrocks affected by CVE-2024-31449 and CVE-2025-49844 (Redis Lua); fixed but no formal advisory Solar Designer
Re: [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability cyber security
Re: Apache Kvrocks affected by CVE-2024-31449 and CVE-2025-49844 (Redis Lua); fixed but no formal advisory yangjincheng1998
Friday, 17 April
CVE-2026-33557: Apache Kafka: Missing JWT token validation in OAUTHBEARER authentication Luke Chen
CVE-2026-33558: Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output Luke Chen
CVE-2025-66335: Apache Doris MCP Server: MCP SQL inject Mingyu Chen
CVE-2026-30912: Apache Airflow: Exposing stack trace in case of constraint error Rahul Vats
CVE-2026-32690: Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=1 Rahul Vats
CVE-2026-30898: Apache Airflow: Bad example of BashOperator shell injection via dag_run.conf Rahul Vats
CVE-2026-32228: Apache Airflow: Users with asset materialization permisssions could trigger Dags they had no access to Rahul Vats
CVE-2026-25917: Apache Airflow: API extra-links triggers XCom deserialization/class instantiation (Airflow 3.1.5) Rahul Vats
Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Matthias Ferdinand
cups: 8 various moderate vulnerabilities Zdenek Dohnal
ngtcp2: qlog_parameters_set_transport_params_stack_overflow [CVE-2026-40170] Alan Coopersmith
Xen Security Advisory 488 v1 - x86: Floating Point Divider State Sampling Xen . org security team
CVE-2026-40948: Apache Airflow Keycloak Provider: OAuth Login CSRF — Missing State Parameter in Keycloak Auth Manager Jarek Potiuk
Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Eli Schwartz
lcms2 <= 2.18 CubeSize() integer overflow: stock Ubuntu 24.04 Poppler / evince-thumbnailer / OpenJDK crashers (different triggers), no CVE Abhinav Agarwal
Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Sam James
Saturday, 18 April
Re: lcms2 <= 2.18 CubeSize() integer overflow: stock Ubuntu 24.04 Poppler / evince-thumbnailer / OpenJDK crashers (different triggers), no CVE Abhinav Agarwal
Re: [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability cyber security
Re: [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability cyber security
Re: [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability Solar Designer
CVE-2026-41113: RCE in sagredo fork of qmail Alan Coopersmith
Sunday, 19 April
[CVE REQUEST] terminal-controller-mcp: trivially bypassable command blocklist enables unrestricted RCE (CVSS 10.0) Pico 🧬
Re: [CVE REQUEST] terminal-controller-mcp: trivially bypassable command blocklist enables unrestricted RCE (CVSS 10.0) Alan Coopersmith
Re: CVE-2025-27363: FontForge affected by FreeType heap-buffer-overflow; upstream maintainer declines under Community-guidelines #D1 Sam James
Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Matthias Ferdinand
Monday, 20 April
Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Dimitri Ledkov
[ADVISORY] CVE-2026-5265: Heap Over-Read in ICMP Error Response Generation Ales Musil
[ADVISORY] CVE-2026-5367: Heap over-read in OVN DHCPv6 Client ID processing Ales Musil
Re: [ADVISORY] CVE-2026-5265: Heap Over-Read in ICMP Error Response Generation Ales Musil
Re: [ADVISORY] CVE-2026-5367: Heap over-read in OVN DHCPv6 Client ID processing Ales Musil
Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Morten Linderud
Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Demi Marie Obenour
Fwd: [CVE-2026-3219] pip doesn't reject concatenated ZIP and tar archives Alan Coopersmith
The GNU C Library security advisories update for 2026-04-20 Carlos O'Donell
Tuesday, 21 April
Libgcrypt security releases 1.12.2, 1.11.3, 1.10.x Valtteri Vuorikoski
Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Michael Orlitzky
Fwd: X.Org Security Advisory: CVE-2026-4367: libXpm Out-of-bounds read in xpmNextWord() Olivier Fourdan
CVE-2026-40706: ntfs-3g 2022.10.3: Heap buffer overflow Rostislav
CVE-2017-20230: Storable versions before 3.05 for Perl has a stack overflow Robert Rothenberg
CVE-2025-15638: Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt Robert Rothenberg
Re: CVE-2017-20230: Storable versions before 3.05 for Perl has a stack overflow Sam James
Re: CVE-2017-20230: Storable versions before 3.05 for Perl has a stack overflow Sam James
Re: UAF in rsync 3.4.1 and below Sam James
Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Demi Marie Obenour
Wednesday, 22 April
[SECURITY] CVE-2026-40542: Apache HttpClient 5.6 SCRAM-SHA-256 mutual authentication bypass Arturo Bernal
CVE-2026-41651: TOCTOU vulnerability in PackageKit <= 1.3.4 leads to local root exploit Matthias Klumpp
Re: CVE-2017-20230: Storable versions before 3.05 for Perl has a stack overflow Steffen Nurpmeso
[vim-security] OS Command Injection in netrw affects Vim < 9.2.0383 Christian Brabandt
Thursday, 23 April
PowerDNS Security Advisory 2026-03 for PowerDNS Recursor: Multiple issues Otto Moerbeek
CVE-2026-41564: CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking Stig Palmquist
PowerDNS Authoritative Server 4.9.14 and 5.0.4 released Miod Vallat
CVE-2026-40466: Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI Christopher L. Shannon
CVE-2026-41043: Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues Christopher L. Shannon
CVE-2026-41044: Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia Christopher L. Shannon
CVE-2026-23902: Apache DolphinScheduler: Users are able to use tenants that are not defined on the platform during workflow execution. Wenjun Ruan
CVE-2025-62233: Apache DolphinScheduler: Deserialization of untrusted data in RPC Wenjun Ruan
Friday, 24 April
CVE-2026-38743: Apache Airflow: Dags endpoint might provide access to otherwise inaccessible entities Rahul Vats
CVE-2026-40690: Apache Airflow: Assets graph view bypasses DAG level access control displaying unrelated topologies and all DAGs names to unauthorized users Rahul Vats
rust-openssl-v0.10.78 fixes 5 CVEs Alan Coopersmith
Saturday, 25 April
bubblewrap CVE-2026-41163: Privilege escalation if setuid root, via ptrace Simon McVittie
CVE-2026-40557: Apache Storm Prometheus Reporter: Disabling TLS verification for Prometheus Reporter also disables it for all other connections Richard Zowalla
CVE-2026-41081: Apache Storm Client: Anonymous principal assigned on TLS client certificate verification failure Richard Zowalla
Sunday, 26 April
libexpat 2.8.0 fixes CVE-2026-41080 (insufficient entropy) Sebastian Pipping
CVE-2026-27172: Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store Andrea Cosentino
CVE-2026-33453: Apache Camel: CoAP URI Query Parameter to Exchange Header Injection in camel-coap Allows Single-Packet Pre-Auth Remote Code Execution Andrea Cosentino
CVE-2026-33454: Apache Camel: Inbound Header Filter Missing in MailHeaderFilterStrategy Allows Remote Code Execution via MIME Header Injection (CVE-2025-30177 Variant) Andrea Cosentino
CVE-2026-40022: Apache Camel: Camel-Platform-HTTP-Main: Authentication Bypass on Non-Root Context Paths in camel main runtime Andrea Cosentino
CVE-2026-40048: Apache Camel: Camel-PQC: Unsafe Deserialization from FileBasedKeyLifecycleManager Andrea Cosentino
CVE-2026-40453: Apache Camel: Incomplete fix for CVE-2025-27636 in non-HTTP HeaderFilterStrategies (camel-jms, camel-sjms, camel-coap, camel-google-pubsub) allows case-variant header injection Andrea Cosentino
CVE-2026-40473: Apache Camel: Camel-Mina: Unsafe Deserialization in MinaConverter.toObjectInput() via TCP/UDP Andrea Cosentino
CVE-2026-40858: Apache Camel: Camel-Infinispan: Unsafe Deserialization in Remote Aggregation Repository Andrea Cosentino
CVE-2026-40860: Apache Camel: Unsafe Deserialization of JMS ObjectMessage in camel-jms, camel-sjms, camel-sjms2 and camel-amqp Andrea Cosentino
Monday, 27 April
plasma-login-manager: Weaknesses in plasmaloginauthhelper (CVE-2026-25710) Matthias Gerstner
uriparser 1.0.1 fixes CVE-2026-42371 (integer overflow) Sebastian Pipping
CVE-2026-41409: Apache MINA: CWE-502 Deserialization of Untrusted Data Emmanuel Lécharny
ZDRES-059: CVE-2026-41635: Apache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE Emmanuel Lécharny
CVE-2026-7040: Text::Minify::XS versions from v0.3.0 before v0.7.8 for Perl have heap overflow when processing some malformed UTF-8 characters Robert Rothenberg
[OSSA-2026-008] Ironic: Command Injection in IPMI Console Implementations (CVE pending) Jay Faulkner
[oss-security][CVE-2026-6357] pip self-update functionality can import newly installed modules after wheel installation Alan Coopersmith
CVE-2026-40355, CVE-2026-40356: MIT krb5 1.18+ Unauthenticated Network read overrun and null pointer dereference Cem Onat Karagun
CVE-2026-41636: Apache Thrift: Node.js skip() recursion Jens Geyer
CVE-2026-41607: Apache Thrift: C++ JSON OOB read Jens Geyer
CVE-2026-41606: Apache Thrift: c_glib dispatch stack overflow Jens Geyer
CVE-2026-41605: Apache Thrift: Swift Compact Protocol integer overflow Jens Geyer
CVE-2026-41604: Apache Thrift: Swift Range crash in skip() Jens Geyer
CVE-2026-41602: Apache Thrift: Go TFramedTransport uint32 overflow Jens Geyer
CVE-2026-41603: Apache Thrift: Java TSSLTransportFactory hostname verification Jens Geyer
CVE-2025-48431: Apache Thrift glibc language bindings: Specially crafted input can crash a c_glib Thrift server with invalid pointer error. Jens Geyer
[oss-security][CVE-2026-3087] shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs Alan Coopersmith
Tuesday, 28 April
Xen Security Advisory 483 v2 (CVE-2026-23556) - oxenstored keeps quota related use counts across domain destruction Xen . org security team
Xen Security Advisory 484 v2 (CVE-2026-23557) - Xenstored DoS via XS_RESET_WATCHES command Xen . org security team
Xen Security Advisory 485 v2 (CVE-2026-31786) - Linux kernel out of bounds read via Xen-related sysfs file Xen . org security team
Xen Security Advisory 486 v2 (CVE-2026-23558) - grant table v2 race in status page mapping Xen . org security team
Xen Security Advisory 487 v2 (CVE-2026-31787) - Linux kernel double free in Xen privcmd driver Xen . org security team
Coordinated Disclosure in the LLM Age Jeremy Stanley
The GNU C Library security advisories update for 2026-04-28 Carlos O'Donell
CVE-2026-41873: Pony Mail: Admin account takeover via request smuggling Arnout Engelen
Xen Security Advisory 489 v1 (CVE-2026-23559,CVE-2026-23560,CVE-2026-23561,CVE-2026-23562,CVE-2026-42486) - Multiple RBAC issues in XAPI Xen . org security team
Re: Coordinated Disclosure in the LLM Age Greg Dahlman
[SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 MOHAMED AZIZ RAHMOUNI
Re: [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Dmitry Butskoy
Re: [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Dmitry Butskoy
Re: [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Alan Coopersmith
CVE-2026-40560: Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence Timothy Legge
Re: [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Ellenor Bjornsdottir
Re: [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Solar Designer
Re: Coordinated Disclosure in the LLM Age Jacob Bachmeyer
Re: [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Jacob Bachmeyer
Re: Coordinated Disclosure in the LLM Age Peter Gutmann
[ADVISORY] curl: CVE-2026-4873: connection reuse ignores TLS requirement Daniel Stenberg
[ADVISORY] curl: CVE-2026-5545: wrong reuse of HTTP Negotiate connection Daniel Stenberg
[ADVISORY] curl: CVE-2026-5773: wrong reuse of SMB connection Daniel Stenberg
[ADVISORY] curl: CVE-2026-6429: netrc credential leak with reused proxy connection Daniel Stenberg
[ADVISORY] curl: CVE-2026-6253: proxy credentials leak over redirect-to proxy Daniel Stenberg
[ADVISORY] curl: CVE-2026-7009: OCSP stapling bypass with Apple SecTrust Daniel Stenberg
[ADVISORY] curl: CVE-2026-6276: stale custom cookie host causes cookie leak Daniel Stenberg
[ADVISORY] curl: CVE-2026-7168: cross-proxy Digest auth state leak Daniel Stenberg
Wednesday, 29 April
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Re: Coordinated Disclosure in the LLM Age Lucas Holt
CVE-2026-7111: Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption Stig Palmquist
Xen Security Advisory 489 v2 (CVE-2026-23559,CVE-2026-23560,CVE-2026-23561,CVE-2026-23562,CVE-2026-42486) - Multiple RBAC issues in XAPI Xen . org security team
Re: Coordinated Disclosure in the LLM Age Jeremy Stanley
Re: Coordinated Disclosure in the LLM Age Willy Tarreau
Re: Coordinated Disclosure in the LLM Age Renaud Allard
Re: Coordinated Disclosure in the LLM Age Clemens Lang
CVE-2026-31431: CopyFail: linux local privilege scalation Jan Schaumann
Re: Coordinated Disclosure in the LLM Age Brian May
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eddie Chapman
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Sam James
CVE-2026-7381: Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting Robert Rothenberg
OSSA-2026-008: OpenStack Ironic: Command Injection in Ironic IPMI Console Implementations (CVE-2026-42510) - errata 1 Goutham Pacha Ravi
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Zube
gnutls 3.8.13 released with 12 CVE fixes and more Alan Coopersmith
inetutils-2.8 released with 2 CVE fixes Alan Coopersmith
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Aaron Rainbolt
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Solar Designer
[CVE-2026-37555] libsndfile IMA-ADPCM integer overflow (incomplete fix for CVE-2022-33065) Feng Ning
Re: lcms2 <= 2.18 CubeSize() integer overflow: stock Ubuntu 24.04 Poppler / evince-thumbnailer / OpenJDK crashers (different triggers), no CVE Abhinav Agarwal
Re: lcms2 <= 2.18 CubeSize() integer overflow: stock Ubuntu 24.04 Poppler / evince-thumbnailer / OpenJDK crashers (different triggers), no CVE Sam James
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Sam James
Thursday, 30 April
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Salvatore Bonaccorso
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Greg KH
Re: Coordinated Disclosure in the LLM Age Greg KH
Re: CVE-2026-31431: CopyFail: linux local privilege scalation cyber security
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Sam James
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Greg KH
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Roman Medina-Heigl Hernandez
CVE-2026-5080: Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely Robert Rothenberg
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Alan Coopersmith
Exim 4.99.2 fixes 4 CVEs Solar Designer
Re: 10+ CVEs in GStreamer Solar Designer
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Solar Designer
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Greg KH
Friday, 01 May
CVE-2026-42167: SQL injection in ProFTPd prior to 1.3.9a Valtteri Vuorikoski
Prosody XMPP server security advisory 2026-04-31 (multiple vulnerabilities) Matthew Wild
CVE-2026-42402: Apache Neethi: Policy Normalization Unbounded Resource Allocation DoS Colm O hEigeartaigh
CVE-2026-42403: Apache Neethi: Circular Policy Reference Infinite Loop Colm O hEigeartaigh
CVE-2026-42404: Apache Neethi: Unrestricted HTTP Redirect Following in Policy References Colm O hEigeartaigh
Re: 10+ CVEs in GStreamer Demi Marie Obenour
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Reid Sutherland
Re: Exim 4.99.2 fixes 4 CVEs Florian Weimer
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour
Re: CVE-2026-42167: SQL injection in ProFTPd prior to 1.3.9a Alan Coopersmith
Re: 10+ CVEs in GStreamer Kevin Backhouse
Re: [EXTERNAL] Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Shrader, David Lee
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Justin Swartz
Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation cyber security
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers
CVE-2026-40682: Apache OpenNLP: XXE via Dictionary Parsing in DictionaryEntryPersistor Richard Zowalla
CVE-2026-42027: Apache OpenNLP: Arbitrary Class Instantiation via Model Manifest in ExtensionLoader Richard Zowalla
CVE-2026-42440: Apache OpenNLP: OOM DoS via Unbounded Array Allocation in AbstractModelReader Richard Zowalla
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Alan Coopersmith
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers
Security audit of rust-coreutils Alan Coopersmith
Saturday, 02 May
uutils coreutils CVEs Collin Funk
Ubuntu back up, In Saturday after DDoS attacks cyber security
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour
Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Reid Sutherland
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour
Re: uutils coreutils CVEs Jan Schaumann
CVE-2026-42809: Apache Polaris: An authenticated low-privileged user can abuse Polaris staged table creation to mint broad temporary storage credentials for an attacker-chosen location before Polaris validates that location Jean-Baptiste Onofré
CVE-2026-42810: Apache Polaris: Polaris accepts literal `*` characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and `s3:prefix` conditions. Jean-Baptiste Onofré
CVE-2026-42811: Apache Polaris: In plain terms, Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Jean-Baptiste Onofré
CVE-2026-42812: Apache Polaris: No protection on `write.metadata.path` Jean-Baptiste Onofré
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Greg Dahlman
Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Justin Swartz
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Richard Kettlewell
Re: Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Reid Sutherland
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Greg Dahlman
Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Brian May
Re: Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Alexander Bochmann
Re: uutils coreutils CVEs Collin Funk
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour
Re: Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Collin Funk
Re: Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Malik, Vaibhav
CVE-2026-40561: Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence Timothy Legge
syzkaller "Reporting Linux kernel bugs" out of date Solar Designer
Re: CVE-2026-31431: CopyFail: linux local privilege scalation nightmare . yeah27
Sunday, 03 May
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Simon McVittie
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Peter Gutmann
Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Reid Sutherland
CVE request: io_uring zcrx freelist OOB write Mohamed salem Eddah
Re: CVE request: io_uring zcrx freelist OOB write Greg KH
CVE-2026-40563: Apache Atlas: Script injection allows access to unintended data Pinal Shah
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Paul Ducklin
[vim-security] OS Command Injection via 'path' completion affects Vim < 9.2.0435 Christian Brabandt
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Greg Dahlman
Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Sam James
Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Sam James
Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Sam James
Fwd: mutt 2.3.2 released Sam James
Monday, 04 May
Re: uutils coreutils CVEs Jakub Wilk
Re: uutils coreutils CVEs cyber security
Re: uutils coreutils CVEs Eli Schwartz
Re: CVE request: io_uring zcrx freelist OOB write Pavel Begunkov
Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Greg Kroah-Hartman
Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Jeroen Roovers
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Milan Broz
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Milan Broz
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Richard Kettlewell
CVE-2026-33857: Apache HTTP Server: Off-by-one OOB reads in AJP getter functions Eric Covener
CVE-2026-34032: Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string) Eric Covener
CVE-2026-34059: Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data() Eric Covener
CVE-2026-24072: Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr Eric Covener
CVE-2026-23918: Apache HTTP Server: http2: double free and possible RCE on early reset Eric Covener
CVE-2026-29169: Apache HTTP Server: mod_dav_lock indirect lock crash Eric Covener
CVE-2026-33006: Apache HTTP Server: mod_auth_digest timing attack Eric Covener
CVE-2026-33007: Apache HTTP Server: mod_authn_socache crash Eric Covener
CVE-2026-33523: Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line Eric Covener
Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Emily Shepherd
Fwd: [pfx] Postfix stable release 3.11.2 and legacy releases 3.10.9, 3.9.10, 3.8.16 Sam James
Re: [pfx] Postfix stable release 3.11.2 and legacy releases 3.10.9, 3.9.10, 3.8.16 Sam James
Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Greg KH
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Solar Designer
Re: Fwd: [pfx] Postfix stable release 3.11.2 and legacy releases 3.10.9, 3.9.10, 3.8.16 Salvatore Bonaccorso
Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Emily Shepherd
Local privilege escalation in Lix and Nix Thomas GERBET
Nix/Lix: local privilege escalation in daemon process Martin Weinelt
Re: systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Aaron Rainbolt
CVE-2026-43868: Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern Jens Geyer
CVE-2026-43869: Apache Thrift: TSSLTransportFactory.java hostname verification Jens Geyer
CVE-2026-43870: Apache Thrift: Node.js web_server.js multi-vulnerability Jens Geyer
Re: [pfx] Postfix stable release 3.11.2 and legacy releases 3.10.9, 3.9.10, 3.8.16 Solar Designer
Tuesday, 05 May
CVE-2026-29168: Apache HTTP Server: mod_md unrestricted OCSP response Eric Covener
[OSSA-2026-009] Horizon: Unauthenticated session flood via login redirect storage (CVE-2026-43002) Goutham Pacha Ravi
Django CVE-2026-5766, CVE-2026-35192, and CVE-2026-6907 Sarah Boyce
CVE-2026-28780: Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header() Eric Covener
[OSSA-2026-010] Ironic: Credential Forwarding to Arbitrary Endpoints via iDrac Configuration Molds Feature (CVE-2026-42997) Jay Faulkner
vm2: sandbox escape in NodeVM with nesting:true (CVE-2026-44007) Akshat Sinha
Re: CVE-2026-29169: Apache HTTP Server: mod_dav_lock indirect lock crash Solar Designer
Security audit of Paramiko completed, fixes coming in 5.0 release Alan Coopersmith
CVE-2026-40010: Apache Wicket: possible session fixation using AuthenticatedWebSession Pedro Henrique Oliveira dos Santos
CVE-2026-42509: Apache Wicket: crafted strings can break out of the JavaScript sequence Pedro Henrique Oliveira dos Santos
CVE-2026-43646: Apache Wicket: crafted URLs can bypass PackageResourceGuard Pedro Henrique Oliveira dos Santos
CVE-2026-43975: Apache Wicket: Possible malicious path traversal in FolderUploadsFileManager Pedro Henrique Oliveira dos Santos
Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers
Wednesday, 06 May
CVE-2026-5081: Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure Robert Rothenberg
CVE-2026-40562: Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence Robert Rothenberg
Vulnerability fixes in Tor 0.4.9.7 Sam James
Linux kernel: KTLS + sockmap "Reverse Order" Use-After-Free / Data Corruption Solar Designer
Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Greg KH
Thursday, 07 May
XSS in Postorius (Mailman 3) 1.3.13 and earlier Alyssa Ross
Re: Linux kernel: KTLS + sockmap "Reverse Order" Use-After-Free / Data Corruption Sam James
Re: CVE request: io_uring zcrx freelist OOB write Solar Designer
[OSSA-2026-011] OpenStack Cyborg: Multiple access control vulnerabilities in Cyborg accelerator management (CVE-2026-40213, CVE-2026-40214) Goutham Pacha Ravi
Re: CVE request: io_uring zcrx freelist OOB write Mohamed salem Eddah
Dirty Frag: Universal Linux LPE Hyunwoo Kim
[vim-security] Heap Buffer Overflow in spell file loading affects Vim < 9.2.0450 Christian Brabandt
Re: Dirty Frag: Universal Linux LPE Sandipan Roy
Re: CVE request: io_uring zcrx freelist OOB write Jens Axboe
Copy Fail 2 / Dirty Frag — n-day from public commit, not embargo break SiCk
Re: CVE request: io_uring zcrx freelist OOB write Benjamin Hays
Re: CVE request: io_uring zcrx freelist OOB write Pavel Begunkov
Re: CVE request: io_uring zcrx freelist OOB write Jens Axboe
Re: CVE request: io_uring zcrx freelist OOB write Solar Designer
Re: XSS in Postorius (Mailman 3) 1.3.13 and earlier Demi Marie Obenour
Re: Dirty Frag: Universal Linux LPE Daniel Tang
Friday, 08 May
Re: Dirty Frag: Universal Linux LPE Greg KH
Re: Dirty Frag: Universal Linux LPE Greg KH
Re: XSS in Postorius (Mailman 3) 1.3.13 and earlier Sebastian Pipping
Re: CVE request: io_uring zcrx freelist OOB write Mohamed salem Eddah
Re: Dirty Frag: Universal Linux LPE Bernhard R. Link
CVE-2013-10075: Apache::Session versions through 1.94 for Perl re-creates deleted sessions Robert Rothenberg
Re: Copy Fail 2 / Dirty Frag — n-day from public commit, not embargo break Sam James
Re: CVE request: io_uring zcrx freelist OOB write Jens Axboe
Re: Re: Dirty Frag: Universal Linux LPE Kalin KOZHUHAROV
BioPython 1.87 fixes CVE-2025-68463 (XXE, SSRF) Sebastian Pipping
CVE-2026-6659: Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts Robert Rothenberg
Re: Re: Dirty Frag: Universal Linux LPE Greg Dahlman
Re: Re: Dirty Frag: Universal Linux LPE Emily Shepherd
Go 1.26.3 and Go 1.25.10 are released with 11 security fixes Alan Coopersmith
CVE-2025-66170: Apache CloudStack: Any user can list backups that they should not have access to Piotr P. Karwasz
CVE-2025-66171: Apache CloudStack: Any user can create a new VM from backups they should not have access to Piotr P. Karwasz
CVE-2025-66172: Apache CloudStack: Any user can attach a volume in their VMs from backups they should not have access to Piotr P. Karwasz
CVE-2025-66467: Apache CloudStack: MinIO policy remains intact on bucket deletion Piotr P. Karwasz
CVE-2025-69233: Apache CloudStack: Domain/account resources limits not honored Piotr P. Karwasz
CVE-2026-25077: Apache CloudStack: Unauthenticated Command Injection in Direct Download Templates Piotr P. Karwasz
CVE-2026-25199: Apache CloudStack: Proxmox Extension Allows Unauthorized Cross-Tenant Instance Access Piotr P. Karwasz
Saturday, 09 May
uriparser 1.0.2 fixes CVE-2026-44927 and CVE-2026-44928 Sebastian Pipping
Sunday, 10 May
Re: uriparser 1.0.2 fixes CVE-2026-44927 and CVE-2026-44928 Solar Designer
CVE-2026-43826: Apache Airflow Providers OpenSearch: OpenSearch task-log handler leaks credentials embedded in the host URL Shahar Epstein
CVE-2026-41018: Apache Airflow Providers Elasticsearch: Elasticsearch task-log handlers leak credentials embedded in the host URL Shahar Epstein
CVE-2026-45179: Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses Robert Rothenberg
CVE-2026-45180: Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids Robert Rothenberg
CVE-2026-45190: Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass Stig Palmquist
CVE-2026-45191: Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass Stig Palmquist
CVE-2026-8177: XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences Stig Palmquist
Monday, 11 May
malcontent: Disk Space Exhaustion via Globally Accessible D-Bus API (CVE-2026-44931) Matthias Gerstner
Re: CVE-2026-8177: XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences Stig Palmquist
CVE-2026-5084: WebDyne::Session versions through 2.075 for Perl generates the session id insecurely Stig Palmquist
Re: Linux kernel: KTLS + sockmap "Reverse Order" Use-After-Free / Data Corruption xw x
Re: Linux kernel: KTLS + sockmap "Reverse Order" Use-After-Free / Data Corruption xw x
Re: Linux kernel: KTLS + sockmap "Reverse Order" Use-After-Free / Data Corruption xw x
[OSSA-2026-012] Ironic: Remote Code Execution when Anaconda driver enabled (CVE-2026-44916) Jay Faulkner
[oss-security][CVE-2026-7210] Cpython: The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection Alan Coopersmith
CVE Request: Fail-open authentication in hathor-wallet-headless <= 0.38.0 (vendor declined to fix) Emiliano Solazzi G.
dnsmasq vulnerabilities, including attacker DNS redirect, privilege escalation, and heap manipulation Alan Coopersmith
OpenSSL ARM64 SM2 scalar multiplication timing side-channel (no CVE) Abhinav Agarwal
Re: dnsmasq vulnerabilities, including attacker DNS redirect, privilege escalation, and heap manipulation Alan Coopersmith
Re: [oss-security][CVE-2026-7210] Cpython: The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection Sebastian Pipping
CVE-2022-4988: Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries Robert Rothenberg
CVE-2026-6146: Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys Robert Rothenberg
libexpat 2.8.1 fixes CVE-2026-45186 (denial of service) Sebastian Pipping
CVE-2026-7010: HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values Stig Palmquist
Re: Coordinated Disclosure in the LLM Age Tim Shephard
Public security analysis and LLM-assisted variant discovery Tim Shephard
Tuesday, 12 May
Re: uriparser 1.0.2 fixes CVE-2026-44927 and CVE-2026-44928 Sebastian Pipping
[EXIM-Security-2026-05-01.1] Security Release 4.99.3 Heiko Schlittermann
Re: [EXIM-Security-2026-05-01.1] Security Release 4.99.3 Heiko Schlittermann
Dovecot Security Advisory OXDC-2026-0002 Aki Tuomi
CVE-2026-8368: LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects Stig Palmquist
CVE-2026-43512: Apache Tomcat: Digest authenticator will authenticate any unknown user Mark Thomas
CVE-2026-43513: Apache Tomcat: LockOutRealm treats user names as case-sensitive Mark Thomas
CVE-2026-43514: Apache Tomcat: AJP secret compared in non-constant time Mark Thomas
CVE-2026-43515: Apache Tomcat: Security constraints not correctly applied Mark Thomas
CVE-2026-41284: Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling Mark Thomas
CVE-2026-41293: Apache Tomcat: HTTP/2 request headers not validated Mark Thomas
CVE-2026-42498: Apache Tomcat: WebSocket authentication header exposure Mark Thomas
Xen Security Advisory 490 v1 (CVE-2025-54518) - x86: CPU Opcode Cache corruption Xen . org security team
CVE-2026-5089: YAML::Syck versions before 1.38 for Perl has an out-of-bounds read Robert Rothenberg
Re: Coordinated Disclosure in the LLM Age Demi Marie Obenour
Re: uriparser 1.0.2 fixes CVE-2026-44927 and CVE-2026-44928 Ilia
Re: uriparser 1.0.2 fixes CVE-2026-44927 and CVE-2026-44928 Sebastian Pipping
Re: uriparser 1.0.2 fixes CVE-2026-44927 and CVE-2026-44928 Joshua Windle
Re: uriparser 1.0.2 fixes CVE-2026-44927 and CVE-2026-44928 Ilia
Re: Coordinated Disclosure in the LLM Age Willy Tarreau
Fwd: [siren] [Security Advisory] Severity: CRITICAL - Malicious Compromise of OpenSearch Pre-Release npm Packages Alan Coopersmith
Re: dnsmasq vulnerabilities, including attacker DNS redirect, privilege escalation, and heap manipulation Sam James
Re: [EXIM-Security-2026-05-01.1] Security Release 4.99.3 Sam James
CVE-2026-5958: GNU sed: TOCTOU race in sed -i --follow-symlinks Solar Designer
CVE-2026-41326: Kata Containers: CopyFile Policy Subversion via Symlinks Solar Designer
Wednesday, 13 May
Linux kernel LPE ("fragnesia", copyfail 3.0) Sam James
CVE-2026-8463: Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2_verify on empty encoded input Stig Palmquist
Re: Linux kernel LPE ("fragnesia", copyfail 3.0) Greg KH
Re: Linux kernel LPE ("fragnesia", copyfail 3.0) Solar Designer
NGINX ngx_http_rewrite_module vulnerability CVE-2026-42945 Alan Coopersmith
CVE-2026-8500: Web::Passwd versions through 0.03 for Perl is vulnerable to RCE Robert Rothenberg
[oss-security][CVE-2026-8328] CPython: FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address Alan Coopersmith
Re: Linux kernel LPE ("fragnesia", copyfail 3.0) Jan Schaumann
Re: [vim-security] Heap Buffer Overflow in spell file loading affects Vim < 9.2.0450 Tianyu Chen
Thursday, 14 May
Re: Linux kernel LPE ("fragnesia", copyfail 3.0) Salvatore Bonaccorso
CVE-2026-45205: Apache Commons Configuration: StackOverflowError for YAML input with cycles Gary D. Gregory
[vim-security] Command Injection in tar.vim affects Vim < 9.2.479 Christian Brabandt
[vim-security] Vimscript Code Injection in netrw NetrwMarkFile() via crafted filename affects Vim < 9.2.480 Christian Brabandt
CVE-2026-8612: WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution Stig Palmquist
Logic bug in the Linux kernel's __ptrace_may_access() function Qualys Security Advisory
Re: Logic bug in the Linux kernel's __ptrace_may_access() function Sam James
Re: Logic bug in the Linux kernel's __ptrace_may_access() function Salvatore Bonaccorso
Re: Logic bug in the Linux kernel's __ptrace_may_access() function Salvatore Bonaccorso
Friday, 15 May
Re: Coordinated Disclosure in the LLM Age Yves-Alexis Perez
Re: Coordinated Disclosure in the LLM Age Greg KH
Re: Logic bug in the Linux kernel's __ptrace_may_access() function Qualys Security Advisory
Re: Logic bug in the Linux kernel's __ptrace_may_access() function Qualys Security Advisory
Re: Logic bug in the Linux kernel's __ptrace_may_access() function David Gonzalez
Re: Logic bug in the Linux kernel's __ptrace_may_access() function Sam James
Re: Coordinated Disclosure in the LLM Age Santiago Ruano Rincón
Re: Coordinated Disclosure in the LLM Age Demi Marie Obenour
Sv: Coordinated Disclosure in the LLM Age Markus Klyver
CVE-2026-8454: Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files Timothy Legge
CVE-2026-8503: Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids Robert Rothenberg
CVE-2026-8669: Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files Timothy Legge
CVE-2026-46474: Trog::TOTP versions before 1.006 for Perl generate secrets using rand Robert Rothenberg
Security Advisory: Multiple Vulnerabilities in llama.cpp GGUF Format Parsers 135266653
CVE-2026-35194: Apache Flink: Remote code execution via SQL injection in code generation Martijn Visser
libpng-apng: Chunk-smuggling vulnerability in push-mode APNG parser: CVE-2026-40930 Cosmin Truta
netatalk 4.4.3 fixes 20 CVEs, leaves 18 for later Alan Coopersmith
PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 Released with security fixes Alan Coopersmith
Poppy: XPC Observability & Fault Injection Stuart Thomas
Re: Poppy: XPC Observability & Fault Injection Solar Designer
CVE-2026-8700: Crypt::DSA versions before 1.20 for Perl generate seeds using rand Timothy Legge
CVE-2026-8704: Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified Timothy Legge
Sv: Coordinated Disclosure in the LLM Age ROI AI
Saturday, 16 May
Re: Coordinated Disclosure in the LLM Age Greg KH
Recent Kernel exploits, attack surface reduction, example IPSEC Hanno Böck
Re: Recent Kernel exploits, attack surface reduction, example IPSEC Valtteri Vuorikoski
Re: Recent Kernel exploits, attack surface reduction, example IPSEC Agostino Sarubbo
Re: Recent Kernel exploits, attack surface reduction, example IPSEC Bernhard R. Link
Re: Recent Kernel exploits, attack surface reduction, example IPSEC Lionel Debroux
Re: Recent Kernel exploits, attack surface reduction, example IPSEC Jeffrey Walton
CVE-2026-46719: Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections Robert Rothenberg
Sunday, 17 May
Re: Recent Kernel exploits, attack surface reduction, example IPSEC Donald Buczek
CVE-2026-46720: Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections Robert Rothenberg
[vim-security] Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name affects Vim < 9.2.495 Christian Brabandt
[vim-security] Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex affects Vim < 9.2.0496 Christian Brabandt
CVE-2026-8507: Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out of bound (OOB) write flaws Timothy Legge
CVE-2026-8721: Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs Timothy Legge
CVE-2026-8788: Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections Robert Rothenberg
Monday, 18 May
Re: CVE request experience Fabian Keil
CVE-2026-31431 Copy Fail Linux LPE - new public exploit Andrei Berestov
On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Aaron Rainbolt
Tuesday, 19 May
Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Simon McVittie
Fixed: local root exploit in haveged, fixed in 1.9.21, CVE-2026-41054 Marcus Meissner
Re: Fixed: local root exploit in haveged, fixed in 1.9.21, CVE-2026-41054 Hanno Böck
Re: Fixed: local root exploit in haveged, fixed in 1.9.21, CVE-2026-41054 Steffen Nurpmeso
PinTheft Linux LPE Sam James
[SBA-ADV-20260126-02] CVE-2026-42329: DFIR-IRIS before 2.4.28 Open Redirect SBA Research Security Advisory
[SBA-ADV-20260126-03] CVE-2026-42538: DFIR-IRIS before 2.4.28 Insecure File Upload SBA Research Security Advisory
[SBA-ADV-20260126-04] CVE-2026-42539: DFIR-IRIS before 2.4.28 Excessive Data Exposure SBA Research Security Advisory
[SBA-ADV-20260128-01] CVE-2026-42540: DFIR-IRIS before 2.4.28 Mass Assignment SBA Research Security Advisory
[SBA-ADV-20260128-03] CVE-2026-42543: DFIR-IRIS before 2.4.28 Cross-Site Request Forgery (CSRF) SBA Research Security Advisory
[SBA-ADV-20260128-05] CVE-2026-42547: DFIR-IRIS before 2.4.28 Alerts Can be Falsely Attributed to Customers SBA Research Security Advisory
CVE-2026-47323: Apache Camel: Camel-CXF Message Header Injection via Missing Inbound Filtering Andrea Cosentino
CVE-2026-29207: Apache OFBiz: Low-Privilege SSTI Leading to RCE in the Content Component Jacopo Cappellato
CVE-2026-29220: Apache OFBiz: Low-Privilege LFI in Content Component Jacopo Cappellato
CVE-2026-29226: Apache OFBiz: Low-Privilege SSRF in Content Component Jacopo Cappellato
CVE-2026-31378: Apache OFBiz: JSON Attribute Override and URL Allowlist Bypass Leads to Remote Code Execution Jacopo Cappellato
CVE-2026-31379: Apache OFBiz: Path Traversal and File Upload Validation Bypass Leading to Arbitrary File Write, Stored XSS and RCE in Catalog Manager Jacopo Cappellato
CVE-2026-31380: Apache OFBiz: FreeMarker SSTI via Duplicate Parameter Sanitization Bypass Jacopo Cappellato
CVE-2026-31387: Apache OFBiz: Cookie Manipulation Allows Authenticated JWT Forgery and Account Impersonation Jacopo Cappellato
CVE-2026-31388: Apache OFBiz: Cross-Tenant Data Exposure via Program Export Feature Jacopo Cappellato
CVE-2026-31906: Apache OFBiz: Reflected XSS via Improper HTML Attribute Escaping in Layered-Modal Dialog Parameters Jacopo Cappellato
CVE-2026-31909: Apache OFBiz: Unauthenticated Shipment Label Image Disclosure Jacopo Cappellato
CVE-2026-31910: Apache OFBiz: Improper Input Validation in UI Factory Classes Leads to SSRF and Blind File Access Jacopo Cappellato
CVE-2026-31986: Apache OFBiz: Unauthenticated RCE via Default JWT Signing Key and Widget Template Injection Jacopo Cappellato
CVE-2026-35086: Apache OFBiz: Authenticated Remote Code Execution via Unsafe Template Expansion in email services Jacopo Cappellato
CVE-2026-41919: Apache OFBiz: Authentication Bypass due to Improper Neutralization of LDAP Special Elements in DN Construction Jacopo Cappellato
CVE-2026-45187: Apache OFBiz: Improper Authorization in Scheduled Job Creation Allows Low-Privileged Users to Submit System Jobs Jacopo Cappellato
CVE-2026-45434: Apache OFBiz: Authentication Bypass via Password-Change Logic Flaw Leading to RCE Jacopo Cappellato
CVE-2026-46586: Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution Jacopo Cappellato
Re: PinTheft Linux LPE Sam James
Memcached 1.6.42 is a "major security focused release" with CVE's TBD Alan Coopersmith
Re: PinTheft Linux LPE Sam James
Evince/Atril/Xreader command injection CVE-2026-46529 Michael Catanzaro
CVE-2026-27173: Apache Airflow CNCF Kubernetes provider: JWT Token Exposure in KubernetesExecutor Command-Line Arguments Vincent Beck
CVE-2026-42526: Apache Airflow Amazon provider: Prevent unauthorized access to team-scoped secrets in AWS Secrets Manager and SSM Parameter Store backends Vincent Beck
Re: PinTheft Linux LPE Jelle van der Waa
Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Gabriel Corona
[OSSA-2026-013] Ironic: Denial of Service via specially crafted deployment requests (CVE-2026-44919) Jay Faulkner
CVE-2026-5090: Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected Robert Rothenberg
Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Aaron Rainbolt
Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Aaron Rainbolt
CVE-2026-41054: haveged — privilege escalation via command socket Jiri Hladky
PCManFM-Qt allows arbitrary files to be opened via the org.freedesktop.FileManager1.ShowFolders method Aaron Rainbolt
Heads-up: Upcoming Samba security releases (2026-05-26) Douglas Bagnall
Wednesday, 20 May
QEMU CXL Memory Corruption Vulnerability ("QEMUtiny") Brett Sheffield
Unbound: 1.25.1 addresses multiple CVE items Yorgos Thessalonikefs
rsync 3.4.3 released: six CVEs (CVE-2026-29518, CVE-2026-43617, CVE-2026-43618, CVE-2026-43619, CVE-2026-43620, CVE-2026-45232) Andrew Tridgell
Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Simon McVittie
Re: PCManFM-Qt allows arbitrary files to be opened via the org.freedesktop.FileManager1.ShowFolders method Simon McVittie
Re: PCManFM-Qt allows arbitrary files to be opened via the org.freedesktop.FileManager1.ShowFolders method gabriel . corona
Re: PCManFM-Qt allows arbitrary files to be opened via the org.freedesktop.FileManager1.ShowFolders method gabriel . corona
ISC has disclosed six vulnerabilities in BIND 9 (CVE-2026-3039, CVE-2026-3592, CVE-2026-3593, CVE-2026-5946, CVE-2026-5947, CVE-2026-5950) Michał Kępień
PowerDNS Security Advisory 2026-06: Multiple Issues Miod Vallat
Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) gabriel . corona
Re: Logic bug in the Linux kernel's __ptrace_may_access() function Qualys Security Advisory
Re: Logic bug in the Linux kernel's __ptrace_may_access() function Qualys Security Advisory
Re: Multiple vulnerabilities in AppArmor Qualys Security Advisory
Re: Coordinated Disclosure in the LLM Age Alan Coopersmith
Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Demi Marie Obenour
CVE-2026-4802 [cockpit] Arbitrary code execution in the logs page via a specially crafted link Jelle van der Waa
Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Gabriel Corona
CVE-2026-47373: Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks Robert Rothenberg
CVE-2026-47372: Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts Robert Rothenberg
Thursday, 21 May
Re: Re: Logic bug in the Linux kernel's __ptrace_may_access() function Simon McVittie
Re: PinTheft Linux LPE Marcus Meissner
CVE-2026-45250: FreeBSD setcred(2) stack overflow -> local privilege escalation (FatGid) Przemyslaw Frasunek
Re: Coordinated Disclosure in the LLM Age Douglas Bagnall
Re: Coordinated Disclosure in the LLM Age ROI AI
Re: Coordinated Disclosure in the LLM Age ROI AI
Re: Evince/Atril/Xreader command injection CVE-2026-46529 Michael Catanzaro
CVE-2026-45760: Apache Camel K: Camel K Cross-Namespace Build Deputy Attack Pasquale Congiusti
Host ambiguous requests through NGINX $host and Debian's proxy_params gabriel . corona
CVE-2026-48207: Apache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement Chaokun Yang
Linux kernel: Dirty Frag variants — fix merged into netdev Hyunwoo Kim
Re: Linux kernel: Dirty Frag variants — fix merged into netdev Solar Designer
Re: Linux kernel: Dirty Frag variants — fix merged into netdev Hyunwoo Kim
CVE-2026-47243: Kata Containers runtime-rs 3.30: virtiofsd symlink escape Aurelien Bombo
CVE-2026-46473: Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand Robert Rothenberg
Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Steffen Nurpmeso
Re: Fixed: local root exploit in haveged, fixed in 1.9.21, CVE-2026-41054 nightmare . yeah27
Re: CVE-2026-45250: FreeBSD setcred(2) stack overflow -> local privilege escalation (FatGid) Steffen Nurpmeso
CVE-2026-5091: Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks Robert Rothenberg
Re: Host ambiguous requests through NGINX **$http_host** and Debian's proxy_params Gabriel Corona
Re: Host ambiguous requests through NGINX $host and Debian's proxy_params Gabriel Corona
Re: Re: Fixed: local root exploit in haveged, fixed in 1.9.21, CVE-2026-41054 Jeffrey Walton
Re: Coordinated Disclosure in the LLM Age Jacob Bachmeyer
Re: Coordinated Disclosure in the LLM Age Jeffrey Walton
Re: Coordinated Disclosure in the LLM Age ROI AI
Re: CVE-2026-45250: FreeBSD setcred(2) stack overflow -> local privilege escalation (FatGid) Przemyslaw Frasunek
Friday, 22 May
Vulnerabilities in golang.org/x/crypto Alan Coopersmith
CVE-2026-44417: Apache CXF: Incomplete fix for CVE-2025-48913 (Untrusted JMS configuration can lead to RCE) Colm O hEigeartaigh
CVE-2026-44618: Apache CXF: XXE vulnerability in WS-Transfer functionality Colm O hEigeartaigh
CVE-2026-44930: Apache CXF: LDAP Injection vulnerability in XKMS LDAP Repository Colm O hEigeartaigh
Sv: Coordinated Disclosure in the LLM Age Markus Klyver
Re: Evince/Atril/Xreader command injection CVE-2026-46529 Wolfgang
illumos: 18118 SCTP frees wrong-size, and need to keep private options Dan McDonald
[vim-security] Multiple Memory Safety Issues in Vim Spell File Parser affects Vim < 9.2.0513 Christian Brabandt
NGINX ngx_http_rewrite_module buffer overflow (CVE-2026-9256) Alan Coopersmith
Re: Linux kernel: Dirty Frag variants — fix merged into netdev Demi Marie Obenour
HPLIP: Potential Escalation of Privilege and Arbitrary Code Execution Alan Coopersmith
CVE-2026-9277: shell-quote before 1.8.4 command injection in quote() Akshat Sinha
Re: Coordinated Disclosure in the LLM Age Jacob Bachmeyer
CVE-2026-45249: Apache ECharts: XSS in Lines series tooltip rendering Zhongxiang Wang
Saturday, 23 May
Anthropic's coordinated vulnerability disclosure dashboard Alan Coopersmith
Sunday, 24 May
Sv: Coordinated Disclosure in the LLM Age ROI AI
Re: Coordinated Disclosure in the LLM Age ROI AI
root-project/root: Heap buffer overflow in TKey::Streamer / TBasket::ReadBasketBuffers Manopakorn Kooharueangrong
Re: root-project/root: Heap buffer overflow in TKey::Streamer / TBasket::ReadBasketBuffers Solar Designer
Re: Coordinated Disclosure in the LLM Age Solar Designer
Re: PCManFM-Qt allows arbitrary files to be opened via the org.freedesktop.FileManager1.ShowFolders method Aaron Rainbolt
Re: Memcached 1.6.42 is a "major security focused release" with CVE's TBD Alan Coopersmith
Re: root-project/root: Heap buffer overflow in TKey::Streamer / TBasket::ReadBasketBuffers Matt Christie
CVE-2026-45361: Apache Airflow Google provider: SSH host key verification disabled in ComputeEngineSSHHook (paramiko AutoAddPolicy default) Jens Scheffler
CVE-2026-46745: Apache Airflow FAB provider: [ Security Report ] LDAP Filter Injection in FAB Auth Manager _search_ldap reachable via /auth/token (ZDRES-223) Jens Scheffler
PuTTY 0.84 released with 3 minor security fixes Alan Coopersmith
Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Aaron Rainbolt
Re: Coordinated Disclosure in the LLM Age Jacob Bachmeyer
Re: Coordinated Disclosure in the LLM Age ROI AI
Monday, 25 May
CVE-2026-42782: Apache Syncope: Post-auth RCE via Groovy static Francesco Chicchiriccò
CVE-2026-42797: Apache Syncope: JexlContextBuilder Information Disclosure Francesco Chicchiriccò
CVE-2026-43827: Apache Shiro: Session fixation: new session is not created after login by default Lenny Primak
CVE-2026-43828: Apache Shiro: Shiro's native session and rememberMe cookies do not have secure flag set by default Lenny Primak
CVE-2026-44598: Apache Shiro Jakarta EE module: Open redirect and SSRF (requires valid credentials) Lenny Primak
CVE-2026-48589: Apache Shiro: Jakarta EE open redirect via untrusted Referer in post-login redirect flow Lenny Primak
CVE-2026-8376: Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds Timothy Legge
CVE-2026-42496: Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory Stig Palmquist
CVE-2026-42497: Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory Stig Palmquist
CVE-2026-9538: Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header Stig Palmquist
Tuesday, 26 May
qSnapper: Various Security Issues in Privileged D-Bus Service (CVE-2026-41045 through CVE-2026-41048) Matthias Gerstner
CVE-2026-40564: Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator Gyula Fora
CVE-2026-46740: Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections Robert Rothenberg
CVE-2026-8647: Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available Robert Rothenberg
CVE-2025-15649: IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date Stig Palmquist
CVE-2026-48959: IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward Stig Palmquist
CVE-2026-48961: IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID Stig Palmquist
CVE-2026-48962: IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob Stig Palmquist
CVE-2026-8450: HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file() Stig Palmquist
Samba 4.24.3, 4.23.8 and 4.22.10 Security Releases are available for Download Douglas Bagnall
Wednesday, 27 May
Multiple vulnerabilities in Jenkins plugins Daniel Beck
ARTEMIS-5996: CVE-2026-40914: Apache Artemis, Apache ActiveMQ Artemis: Address routing-type can be updated by STOMP protocol user without the createAddress permission Justin Bertram
[OSSA-2026-014] OpenStack Swift: Swift proxy-server denial of service via truncated s3api chunked upload (CVE-2026-49017) Goutham Pacha Ravi
Linux: DMA-after-unmap race in ZCRX via netif_rxq_cleanup_unlease() ordering inversion (netkit + page_pool) Prénom? Ahmed
Re: Linux: DMA-after-unmap race in ZCRX via netif_rxq_cleanup_unlease() ordering inversion (netkit + page_pool) Jacob Bachmeyer
Thursday, 28 May
CIFSwitch: Linux kernel/cifs-utils local root via forged cifs.spnego upcall manizada
CVE-2025-48977: Apache Ignite: Rest Http default Arbitrary file read vulnerability zstan
Various memory access violations in 7-Zip Alan Coopersmith
Two security advisories for Cargo from Rust Alan Coopersmith
Open Babel 3.2.0: 24 CVEs fixed across file-format parsers Geoffrey Hutchison
[OSSA-2026-015] OpenStack Keystone: Multiple credential delegation and authorization bypass vulnerabilities (CVE-2026-42998, CVE-2026-42999, CVE-2026-43000, CVE-2026-43001, CVE-2026-44394) Goutham Pacha Ravi
[OSSA-2026-016] OpenStack Neutron: Tagging policy bypass allows project readers to mutate tags (CVE-2026-pending) Goutham Pacha Ravi
CVE-2026-9658: Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths Robert Rothenberg
CVE-2026-41565: CryptX versions before 0.088_001 for Perl have a stack buffer overflow in four AEAD decrypt_verify helpers Stig Palmquist
Re: Linux: DMA-after-unmap race in ZCRX via netif_rxq_cleanup_unlease() ordering inversion (netkit + page_pool) Solar Designer
Friday, 29 May
CVE-2024-13745, EDK II: several issues with partition table measurements Maxim Suhanov
CVE-2026-48840: Exim 4.99.4: PROXY-protocol uninitialised-stack information disclosure Heiko Schlittermann
[vim-security] Arbitrary Code Execution via Python Omni-Completion in Vim < 9.2.561 Christian Brabandt
[vim-security] Arbitrary Code Execution via Python Omni-Completion in Vim < 9.2.561 Christian Brabandt
CVE-2026-44825: Apache Solr: Enabling BasicAuth using bin/solr CLI configures additional insecure users Jan Høydahl
Saturday, 30 May
CVE-2026-48827: Apache MINA SSHD: Path traversal in org.apache.sshd:sshd-git Thomas Wolf
CVE-2025-70116: NULL Pointer Dereference in GPAC/MP4Box via gf_media_map_esd on truncated MP4 input Alexander
CVE-2026-47187, CVE-2026-48711: sshfs <= 3.7.5 symlink escape (local file read/write) and ssh argument injection (local command execution) Abhinav Agarwal
[vim-security] Out-of-bounds Read in Terminal Screen Snapshot in Vim < 9.2.565 Christian Brabandt
CVE-2026-49361: Apache Fluss Netty Frame Decoder Memory Exhaustion Vulnerability Jark Wu
CVE-2026-8594: Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters Robert Rothenberg
CVE-2025-70103: Heap-based Buffer Overflow in libjxl/cjxl via jxl::extras::DecodeImagePNM on crafted PBM file Alexander A. Shvedov
Sunday, 31 May
CVE-2026-40861: Apache Airflow: Arbitrary File Read via Log Symlink following in FileTaskHandler Rahul Vats
CVE-2026-40961: Apache Airflow: Open Redirect Bypass Vulnerability Rahul Vats
CVE-2026-40963: Apache Airflow: DAG authorization bypass on /ui/structure/structure_data Rahul Vats
CVE-2026-41014: Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints Rahul Vats
CVE-2026-49267: Apache Airflow: No certificate validation on SMTP STARTTLS connections Rahul Vats
CVE-2026-41017: Apache Airflow: JWT cookie missing Secure flag in JWTRefreshMiddleware behind HTTPS-terminating proxy Rahul Vats
CVE-2026-41084: Apache Airflow: API authorization bypass: bulk TaskInstances allows cross-DAG mutation Rahul Vats
CVE-2026-42252: Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern Rahul Vats
CVE-2026-42360: Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking Rahul Vats
CVE-2026-42358: Apache Airflow: Variable masker depth-limit bypass returns cleartext nested secrets Rahul Vats
CVE-2026-42359: Apache Airflow: Authenticated RCE via XCom PATCH endpoint — XComUpdateBody missing FORBIDDEN_XCOM_KEYS validator Rahul Vats
CVE-2026-45360: Apache Airflow: Arbitrary import in custom deadline-reference deserialization Rahul Vats
CVE-2026-45426: Apache Airflow: Log server JWT authorization bypass via Python lstrip() character stripping allows cross-Dag log access Rahul Vats
CVE-2026-46764: Apache Airflow: Event Log detail endpoint bypasses DAG-scoped event log permission filter Rahul Vats
CVE-2026-48726: Apache Airflow: revoke_token() unreachable in FabAuthManager / KeycloakAuthManager logout path Rahul Vats
CVE-2026-49298: Apache Airflow: JWT Token Exposure in KubernetesExecutor Command-Line Arguments Rahul Vats
CVE-2026-42253: Apache ActiveMQ, Apache ActiveMQ Web: HTTP Response Header Injection via JMS Message Properties Christopher L. Shannon
CVE-2026-42588: Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector Christopher L. Shannon
CVE-2026-45505: Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Jolokia `addNetworkConnector` Discovery Wrapper Bypass Christopher L. Shannon
CVE-2026-46605: Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incomplete authorization during destination removal Christopher L. Shannon
CVE-2026-49157: Apache ActiveMQ: Authenticated low-privilege Web users retain Jolokia broker-management capability by default Christopher L. Shannon
CVE-2026-49270: Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Durable Subscription Disclosure via Crafted BrokerInfo (OpenWire) Christopher L. Shannon
Re: CVE request experience Fabian Keil
CVE-2026-8796: Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input Paul Johnson
CVE-2026-35563: Apache Directory LDAP API: LDAP client implementation does not verify if the server certificate matches the intended LDAP hostname Emmanuel Lécharny
CVE-2026-45192: Apache Airflow: Incomplete Redaction of Sensitive Fields in Connection Extra API Response Rahul Vats
Monday, 01 June
CVE-2026-49328: Apache Fesod (Incubating): Improper validation of user-supplied URLs leading to SSRF Shuxin Pan
[oss-security][CVE-2026-8643] pip can extract console_scripts and gui_scripts outside installation directory Alan Coopersmith
Re: CIFSwitch: Linux kernel/cifs-utils local root via forged cifs.spnego upcall manizada
CVE-2026-46718: Apache Calcite: A user-controled model can load arbitrary classes, leading to code execution Julian Hyde
CVE-2025-60481: NULL Pointer Dereference in GPAC/MP4Box via gf_odf_ac4_cfg_dsi_v1 on crafted AC-4 stream Alexander A. Shvedov
CVE-2025-60483: NULL Pointer Dereference in GPAC/MP4Box via gf_ac4_pres_b_4_back_channels_present on crafted AC-4 stream Alexander A. Shvedov
CVE-2025-55664: Heap-based Buffer Overflow in GPAC/MP4Box via m2tsdmx_send_packet on crafted MPEG-2 TS file Alexander A. Shvedov
CVE-2025-60485: NULL Pointer Dereference in GPAC/MP4Box via gf_isom_apple_set_tag_ex on crafted MP4 with corrupted esds box Alexander A. Shvedov
CVE-2025-60486: Use-After-Free in GPAC/MP4Box via dasher_process on crafted MPEG-2 TS file Alexander A. Shvedov
CVE-2025-60495: NULL Pointer Dereference in GPAC/MP4Box via gf_media_get_color_info on crafted MP4 with inconsistent sample entry Alexander A. Shvedov
FW: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland Peter Hutterer
BIRD/BIRD2: stack buffer overflow in BGP AS_PATH mask matching, CVE pending Bakabaka_9
Tuesday, 02 June
Re: BIRD/BIRD2: stack buffer overflow in BGP AS_PATH mask matching, CVE pending Stuart Henderson
Re: BIRD/BIRD2: stack buffer overflow in BGP AS_PATH mask matching, CVE pending Dan Yefihmov
CVE-2026-41115: Apache Kafka: Improper Authorization in CONSUMER_GROUP_DESCRIBE API Luke Chen
[OSSA-2026-014] OpenStack Swift: Errata 1 - Proxy-server denial of service via truncated s3api chunked upload, (CVE-2026-49017) Goutham Pacha Ravi
[OSSA-2026-016] OpenStack Neutron: Errata 1 - Tagging policy bypass allows project readers to mutate tags (CVE-2026-49299) Goutham Pacha Ravi
Re: BIRD/BIRD2: stack buffer overflow in BGP AS_PATH mask matching, CVE pending Bakabaka_9
Re: BIRD/BIRD2: stack buffer overflow in BGP AS_PATH mask matching, CVE pending Stuart Henderson
Re: BIRD/BIRD2: stack buffer overflow in BGP AS_PATH mask matching, CVE pending Dan Yefihmov
Re: BIRD/BIRD2: stack buffer overflow in BGP AS_PATH mask matching, CVE pending Stuart Henderson
Linux kernel TLS ULP use-after-free in tls_sk_proto_close() Oleg Sevostyanov
Re: BIRD/BIRD2: stack buffer overflow in BGP AS_PATH mask matching, CVE pending Dan Yefihmov
Fwd: FreeIPMI 1.6.18 Released with security fixes Alan Coopersmith
Fwd: Go 1.26.4 and Go 1.25.11 are released Alan Coopersmith
HTTP/2 Bomb affects Apache httpd, nginx, envoy, & pingora Alan Coopersmith
CVE-2026-9334: Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled Paul Johnson
CVE-2026-9516: Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws Paul Johnson
Re: Linux kernel TLS ULP use-after-free in tls_sk_proto_close() Jacob Bachmeyer
Wednesday, 03 June
Re: Fwd: FreeIPMI 1.6.18 Released with security fixes Salvatore Bonaccorso
Re: Linux kernel TLS ULP use-after-free in tls_sk_proto_close() Oleg Sevostyanov
Django CVE-2026-6873, CVE-2026-7666, CVE-2026-8404, CVE-2026-35193, and CVE-2026-48587 Natalia Bidart
[OSSA-2026-017] Ironic: Script injection during node boot via linux command line override (CVE-2026-46447) Jay Faulkner
[OSSA-2026-018] Ironic: File overwrite on Ironic conductor via path traversal in ISO handling (CVE-2026-48681) Jay Faulkner
[OSSA-2026-019] Ironic: File Extraction from conductor via pxe_template (CVE-2026-44917) Jay Faulkner
[OSSA-2026-020] OpenStack Mistral: Mistral policy enforcement bypass allows unauthorized public resource creation and arbitrary code execution (CVE-2026-41283) Goutham Pacha Ravi
[oss-security][CVE-2026-3276] Potential DoS via quadratic complexity in unicodedata.normalize() Alan Coopersmith
Re: Linux kernel TLS ULP use-after-free in tls_sk_proto_close() Emily Shepherd
CVE-2026-48842+more: Roundcube numerous vulnerabilities prior to 1.6.16/1.7.1 Valtteri Vuorikoski
5 CVEs in Redis Alan Coopersmith
CVE-2026-8722: Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections Robert Rothenberg
CVE-2026-8829: HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities Paul Johnson
Re: Linux kernel TLS ULP use-after-free in tls_sk_proto_close() Jacob Bachmeyer
Thursday, 04 June
CVE-2026-50076: Apache Fory: Java ReplaceResolverSerializer deserialization checks bypass Chaokun Yang
libinput: libinput-device-group unescaped phys output can inject udev properties Peter Hutterer
[OSSA-2026-021] OpenStack Neutron: Neutron port RBAC policy bypass allows project managers to set trusted device owners on shared networks (CVE-2026-pending) Goutham Pacha Ravi
CVE-2026-46739: Net::Statsd versions before 0.13 for Perl allow metric injections Robert Rothenberg
CVE-2026-46741: Etsy::StatsD versions through 1.002002 for Perl allow metric injections Robert Rothenberg
[oss-security][CVE-2026-7774] Cpython: tarfile.data_filter path traversal bypass allows writing outside the extraction directory Alan Coopersmith
CVE-2026-49940: Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks Robert Rothenberg
CVE-2026-49941: Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses Robert Rothenberg
CVE-2026-49942: Net::CIDR::Set versions through 0.20 for Perl did not validate network masks Robert Rothenberg
Re: [OSSA-2026-021] OpenStack Neutron: Neutron port RBAC policy bypass allows project managers to set trusted device owners on shared networks (CVE-2026-pending) Goutham Pacha Ravi
[vim-security] Arbitrary Code Execution via Python Omni-Completion in Vim < 9.2.597 Christian Brabandt
Re: HTTP/2 Bomb affects Apache httpd, nginx, envoy, & pingora Alan Coopersmith
Re: libinput: libinput-device-group unescaped phys output can inject udev properties Peter Hutterer
Re: FW: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland Peter Hutterer
Friday, 05 June
Project Zero discloses 4 bugs in FreeType Alan Coopersmith
[OSSN-0099] Denial of Service in OpenStack Ironic under reduced process stack size (CVE-2026-50589) Jay Faulkner
Re: libinput: libinput-device-group unescaped phys output can inject udev properties Salvatore Bonaccorso
CVE-2026-10879: DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders Robert Rothenberg
CVE-2026-9270: DataDog::DogStatsd versions through 0.07 for Perl allow metric injections Robert Rothenberg
CVE-2026-11362: DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags Robert Rothenberg
Saturday, 06 June
CVE-2026-10725: Protocol::HTTP2 versions through 1.12 for Perl is vulnerable to a HTTP/2 Bomb Robert Rothenberg
Sunday, 07 June
CVE-2026-47430: Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews Niklas Merz
rsync 3.4.4 released, regression fixes Andrew Tridgell
Monday, 08 June
Re: libinput: libinput-device-group unescaped phys output can inject udev properties Salvatore Bonaccorso
offlineimap 8.0.3 fixes CVE-2020-37248 (STARTTLS stripping) Sebastian Pipping
CVE-2026-29167: Apache HTTP Server: mod_ldap per-dir use-after-free Eric Covener
CVE-2026-29170: Apache HTTP Server: mod_proxy_ftp XSS Eric Covener
CVE-2026-34355: Apache HTTP Server: mod_proxy_html buffer overflow Eric Covener
CVE-2026-34356: Apache HTTP Server: ProxyPassReverseCookieMap buffer overflow Eric Covener
CVE-2026-42535: Apache HTTP Server: mod_dav_fs protected directory access Eric Covener
CVE-2026-42536: Apache HTTP Server: mod_xml2enc heap overflow Eric Covener
CVE-2026-43951: Apache HTTP Server: OOB Read in `merge_response_headers` can cause crash Eric Covener
CVE-2026-44119: Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules Eric Covener
CVE-2026-44185: Apache HTTP Server: Stack Buffer Over-Read in mod_ssl OCSP `send_request` Eric Covener
CVE-2026-44186: Apache HTTP Server: Loop in `proxy_ftp_handler` in mod_proxy_ftp Eric Covener
CVE-2026-44631: Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow Eric Covener
CVE-2026-48913: Apache HTTP Server: mod_http2 memory corruption when file handles exhausted Eric Covener
CVE-2026-49975: Apache HTTP Server: mod_http2 denial of service Eric Covener
[oss-security][CVE-2026-9669] CPython: bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow Alan Coopersmith
Tuesday, 09 June
Proposal: Add separate oss-security-vulnerability-reports mailing list (for AI vulnpocalypse) David A. Wheeler
CVE-2026-34905: Apache Answer: Unlisted Questions Accessible via Direct API Access Enxin Xie
CVE-2026-34033: Apache Answer: HTML Content Injection in Email Enxin Xie
CVE-2026-34031: Apache Answer: The custom avatar was not properly validated Enxin Xie
CVE-2026-33582: Apache Answer: Uploading specially crafted TIFF files causes an Out-of-Memory error Enxin Xie
CVE-2026-25699: Apache Answer: Authorization Bypass in Timeline API Enxin Xie
CVE-2026-25688: Apache Answer: XSS in AI Answer Rendering Enxin Xie
CVE-2026-49818: Apache Airflow Samba provider: Path traversal in GCSToSambaOperator via GCS object names Jarek Potiuk
CVE-2026-9698: DBI versions before 1.648 for Perl saved errors in a limited-sized buffer Robert Rothenberg
CVE-2009-10007: Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks Robert Rothenberg
Xen Security Advisory 491 v2 (CVE-2026-42487) - x86 HVM I/O port list traversal Xen . org security team
Xen Security Advisory 492 v3 (CVE-2026-42489,CVE-2026-42490) - domctl lock open to abuse Xen . org security team
Xen Security Advisory 493 v2 (CVE-2025-10263) - Arm: Completion of memory accesses not guaranteed by completion of a TLBI Xen . org security team
Xen Security Advisory 494 v3 (CVE-2026-42488) - x86: mismatched mapcache metadata Xen . org security team
OpenSSL Security Advisory Tomas Mraz
Wednesday, 10 June
How to request CVE numbers? Hauke Mehrtens
ldns insufficiently verifies that responses belong to a query Willem Toorop
Re: How to request CVE numbers? swing sze
Re: How to request CVE numbers? Marcus Meissner
Re: How to request CVE numbers? Christian Brabandt
Multiple vulnerabilities in Jenkins Daniel Beck
Re: How to request CVE numbers? Lucas Holt
Re: How to request CVE numbers? Michael Freeman
Re: How to request CVE numbers? Sam Bull
CVE-2026-25700: Apache Answer: AdminToken not invalidated after admin deactivation Enxin Xie
Fwd: Node.js security updates for all active release lines, June 2026 Rafael Gonzaga
CVE-2026-47342: Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass Jacopo Cappellato