oss-sec: by thread

Previous period

Next period

874 messages starting Apr 01 26 and ending Jun 10 26
Date index | Thread index | Author index

Re: [vim-security] Vim modeline bypass via various options affects Vim < 9.2.0276 Salvatore Bonaccorso (Apr 01)
Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt (Apr 01)
- Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 David A. Wheeler (Apr 02)
  - Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt (Apr 02)
    - Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Solar Designer (Apr 02)
- <Possible follow-ups>
- Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt (Apr 02)
  - Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Tianyu Chen (Apr 02)
    - Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt (Apr 02)
    - Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Salvatore Bonaccorso (Apr 03)
Re: Multiple vulnerabilities in AppArmor Greg KH (Apr 01)
- <Possible follow-ups>
- Re: Re: Multiple vulnerabilities in AppArmor Salvatore Bonaccorso (Apr 03)
- Re: Multiple vulnerabilities in AppArmor Qualys Security Advisory (May 20)
[vim-security] Path traversal issue with zip.vim and special crafted zip archives in Vim < v9.2.0280 Christian Brabandt (Apr 01)
[oss-security][CVE-2026-5271] Python install manager script aliases search path hijack Alan Coopersmith (Apr 01)
FW: libinput Security Advisory: multiple security issues in libinput Peter Hutterer (Apr 01)
Announce: OpenSSH 10.3 released Damien Miller (Apr 02)
- Re: Announce: OpenSSH 10.3 released Agostino Sarubbo (Apr 03)
  - Re: Announce: OpenSSH 10.3 released Salvatore Bonaccorso (Apr 03)
- Re: Announce: OpenSSH 10.3 released Demi Marie Obenour (Apr 03)
  - Re: Announce: OpenSSH 10.3 released Damien Miller (Apr 06)
    - Re: Announce: OpenSSH 10.3 released Demi Marie Obenour (Apr 07)
    - Re: Announce: OpenSSH 10.3 released Damien Miller (Apr 07)
    - Re: Announce: OpenSSH 10.3 released Demi Marie Obenour (Apr 07)
[ANNOUNCE] ATS is vulnerable to HTTP requests with body Masakazu Kitajo (Apr 02)
[libc musl] - Algorithmic complexity DoS in iconv GB18030 decoder Jens Jarl Nestén Hansen-Nord (Apr 02)
- Re: [libc musl] - Algorithmic complexity DoS in iconv GB18030 decoder Rich Felker (Apr 02)
  - Re: [libc musl] - Algorithmic complexity DoS in iconv GB18030 decoder Rich Felker (Apr 02)
- Re: [libc musl] - Algorithmic complexity DoS in iconv GB18030 decoder Jens Jarl Nestén Hansen-Nord (Apr 09)
Heads-up: Upcoming Samba security releases (2026-04-09) Douglas Bagnall (Apr 05)
- Re: Heads-up: Upcoming Samba security releases (2026-04-09) Douglas Bagnall (Apr 07)
  - Re: Re: Heads-up: Upcoming Samba security releases (2026-04-09) Douglas Bagnall (Apr 08)
    - Heads-up: Upcoming Samba security releases (2026-05-26) Douglas Bagnall (May 19)
    - Samba 4.24.3, 4.23.8 and 4.22.10 Security Releases are available for Download Douglas Bagnall (May 26)
CVE-2026-34197: Apache ActiveMQ Broker, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans Christopher L. Shannon (Apr 06)
CVE-2026-33227: Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ Web: Improper Limitation of a Pathname to a Restricted Directory Christopher L. Shannon (Apr 06)
libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Andrew G. Morgan (Apr 07)
- Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Christian Göttsche (Apr 07)
  - Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Solar Designer (Apr 08)
    - Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Andrew G. Morgan (Apr 08)
    - Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Solar Designer (Apr 08)
    - Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Andrew G. Morgan (Apr 09)
    - Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Tianyu Chen (Apr 09)
- Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Andrew G. Morgan (Apr 08)
CVE-2026-35554: Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition Manikumar (Apr 07)
CVE-2026-27314: Apache Cassandra: Privilege escalation via ADD IDENTITY authorization bypass Michael Semb Wever (Apr 07)
CVE-2026-27315: Apache Cassandra: cqlsh history sensitive information leak Michael Semb Wever (Apr 07)
CASSANDRA-21202: CVE-2026-32588: Apache Cassandra: Authenticated DoS via ALTER ROLE Password Hashing Michael Semb Wever (Apr 07)
Django CVE-2026-3902, CVE-2026-4277, CVE-2026-4292, CVE-2026-33033, and CVE-2026-33034 Jacob Walls (Apr 07)
OpenSSL Security Advisory Tomas Mraz (Apr 07)
- <Possible follow-ups>
- OpenSSL Security Advisory Tomas Mraz (Jun 09)
[OSSA-2026-005] Keystone: Restricted application credentials can create EC2 credentials (CVE-2026-33551) Jeremy Stanley (Apr 07)
[vim-security] Netbeans command injection in Vim < v9.2.0316 Christian Brabandt (Apr 07)
systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Aaron Rainbolt (Apr 07)
- Re: systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Aaron Rainbolt (Apr 08)
- Re: systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Salvatore Bonaccorso (Apr 09)
  - Re: systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Aaron Rainbolt (Apr 09)
    - Re: systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Vincent Lefevre (Apr 10)
- Re: systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Aaron Rainbolt (May 04)
Multiple CVEs disclosed in CUPS Alan Coopersmith (Apr 07)
- Re: Multiple CVEs disclosed in CUPS Peter Gutmann (Apr 07)
  - Re: [EXTERN] Re: [oss-security] Multiple CVEs disclosed in CUPS Schwedas, Sven (Apr 08)
Fwd: [siren] Severity: High – Potential Malicious Campaign Underway Targeting Open Source Developers via Slack Solar Designer (Apr 07)
- Re: Fwd: [siren] Severity: High – Potential Malicious Campaign Underway Targeting Open Source Developers via Slack Stuart D Gathman (Apr 08)
Re: Axios Supply-Chain Attack [v1.14.1] [0.30.4] --> plain-crypto-js [4.2.0][4.2.1] Solar Designer (Apr 07)
CVE-2026-5082: Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id Robert Rothenberg (Apr 08)
CVE-2026-5083: Ado::Sessions versions through 0.935 for Perl generates insecure session ids Robert Rothenberg (Apr 08)
PyCA cryptography 46.0.7 released, fixes CVE-2026-39892 Alan Coopersmith (Apr 08)
Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Alan Coopersmith (Apr 08)
- Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Solar Designer (Apr 09)
  - Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Matthias Ferdinand (Apr 17)
    - Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Eli Schwartz (Apr 17)
    - Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Sam James (Apr 17)
    - Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Matthias Ferdinand (Apr 19)
    - Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Dimitri Ledkov (Apr 20)
    - Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Morten Linderud (Apr 20)
    - Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Demi Marie Obenour (Apr 20)
    - Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Michael Orlitzky (Apr 21)
    - Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Demi Marie Obenour (Apr 21)
X41 Advisory X41-2026-001: Guardrail Sandbox Escape in LiteLLM Markus Vervier (Apr 08)
- Re: X41 Advisory X41-2026-001: Guardrail Sandbox Escape in LiteLLM Solar Designer (Apr 09)
libpng 1.6.57: Use-after-free vulnerability fixed: CVE-2026-34757 Cosmin Truta (Apr 08)
4 security fixes in Flatpak, including critical CVE-2026-34078: Complete sandbox escape leading to host file access and code execution in the host context Solar Designer (Apr 08)
- Re: 4 security fixes in Flatpak, including critical CVE-2026-34078: Complete sandbox escape leading to host file access and code execution in the host context Simon McVittie (Apr 09)
lftp 4.9.3 does not filter non-printable characters in the output to the terminal Vincent Lefevre (Apr 08)
CVE-2026-34538: Apache Airflow: Authorization bypass in DagRun wait endpoint (XCom exposure) Rahul Vats (Apr 09)
CVE-2026-33005: Apache OpenMeetings: Insufficient checks in FileWebService Maxim Solodovnik (Apr 09)
CVE-2026-33266: Apache OpenMeetings: Hardcoded Remember-Me Cookie Encryption Key and Salt Maxim Solodovnik (Apr 09)
CVE-2026-34020: Apache OpenMeetings: Login Credentials Passed via GET Query Parameters Maxim Solodovnik (Apr 09)
CVE-2025-57735: Apache Airflow: Airflow Logout Not Invalidating JWT Rahul Vats (Apr 09)
CVE-2026-39304: Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incorrect handling of TLSv1.3 KeyUpdate can be exploited to cause DoS via OOM Christopher L. Shannon (Apr 09)
CVE-2026-40046: Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT: Missing fix for CVE-2025-66168: MQTT control packet remaining length field is not properly validated Christopher L. Shannon (Apr 09)
CVE-2026-24880: Apache Tomcat: Request smuggling via invalid chunk extension Mark Thomas (Apr 09)
CVE-2026-25854: Apache Tomcat: Occasionally open redirect Mark Thomas (Apr 09)
CVE-2026-29129: Apache Tomcat: TLS cipher order is not preserved Mark Thomas (Apr 09)
CVE-2026-29145: Apache Tomcat, Apache Tomcat Native: OCSP checks sometimes soft-fail even when soft-fail is disabled Mark Thomas (Apr 09)
CVE-2026-29146: Apache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default Mark Thomas (Apr 09)
CVE-2026-32990: Apache Tomcat: Fix for CVE-2025-66614 is incomplete Mark Thomas (Apr 09)
CVE-2026-34483: Apache Tomcat: Incomplete escaping of JSON access logs Mark Thomas (Apr 09)
CVE-2026-34486: Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor Mark Thomas (Apr 09)
CVE-2026-34487: Apache Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer token Mark Thomas (Apr 09)
CVE-2026-34500: Apache Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled Mark Thomas (Apr 09)
[OSSA-2026-006] OpenStack Skyline: DOM-based XSS in Skyline Console via unsanitized instance console log rendering (CVE-2026-pending) Goutham Pacha Ravi (Apr 09)
CVE-2026-4631 [cockpit] Unauthenticated remote code execution due to SSH command-line argument injection Jelle van der Waa (Apr 10)
CVE-2026-34477: Apache Log4j Core: verifyHostName attribute silently ignored in TLS configuration, allowing hostname verification bypass Piotr Karwasz (Apr 10)
CVE-2026-34478: Apache Log4j Core: Log injection in Rfc5424Layout due to silent configuration incompatibility Piotr Karwasz (Apr 10)
CVE-2026-34479: Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters Piotr Karwasz (Apr 10)
CVE-2026-34480: Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters Piotr Karwasz (Apr 10)
xdg-desktop-portal GHSA-rqr9-jwwf-wxgj: Trashing of arbitrary host files Simon McVittie (Apr 10)
xdg-dbus-proxy CVE-2026-34080: Eavesdrop filter bypass allows message interception Simon McVittie (Apr 10)
CVE-2026-40198: Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass Stig Palmquist (Apr 10)
CVE-2026-40199: Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass Stig Palmquist (Apr 10)
[kubernetes] CVE-2026-3865: CSI Driver for SMB path traversal via subDir may delete unintended directories on the SMB server Vinayak Goyal (Apr 10)
CPython [CVE-2026-1502] HTTP client proxy tunnel headers not validated for CR/LF Alan Coopersmith (Apr 10)
CPython [CVE-2026-3446] Base64 decoding stops at first padded quad by default Alan Coopersmith (Apr 10)
CVE-2026-35537+more: Roundcube arbitrary write + ID/XSS/etc. prior to 1.6.14 Valtteri Vuorikoski (Apr 11)
- Re: CVE-2026-35537+more: Roundcube arbitrary write + ID/XSS/etc. prior to 1.6.14 Valtteri Vuorikoski (Apr 11)
LibRaw 0.22.1 Release with security fixes Alan Coopersmith (Apr 11)
Avahi: Reachable assertion in transport_flags_from_domain (CVE-2026-34933) Alan Coopersmith (Apr 11)
GNU tar: listing/extraction desynchronization allows hidden file injection Alan Coopersmith (Apr 11)
- Re: GNU tar: listing/extraction desynchronization allows hidden file injection Collin Funk (Apr 11)
  - Re: GNU tar: listing/extraction desynchronization allows hidden file injection Alan Coopersmith (Apr 11)
- Re: GNU tar: listing/extraction desynchronization allows hidden file injection Solar Designer (Apr 11)
  - Re: GNU tar: listing/extraction desynchronization allows hidden file injection Collin Funk (Apr 11)
    - Re: GNU tar: listing/extraction desynchronization allows hidden file injection Paul Eggert (Apr 12)
Security Audit of Hex, the Erlang package manager Alan Coopersmith (Apr 12)
- Re: Security Audit of Hex, the Erlang package manager Alexander Patrakov (Apr 12)
  - Re: Security Audit of Hex, the Erlang package manager Alan Coopersmith (Apr 13)
CVE-2026-35337: Apache Storm Client: RCE through Unsafe Deserialization via Kerberos TGT Credential Handling Richard Zowalla (Apr 12)
CVE-2026-35565: Apache Storm UI: Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Storm UI Richard Zowalla (Apr 12)
CVE-2026-5085: Solstice::Session versions through 1440 for Perl generates session ids insecurely Robert Rothenberg (Apr 13)
CVE-2025-54057: Apache SkyWalking: Stored XSS vulnerability Zhenxu Ke (Apr 13)
CVE-2026-34476: Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server Qiuxia Fan (Apr 13)
CVE-2026-34884: Apache SkyWalking MCP: SSRF via set_skywalking_url Tool and GraphQL Expression Injection in MCP Server Qiuxia Fan (Apr 13)
CVE-2025-66236: Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI Rahul Vats (Apr 13)
CVE-2026-33858: Apache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API Rahul Vats (Apr 13)
CVE-2026-39816: Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService David Handermann (Apr 13)
[oss-security][CVE-2026-6100] CPython: Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure Alan Coopersmith (Apr 13)
[oss-security][CVE-2026-4786] CPython: Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open() Alan Coopersmith (Apr 13)
CVE-2026-5086: Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks Robert Rothenberg (Apr 13)
CVE-2026-31923: Apache APISIX: Openid-connect `tls_verify` field is disabled by default Abhishek Choudhary (Apr 13)
CVE-2026-31924: Apache APISIX: Plugin tencent-cloud-cls log export uses plaintext HTTP Abhishek Choudhary (Apr 13)
CVE-2026-31908: Apache APISIX: forward auth plugin allows header injection Abhishek Choudhary (Apr 13)
CVE-2026-33929: Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code Tilman Hausherr (Apr 13)
wolfSSL ML-DSA: same-process heap reuse exposes private signing material, enabling signature forgery Abhinav Agarwal (Apr 13)
wolfSSL 5.9.1 CVE and non-CVE fixes Solar Designer (Apr 13)
[disclosure] Multiple unpatched CVEs in libav (unmaintained FFmpeg fork, last update 2019) yangjincheng1998 (Apr 14)
Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland Olivier Fourdan (Apr 14)
- Re: Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland Alan Coopersmith (Apr 15)
- <Possible follow-ups>
- FW: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland Peter Hutterer (Jun 01)
  - Re: FW: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland Peter Hutterer (Jun 04)
[OSSA-2026-007] OpenStack Keystone: LDAP identity backend does not convert enabled attribute to boolean (CVE PENDING) Goutham Pacha Ravi (Apr 14)
CVE-2025-54550: Apache Airflow: RCE by race condition in example_xcom dag Jarek Potiuk (Apr 14)
CVE-2026-30778: Apache SkyWalking: The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. Kai Wan (Apr 14)
CVE-2026-25219: Apache Airlfow: Sensitive Azure Service Bus connection string (and possibly other providers) exposed to users with view access Jarek Potiuk (Apr 15)
CVE-2026-5088: Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts Robert Rothenberg (Apr 15)
- Re: CVE-2026-5088: Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts Jacques Deguest (Apr 15)
[oss-security][CVE-2026-5713] CPython: Out-of-bounds read/write during remote debugging when connecting to malicious target Alan Coopersmith (Apr 15)
[vim-security] Command injection via backtick expansion in tag filenames in Vim < v9.2.0357 Christian Brabandt (Apr 15)
7 vulnerabilities disclosed & patched in jq Alan Coopersmith (Apr 15)
- Re: 7 vulnerabilities disclosed & patched in jq Collin Funk (Apr 15)
UAF in rsync 3.4.1 and below Przemyslaw Frasunek (Apr 15)
- Re: UAF in rsync 3.4.1 and below Alan Coopersmith (Apr 16)
  - Re: UAF in rsync 3.4.1 and below Salvatore Bonaccorso (Apr 16)
    - Re: UAF in rsync 3.4.1 and below Sam James (Apr 21)
cosmic-greeter: Unsafe File System Operations in User Home Directories (CVE-2026-25704) Matthias Gerstner (Apr 16)
CVE-2025-27363: FontForge affected by FreeType heap-buffer-overflow; upstream maintainer declines under Community-guidelines #D1 yangjincheng1998 (Apr 16)
- Re: CVE-2025-27363: FontForge affected by FreeType heap-buffer-overflow; upstream maintainer declines under Community-guidelines #D1 Sam James (Apr 19)
Apache Kvrocks affected by CVE-2024-31449 and CVE-2025-49844 (Redis Lua); fixed but no formal advisory yangjincheng1998 (Apr 16)
- Re: Apache Kvrocks affected by CVE-2024-31449 and CVE-2025-49844 (Redis Lua); fixed but no formal advisory Alan Coopersmith (Apr 16)
  - Re: Apache Kvrocks affected by CVE-2024-31449 and CVE-2025-49844 (Redis Lua); fixed but no formal advisory yangjincheng1998 (Apr 16)
    - Re: Apache Kvrocks affected by CVE-2024-31449 and CVE-2025-49844 (Redis Lua); fixed but no formal advisory Solar Designer (Apr 16)
    - Re: Apache Kvrocks affected by CVE-2024-31449 and CVE-2025-49844 (Redis Lua); fixed but no formal advisory yangjincheng1998 (Apr 16)
CVE-2026-31987: Apache Airflow: JWT token appearing in logs Rahul Vats (Apr 16)
Re: [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability cyber security (Apr 16)
- Re: [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability cyber security (Apr 18)
  - Re: [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability cyber security (Apr 18)
    - Re: [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability Solar Designer (Apr 18)
CVE-2026-33557: Apache Kafka: Missing JWT token validation in OAUTHBEARER authentication Luke Chen (Apr 17)
CVE-2026-33558: Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output Luke Chen (Apr 17)
CVE-2025-66335: Apache Doris MCP Server: MCP SQL inject Mingyu Chen (Apr 17)
CVE-2026-30912: Apache Airflow: Exposing stack trace in case of constraint error Rahul Vats (Apr 17)
CVE-2026-32690: Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=1 Rahul Vats (Apr 17)
CVE-2026-30898: Apache Airflow: Bad example of BashOperator shell injection via dag_run.conf Rahul Vats (Apr 17)
CVE-2026-32228: Apache Airflow: Users with asset materialization permisssions could trigger Dags they had no access to Rahul Vats (Apr 17)
CVE-2026-25917: Apache Airflow: API extra-links triggers XCom deserialization/class instantiation (Airflow 3.1.5) Rahul Vats (Apr 17)
cups: 8 various moderate vulnerabilities Zdenek Dohnal (Apr 17)
ngtcp2: qlog_parameters_set_transport_params_stack_overflow [CVE-2026-40170] Alan Coopersmith (Apr 17)
Xen Security Advisory 488 v1 - x86: Floating Point Divider State Sampling Xen . org security team (Apr 17)
CVE-2026-40948: Apache Airflow Keycloak Provider: OAuth Login CSRF — Missing State Parameter in Keycloak Auth Manager Jarek Potiuk (Apr 17)
lcms2 <= 2.18 CubeSize() integer overflow: stock Ubuntu 24.04 Poppler / evince-thumbnailer / OpenJDK crashers (different triggers), no CVE Abhinav Agarwal (Apr 17)
- Re: lcms2 <= 2.18 CubeSize() integer overflow: stock Ubuntu 24.04 Poppler / evince-thumbnailer / OpenJDK crashers (different triggers), no CVE Abhinav Agarwal (Apr 18)
  - Re: lcms2 <= 2.18 CubeSize() integer overflow: stock Ubuntu 24.04 Poppler / evince-thumbnailer / OpenJDK crashers (different triggers), no CVE Abhinav Agarwal (Apr 29)
- Re: lcms2 <= 2.18 CubeSize() integer overflow: stock Ubuntu 24.04 Poppler / evince-thumbnailer / OpenJDK crashers (different triggers), no CVE Sam James (Apr 29)
CVE-2026-41113: RCE in sagredo fork of qmail Alan Coopersmith (Apr 18)
[CVE REQUEST] terminal-controller-mcp: trivially bypassable command blocklist enables unrestricted RCE (CVSS 10.0) Pico 🧬 (Apr 19)
- Re: [CVE REQUEST] terminal-controller-mcp: trivially bypassable command blocklist enables unrestricted RCE (CVSS 10.0) Alan Coopersmith (Apr 19)
[ADVISORY] CVE-2026-5265: Heap Over-Read in ICMP Error Response Generation Ales Musil (Apr 20)
- Re: [ADVISORY] CVE-2026-5265: Heap Over-Read in ICMP Error Response Generation Ales Musil (Apr 20)
[ADVISORY] CVE-2026-5367: Heap over-read in OVN DHCPv6 Client ID processing Ales Musil (Apr 20)
- Re: [ADVISORY] CVE-2026-5367: Heap over-read in OVN DHCPv6 Client ID processing Ales Musil (Apr 20)
Fwd: [CVE-2026-3219] pip doesn't reject concatenated ZIP and tar archives Alan Coopersmith (Apr 20)
The GNU C Library security advisories update for 2026-04-20 Carlos O'Donell (Apr 20)
Libgcrypt security releases 1.12.2, 1.11.3, 1.10.x Valtteri Vuorikoski (Apr 21)
Fwd: X.Org Security Advisory: CVE-2026-4367: libXpm Out-of-bounds read in xpmNextWord() Olivier Fourdan (Apr 21)
CVE-2026-40706: ntfs-3g 2022.10.3: Heap buffer overflow Rostislav (Apr 21)
CVE-2017-20230: Storable versions before 3.05 for Perl has a stack overflow Robert Rothenberg (Apr 21)
- Re: CVE-2017-20230: Storable versions before 3.05 for Perl has a stack overflow Sam James (Apr 21)
  - Re: CVE-2017-20230: Storable versions before 3.05 for Perl has a stack overflow Sam James (Apr 21)
    - Re: CVE-2017-20230: Storable versions before 3.05 for Perl has a stack overflow Steffen Nurpmeso (Apr 22)
CVE-2025-15638: Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt Robert Rothenberg (Apr 21)
[SECURITY] CVE-2026-40542: Apache HttpClient 5.6 SCRAM-SHA-256 mutual authentication bypass Arturo Bernal (Apr 22)
CVE-2026-41651: TOCTOU vulnerability in PackageKit <= 1.3.4 leads to local root exploit Matthias Klumpp (Apr 22)
[vim-security] OS Command Injection in netrw affects Vim < 9.2.0383 Christian Brabandt (Apr 22)
PowerDNS Security Advisory 2026-03 for PowerDNS Recursor: Multiple issues Otto Moerbeek (Apr 23)
CVE-2026-41564: CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking Stig Palmquist (Apr 23)
PowerDNS Authoritative Server 4.9.14 and 5.0.4 released Miod Vallat (Apr 23)
CVE-2026-40466: Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI Christopher L. Shannon (Apr 23)
CVE-2026-41043: Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues Christopher L. Shannon (Apr 23)
CVE-2026-41044: Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia Christopher L. Shannon (Apr 23)
CVE-2026-23902: Apache DolphinScheduler: Users are able to use tenants that are not defined on the platform during workflow execution. Wenjun Ruan (Apr 23)
CVE-2025-62233: Apache DolphinScheduler: Deserialization of untrusted data in RPC Wenjun Ruan (Apr 23)
CVE-2026-38743: Apache Airflow: Dags endpoint might provide access to otherwise inaccessible entities Rahul Vats (Apr 24)
CVE-2026-40690: Apache Airflow: Assets graph view bypasses DAG level access control displaying unrelated topologies and all DAGs names to unauthorized users Rahul Vats (Apr 24)
rust-openssl-v0.10.78 fixes 5 CVEs Alan Coopersmith (Apr 24)
bubblewrap CVE-2026-41163: Privilege escalation if setuid root, via ptrace Simon McVittie (Apr 25)
CVE-2026-40557: Apache Storm Prometheus Reporter: Disabling TLS verification for Prometheus Reporter also disables it for all other connections Richard Zowalla (Apr 25)
CVE-2026-41081: Apache Storm Client: Anonymous principal assigned on TLS client certificate verification failure Richard Zowalla (Apr 25)
libexpat 2.8.0 fixes CVE-2026-41080 (insufficient entropy) Sebastian Pipping (Apr 26)
CVE-2026-27172: Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store Andrea Cosentino (Apr 26)
CVE-2026-33453: Apache Camel: CoAP URI Query Parameter to Exchange Header Injection in camel-coap Allows Single-Packet Pre-Auth Remote Code Execution Andrea Cosentino (Apr 26)
CVE-2026-33454: Apache Camel: Inbound Header Filter Missing in MailHeaderFilterStrategy Allows Remote Code Execution via MIME Header Injection (CVE-2025-30177 Variant) Andrea Cosentino (Apr 26)
CVE-2026-40022: Apache Camel: Camel-Platform-HTTP-Main: Authentication Bypass on Non-Root Context Paths in camel main runtime Andrea Cosentino (Apr 26)
CVE-2026-40048: Apache Camel: Camel-PQC: Unsafe Deserialization from FileBasedKeyLifecycleManager Andrea Cosentino (Apr 26)
CVE-2026-40453: Apache Camel: Incomplete fix for CVE-2025-27636 in non-HTTP HeaderFilterStrategies (camel-jms, camel-sjms, camel-coap, camel-google-pubsub) allows case-variant header injection Andrea Cosentino (Apr 26)
CVE-2026-40473: Apache Camel: Camel-Mina: Unsafe Deserialization in MinaConverter.toObjectInput() via TCP/UDP Andrea Cosentino (Apr 26)
CVE-2026-40858: Apache Camel: Camel-Infinispan: Unsafe Deserialization in Remote Aggregation Repository Andrea Cosentino (Apr 26)
CVE-2026-40860: Apache Camel: Unsafe Deserialization of JMS ObjectMessage in camel-jms, camel-sjms, camel-sjms2 and camel-amqp Andrea Cosentino (Apr 26)
plasma-login-manager: Weaknesses in plasmaloginauthhelper (CVE-2026-25710) Matthias Gerstner (Apr 27)
uriparser 1.0.1 fixes CVE-2026-42371 (integer overflow) Sebastian Pipping (Apr 27)
CVE-2026-41409: Apache MINA: CWE-502 Deserialization of Untrusted Data Emmanuel Lécharny (Apr 27)
ZDRES-059: CVE-2026-41635: Apache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE Emmanuel Lécharny (Apr 27)
CVE-2026-7040: Text::Minify::XS versions from v0.3.0 before v0.7.8 for Perl have heap overflow when processing some malformed UTF-8 characters Robert Rothenberg (Apr 27)
[OSSA-2026-008] Ironic: Command Injection in IPMI Console Implementations (CVE pending) Jay Faulkner (Apr 27)
- OSSA-2026-008: OpenStack Ironic: Command Injection in Ironic IPMI Console Implementations (CVE-2026-42510) - errata 1 Goutham Pacha Ravi (Apr 29)
[oss-security][CVE-2026-6357] pip self-update functionality can import newly installed modules after wheel installation Alan Coopersmith (Apr 27)
CVE-2026-40355, CVE-2026-40356: MIT krb5 1.18+ Unauthenticated Network read overrun and null pointer dereference Cem Onat Karagun (Apr 27)
CVE-2026-41636: Apache Thrift: Node.js skip() recursion Jens Geyer (Apr 27)
CVE-2026-41607: Apache Thrift: C++ JSON OOB read Jens Geyer (Apr 27)
CVE-2026-41606: Apache Thrift: c_glib dispatch stack overflow Jens Geyer (Apr 27)
CVE-2026-41605: Apache Thrift: Swift Compact Protocol integer overflow Jens Geyer (Apr 27)
CVE-2026-41604: Apache Thrift: Swift Range crash in skip() Jens Geyer (Apr 27)
CVE-2026-41602: Apache Thrift: Go TFramedTransport uint32 overflow Jens Geyer (Apr 27)
CVE-2026-41603: Apache Thrift: Java TSSLTransportFactory hostname verification Jens Geyer (Apr 27)
CVE-2025-48431: Apache Thrift glibc language bindings: Specially crafted input can crash a c_glib Thrift server with invalid pointer error. Jens Geyer (Apr 27)
[oss-security][CVE-2026-3087] shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs Alan Coopersmith (Apr 27)
Xen Security Advisory 483 v2 (CVE-2026-23556) - oxenstored keeps quota related use counts across domain destruction Xen . org security team (Apr 28)
Xen Security Advisory 484 v2 (CVE-2026-23557) - Xenstored DoS via XS_RESET_WATCHES command Xen . org security team (Apr 28)
Xen Security Advisory 485 v2 (CVE-2026-31786) - Linux kernel out of bounds read via Xen-related sysfs file Xen . org security team (Apr 28)
Xen Security Advisory 486 v2 (CVE-2026-23558) - grant table v2 race in status page mapping Xen . org security team (Apr 28)
Xen Security Advisory 487 v2 (CVE-2026-31787) - Linux kernel double free in Xen privcmd driver Xen . org security team (Apr 28)
Coordinated Disclosure in the LLM Age Jeremy Stanley (Apr 28)
- Re: Coordinated Disclosure in the LLM Age Greg Dahlman (Apr 28)
- Re: Coordinated Disclosure in the LLM Age Jacob Bachmeyer (Apr 28)
  - Re: Coordinated Disclosure in the LLM Age Peter Gutmann (Apr 28)
  - Re: Coordinated Disclosure in the LLM Age Willy Tarreau (Apr 29)
    - Re: Coordinated Disclosure in the LLM Age Renaud Allard (Apr 29)
    - Re: Coordinated Disclosure in the LLM Age Demi Marie Obenour (May 12)
    - Re: Coordinated Disclosure in the LLM Age Willy Tarreau (May 12)
    - Re: Coordinated Disclosure in the LLM Age Yves-Alexis Perez (May 15)
    - Re: Coordinated Disclosure in the LLM Age Greg KH (May 15)
    - Re: Coordinated Disclosure in the LLM Age Santiago Ruano Rincón (May 15)
    - Re: Coordinated Disclosure in the LLM Age Greg KH (May 16)
    - Re: Coordinated Disclosure in the LLM Age Demi Marie Obenour (May 15)
  - Re: Coordinated Disclosure in the LLM Age Clemens Lang (Apr 29)
    - Re: Coordinated Disclosure in the LLM Age Greg KH (Apr 30)
    - Re: Coordinated Disclosure in the LLM Age Douglas Bagnall (May 21)
- Re: Coordinated Disclosure in the LLM Age Lucas Holt (Apr 29)
  - Re: Coordinated Disclosure in the LLM Age Jeremy Stanley (Apr 29)
  - Re: Coordinated Disclosure in the LLM Age Brian May (Apr 29)
- Re: Coordinated Disclosure in the LLM Age Tim Shephard (May 11)
  - Sv: Coordinated Disclosure in the LLM Age Markus Klyver (May 15)
    - Sv: Coordinated Disclosure in the LLM Age ROI AI (May 15)
    - Sv: Coordinated Disclosure in the LLM Age Markus Klyver (May 22)
    - Sv: Coordinated Disclosure in the LLM Age ROI AI (May 24)
- Re: Coordinated Disclosure in the LLM Age Alan Coopersmith (May 20)
  - Re: Coordinated Disclosure in the LLM Age ROI AI (May 21)
    - Re: Coordinated Disclosure in the LLM Age ROI AI (May 21)
    - Re: Coordinated Disclosure in the LLM Age Jacob Bachmeyer (May 21)
    - Re: Coordinated Disclosure in the LLM Age ROI AI (May 21)
    - Re: Coordinated Disclosure in the LLM Age Jacob Bachmeyer (May 22)
    - Re: Coordinated Disclosure in the LLM Age ROI AI (May 24)
    - Re: Coordinated Disclosure in the LLM Age Solar Designer (May 24)
    - Re: Coordinated Disclosure in the LLM Age Jacob Bachmeyer (May 24)
    - Re: Coordinated Disclosure in the LLM Age ROI AI (May 24)
- Re: Coordinated Disclosure in the LLM Age Jeffrey Walton (May 21)
The GNU C Library security advisories update for 2026-04-28 Carlos O'Donell (Apr 28)
CVE-2026-41873: Pony Mail: Admin account takeover via request smuggling Arnout Engelen (Apr 28)
Xen Security Advisory 489 v1 (CVE-2026-23559,CVE-2026-23560,CVE-2026-23561,CVE-2026-23562,CVE-2026-42486) - Multiple RBAC issues in XAPI Xen . org security team (Apr 28)
[SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 MOHAMED AZIZ RAHMOUNI (Apr 28)
- Re: [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Dmitry Butskoy (Apr 28)
- Re: [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Dmitry Butskoy (Apr 28)
  - Re: [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Solar Designer (Apr 28)
- Re: [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Alan Coopersmith (Apr 28)
- Re: [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Ellenor Bjornsdottir (Apr 28)
- Re: [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Jacob Bachmeyer (Apr 28)
CVE-2026-40560: Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence Timothy Legge (Apr 28)
[ADVISORY] curl: CVE-2026-4873: connection reuse ignores TLS requirement Daniel Stenberg (Apr 28)
[ADVISORY] curl: CVE-2026-5545: wrong reuse of HTTP Negotiate connection Daniel Stenberg (Apr 28)
[ADVISORY] curl: CVE-2026-5773: wrong reuse of SMB connection Daniel Stenberg (Apr 28)
[ADVISORY] curl: CVE-2026-6429: netrc credential leak with reused proxy connection Daniel Stenberg (Apr 28)
[ADVISORY] curl: CVE-2026-6253: proxy credentials leak over redirect-to proxy Daniel Stenberg (Apr 28)
[ADVISORY] curl: CVE-2026-7009: OCSP stapling bypass with Apple SecTrust Daniel Stenberg (Apr 28)
[ADVISORY] curl: CVE-2026-6276: stale custom cookie host causes cookie leak Daniel Stenberg (Apr 28)
[ADVISORY] curl: CVE-2026-7168: cross-proxy Digest auth state leak Daniel Stenberg (Apr 28)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Apr 29)
- <Possible follow-ups>
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (May 27)
CVE-2026-7111: Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption Stig Palmquist (Apr 29)
Xen Security Advisory 489 v2 (CVE-2026-23559,CVE-2026-23560,CVE-2026-23561,CVE-2026-23562,CVE-2026-42486) - Multiple RBAC issues in XAPI Xen . org security team (Apr 29)
CVE-2026-31431: CopyFail: linux local privilege scalation Jan Schaumann (Apr 29)
- Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eddie Chapman (Apr 29)
  - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Sam James (Apr 29)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Salvatore Bonaccorso (Apr 30)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Greg KH (Apr 30)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation cyber security (Apr 30)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Greg KH (Apr 30)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Solar Designer (Apr 30)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Greg KH (Apr 30)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Alan Coopersmith (Apr 30)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Reid Sutherland (May 01)
    - Re: [EXTERNAL] Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Shrader, David Lee (May 01)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Justin Swartz (May 01)
    - Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation cyber security (May 01)
    - Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Reid Sutherland (May 02)
    - Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Justin Swartz (May 02)
    - Re: Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers (May 02)
    - Re: Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Alexander Bochmann (May 02)
    - Re: Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Collin Funk (May 02)
    - Re: Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Malik, Vaibhav (May 02)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Reid Sutherland (May 02)
    - Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Brian May (May 02)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation nightmare . yeah27 (May 02)
    - Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Reid Sutherland (May 03)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Sam James (Apr 30)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers (Apr 30)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour (May 01)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers (May 01)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour (May 01)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers (May 01)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour (May 02)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers (May 02)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers (May 02)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour (May 02)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Greg Dahlman (May 02)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Greg Dahlman (May 02)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Simon McVittie (May 03)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Greg Dahlman (May 03)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Milan Broz (May 04)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour (May 04)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers (May 04)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Milan Broz (May 04)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Richard Kettlewell (May 02)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour (May 02)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Peter Gutmann (May 03)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Paul Ducklin (May 03)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Richard Kettlewell (May 04)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour (May 04)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Solar Designer (May 04)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers (May 05)
- Re: CVE-2026-31431: CopyFail: linux local privilege scalation Sam James (Apr 29)
  - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Zube (Apr 29)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Solar Designer (Apr 29)
    - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Roman Medina-Heigl Hernandez (Apr 30)
    - CVE-2026-31431 Copy Fail Linux LPE - new public exploit Andrei Berestov (May 18)
  - Re: CVE-2026-31431: CopyFail: linux local privilege scalation Aaron Rainbolt (Apr 29)
- Re: CVE-2026-31431: CopyFail: linux local privilege scalation Alan Coopersmith (May 01)
- Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Sam James (May 03)
  - Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Sam James (May 03)
    - Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Sam James (May 03)
    - Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Greg Kroah-Hartman (May 04)
    - Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Emily Shepherd (May 04)
    - Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Greg KH (May 04)
    - Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Emily Shepherd (May 04)
    - Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Greg KH (May 06)
    - Re: Precise disclosure contents for copyfail (Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation) Jeroen Roovers (May 04)
CVE-2026-7381: Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting Robert Rothenberg (Apr 29)
gnutls 3.8.13 released with 12 CVE fixes and more Alan Coopersmith (Apr 29)
inetutils-2.8 released with 2 CVE fixes Alan Coopersmith (Apr 29)
[CVE-2026-37555] libsndfile IMA-ADPCM integer overflow (incomplete fix for CVE-2022-33065) Feng Ning (Apr 29)
CVE-2026-5080: Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely Robert Rothenberg (Apr 30)
Exim 4.99.2 fixes 4 CVEs Solar Designer (Apr 30)
- Re: Exim 4.99.2 fixes 4 CVEs Florian Weimer (May 01)
Re: 10+ CVEs in GStreamer Solar Designer (Apr 30)
- Re: 10+ CVEs in GStreamer Demi Marie Obenour (May 01)
  - Re: 10+ CVEs in GStreamer Kevin Backhouse (May 01)
CVE-2026-42167: SQL injection in ProFTPd prior to 1.3.9a Valtteri Vuorikoski (May 01)
- Re: CVE-2026-42167: SQL injection in ProFTPd prior to 1.3.9a Alan Coopersmith (May 01)
Prosody XMPP server security advisory 2026-04-31 (multiple vulnerabilities) Matthew Wild (May 01)
CVE-2026-42402: Apache Neethi: Policy Normalization Unbounded Resource Allocation DoS Colm O hEigeartaigh (May 01)
CVE-2026-42403: Apache Neethi: Circular Policy Reference Infinite Loop Colm O hEigeartaigh (May 01)
CVE-2026-42404: Apache Neethi: Unrestricted HTTP Redirect Following in Policy References Colm O hEigeartaigh (May 01)
CVE-2026-40682: Apache OpenNLP: XXE via Dictionary Parsing in DictionaryEntryPersistor Richard Zowalla (May 01)
CVE-2026-42027: Apache OpenNLP: Arbitrary Class Instantiation via Model Manifest in ExtensionLoader Richard Zowalla (May 01)
CVE-2026-42440: Apache OpenNLP: OOM DoS via Unbounded Array Allocation in AbstractModelReader Richard Zowalla (May 01)
Security audit of rust-coreutils Alan Coopersmith (May 01)
uutils coreutils CVEs Collin Funk (May 02)
- Re: uutils coreutils CVEs Jan Schaumann (May 02)
- Re: uutils coreutils CVEs Jakub Wilk (May 04)
  - Re: uutils coreutils CVEs cyber security (May 04)
  - Re: uutils coreutils CVEs Eli Schwartz (May 04)
- <Possible follow-ups>
- Re: uutils coreutils CVEs Collin Funk (May 02)
Ubuntu back up, In Saturday after DDoS attacks cyber security (May 02)
CVE-2026-42809: Apache Polaris: An authenticated low-privileged user can abuse Polaris staged table creation to mint broad temporary storage credentials for an attacker-chosen location before Polaris validates that location Jean-Baptiste Onofré (May 02)
CVE-2026-42810: Apache Polaris: Polaris accepts literal `*` characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and `s3:prefix` conditions. Jean-Baptiste Onofré (May 02)
CVE-2026-42811: Apache Polaris: In plain terms, Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Jean-Baptiste Onofré (May 02)
CVE-2026-42812: Apache Polaris: No protection on `write.metadata.path` Jean-Baptiste Onofré (May 02)
CVE-2026-40561: Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence Timothy Legge (May 02)
syzkaller "Reporting Linux kernel bugs" out of date Solar Designer (May 02)
CVE request: io_uring zcrx freelist OOB write Mohamed salem Eddah (May 03)
- Re: CVE request: io_uring zcrx freelist OOB write Greg KH (May 03)
- Re: CVE request: io_uring zcrx freelist OOB write Pavel Begunkov (May 04)
  - Re: CVE request: io_uring zcrx freelist OOB write Solar Designer (May 07)
    - Re: CVE request: io_uring zcrx freelist OOB write Mohamed salem Eddah (May 07)
    - Re: CVE request: io_uring zcrx freelist OOB write Jens Axboe (May 07)
    - Re: CVE request: io_uring zcrx freelist OOB write Benjamin Hays (May 07)
    - Re: CVE request: io_uring zcrx freelist OOB write Jens Axboe (May 07)
    - Re: CVE request: io_uring zcrx freelist OOB write Pavel Begunkov (May 07)
    - Re: CVE request: io_uring zcrx freelist OOB write Solar Designer (May 07)
    - Re: CVE request: io_uring zcrx freelist OOB write Mohamed salem Eddah (May 08)
    - Re: CVE request: io_uring zcrx freelist OOB write Jens Axboe (May 08)
CVE-2026-40563: Apache Atlas: Script injection allows access to unintended data Pinal Shah (May 03)
[vim-security] OS Command Injection via 'path' completion affects Vim < 9.2.0435 Christian Brabandt (May 03)
Fwd: mutt 2.3.2 released Sam James (May 03)
CVE-2026-33857: Apache HTTP Server: Off-by-one OOB reads in AJP getter functions Eric Covener (May 04)
CVE-2026-34032: Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string) Eric Covener (May 04)
CVE-2026-34059: Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data() Eric Covener (May 04)
CVE-2026-24072: Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr Eric Covener (May 04)
CVE-2026-23918: Apache HTTP Server: http2: double free and possible RCE on early reset Eric Covener (May 04)
CVE-2026-29169: Apache HTTP Server: mod_dav_lock indirect lock crash Eric Covener (May 04)
- Re: CVE-2026-29169: Apache HTTP Server: mod_dav_lock indirect lock crash Solar Designer (May 05)
CVE-2026-33006: Apache HTTP Server: mod_auth_digest timing attack Eric Covener (May 04)
CVE-2026-33007: Apache HTTP Server: mod_authn_socache crash Eric Covener (May 04)
CVE-2026-33523: Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line Eric Covener (May 04)
Fwd: [pfx] Postfix stable release 3.11.2 and legacy releases 3.10.9, 3.9.10, 3.8.16 Sam James (May 04)
- Re: [pfx] Postfix stable release 3.11.2 and legacy releases 3.10.9, 3.9.10, 3.8.16 Sam James (May 04)
  - Re: [pfx] Postfix stable release 3.11.2 and legacy releases 3.10.9, 3.9.10, 3.8.16 Solar Designer (May 04)
- Re: Fwd: [pfx] Postfix stable release 3.11.2 and legacy releases 3.10.9, 3.9.10, 3.8.16 Salvatore Bonaccorso (May 04)
Local privilege escalation in Lix and Nix Thomas GERBET (May 04)
Nix/Lix: local privilege escalation in daemon process Martin Weinelt (May 04)
CVE-2026-43868: Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern Jens Geyer (May 04)
CVE-2026-43869: Apache Thrift: TSSLTransportFactory.java hostname verification Jens Geyer (May 04)
CVE-2026-43870: Apache Thrift: Node.js web_server.js multi-vulnerability Jens Geyer (May 04)
CVE-2026-29168: Apache HTTP Server: mod_md unrestricted OCSP response Eric Covener (May 05)
[OSSA-2026-009] Horizon: Unauthenticated session flood via login redirect storage (CVE-2026-43002) Goutham Pacha Ravi (May 05)
Django CVE-2026-5766, CVE-2026-35192, and CVE-2026-6907 Sarah Boyce (May 05)
CVE-2026-28780: Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header() Eric Covener (May 05)
[OSSA-2026-010] Ironic: Credential Forwarding to Arbitrary Endpoints via iDrac Configuration Molds Feature (CVE-2026-42997) Jay Faulkner (May 05)
vm2: sandbox escape in NodeVM with nesting:true (CVE-2026-44007) Akshat Sinha (May 05)
Security audit of Paramiko completed, fixes coming in 5.0 release Alan Coopersmith (May 05)
CVE-2026-40010: Apache Wicket: possible session fixation using AuthenticatedWebSession Pedro Henrique Oliveira dos Santos (May 05)
CVE-2026-42509: Apache Wicket: crafted strings can break out of the JavaScript sequence Pedro Henrique Oliveira dos Santos (May 05)
CVE-2026-43646: Apache Wicket: crafted URLs can bypass PackageResourceGuard Pedro Henrique Oliveira dos Santos (May 05)
CVE-2026-43975: Apache Wicket: Possible malicious path traversal in FolderUploadsFileManager Pedro Henrique Oliveira dos Santos (May 05)
CVE-2026-5081: Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure Robert Rothenberg (May 06)
CVE-2026-40562: Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence Robert Rothenberg (May 06)
Vulnerability fixes in Tor 0.4.9.7 Sam James (May 06)
Linux kernel: KTLS + sockmap "Reverse Order" Use-After-Free / Data Corruption Solar Designer (May 06)
- Re: Linux kernel: KTLS + sockmap "Reverse Order" Use-After-Free / Data Corruption Sam James (May 07)
  - Re: Linux kernel: KTLS + sockmap "Reverse Order" Use-After-Free / Data Corruption xw x (May 11)
    - Re: Linux kernel: KTLS + sockmap "Reverse Order" Use-After-Free / Data Corruption xw x (May 11)
    - Re: Linux kernel: KTLS + sockmap "Reverse Order" Use-After-Free / Data Corruption xw x (May 11)
XSS in Postorius (Mailman 3) 1.3.13 and earlier Alyssa Ross (May 07)
- Re: XSS in Postorius (Mailman 3) 1.3.13 and earlier Demi Marie Obenour (May 07)
  - Re: XSS in Postorius (Mailman 3) 1.3.13 and earlier Sebastian Pipping (May 08)
[OSSA-2026-011] OpenStack Cyborg: Multiple access control vulnerabilities in Cyborg accelerator management (CVE-2026-40213, CVE-2026-40214) Goutham Pacha Ravi (May 07)
Dirty Frag: Universal Linux LPE Hyunwoo Kim (May 07)
- Re: Dirty Frag: Universal Linux LPE Sandipan Roy (May 07)
  - Re: Dirty Frag: Universal Linux LPE Greg KH (May 08)
    - Re: Dirty Frag: Universal Linux LPE Greg KH (May 08)
- Re: Dirty Frag: Universal Linux LPE Bernhard R. Link (May 08)
- <Possible follow-ups>
- Re: Dirty Frag: Universal Linux LPE Daniel Tang (May 07)
  - Re: Re: Dirty Frag: Universal Linux LPE Kalin KOZHUHAROV (May 08)
    - Re: Re: Dirty Frag: Universal Linux LPE Greg Dahlman (May 08)
    - Re: Re: Dirty Frag: Universal Linux LPE Emily Shepherd (May 08)
[vim-security] Heap Buffer Overflow in spell file loading affects Vim < 9.2.0450 Christian Brabandt (May 07)
- Re: [vim-security] Heap Buffer Overflow in spell file loading affects Vim < 9.2.0450 Tianyu Chen (May 13)
Copy Fail 2 / Dirty Frag — n-day from public commit, not embargo break SiCk (May 07)
- Re: Copy Fail 2 / Dirty Frag — n-day from public commit, not embargo break Sam James (May 08)
CVE-2013-10075: Apache::Session versions through 1.94 for Perl re-creates deleted sessions Robert Rothenberg (May 08)
BioPython 1.87 fixes CVE-2025-68463 (XXE, SSRF) Sebastian Pipping (May 08)
CVE-2026-6659: Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts Robert Rothenberg (May 08)
Go 1.26.3 and Go 1.25.10 are released with 11 security fixes Alan Coopersmith (May 08)
CVE-2025-66170: Apache CloudStack: Any user can list backups that they should not have access to Piotr P. Karwasz (May 08)
CVE-2025-66171: Apache CloudStack: Any user can create a new VM from backups they should not have access to Piotr P. Karwasz (May 08)
CVE-2025-66172: Apache CloudStack: Any user can attach a volume in their VMs from backups they should not have access to Piotr P. Karwasz (May 08)
CVE-2025-66467: Apache CloudStack: MinIO policy remains intact on bucket deletion Piotr P. Karwasz (May 08)
CVE-2025-69233: Apache CloudStack: Domain/account resources limits not honored Piotr P. Karwasz (May 08)
CVE-2026-25077: Apache CloudStack: Unauthenticated Command Injection in Direct Download Templates Piotr P. Karwasz (May 08)
CVE-2026-25199: Apache CloudStack: Proxmox Extension Allows Unauthorized Cross-Tenant Instance Access Piotr P. Karwasz (May 08)
uriparser 1.0.2 fixes CVE-2026-44927 and CVE-2026-44928 Sebastian Pipping (May 09)
- Re: uriparser 1.0.2 fixes CVE-2026-44927 and CVE-2026-44928 Solar Designer (May 10)
  - Re: uriparser 1.0.2 fixes CVE-2026-44927 and CVE-2026-44928 Sebastian Pipping (May 12)
    - Re: uriparser 1.0.2 fixes CVE-2026-44927 and CVE-2026-44928 Ilia (May 12)
    - Re: uriparser 1.0.2 fixes CVE-2026-44927 and CVE-2026-44928 Sebastian Pipping (May 12)
    - Re: uriparser 1.0.2 fixes CVE-2026-44927 and CVE-2026-44928 Ilia (May 12)
    - Re: uriparser 1.0.2 fixes CVE-2026-44927 and CVE-2026-44928 Joshua Windle (May 12)
CVE-2026-43826: Apache Airflow Providers OpenSearch: OpenSearch task-log handler leaks credentials embedded in the host URL Shahar Epstein (May 10)
CVE-2026-41018: Apache Airflow Providers Elasticsearch: Elasticsearch task-log handlers leak credentials embedded in the host URL Shahar Epstein (May 10)
CVE-2026-45179: Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses Robert Rothenberg (May 10)
CVE-2026-45180: Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids Robert Rothenberg (May 10)
CVE-2026-45190: Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass Stig Palmquist (May 10)
CVE-2026-45191: Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass Stig Palmquist (May 10)
CVE-2026-8177: XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences Stig Palmquist (May 10)
- Re: CVE-2026-8177: XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences Stig Palmquist (May 11)
malcontent: Disk Space Exhaustion via Globally Accessible D-Bus API (CVE-2026-44931) Matthias Gerstner (May 11)
CVE-2026-5084: WebDyne::Session versions through 2.075 for Perl generates the session id insecurely Stig Palmquist (May 11)
[OSSA-2026-012] Ironic: Remote Code Execution when Anaconda driver enabled (CVE-2026-44916) Jay Faulkner (May 11)
[oss-security][CVE-2026-7210] Cpython: The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection Alan Coopersmith (May 11)
- Re: [oss-security][CVE-2026-7210] Cpython: The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection Sebastian Pipping (May 11)
CVE Request: Fail-open authentication in hathor-wallet-headless <= 0.38.0 (vendor declined to fix) Emiliano Solazzi G. (May 11)
dnsmasq vulnerabilities, including attacker DNS redirect, privilege escalation, and heap manipulation Alan Coopersmith (May 11)
- Re: dnsmasq vulnerabilities, including attacker DNS redirect, privilege escalation, and heap manipulation Alan Coopersmith (May 11)
- Re: dnsmasq vulnerabilities, including attacker DNS redirect, privilege escalation, and heap manipulation Sam James (May 12)
OpenSSL ARM64 SM2 scalar multiplication timing side-channel (no CVE) Abhinav Agarwal (May 11)
CVE-2022-4988: Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries Robert Rothenberg (May 11)
CVE-2026-6146: Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys Robert Rothenberg (May 11)
libexpat 2.8.1 fixes CVE-2026-45186 (denial of service) Sebastian Pipping (May 11)
CVE-2026-7010: HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values Stig Palmquist (May 11)
Public security analysis and LLM-assisted variant discovery Tim Shephard (May 11)
[EXIM-Security-2026-05-01.1] Security Release 4.99.3 Heiko Schlittermann (May 12)
- Re: [EXIM-Security-2026-05-01.1] Security Release 4.99.3 Heiko Schlittermann (May 12)
- Re: [EXIM-Security-2026-05-01.1] Security Release 4.99.3 Sam James (May 12)
Dovecot Security Advisory OXDC-2026-0002 Aki Tuomi (May 12)
CVE-2026-8368: LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects Stig Palmquist (May 12)
CVE-2026-43512: Apache Tomcat: Digest authenticator will authenticate any unknown user Mark Thomas (May 12)
CVE-2026-43513: Apache Tomcat: LockOutRealm treats user names as case-sensitive Mark Thomas (May 12)
CVE-2026-43514: Apache Tomcat: AJP secret compared in non-constant time Mark Thomas (May 12)
CVE-2026-43515: Apache Tomcat: Security constraints not correctly applied Mark Thomas (May 12)
CVE-2026-41284: Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling Mark Thomas (May 12)
CVE-2026-41293: Apache Tomcat: HTTP/2 request headers not validated Mark Thomas (May 12)
CVE-2026-42498: Apache Tomcat: WebSocket authentication header exposure Mark Thomas (May 12)
Xen Security Advisory 490 v1 (CVE-2025-54518) - x86: CPU Opcode Cache corruption Xen . org security team (May 12)
CVE-2026-5089: YAML::Syck versions before 1.38 for Perl has an out-of-bounds read Robert Rothenberg (May 12)
Fwd: [siren] [Security Advisory] Severity: CRITICAL - Malicious Compromise of OpenSearch Pre-Release npm Packages Alan Coopersmith (May 12)
CVE-2026-5958: GNU sed: TOCTOU race in sed -i --follow-symlinks Solar Designer (May 12)
CVE-2026-41326: Kata Containers: CopyFile Policy Subversion via Symlinks Solar Designer (May 12)
Linux kernel LPE ("fragnesia", copyfail 3.0) Sam James (May 13)
- Re: Linux kernel LPE ("fragnesia", copyfail 3.0) Greg KH (May 13)
- Re: Linux kernel LPE ("fragnesia", copyfail 3.0) Solar Designer (May 13)
  - Re: Linux kernel LPE ("fragnesia", copyfail 3.0) Jan Schaumann (May 13)
  - Re: Linux kernel LPE ("fragnesia", copyfail 3.0) Salvatore Bonaccorso (May 14)
    - Linux kernel: Dirty Frag variants — fix merged into netdev Hyunwoo Kim (May 21)
    - Re: Linux kernel: Dirty Frag variants — fix merged into netdev Solar Designer (May 21)
    - Re: Linux kernel: Dirty Frag variants — fix merged into netdev Hyunwoo Kim (May 21)
    - Re: Linux kernel: Dirty Frag variants — fix merged into netdev Demi Marie Obenour (May 22)
CVE-2026-8463: Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2_verify on empty encoded input Stig Palmquist (May 13)
NGINX ngx_http_rewrite_module vulnerability CVE-2026-42945 Alan Coopersmith (May 13)
- NGINX ngx_http_rewrite_module buffer overflow (CVE-2026-9256) Alan Coopersmith (May 22)
CVE-2026-8500: Web::Passwd versions through 0.03 for Perl is vulnerable to RCE Robert Rothenberg (May 13)
[oss-security][CVE-2026-8328] CPython: FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address Alan Coopersmith (May 13)
CVE-2026-45205: Apache Commons Configuration: StackOverflowError for YAML input with cycles Gary D. Gregory (May 14)
[vim-security] Command Injection in tar.vim affects Vim < 9.2.479 Christian Brabandt (May 14)
[vim-security] Vimscript Code Injection in netrw NetrwMarkFile() via crafted filename affects Vim < 9.2.480 Christian Brabandt (May 14)
CVE-2026-8612: WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution Stig Palmquist (May 14)
Logic bug in the Linux kernel's __ptrace_may_access() function Qualys Security Advisory (May 14)
- Re: Logic bug in the Linux kernel's __ptrace_may_access() function Sam James (May 14)
  - Re: Logic bug in the Linux kernel's __ptrace_may_access() function Salvatore Bonaccorso (May 14)
    - Re: Logic bug in the Linux kernel's __ptrace_may_access() function Salvatore Bonaccorso (May 14)
    - Re: Logic bug in the Linux kernel's __ptrace_may_access() function Sam James (May 15)
    - Re: Logic bug in the Linux kernel's __ptrace_may_access() function Qualys Security Advisory (May 15)
    - Re: Logic bug in the Linux kernel's __ptrace_may_access() function David Gonzalez (May 15)
- Re: Logic bug in the Linux kernel's __ptrace_may_access() function Qualys Security Advisory (May 15)
- Re: Logic bug in the Linux kernel's __ptrace_may_access() function Qualys Security Advisory (May 20)
- Re: Logic bug in the Linux kernel's __ptrace_may_access() function Qualys Security Advisory (May 20)
  - Re: Re: Logic bug in the Linux kernel's __ptrace_may_access() function Simon McVittie (May 21)
CVE-2026-8454: Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files Timothy Legge (May 15)
CVE-2026-8503: Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids Robert Rothenberg (May 15)
CVE-2026-8669: Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files Timothy Legge (May 15)
CVE-2026-46474: Trog::TOTP versions before 1.006 for Perl generate secrets using rand Robert Rothenberg (May 15)
Security Advisory: Multiple Vulnerabilities in llama.cpp GGUF Format Parsers 135266653 (May 15)
CVE-2026-35194: Apache Flink: Remote code execution via SQL injection in code generation Martijn Visser (May 15)
libpng-apng: Chunk-smuggling vulnerability in push-mode APNG parser: CVE-2026-40930 Cosmin Truta (May 15)
netatalk 4.4.3 fixes 20 CVEs, leaves 18 for later Alan Coopersmith (May 15)
PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 Released with security fixes Alan Coopersmith (May 15)
Poppy: XPC Observability & Fault Injection Stuart Thomas (May 15)
- Re: Poppy: XPC Observability & Fault Injection Solar Designer (May 15)
CVE-2026-8700: Crypt::DSA versions before 1.20 for Perl generate seeds using rand Timothy Legge (May 15)
CVE-2026-8704: Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified Timothy Legge (May 15)
Recent Kernel exploits, attack surface reduction, example IPSEC Hanno Böck (May 16)
- Re: Recent Kernel exploits, attack surface reduction, example IPSEC Valtteri Vuorikoski (May 16)
- Re: Recent Kernel exploits, attack surface reduction, example IPSEC Agostino Sarubbo (May 16)
- Re: Recent Kernel exploits, attack surface reduction, example IPSEC Bernhard R. Link (May 16)
  - Re: Recent Kernel exploits, attack surface reduction, example IPSEC Donald Buczek (May 17)
- Re: Recent Kernel exploits, attack surface reduction, example IPSEC Lionel Debroux (May 16)
- Re: Recent Kernel exploits, attack surface reduction, example IPSEC Jeffrey Walton (May 16)
CVE-2026-46719: Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections Robert Rothenberg (May 16)
CVE-2026-46720: Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections Robert Rothenberg (May 17)
[vim-security] Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name affects Vim < 9.2.495 Christian Brabandt (May 17)
[vim-security] Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex affects Vim < 9.2.0496 Christian Brabandt (May 17)
CVE-2026-8507: Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out of bound (OOB) write flaws Timothy Legge (May 17)
CVE-2026-8721: Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs Timothy Legge (May 17)
CVE-2026-8788: Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections Robert Rothenberg (May 17)
Re: CVE request experience Fabian Keil (May 18)
- Re: CVE request experience Fabian Keil (May 31)
On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Aaron Rainbolt (May 18)
- Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Simon McVittie (May 19)
  - Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Aaron Rainbolt (May 19)
    - Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Aaron Rainbolt (May 19)
    - Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Simon McVittie (May 20)
    - Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Demi Marie Obenour (May 20)
    - Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Gabriel Corona (May 20)
    - Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Steffen Nurpmeso (May 21)
    - Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) gabriel . corona (May 20)
- Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Gabriel Corona (May 19)
- Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Aaron Rainbolt (May 24)
Fixed: local root exploit in haveged, fixed in 1.9.21, CVE-2026-41054 Marcus Meissner (May 19)
- Re: Fixed: local root exploit in haveged, fixed in 1.9.21, CVE-2026-41054 Hanno Böck (May 19)
  - Re: Fixed: local root exploit in haveged, fixed in 1.9.21, CVE-2026-41054 Steffen Nurpmeso (May 19)
  - Re: Fixed: local root exploit in haveged, fixed in 1.9.21, CVE-2026-41054 nightmare . yeah27 (May 21)
    - Re: Re: Fixed: local root exploit in haveged, fixed in 1.9.21, CVE-2026-41054 Jeffrey Walton (May 21)
- CVE-2026-41054: haveged — privilege escalation via command socket Jiri Hladky (May 19)
PinTheft Linux LPE Sam James (May 19)
- Re: PinTheft Linux LPE Sam James (May 19)
  - Re: PinTheft Linux LPE Sam James (May 19)
  - Re: PinTheft Linux LPE Jelle van der Waa (May 19)
    - Re: PinTheft Linux LPE Marcus Meissner (May 21)
[SBA-ADV-20260126-02] CVE-2026-42329: DFIR-IRIS before 2.4.28 Open Redirect SBA Research Security Advisory (May 19)
[SBA-ADV-20260126-03] CVE-2026-42538: DFIR-IRIS before 2.4.28 Insecure File Upload SBA Research Security Advisory (May 19)
[SBA-ADV-20260126-04] CVE-2026-42539: DFIR-IRIS before 2.4.28 Excessive Data Exposure SBA Research Security Advisory (May 19)
[SBA-ADV-20260128-01] CVE-2026-42540: DFIR-IRIS before 2.4.28 Mass Assignment SBA Research Security Advisory (May 19)
[SBA-ADV-20260128-03] CVE-2026-42543: DFIR-IRIS before 2.4.28 Cross-Site Request Forgery (CSRF) SBA Research Security Advisory (May 19)
[SBA-ADV-20260128-05] CVE-2026-42547: DFIR-IRIS before 2.4.28 Alerts Can be Falsely Attributed to Customers SBA Research Security Advisory (May 19)
CVE-2026-47323: Apache Camel: Camel-CXF Message Header Injection via Missing Inbound Filtering Andrea Cosentino (May 19)
CVE-2026-29207: Apache OFBiz: Low-Privilege SSTI Leading to RCE in the Content Component Jacopo Cappellato (May 19)
CVE-2026-29220: Apache OFBiz: Low-Privilege LFI in Content Component Jacopo Cappellato (May 19)
CVE-2026-29226: Apache OFBiz: Low-Privilege SSRF in Content Component Jacopo Cappellato (May 19)
CVE-2026-31378: Apache OFBiz: JSON Attribute Override and URL Allowlist Bypass Leads to Remote Code Execution Jacopo Cappellato (May 19)
CVE-2026-31379: Apache OFBiz: Path Traversal and File Upload Validation Bypass Leading to Arbitrary File Write, Stored XSS and RCE in Catalog Manager Jacopo Cappellato (May 19)
CVE-2026-31380: Apache OFBiz: FreeMarker SSTI via Duplicate Parameter Sanitization Bypass Jacopo Cappellato (May 19)
CVE-2026-31387: Apache OFBiz: Cookie Manipulation Allows Authenticated JWT Forgery and Account Impersonation Jacopo Cappellato (May 19)
CVE-2026-31388: Apache OFBiz: Cross-Tenant Data Exposure via Program Export Feature Jacopo Cappellato (May 19)
CVE-2026-31906: Apache OFBiz: Reflected XSS via Improper HTML Attribute Escaping in Layered-Modal Dialog Parameters Jacopo Cappellato (May 19)
CVE-2026-31909: Apache OFBiz: Unauthenticated Shipment Label Image Disclosure Jacopo Cappellato (May 19)
CVE-2026-31910: Apache OFBiz: Improper Input Validation in UI Factory Classes Leads to SSRF and Blind File Access Jacopo Cappellato (May 19)
CVE-2026-31986: Apache OFBiz: Unauthenticated RCE via Default JWT Signing Key and Widget Template Injection Jacopo Cappellato (May 19)
CVE-2026-35086: Apache OFBiz: Authenticated Remote Code Execution via Unsafe Template Expansion in email services Jacopo Cappellato (May 19)
CVE-2026-41919: Apache OFBiz: Authentication Bypass due to Improper Neutralization of LDAP Special Elements in DN Construction Jacopo Cappellato (May 19)
CVE-2026-45187: Apache OFBiz: Improper Authorization in Scheduled Job Creation Allows Low-Privileged Users to Submit System Jobs Jacopo Cappellato (May 19)
CVE-2026-45434: Apache OFBiz: Authentication Bypass via Password-Change Logic Flaw Leading to RCE Jacopo Cappellato (May 19)
CVE-2026-46586: Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution Jacopo Cappellato (May 19)
Memcached 1.6.42 is a "major security focused release" with CVE's TBD Alan Coopersmith (May 19)
- Re: Memcached 1.6.42 is a "major security focused release" with CVE's TBD Alan Coopersmith (May 24)
Evince/Atril/Xreader command injection CVE-2026-46529 Michael Catanzaro (May 19)
- Re: Evince/Atril/Xreader command injection CVE-2026-46529 Michael Catanzaro (May 21)
  - Re: Evince/Atril/Xreader command injection CVE-2026-46529 Wolfgang (May 22)
CVE-2026-27173: Apache Airflow CNCF Kubernetes provider: JWT Token Exposure in KubernetesExecutor Command-Line Arguments Vincent Beck (May 19)
CVE-2026-42526: Apache Airflow Amazon provider: Prevent unauthorized access to team-scoped secrets in AWS Secrets Manager and SSM Parameter Store backends Vincent Beck (May 19)
[OSSA-2026-013] Ironic: Denial of Service via specially crafted deployment requests (CVE-2026-44919) Jay Faulkner (May 19)
CVE-2026-5090: Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected Robert Rothenberg (May 19)
PCManFM-Qt allows arbitrary files to be opened via the org.freedesktop.FileManager1.ShowFolders method Aaron Rainbolt (May 19)
- Re: PCManFM-Qt allows arbitrary files to be opened via the org.freedesktop.FileManager1.ShowFolders method Simon McVittie (May 20)
  - Re: PCManFM-Qt allows arbitrary files to be opened via the org.freedesktop.FileManager1.ShowFolders method gabriel . corona (May 20)
- Re: PCManFM-Qt allows arbitrary files to be opened via the org.freedesktop.FileManager1.ShowFolders method gabriel . corona (May 20)
- Re: PCManFM-Qt allows arbitrary files to be opened via the org.freedesktop.FileManager1.ShowFolders method Aaron Rainbolt (May 24)
QEMU CXL Memory Corruption Vulnerability ("QEMUtiny") Brett Sheffield (May 20)
Unbound: 1.25.1 addresses multiple CVE items Yorgos Thessalonikefs (May 20)
rsync 3.4.3 released: six CVEs (CVE-2026-29518, CVE-2026-43617, CVE-2026-43618, CVE-2026-43619, CVE-2026-43620, CVE-2026-45232) Andrew Tridgell (May 20)
ISC has disclosed six vulnerabilities in BIND 9 (CVE-2026-3039, CVE-2026-3592, CVE-2026-3593, CVE-2026-5946, CVE-2026-5947, CVE-2026-5950) Michał Kępień (May 20)
PowerDNS Security Advisory 2026-06: Multiple Issues Miod Vallat (May 20)
CVE-2026-4802 [cockpit] Arbitrary code execution in the logs page via a specially crafted link Jelle van der Waa (May 20)
CVE-2026-47373: Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks Robert Rothenberg (May 20)
CVE-2026-47372: Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts Robert Rothenberg (May 20)
CVE-2026-45250: FreeBSD setcred(2) stack overflow -> local privilege escalation (FatGid) Przemyslaw Frasunek (May 21)
- Re: CVE-2026-45250: FreeBSD setcred(2) stack overflow -> local privilege escalation (FatGid) Steffen Nurpmeso (May 21)
  - Re: CVE-2026-45250: FreeBSD setcred(2) stack overflow -> local privilege escalation (FatGid) Przemyslaw Frasunek (May 21)
CVE-2026-45760: Apache Camel K: Camel K Cross-Namespace Build Deputy Attack Pasquale Congiusti (May 21)
Host ambiguous requests through NGINX $host and Debian's proxy_params gabriel . corona (May 21)
- Re: Host ambiguous requests through NGINX **$http_host** and Debian's proxy_params Gabriel Corona (May 21)
- Re: Host ambiguous requests through NGINX $host and Debian's proxy_params Gabriel Corona (May 21)
CVE-2026-48207: Apache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement Chaokun Yang (May 21)
CVE-2026-47243: Kata Containers runtime-rs 3.30: virtiofsd symlink escape Aurelien Bombo (May 21)
CVE-2026-46473: Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand Robert Rothenberg (May 21)
CVE-2026-5091: Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks Robert Rothenberg (May 21)
Vulnerabilities in golang.org/x/crypto Alan Coopersmith (May 22)
CVE-2026-44417: Apache CXF: Incomplete fix for CVE-2025-48913 (Untrusted JMS configuration can lead to RCE) Colm O hEigeartaigh (May 22)
CVE-2026-44618: Apache CXF: XXE vulnerability in WS-Transfer functionality Colm O hEigeartaigh (May 22)
CVE-2026-44930: Apache CXF: LDAP Injection vulnerability in XKMS LDAP Repository Colm O hEigeartaigh (May 22)
illumos: 18118 SCTP frees wrong-size, and need to keep private options Dan McDonald (May 22)
[vim-security] Multiple Memory Safety Issues in Vim Spell File Parser affects Vim < 9.2.0513 Christian Brabandt (May 22)
HPLIP: Potential Escalation of Privilege and Arbitrary Code Execution Alan Coopersmith (May 22)
CVE-2026-9277: shell-quote before 1.8.4 command injection in quote() Akshat Sinha (May 22)
CVE-2026-45249: Apache ECharts: XSS in Lines series tooltip rendering Zhongxiang Wang (May 22)
Anthropic's coordinated vulnerability disclosure dashboard Alan Coopersmith (May 23)
root-project/root: Heap buffer overflow in TKey::Streamer / TBasket::ReadBasketBuffers Manopakorn Kooharueangrong (May 24)
- Re: root-project/root: Heap buffer overflow in TKey::Streamer / TBasket::ReadBasketBuffers Solar Designer (May 24)
  - Re: root-project/root: Heap buffer overflow in TKey::Streamer / TBasket::ReadBasketBuffers Matt Christie (May 24)
CVE-2026-45361: Apache Airflow Google provider: SSH host key verification disabled in ComputeEngineSSHHook (paramiko AutoAddPolicy default) Jens Scheffler (May 24)
CVE-2026-46745: Apache Airflow FAB provider: [ Security Report ] LDAP Filter Injection in FAB Auth Manager _search_ldap reachable via /auth/token (ZDRES-223) Jens Scheffler (May 24)
PuTTY 0.84 released with 3 minor security fixes Alan Coopersmith (May 24)
CVE-2026-42782: Apache Syncope: Post-auth RCE via Groovy static Francesco Chicchiriccò (May 25)
CVE-2026-42797: Apache Syncope: JexlContextBuilder Information Disclosure Francesco Chicchiriccò (May 25)
CVE-2026-43827: Apache Shiro: Session fixation: new session is not created after login by default Lenny Primak (May 25)
CVE-2026-43828: Apache Shiro: Shiro's native session and rememberMe cookies do not have secure flag set by default Lenny Primak (May 25)
CVE-2026-44598: Apache Shiro Jakarta EE module: Open redirect and SSRF (requires valid credentials) Lenny Primak (May 25)
CVE-2026-48589: Apache Shiro: Jakarta EE open redirect via untrusted Referer in post-login redirect flow Lenny Primak (May 25)
CVE-2026-8376: Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds Timothy Legge (May 25)
CVE-2026-42496: Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory Stig Palmquist (May 25)
CVE-2026-42497: Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory Stig Palmquist (May 25)
CVE-2026-9538: Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header Stig Palmquist (May 25)
qSnapper: Various Security Issues in Privileged D-Bus Service (CVE-2026-41045 through CVE-2026-41048) Matthias Gerstner (May 26)
CVE-2026-40564: Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator Gyula Fora (May 26)
CVE-2026-46740: Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections Robert Rothenberg (May 26)
CVE-2026-8647: Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available Robert Rothenberg (May 26)
CVE-2025-15649: IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date Stig Palmquist (May 26)
CVE-2026-48959: IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward Stig Palmquist (May 26)
CVE-2026-48961: IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID Stig Palmquist (May 26)
CVE-2026-48962: IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob Stig Palmquist (May 26)
CVE-2026-8450: HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file() Stig Palmquist (May 26)
ARTEMIS-5996: CVE-2026-40914: Apache Artemis, Apache ActiveMQ Artemis: Address routing-type can be updated by STOMP protocol user without the createAddress permission Justin Bertram (May 27)
[OSSA-2026-014] OpenStack Swift: Swift proxy-server denial of service via truncated s3api chunked upload (CVE-2026-49017) Goutham Pacha Ravi (May 27)
Linux: DMA-after-unmap race in ZCRX via netif_rxq_cleanup_unlease() ordering inversion (netkit + page_pool) Prénom? Ahmed (May 27)
- Re: Linux: DMA-after-unmap race in ZCRX via netif_rxq_cleanup_unlease() ordering inversion (netkit + page_pool) Jacob Bachmeyer (May 27)
- Re: Linux: DMA-after-unmap race in ZCRX via netif_rxq_cleanup_unlease() ordering inversion (netkit + page_pool) Solar Designer (May 28)
CIFSwitch: Linux kernel/cifs-utils local root via forged cifs.spnego upcall manizada (May 28)
- Re: CIFSwitch: Linux kernel/cifs-utils local root via forged cifs.spnego upcall manizada (Jun 01)
CVE-2025-48977: Apache Ignite: Rest Http default Arbitrary file read vulnerability zstan (May 28)
Various memory access violations in 7-Zip Alan Coopersmith (May 28)
Two security advisories for Cargo from Rust Alan Coopersmith (May 28)
Open Babel 3.2.0: 24 CVEs fixed across file-format parsers Geoffrey Hutchison (May 28)
[OSSA-2026-015] OpenStack Keystone: Multiple credential delegation and authorization bypass vulnerabilities (CVE-2026-42998, CVE-2026-42999, CVE-2026-43000, CVE-2026-43001, CVE-2026-44394) Goutham Pacha Ravi (May 28)
[OSSA-2026-016] OpenStack Neutron: Tagging policy bypass allows project readers to mutate tags (CVE-2026-pending) Goutham Pacha Ravi (May 28)
- [OSSA-2026-016] OpenStack Neutron: Errata 1 - Tagging policy bypass allows project readers to mutate tags (CVE-2026-49299) Goutham Pacha Ravi (Jun 02)
CVE-2026-9658: Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths Robert Rothenberg (May 28)
CVE-2026-41565: CryptX versions before 0.088_001 for Perl have a stack buffer overflow in four AEAD decrypt_verify helpers Stig Palmquist (May 28)
CVE-2024-13745, EDK II: several issues with partition table measurements Maxim Suhanov (May 29)
CVE-2026-48840: Exim 4.99.4: PROXY-protocol uninitialised-stack information disclosure Heiko Schlittermann (May 29)
[vim-security] Arbitrary Code Execution via Python Omni-Completion in Vim < 9.2.561 Christian Brabandt (May 29)
- <Possible follow-ups>
- [vim-security] Arbitrary Code Execution via Python Omni-Completion in Vim < 9.2.561 Christian Brabandt (May 29)
CVE-2026-44825: Apache Solr: Enabling BasicAuth using bin/solr CLI configures additional insecure users Jan Høydahl (May 29)
CVE-2026-48827: Apache MINA SSHD: Path traversal in org.apache.sshd:sshd-git Thomas Wolf (May 30)
CVE-2025-70116: NULL Pointer Dereference in GPAC/MP4Box via gf_media_map_esd on truncated MP4 input Alexander (May 30)
CVE-2026-47187, CVE-2026-48711: sshfs <= 3.7.5 symlink escape (local file read/write) and ssh argument injection (local command execution) Abhinav Agarwal (May 30)
[vim-security] Out-of-bounds Read in Terminal Screen Snapshot in Vim < 9.2.565 Christian Brabandt (May 30)
CVE-2026-49361: Apache Fluss Netty Frame Decoder Memory Exhaustion Vulnerability Jark Wu (May 30)
CVE-2026-8594: Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters Robert Rothenberg (May 30)
CVE-2025-70103: Heap-based Buffer Overflow in libjxl/cjxl via jxl::extras::DecodeImagePNM on crafted PBM file Alexander A. Shvedov (May 30)
CVE-2026-40861: Apache Airflow: Arbitrary File Read via Log Symlink following in FileTaskHandler Rahul Vats (May 31)
CVE-2026-40961: Apache Airflow: Open Redirect Bypass Vulnerability Rahul Vats (May 31)
CVE-2026-40963: Apache Airflow: DAG authorization bypass on /ui/structure/structure_data Rahul Vats (May 31)
CVE-2026-41014: Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints Rahul Vats (May 31)
CVE-2026-49267: Apache Airflow: No certificate validation on SMTP STARTTLS connections Rahul Vats (May 31)
CVE-2026-41017: Apache Airflow: JWT cookie missing Secure flag in JWTRefreshMiddleware behind HTTPS-terminating proxy Rahul Vats (May 31)
CVE-2026-41084: Apache Airflow: API authorization bypass: bulk TaskInstances allows cross-DAG mutation Rahul Vats (May 31)
CVE-2026-42252: Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern Rahul Vats (May 31)
CVE-2026-42360: Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking Rahul Vats (May 31)
CVE-2026-42358: Apache Airflow: Variable masker depth-limit bypass returns cleartext nested secrets Rahul Vats (May 31)
CVE-2026-42359: Apache Airflow: Authenticated RCE via XCom PATCH endpoint — XComUpdateBody missing FORBIDDEN_XCOM_KEYS validator Rahul Vats (May 31)
CVE-2026-45360: Apache Airflow: Arbitrary import in custom deadline-reference deserialization Rahul Vats (May 31)
CVE-2026-45426: Apache Airflow: Log server JWT authorization bypass via Python lstrip() character stripping allows cross-Dag log access Rahul Vats (May 31)
CVE-2026-46764: Apache Airflow: Event Log detail endpoint bypasses DAG-scoped event log permission filter Rahul Vats (May 31)
CVE-2026-48726: Apache Airflow: revoke_token() unreachable in FabAuthManager / KeycloakAuthManager logout path Rahul Vats (May 31)
CVE-2026-49298: Apache Airflow: JWT Token Exposure in KubernetesExecutor Command-Line Arguments Rahul Vats (May 31)
CVE-2026-42253: Apache ActiveMQ, Apache ActiveMQ Web: HTTP Response Header Injection via JMS Message Properties Christopher L. Shannon (May 31)
CVE-2026-42588: Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector Christopher L. Shannon (May 31)
CVE-2026-45505: Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Jolokia `addNetworkConnector` Discovery Wrapper Bypass Christopher L. Shannon (May 31)
CVE-2026-46605: Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incomplete authorization during destination removal Christopher L. Shannon (May 31)
CVE-2026-49157: Apache ActiveMQ: Authenticated low-privilege Web users retain Jolokia broker-management capability by default Christopher L. Shannon (May 31)
CVE-2026-49270: Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Durable Subscription Disclosure via Crafted BrokerInfo (OpenWire) Christopher L. Shannon (May 31)
CVE-2026-8796: Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input Paul Johnson (May 31)
CVE-2026-35563: Apache Directory LDAP API: LDAP client implementation does not verify if the server certificate matches the intended LDAP hostname Emmanuel Lécharny (May 31)
CVE-2026-45192: Apache Airflow: Incomplete Redaction of Sensitive Fields in Connection Extra API Response Rahul Vats (May 31)
CVE-2026-49328: Apache Fesod (Incubating): Improper validation of user-supplied URLs leading to SSRF Shuxin Pan (Jun 01)
[oss-security][CVE-2026-8643] pip can extract console_scripts and gui_scripts outside installation directory Alan Coopersmith (Jun 01)
CVE-2026-46718: Apache Calcite: A user-controled model can load arbitrary classes, leading to code execution Julian Hyde (Jun 01)
CVE-2025-60481: NULL Pointer Dereference in GPAC/MP4Box via gf_odf_ac4_cfg_dsi_v1 on crafted AC-4 stream Alexander A. Shvedov (Jun 01)
CVE-2025-60483: NULL Pointer Dereference in GPAC/MP4Box via gf_ac4_pres_b_4_back_channels_present on crafted AC-4 stream Alexander A. Shvedov (Jun 01)
CVE-2025-55664: Heap-based Buffer Overflow in GPAC/MP4Box via m2tsdmx_send_packet on crafted MPEG-2 TS file Alexander A. Shvedov (Jun 01)
CVE-2025-60485: NULL Pointer Dereference in GPAC/MP4Box via gf_isom_apple_set_tag_ex on crafted MP4 with corrupted esds box Alexander A. Shvedov (Jun 01)
CVE-2025-60486: Use-After-Free in GPAC/MP4Box via dasher_process on crafted MPEG-2 TS file Alexander A. Shvedov (Jun 01)
CVE-2025-60495: NULL Pointer Dereference in GPAC/MP4Box via gf_media_get_color_info on crafted MP4 with inconsistent sample entry Alexander A. Shvedov (Jun 01)
BIRD/BIRD2: stack buffer overflow in BGP AS_PATH mask matching, CVE pending Bakabaka_9 (Jun 01)
- Re: BIRD/BIRD2: stack buffer overflow in BGP AS_PATH mask matching, CVE pending Stuart Henderson (Jun 02)
  - Re: BIRD/BIRD2: stack buffer overflow in BGP AS_PATH mask matching, CVE pending Dan Yefihmov (Jun 02)
    - Re: BIRD/BIRD2: stack buffer overflow in BGP AS_PATH mask matching, CVE pending Bakabaka_9 (Jun 02)
    - Re: BIRD/BIRD2: stack buffer overflow in BGP AS_PATH mask matching, CVE pending Stuart Henderson (Jun 02)
    - Re: BIRD/BIRD2: stack buffer overflow in BGP AS_PATH mask matching, CVE pending Dan Yefihmov (Jun 02)
    - Re: BIRD/BIRD2: stack buffer overflow in BGP AS_PATH mask matching, CVE pending Stuart Henderson (Jun 02)
    - Re: BIRD/BIRD2: stack buffer overflow in BGP AS_PATH mask matching, CVE pending Dan Yefihmov (Jun 02)
CVE-2026-41115: Apache Kafka: Improper Authorization in CONSUMER_GROUP_DESCRIBE API Luke Chen (Jun 02)
[OSSA-2026-014] OpenStack Swift: Errata 1 - Proxy-server denial of service via truncated s3api chunked upload, (CVE-2026-49017) Goutham Pacha Ravi (Jun 02)
Linux kernel TLS ULP use-after-free in tls_sk_proto_close() Oleg Sevostyanov (Jun 02)
- Re: Linux kernel TLS ULP use-after-free in tls_sk_proto_close() Jacob Bachmeyer (Jun 02)
  - Re: Linux kernel TLS ULP use-after-free in tls_sk_proto_close() Oleg Sevostyanov (Jun 03)
    - Re: Linux kernel TLS ULP use-after-free in tls_sk_proto_close() Emily Shepherd (Jun 03)
    - Re: Linux kernel TLS ULP use-after-free in tls_sk_proto_close() Jacob Bachmeyer (Jun 03)
Fwd: FreeIPMI 1.6.18 Released with security fixes Alan Coopersmith (Jun 02)
- Re: Fwd: FreeIPMI 1.6.18 Released with security fixes Salvatore Bonaccorso (Jun 03)
Fwd: Go 1.26.4 and Go 1.25.11 are released Alan Coopersmith (Jun 02)
HTTP/2 Bomb affects Apache httpd, nginx, envoy, & pingora Alan Coopersmith (Jun 02)
- Re: HTTP/2 Bomb affects Apache httpd, nginx, envoy, & pingora Alan Coopersmith (Jun 04)
CVE-2026-9334: Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled Paul Johnson (Jun 02)
CVE-2026-9516: Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws Paul Johnson (Jun 02)
Django CVE-2026-6873, CVE-2026-7666, CVE-2026-8404, CVE-2026-35193, and CVE-2026-48587 Natalia Bidart (Jun 03)
[OSSA-2026-017] Ironic: Script injection during node boot via linux command line override (CVE-2026-46447) Jay Faulkner (Jun 03)
[OSSA-2026-018] Ironic: File overwrite on Ironic conductor via path traversal in ISO handling (CVE-2026-48681) Jay Faulkner (Jun 03)
[OSSA-2026-019] Ironic: File Extraction from conductor via pxe_template (CVE-2026-44917) Jay Faulkner (Jun 03)
[OSSA-2026-020] OpenStack Mistral: Mistral policy enforcement bypass allows unauthorized public resource creation and arbitrary code execution (CVE-2026-41283) Goutham Pacha Ravi (Jun 03)
[oss-security][CVE-2026-3276] Potential DoS via quadratic complexity in unicodedata.normalize() Alan Coopersmith (Jun 03)
CVE-2026-48842+more: Roundcube numerous vulnerabilities prior to 1.6.16/1.7.1 Valtteri Vuorikoski (Jun 03)
5 CVEs in Redis Alan Coopersmith (Jun 03)
CVE-2026-8722: Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections Robert Rothenberg (Jun 03)
CVE-2026-8829: HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities Paul Johnson (Jun 03)
CVE-2026-50076: Apache Fory: Java ReplaceResolverSerializer deserialization checks bypass Chaokun Yang (Jun 04)
libinput: libinput-device-group unescaped phys output can inject udev properties Peter Hutterer (Jun 04)
- Re: libinput: libinput-device-group unescaped phys output can inject udev properties Peter Hutterer (Jun 04)
  - Re: libinput: libinput-device-group unescaped phys output can inject udev properties Salvatore Bonaccorso (Jun 05)
    - Re: libinput: libinput-device-group unescaped phys output can inject udev properties Salvatore Bonaccorso (Jun 08)
[OSSA-2026-021] OpenStack Neutron: Neutron port RBAC policy bypass allows project managers to set trusted device owners on shared networks (CVE-2026-pending) Goutham Pacha Ravi (Jun 04)
- Re: [OSSA-2026-021] OpenStack Neutron: Neutron port RBAC policy bypass allows project managers to set trusted device owners on shared networks (CVE-2026-pending) Goutham Pacha Ravi (Jun 04)
CVE-2026-46739: Net::Statsd versions before 0.13 for Perl allow metric injections Robert Rothenberg (Jun 04)
CVE-2026-46741: Etsy::StatsD versions through 1.002002 for Perl allow metric injections Robert Rothenberg (Jun 04)
[oss-security][CVE-2026-7774] Cpython: tarfile.data_filter path traversal bypass allows writing outside the extraction directory Alan Coopersmith (Jun 04)
CVE-2026-49940: Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks Robert Rothenberg (Jun 04)
CVE-2026-49941: Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses Robert Rothenberg (Jun 04)
CVE-2026-49942: Net::CIDR::Set versions through 0.20 for Perl did not validate network masks Robert Rothenberg (Jun 04)
[vim-security] Arbitrary Code Execution via Python Omni-Completion in Vim < 9.2.597 Christian Brabandt (Jun 04)
Project Zero discloses 4 bugs in FreeType Alan Coopersmith (Jun 05)
[OSSN-0099] Denial of Service in OpenStack Ironic under reduced process stack size (CVE-2026-50589) Jay Faulkner (Jun 05)
CVE-2026-10879: DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders Robert Rothenberg (Jun 05)
CVE-2026-9270: DataDog::DogStatsd versions through 0.07 for Perl allow metric injections Robert Rothenberg (Jun 05)
CVE-2026-11362: DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags Robert Rothenberg (Jun 05)
CVE-2026-10725: Protocol::HTTP2 versions through 1.12 for Perl is vulnerable to a HTTP/2 Bomb Robert Rothenberg (Jun 06)
CVE-2026-47430: Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews Niklas Merz (Jun 07)
rsync 3.4.4 released, regression fixes Andrew Tridgell (Jun 07)
offlineimap 8.0.3 fixes CVE-2020-37248 (STARTTLS stripping) Sebastian Pipping (Jun 08)
CVE-2026-29167: Apache HTTP Server: mod_ldap per-dir use-after-free Eric Covener (Jun 08)
- Proposal: Add separate oss-security-vulnerability-reports mailing list (for AI vulnpocalypse) David A. Wheeler (Jun 09)
CVE-2026-29170: Apache HTTP Server: mod_proxy_ftp XSS Eric Covener (Jun 08)
CVE-2026-34355: Apache HTTP Server: mod_proxy_html buffer overflow Eric Covener (Jun 08)
CVE-2026-34356: Apache HTTP Server: ProxyPassReverseCookieMap buffer overflow Eric Covener (Jun 08)
CVE-2026-42535: Apache HTTP Server: mod_dav_fs protected directory access Eric Covener (Jun 08)
CVE-2026-42536: Apache HTTP Server: mod_xml2enc heap overflow Eric Covener (Jun 08)
CVE-2026-43951: Apache HTTP Server: OOB Read in `merge_response_headers` can cause crash Eric Covener (Jun 08)
CVE-2026-44119: Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules Eric Covener (Jun 08)
CVE-2026-44185: Apache HTTP Server: Stack Buffer Over-Read in mod_ssl OCSP `send_request` Eric Covener (Jun 08)
CVE-2026-44186: Apache HTTP Server: Loop in `proxy_ftp_handler` in mod_proxy_ftp Eric Covener (Jun 08)
CVE-2026-44631: Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow Eric Covener (Jun 08)
CVE-2026-48913: Apache HTTP Server: mod_http2 memory corruption when file handles exhausted Eric Covener (Jun 08)
CVE-2026-49975: Apache HTTP Server: mod_http2 denial of service Eric Covener (Jun 08)
[oss-security][CVE-2026-9669] CPython: bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow Alan Coopersmith (Jun 08)
CVE-2026-34905: Apache Answer: Unlisted Questions Accessible via Direct API Access Enxin Xie (Jun 09)
CVE-2026-34033: Apache Answer: HTML Content Injection in Email Enxin Xie (Jun 09)
CVE-2026-34031: Apache Answer: The custom avatar was not properly validated Enxin Xie (Jun 09)
CVE-2026-33582: Apache Answer: Uploading specially crafted TIFF files causes an Out-of-Memory error Enxin Xie (Jun 09)
CVE-2026-25699: Apache Answer: Authorization Bypass in Timeline API Enxin Xie (Jun 09)
CVE-2026-25688: Apache Answer: XSS in AI Answer Rendering Enxin Xie (Jun 09)
CVE-2026-49818: Apache Airflow Samba provider: Path traversal in GCSToSambaOperator via GCS object names Jarek Potiuk (Jun 09)
CVE-2026-9698: DBI versions before 1.648 for Perl saved errors in a limited-sized buffer Robert Rothenberg (Jun 09)
CVE-2009-10007: Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks Robert Rothenberg (Jun 09)
Xen Security Advisory 491 v2 (CVE-2026-42487) - x86 HVM I/O port list traversal Xen . org security team (Jun 09)
Xen Security Advisory 492 v3 (CVE-2026-42489,CVE-2026-42490) - domctl lock open to abuse Xen . org security team (Jun 09)
Xen Security Advisory 493 v2 (CVE-2025-10263) - Arm: Completion of memory accesses not guaranteed by completion of a TLBI Xen . org security team (Jun 09)
Xen Security Advisory 494 v3 (CVE-2026-42488) - x86: mismatched mapcache metadata Xen . org security team (Jun 09)
How to request CVE numbers? Hauke Mehrtens (Jun 10)
- Re: How to request CVE numbers? swing sze (Jun 10)
  - Re: How to request CVE numbers? Marcus Meissner (Jun 10)
    - Re: How to request CVE numbers? Christian Brabandt (Jun 10)
    - Re: How to request CVE numbers? Lucas Holt (Jun 10)
    - Re: How to request CVE numbers? Sam Bull (Jun 10)
- Re: How to request CVE numbers? Michael Freeman (Jun 10)
ldns insufficiently verifies that responses belong to a query Willem Toorop (Jun 10)
Multiple vulnerabilities in Jenkins Daniel Beck (Jun 10)
CVE-2026-25700: Apache Answer: AdminToken not invalidated after admin deactivation Enxin Xie (Jun 10)
Fwd: Node.js security updates for all active release lines, June 2026 Rafael Gonzaga (Jun 10)
CVE-2026-47342: Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass Jacopo Cappellato (Jun 10)

Previous period

Next period