Search CVE reports


Toggle filters

161 – 170 of 29050 results

Status is adjusted based on your filters.


CVE-2026-55392

Medium priority
Needs evaluation

NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfs_sb_is_valid() function fails to validate s_log_block_size field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger...

1 affected package

nilfs-tools

Package 26.04 LTS
nilfs-tools Needs evaluation
Show less packages

CVE-2026-48937

Medium priority
Needs evaluation

A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a `GOAWAY` frame. This vulnerability affects two supported release lines: **Node.js 22** and **Node.js 24**.

1 affected package

nodejs

Package 26.04 LTS
nodejs Needs evaluation
Show less packages

CVE-2026-48617

Medium priority
Needs evaluation

A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations....

1 affected package

nodejs

Package 26.04 LTS
nodejs Needs evaluation
Show less packages

CVE-2026-46580

Medium priority

Not in release

In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/*.prompttemplate in a workspace were automatically loaded and could override or extend the AI agent's system prompts. An attacker could craft a...

1 affected package

eclipse

Package 26.04 LTS
eclipse Not in release
Show less packages

CVE-2026-44691

Medium priority

Not in release

In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files (e.g. .theia/tasks.json, .vscode/tasks.json) could be executed without requiring workspace trust. An attacker could craft a malicious repository...

1 affected package

eclipse

Package 26.04 LTS
eclipse Not in release
Show less packages

CVE-2026-44688

Medium priority

Not in release

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious...

1 affected package

eclipse

Package 26.04 LTS
eclipse Not in release
Show less packages

CVE-2026-22551

Medium priority

Not in release

In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious...

1 affected package

eclipse

Package 26.04 LTS
eclipse Not in release
Show less packages

CVE-2026-11791

Medium priority
Needs evaluation

A flaw was found in 389 Directory Server. During schema reload, the attr_syntax_swap_ht() function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the...

1 affected package

389-ds-base

Package 26.04 LTS
389-ds-base Needs evaluation
Show less packages

CVE-2026-8461

Medium priority
Needs evaluation

An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated...

2 affected packages

ffmpeg, libav

Package 26.04 LTS
ffmpeg Needs evaluation
libav Not in release
Show less packages

CVE-2026-44942

Medium priority
Needs evaluation

A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache...

1 affected package

libzypp

Package 26.04 LTS
libzypp Needs evaluation
Show less packages