CVE search results

311 – 320 of 26524 results

Detailed view

Sort by:

Status is adjusted based on your filters.

CVE-2026-8088

Medium priority

Needs evaluation

A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to...

1 affected package

gdal

Package	26.04 LTS
gdal	Needs evaluation

CVE-2026-42225

Medium priority

Needs evaluation

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport (sip_transport_tls) can accept connections with invalid or untrusted certificates even...

2 affected packages

asterisk, pjproject

Package	26.04 LTS
asterisk	Needs evaluation
pjproject	Not in release

CVE-2026-39836

Medium priority

Needs evaluation

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package	26.04 LTS
golang	Not in release
golang-1.6	Not in release
golang-1.8	Not in release
golang-1.9	Not in release
golang-1.10	Not in release
golang-1.13	Not in release
golang-1.14	Not in release
golang-1.16	Not in release
golang-1.17	Not in release
golang-1.18	Not in release
golang-1.20	Not in release
golang-1.21	Not in release
golang-1.22	Not in release
golang-1.23	Needs evaluation
golang-1.24	Needs evaluation
golang-1.25	Needs evaluation

CVE-2026-39825

Medium priority

Needs evaluation

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to...

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package	26.04 LTS
golang	Not in release
golang-1.6	Not in release
golang-1.8	Not in release
golang-1.9	Not in release
golang-1.10	Not in release
golang-1.13	Not in release
golang-1.14	Not in release
golang-1.16	Not in release
golang-1.17	Not in release
golang-1.18	Not in release
golang-1.20	Not in release
golang-1.21	Not in release
golang-1.22	Not in release
golang-1.23	Needs evaluation
golang-1.24	Needs evaluation
golang-1.25	Needs evaluation

CVE-2026-39823

Medium priority

Needs evaluation

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a <meta> tag's <content> attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the <content> attribute,...

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package	26.04 LTS
golang	Not in release
golang-1.6	Not in release
golang-1.8	Not in release
golang-1.9	Not in release
golang-1.10	Not in release
golang-1.13	Not in release
golang-1.14	Not in release
golang-1.16	Not in release
golang-1.17	Not in release
golang-1.18	Not in release
golang-1.20	Not in release
golang-1.21	Not in release
golang-1.22	Not in release
golang-1.23	Needs evaluation
golang-1.24	Needs evaluation
golang-1.25	Needs evaluation

CVE-2026-39820

Medium priority

Needs evaluation

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package	26.04 LTS
golang	Not in release
golang-1.6	Not in release
golang-1.8	Not in release
golang-1.9	Not in release
golang-1.10	Not in release
golang-1.13	Not in release
golang-1.14	Not in release
golang-1.16	Not in release
golang-1.17	Not in release
golang-1.18	Not in release
golang-1.20	Not in release
golang-1.21	Not in release
golang-1.22	Not in release
golang-1.23	Needs evaluation
golang-1.24	Needs evaluation
golang-1.25	Needs evaluation

CVE-2026-39817

Medium priority

Needs evaluation

The "go tool pack" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to...

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package	26.04 LTS
golang	Not in release
golang-1.6	Not in release
golang-1.8	Not in release
golang-1.9	Not in release
golang-1.10	Not in release
golang-1.13	Not in release
golang-1.14	Not in release
golang-1.16	Not in release
golang-1.17	Not in release
golang-1.18	Not in release
golang-1.20	Not in release
golang-1.21	Not in release
golang-1.22	Not in release
golang-1.23	Needs evaluation
golang-1.24	Needs evaluation
golang-1.25	Needs evaluation

CVE-2026-33811

Medium priority

Needs evaluation

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package	26.04 LTS
golang	Not in release
golang-1.6	Not in release
golang-1.8	Not in release
golang-1.9	Not in release
golang-1.10	Not in release
golang-1.13	Not in release
golang-1.14	Not in release
golang-1.16	Not in release
golang-1.17	Not in release
golang-1.18	Not in release
golang-1.20	Not in release
golang-1.21	Not in release
golang-1.22	Not in release
golang-1.23	Needs evaluation
golang-1.24	Needs evaluation
golang-1.25	Needs evaluation

CVE-2026-42284

Medium priority

Needs evaluation

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "--branch main...

1 affected package

python-git

Package	26.04 LTS
python-git	Needs evaluation

CVE-2026-42215

Medium priority

Needs evaluation

GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent...

1 affected package

python-git

Package	26.04 LTS
python-git	Needs evaluation

Export to JSON

Results by page:

Search CVE reports