Search CVE reports


Toggle filters

311 – 320 of 42760 results

Status is adjusted based on your filters.


CVE-2026-59922

Medium priority
Needs evaluation

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a run of closed tilde, equals-sign, or caret marker pairs around a character causes quadratic work in src/mistune/plugins/formatting.py when the...

1 affected package

mistune

Package 20.04 LTS
mistune Needs evaluation
Show less packages

CVE-2026-59890

Medium priority
Needs evaluation

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by...

1 affected package

setuptools

Package 20.04 LTS
setuptools Needs evaluation
Show less packages

CVE-2026-59882

Medium priority
Needs evaluation

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost() does not reject URI host components containing authority delimiters, embedded ports, or malformed IPv6 brackets,...

1 affected package

php-guzzlehttp-psr7

Package 20.04 LTS
php-guzzlehttp-psr7 Needs evaluation
Show less packages

CVE-2026-59879

Medium priority
Needs evaluation

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, List#set, List#setSize, List#setIn, List#updateIn, and the functional set, setIn, and updateIn mishandle an index or size in the range 2 **...

1 affected package

node-immutable

Package 20.04 LTS
node-immutable Needs evaluation
Show less packages

CVE-2026-42505

Medium priority
Needs evaluation

Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello.

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 20.04 LTS
golang
golang-1.6
golang-1.8
golang-1.9
golang-1.10
golang-1.13 Needs evaluation
golang-1.14 Needs evaluation
golang-1.16 Needs evaluation
golang-1.17
golang-1.18 Needs evaluation
golang-1.20 Needs evaluation
golang-1.21 Needs evaluation
golang-1.22 Needs evaluation
golang-1.23
golang-1.24
golang-1.25
Show all 16 packages Show less packages

CVE-2026-39822

Medium priority
Needs evaluation

On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open("symlink/")'...

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 20.04 LTS
golang
golang-1.6
golang-1.8
golang-1.9
golang-1.10
golang-1.13 Needs evaluation
golang-1.14 Needs evaluation
golang-1.16 Needs evaluation
golang-1.17
golang-1.18 Needs evaluation
golang-1.20 Needs evaluation
golang-1.21 Needs evaluation
golang-1.22 Needs evaluation
golang-1.23
golang-1.24
golang-1.25
Show all 16 packages Show less packages

CVE-2026-29009

Medium priority
Needs evaluation

U-Boot through 2026.04-rc3 contains a buffer overflow vulnerability in nfs_readlink_reply() (net/nfs-common.c) when CONFIG_CMD_NFS is enabled, allowing a malicious or compromised NFS server to overflow the 2048-byte nfs_path_buff...

2 affected packages

u-boot, u-boot-nezha

Package 20.04 LTS
u-boot Needs evaluation
u-boot-nezha
Show less packages

CVE-2026-29008

Medium priority
Needs evaluation

U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcp_rx_state_machine() function (net/tcp.c) that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet...

2 affected packages

u-boot, u-boot-nezha

Package 20.04 LTS
u-boot Needs evaluation
u-boot-nezha
Show less packages

CVE-2026-29007

Medium priority
Needs evaluation

U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcp_rx_state_machine() (net/tcp.c) when CONFIG_PROT_TCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious...

2 affected packages

u-boot, u-boot-nezha

Package 20.04 LTS
u-boot Needs evaluation
u-boot-nezha
Show less packages

CVE-2026-59880

Medium priority
Needs evaluation

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set keep keys that share the same 32-bit hash in a HashCollisionNode collision bucket that is scanned linearly,...

1 affected package

node-immutable

Package 20.04 LTS
node-immutable Needs evaluation
Show less packages