Search CVE reports


Toggle filters

11 – 20 of 30167 results

Status is adjusted based on your filters.


CVE-2026-14191

Medium priority
Needs evaluation

An out-of-bounds heap write exists in the RAR5 recovery-volume (.rev) parser in WinRAR and UnRAR (RecVolumes5::ReadHeader in recvol5.cpp). The RecItems vector is sized only when the first .rev file in a set is processed;...

1 affected package

unrar-nonfree

Package 26.04 LTS
unrar-nonfree Needs evaluation
Show less packages

CVE-2026-57963

Medium priority
Needs evaluation

An attacker who can send HTML chat messages (via Matrix or XMPP) can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1.

1 affected package

thunderbird

Package 26.04 LTS
thunderbird Needs evaluation
Show less packages

CVE-2026-57962

Medium priority
Needs evaluation

A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied data into the Thunderbird LDAP client until it crashes due to memory...

1 affected package

thunderbird

Package 26.04 LTS
thunderbird Needs evaluation
Show less packages

CVE-2026-41579

Medium priority
Needs evaluation

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5.0-rc.1, and 1.5.0-rc.1, when setting up the container rootfs, setupPtmx and...

3 affected packages

runc, runc-app, runc-stable

Package 26.04 LTS
runc Needs evaluation
runc-app Needs evaluation
runc-stable Needs evaluation
Show less packages

CVE-2026-54903

Medium priority
Needs evaluation

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.load is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in...

1 affected package

ruby-oj

Package 26.04 LTS
ruby-oj Needs evaluation
Show less packages

CVE-2026-54902

Medium priority
Needs evaluation

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in SAJ mode. The Oj::Parser does not protect cached object keys (≥ 35 bytes) from...

1 affected package

ruby-oj

Package 26.04 LTS
ruby-oj Needs evaluation
Show less packages

CVE-2026-54901

Medium priority
Needs evaluation

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj::Parser in usual mode does not mark array_class and hash_class references during garbage collection, leading to...

1 affected package

ruby-oj

Package 26.04 LTS
ruby-oj Needs evaluation
Show less packages

CVE-2026-54900

Medium priority
Needs evaluation

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in usual mode with create_id enabled, Oj::Parser#parse is vulnerable to heap corruption via a negative-size...

1 affected package

ruby-oj

Package 26.04 LTS
ruby-oj Needs evaluation
Show less packages

CVE-2026-54899

Medium priority
Needs evaluation

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, disabling symbol_keys on a reused Oj::Parser instance triggers a heap use-after-free. When symbol_keys is toggled from...

1 affected package

ruby-oj

Package 26.04 LTS
ruby-oj Needs evaluation
Show less packages

CVE-2026-54898

Medium priority
Needs evaluation

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parser#parse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during...

1 affected package

ruby-oj

Package 26.04 LTS
ruby-oj Needs evaluation
Show less packages