Search CVE reports
21 – 30 of 26524 results
Not in release
The Elasticsearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:password@server.example.com:9200`), wrote the full host URL — including the embedded credentials — into task...
1 affected package
elasticsearch
| Package | 26.04 LTS |
|---|---|
| elasticsearch | Not in release |
(jq is a command-line JSON processor. In 1.8.1 and earlier, jv_contains ...)
1 affected package
jq
| Package | 26.04 LTS |
|---|---|
| jq | Needs evaluation |
Wireshark MCP is an MCP Server that turns tshark into a structured analysis interface, then layers in optional Wireshark suite utilities. In 1.1.5 and earlier, wireshark-mcp exposes a wireshark_export_objects MCP tool that accepts...
1 affected package
wireshark
| Package | 26.04 LTS |
|---|---|
| wireshark | Needs evaluation |
libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an integer overflow vulnerability in libcaca's canvas import functionality allows an attacker to cause a controlled heap out-of-bounds write (heap overflow) by...
1 affected package
libcaca
| Package | 26.04 LTS |
|---|---|
| libcaca | Needs evaluation |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in the display tool and...
1 affected package
imagemagick
| Package | 26.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both...
12 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 26.04 LTS |
|---|---|
| python2.7 | Not in release |
| python3.4 | Not in release |
| python3.5 | Not in release |
| python3.6 | Not in release |
| python3.7 | Not in release |
| python3.8 | Not in release |
| python3.9 | Not in release |
| python3.10 | Not in release |
| python3.11 | Not in release |
| python3.12 | Not in release |
| python3.13 | Not in release |
| python3.14 | Needs evaluation |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Echo. This vulnerability is associated with program files includes/Api/ApiEchoNotifications.Php. This issue affects Echo: from *...
1 affected package
mediawiki
| Package | 26.04 LTS |
|---|---|
| mediawiki | Needs evaluation |
jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other.
1 affected package
jq
| Package | 26.04 LTS |
|---|---|
| jq | Needs evaluation |
jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jv_object_merge_recursive() allows a crafted jq program to crash the process with a segfault. The function is reachable through the * operator when...
1 affected package
jq
| Package | 26.04 LTS |
|---|---|
| jq | Needs evaluation |
jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during module and data-file lookup. This...
1 affected package
jq
| Package | 26.04 LTS |
|---|---|
| jq | Needs evaluation |