Report Name: Linux Patch Wednesday January 2026
Generated: 2026-01-24 21:41:40

Product Name	Prevalence	U	C	H	M	L	A	Comment
Angular	0.95			1			1	Angular is a development platform for building mobile and desktop web applications using TypeScript, JavaScript, and other languages. It provides a component-based architecture, declarative templates, dependency injection, powerful tooling, and extensive ecosystem support for creating scalable, high-performance web apps.
AMD SEV-SNP	0.9			1			1	AMD SEV-SNP capable CPUs are processors designed with Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP) technology, which protects virtual machine memory from unauthorized access by encrypting guest memory and providing integrity protection. These CPUs are commonly used in cloud, server, and high-security environments.
Apache Log4j	0.9		1				1	Apache Log4j is a Java-based logging utility
GNU Inetutils	0.9	1					1	GNU Inetutils is a collection of common network utilities for GNU/Linux systems.
Linux Kernel	0.9				226	390	616	The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
Chromium	0.8	1	1	1	9		12	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
GNOME desktop	0.8			1			1	GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
GNU C Library	0.8			1	3		4	The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
Mozilla Firefox	0.8			9	18		27	Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
Node.js	0.8		1	3	4		8	Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
PHP	0.8				2		2	PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
Safari	0.8	1			4	1	6	Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
Zabbix	0.8				1		1	Zabbix is an open-source software tool to monitor IT infrastructure such as networks, servers, virtual machines, and cloud services
net-snmp	0.8		1				1	net-snmp is an open-source suite of applications, libraries, and daemons for implementing the Simple Network Management Protocol (SNMP). It provides tools for monitoring, managing, and configuring network devices, including SNMP agents, managers, and trap daemons, and supports a wide range of platforms and extensions.
Apache Tomcat	0.7				1		1	Apache Tomcat is a free and open-source implementation of the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies
Kubernetes	0.7				1		1	Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management
Open Asset Import Library Assimp	0.7				1		1	Open Asset Import Library is a library that loads various 3D file formats into a shared, in-memory format
cpp-httplib	0.7			2			2	cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library
qs	0.7		1				1	qs is a popular JavaScript library for parsing and serializing URL query strings. It supports nested objects, arrays, custom parsing options, and is widely used in Node.js frameworks and middleware to handle HTTP query parameters and form-encoded data.
FreeRDP	0.6			17			17	FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license
ImageMagick	0.6			3	5		8	ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
Jenkins	0.6				4	1	5	Jenkins is an open source automation server. It helps automate the parts of software development related to building, testing, and deploying, facilitating continuous integration, and continuous delivery.
Libsoup	0.6				1		1	libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop to integrate well with GNOME applications and also has a synchronous API for use in CLI tools.
MongoDB	0.6				3		3	MongoDB is a source-available, cross-platform, document-oriented database program
OWASP CRS	0.6			1			1	The OWASP Core Rule Set (CRS) is an open-source set of generic attack detection rules designed for use with compatible web application firewalls (WAFs). CRS provides protection against common web application attacks, including SQL injection, cross-site scripting (XSS), and local file inclusion, by inspecting HTTP requests and enforcing security policies.
Oracle Java SE	0.6				2	2	4	Oracle Java SE
Python	0.6			1	3		4	Python is a high-level, general-purpose programming language
Roundcube	0.6			1	1		2	Roundcube is a web-based IMAP email client
Wireshark	0.6			3	1		4	Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
expr-eval	0.6		1				1	expr-eval is a lightweight JavaScript expression parser and evaluator used to safely parse and compute mathematical expressions. It supports variables, functions, and custom operators, making it useful in applications requiring dynamic math evaluation.
libxml2	0.6				3		3	libxml2 is an XML toolkit implemented in C, originally developed for the GNOME Project
Authlib	0.5			1			1	Authlib is a Python library for building OAuth and OpenID Connect clients and servers, providing tools for secure authentication, token management, and authorization flows.
Binaryen	0.5			2			2	Product detected by a:webassembly:binaryen (exists in CPE dict)
Binutils	0.5			6			6	Product detected by a:gnu:binutils (exists in CPE dict)
Capstone	0.5			1	1		2	Product detected by a:capstone-engine:capstone (exists in CPE dict)
Cockpit	0.5		1				1	Product detected by a:cockpit-project:cockpit (exists in CPE dict)
Curl	0.5			3	2		5	Product detected by a:haxx:curl (exists in CPE dict)
DCMTK	0.5				1		1	DCMTK (DICOM Toolkit) is an open-source collection of libraries and applications implementing large parts of the DICOM standard, including image processing, storage, and network services for medical imaging.
Fast DDS	0.5			1	1		2	Product detected by a:eprosima:fast_dds (exists in CPE dict)
FontForge	0.5			9	3		12	FontForge is an open-source font editor used for creating, editing, and converting fonts in formats such as TrueType, OpenType, and PostScript.
Freeimage	0.5			1			1	Product detected by a:freeimage_project:freeimage (exists in CPE dict)
GIMP	0.5				4		4	GIMP is an open-source image manipulation program used for photo editing, graphic design, and digital art creation.
GNU Wget2	0.5			1	1		2	GNU Wget2 is a network utility to retrieve files from the web, supporting HTTP, HTTPS, and FTP protocols. It also supports Metalink for downloading multiple mirrors and checksums.
Gpsd	0.5		1	1			2	Product detected by a:gpsd_project:gpsd (exists in CPE dict)
Jose4j	0.5			1			1	The jose.4.j library is a robust and easy to use open source implementation of JSON Web Token (JWT) and the JOSE specification suite (JWS, JWE, and JWK)
Matio	0.5			1			1	Product detected by a:matio_project:matio (exists in CPE dict)
Miniflux	0.5			1			1	Product detected by a:miniflux_project:miniflux (exists in CPE dict)
ProxyChains-NG	0.5			1			1	Product detected by a:proxychains-ng_project:proxychains-ng (exists in CPE dict)
Pypdf	0.5				2		2	PyPDF is a Python library for reading, manipulating, and writing PDF files, including extraction, splitting, merging, and encryption features.
QuickJS	0.5			2	2		4	QuickJS is a lightweight JavaScript engine that supports modern ECMAScript features and can be embedded into applications for scripting purposes.
Recutils	0.5			1			1	Product detected by a:gnu:recutils (exists in CPE dict)
TLS	0.5				1	1	2	TLS
Tar	0.5			1			1	Product detected by a:gnu:tar (exists in CPE dict)
Task Scheduler	0.5				1		1	Task Scheduler
Traefik	0.5			1			1	Product detected by a:traefik:traefik (exists in CPE dict)
UnRTF	0.5			2			2	Product detected by a:unrtf_project:unrtf (exists in CPE dict)
Vega-functions	0.5			3			3	Product detected by a:vega-functions_project:vega-functions (exists in CPE dict)
WABT	0.5			2			2	Product detected by a:webassembly:wabt (exists in CPE dict)
aiohttp	0.5				7	1	8	Product detected by a:aiohttp:aiohttp (exists in CPE dict)
avahi	0.5			1	2		3	Product detected by a:avahi:avahi (exists in CPE dict)
build_of_apache_camel_for_spring_boot	0.5			1			1	Product detected by a:redhat:build_of_apache_camel_for_spring_boot (does NOT exist in CPE dict)
cakephp	0.5			1			1	Product detected by a:cakephp:cakephp (exists in CPE dict)
cbor2	0.5			1			1	Product detected by a:agronholm:cbor2 (does NOT exist in CPE dict)
fluidsynth	0.5			1			1	Product detected by a:fluidsynth:fluidsynth (exists in CPE dict)
gitea	0.5					1	1	Product detected by a:gitea:gitea (exists in CPE dict)
gnupg	0.5			1	1		2	Product detected by a:gnupg:gnupg (exists in CPE dict)
httparty	0.5			1			1	Product detected by a:jnunemaker:httparty (does NOT exist in CPE dict)
igmpproxy	0.5			1			1	Product detected by a:pali:igmpproxy (does NOT exist in CPE dict)
libcoap	0.5			1			1	Product detected by a:libcoap:libcoap (exists in CPE dict)
libpng	0.5			1	1		2	Product detected by a:libpng:libpng (exists in CPE dict)
libsndfile	0.5			1			1	Product detected by a:libsndfile_project:libsndfile (exists in CPE dict)
netcdf	0.5				5		5	Product detected by a:unidata:netcdf (does NOT exist in CPE dict)
nodemailer	0.5			1			1	Product detected by a:nodemailer:nodemailer (exists in CPE dict)
openexr	0.5				3		3	Product detected by a:openexr:openexr (exists in CPE dict)
parsl	0.5			1			1	Product detected by a:uchicago:parsl (does NOT exist in CPE dict)
rtl_433	0.5			1			1	Product detected by a:rtl_433_project:rtl_433 (exists in CPE dict)
undici	0.5				1		1	Product detected by a:nodejs:undici (exists in CPE dict)
urllib3	0.5					1	1	Product detected by a:python:urllib3 (exists in CPE dict)
uxplay	0.5			1			1	Product detected by a:antimof:uxplay (does NOT exist in CPE dict)
virtualenv	0.5				1		1	virtualenv is a tool to create isolated Python environments
zlib	0.5			1			1	Product detected by a:zlib:zlib (exists in CPE dict)
GPAC	0.4			10			10	GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
Keras	0.4				1		1	High-level neural networks API, running on top of TensorFlow, allowing model building and training
NVIDIA Nsight Systems	0.4				3		3	NVIDIA Nsight Systems is a system-wide performance analysis tool for Windows, Linux, and macOS. It provides detailed profiling of CPU, GPU, and OS activities to help developers optimize applications, identify bottlenecks, and improve performance across compute and graphics workloads.
U-Boot	0.4				1		1	Das U-Boot (U-Boot) is an open-source universal boot loader used on many embedded boards and SoCs to initialize hardware, provide low-level diagnostics, and load an operating system kernel. It is implemented primarily in C with board-specific assembly.
JOSE	0.3			1			1	JavaScript module for JSON Object Signing and Encryption (JOSE)
Visual Studio	0.3				1		1	Integrated development environment
Unknown Product	0				28	28	56	Unknown Product

Vulnerability Type	Criticality	U	C	H	M	L	A
Remote Code Execution	1.0	1	2	16	24		43
Authentication Bypass	0.98	1		5	6		12
Code Injection	0.97			2			2
Command Injection	0.97		1	3	4		8
XXE Injection	0.97				1		1
Arbitrary File Writing	0.95		1	1	1		3
Security Feature Bypass	0.9		3	8	15	1	27
Elevation of Privilege	0.85				1		1
Information Disclosure	0.83			1	7		8
Cross Site Scripting	0.8			5	8		13
Open Redirect	0.75			1			1
Denial of Service	0.7		1	45	40	2	88
Path Traversal	0.7			2	3		5
Incorrect Calculation	0.5				5	1	6
Memory Corruption	0.5	1		25	233	5	264
Spoofing	0.4				4		4
Unknown Vulnerability Type	0				15	417	432

Source	U	C	H	M	L	A
almalinux	1	2	7	16	4	30
altlinux			29	16	8	53
debian	3	6	106	343	415	873
oraclelinux	1	2	7	21	7	38
redhat	2	3	8	21	3	37
redos		1	1	8	7	17
ubuntu	2	2	4	13	5	26

Urgent (3)

1. Authentication Bypass - GNU Inetutils (CVE-2026-24061) - Urgent [932]

Description: telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

debian: CVE-2026-24061 was patched at 2026-01-21, 2026-01-22

2. Remote Code Execution - Safari (CVE-2025-43529) - Urgent [835]

Description: A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.

almalinux: CVE-2025-43529 was patched at 2025-12-18

debian: CVE-2025-43529 was patched at 2025-12-18, 2025-12-19

oraclelinux: CVE-2025-43529 was patched at 2025-12-18

redhat: CVE-2025-43529 was patched at 2025-12-18, 2025-12-24

ubuntu: CVE-2025-43529 was patched at 2026-01-13

3. Memory Corruption - Chromium (CVE-2025-14174) - Urgent [829]

Description: Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2025-14174 was patched at 2025-12-18, 2025-12-19

redhat: CVE-2025-14174 was patched at 2025-12-18, 2025-12-24

ubuntu: CVE-2025-14174 was patched at 2026-01-13

Critical (8)

4. Security Feature Bypass - Apache Log4j (CVE-2025-68161) - Critical [632]

Description: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName configuration attribute or the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName system property is set to true. This issue may allow a man-in-the-middle attacker to intercept or redirect log traffic under the following conditions: * The attacker is able to intercept or redirect network traffic between the client and the log receiver. * The attacker can present a server certificate issued by a certification authority trusted by the Socket Appender’s configured trust store (or by the default Java trust store if no custom trust store is configured). Users are advised to upgrade to Apache Log4j Core version 2.25.3, which addresses this issue. As an alternative mitigation, the Socket Appender may be configured to use a private or restricted trust root to limit the set of trusted certificates.

debian: CVE-2025-68161 was patched at 2026-01-19, 2026-01-20

5. Security Feature Bypass - qs (CVE-2025-15284) - Critical [622]

Description: Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: < 6.14.1. SummaryThe arrayLimit option in qs does not enforce limits for bracket notation (a[]=1&a[]=2), allowing attackers to cause denial-of-service via memory exhaustion. Applications using arrayLimit for DoS protection are vulnerable. DetailsThe arrayLimit option only checks limits for indexed notation (a[0]=1&a[1]=2) but completely bypasses it for bracket notation (a[]=1&a[]=2). Vulnerable code (lib/parse.js:159-162): if (root === '[]' && options.parseArrays) { obj = utils.combine([], leaf); // No arrayLimit check } Working code (lib/parse.js:175): else if (index <= options.arrayLimit) { // Limit checked here obj = []; obj[index] = leaf; } The bracket notation handler at line 159 uses utils.combine([], leaf) without validating against options.arrayLimit, while indexed notation at line 175 checks index <= options.arrayLimit before creating arrays. PoCTest 1 - Basic bypass: npm install qs const qs = require('qs'); const result = qs.parse('a[]=1&a[]=2&a[]=3&a[]=4&a[]=5&a[]=6', { arrayLimit: 5 }); console.log(result.a.length); // Output: 6 (should be max 5) Test 2 - DoS demonstration: const qs = require('qs'); const attack = 'a[]=' + Array(10000).fill('x').join('&a[]='); const result = qs.parse(attack, { arrayLimit: 100 }); console.log(result.a.length); // Output: 10000 (should be max 100) Configuration: * arrayLimit: 5 (test 1) or arrayLimit: 100 (test 2) * Use bracket notation: a[]=value (not indexed a[0]=value) ImpactDenial of Service via memory exhaustion. Affects applications using qs.parse() with user-controlled input and arrayLimit for protection. Attack scenario: * Attacker sends HTTP request: GET /api/search?filters[]=x&filters[]=x&...&filters[]=x (100,000+ times) * Application parses with qs.parse(query, { arrayLimit: 100 }) * qs ignores limit, parses all 100,000 elements into array * Server memory exhausted → application crashes or becomes unresponsive * Service unavailable for all users Real-world impact: * Single malicious request can crash server * No authentication required * Easy to automate and scale * Affects any endpoint parsing query strings with bracket notation

debian: CVE-2025-15284 was patched at 2026-01-20

6. Remote Code Execution - Gpsd (CVE-2025-67268) - Critical [619]

Description: gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary code execution.

almalinux: CVE-2025-67268 was patched at 2026-01-19

debian: CVE-2025-67268 was patched at 2026-01-19, 2026-01-20

oraclelinux: CVE-2025-67268 was patched at 2026-01-19

redhat: CVE-2025-67268 was patched at 2026-01-19

ubuntu: CVE-2025-67268 was patched at 2026-01-08

7. Command Injection - Cockpit (CVE-2020-35850) - Critical [613]

Description: An SSRF issue was discovered in cockpit-project.org Cockpit 234. NOTE: this is unrelated to the Agentejo Cockpit product. NOTE: the vendor states "I don't think [it] is a big real-life issue.

redos: CVE-2020-35850 was patched at 2025-12-26

8. Denial of Service - net-snmp (CVE-2025-68615) - Critical [603]

Description: net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash. This issue has been patched in versions 5.9.5 and 5.10.pre2.

almalinux: CVE-2025-68615 was patched at 2026-01-15, 2026-01-19

debian: CVE-2025-68615 was patched at 2026-01-01, 2026-01-12, 2026-01-20

oraclelinux: CVE-2025-68615 was patched at 2026-01-15, 2026-01-19

redhat: CVE-2025-68615 was patched at 2026-01-15, 2026-01-19, 2026-01-20, 2026-01-21

ubuntu: CVE-2025-68615 was patched at 2026-01-07

9. Security Feature Bypass - Chromium (CVE-2026-0628) - Critical [603]

Description: Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)

debian: CVE-2026-0628 was patched at 2026-01-09, 2026-01-20

10. Arbitrary File Writing - Node.js (CVE-2026-23745) - Critical [600]

Description: node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default secure behavior). This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks and Symlink Poisoning via absolute symlink targets. This vulnerability is fixed in 7.5.3.

debian: CVE-2026-23745 was patched at 2026-01-20

11. Remote Code Execution - expr-eval (CVE-2025-13204) - Critical [600]

Description: npm package `expr-eval` is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue.

redhat: CVE-2025-13204 was patched at 2026-01-06

High (114)

12. Command Injection - cpp-httplib (CVE-2026-21428) - High [599]

Description: cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.0, the ``write_headers`` function does not check for CR & LF characters in user supplied headers, allowing untrusted header value to escape header lines. This vulnerability allows attackers to add extra headers, modify request body unexpectedly & trigger an SSRF attack. When combined with a server that supports http1.1 pipelining (springboot, python twisted etc), this can be used for server side request forgery (SSRF). Version 0.30.0 fixes this issue.

debian: CVE-2026-21428 was patched at 2026-01-20

13. Cross Site Scripting - Angular (CVE-2026-22610) - High [598]

Description: Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting (XSS) vulnerability has been identified in the Angular Template Compiler. The vulnerability exists because Angular’s internal sanitization schema fails to recognize the href and xlink:href attributes of SVG <script> elements as a Resource URL context. This issue has been patched in versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0.

debian: CVE-2026-22610 was patched at 2026-01-20

14. Denial of Service - build_of_apache_camel_for_spring_boot (CVE-2025-9784) - High [589]

Description: A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).

redhat: CVE-2025-9784 was patched at 2026-01-08

15. Security Feature Bypass - OWASP CRS (CVE-2026-21876) - High [582]

Description: The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a collection (like `MULTIPART_PART_HEADERS`), the capture variables (`TX:0`, `TX:1`) get overwritten with each iteration. Only the last captured value is available to the chained rule, which means malicious charsets in earlier parts can be missed if a later part has a legitimate charset. Versions 4.22.0 and 3.3.8 patch the issue.

debian: CVE-2026-21876 was patched at 2026-01-20, 2026-01-21

16. Code Injection - parsl (CVE-2026-21892) - High [566]

Description: Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. The application constructs SQL queries using unsafe string formatting (Python % operator) with user-supplied input (workflow_id) directly from URL routes. This allows an unauthenticated attacker with access to the visualization dashboard to inject arbitrary SQL commands, potentially leading to data exfiltration or denial of service against the monitoring database. Version 2026.01.05 fixes the issue.

debian: CVE-2026-21892 was patched at 2026-01-14, 2026-01-20

17. Command Injection - httparty (CVE-2025-68696) - High [566]

Description: httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd.

debian: CVE-2025-68696 was patched at 2026-01-20

18. Security Feature Bypass - Authlib (CVE-2025-68158) - High [565]

Description: Authlib is a Python library which builds OAuth and OpenID Connect servers. In version 1.6.5 and prior, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state (easily obtainable via an attacker-initiated authentication flow). When a cache is supplied to the OAuth client registry, FrameworkIntegration.set_state_data writes the entire state blob under _state_{app}_{state}, and get_state_data ignores the caller’s session altogether. This issue has been patched in version 1.6.6.

debian: CVE-2025-68158 was patched at 2026-01-20

19. Denial of Service - cpp-httplib (CVE-2026-22776) - High [563]

Description: cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service (DoS) vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies (Content-Encoding: gzip, br, etc.). The library validates the payload_max_length against the compressed data size received from the network, but does not limit the size of the decompressed data stored in memory.

debian: CVE-2026-22776 was patched at 2026-01-20

20. Cross Site Scripting - Vega-functions (CVE-2025-26619) - High [559]

Description: Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In `vega` 5.30.0 and lower and in `vega-functions` 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression language that were not meant to be supported. The issue is patched in `vega` `5.31.0` and `vega-functions` `5.16.0`. Some workarounds are available. Run `vega` without `vega.expressionInterpreter`. This mode is not the default as it is slower. Alternatively, using the interpreter described in CSP safe mode (Content Security Policy) prevents arbitrary Javascript from running, so users of this mode are not affected by this vulnerability.

debian: CVE-2025-26619 was patched at 2026-01-20

21. Denial of Service - FreeRDP (CVE-2026-23530) - High [558]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,`freerdp_bitmap_decompress_planar` does not validate `nSrcWidth`/`nSrcHeight` against `planar->maxWidth`/`maxHeight` before RLE decode. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.

altlinux: CVE-2026-23530 was patched at 2026-01-22, 2026-01-23

debian: CVE-2026-23530 was patched at 2026-01-20

22. Denial of Service - FreeRDP (CVE-2026-23531) - High [558]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when `glyphData` is present, `clear_decompress` calls `freerdp_image_copy_no_overlap` without validating the destination rectangle, allowing an out-of-bounds read/write via crafted RDPGFX surface updates. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.

altlinux: CVE-2026-23531 was patched at 2026-01-22, 2026-01-23

debian: CVE-2026-23531 was patched at 2026-01-20

23. Denial of Service - FreeRDP (CVE-2026-23532) - High [558]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP client’s `gdi_SurfaceToSurface` path due to a mismatch between destination rectangle clamping and the actual copy size. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.

altlinux: CVE-2026-23532 was patched at 2026-01-22, 2026-01-23

debian: CVE-2026-23532 was patched at 2026-01-20

24. Denial of Service - FreeRDP (CVE-2026-23533) - High [558]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode path when maliciously crafted residual data causes out-of-bounds writes during color output. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.

altlinux: CVE-2026-23533 was patched at 2026-01-22, 2026-01-23

debian: CVE-2026-23533 was patched at 2026-01-20

25. Denial of Service - FreeRDP (CVE-2026-23534) - High [558]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode path when crafted band coordinates allow writes past the end of the destination surface buffer. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.

altlinux: CVE-2026-23534 was patched at 2026-01-22, 2026-01-23

debian: CVE-2026-23534 was patched at 2026-01-20

26. Denial of Service - FreeRDP (CVE-2026-23883) - High [558]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, `xf_Pointer_New` frees `cursorPixels` on failure, then `pointer_free` calls `xf_Pointer_Free` and frees it again, triggering ASan UAF. A malicious server can trigger a client‑side use after free, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.

altlinux: CVE-2026-23883 was patched at 2026-01-22, 2026-01-23

debian: CVE-2026-23883 was patched at 2026-01-20

27. Denial of Service - FreeRDP (CVE-2026-23884) - High [558]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves `gdi->drawing` pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑side use after free, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.

altlinux: CVE-2026-23884 was patched at 2026-01-22, 2026-01-23

debian: CVE-2026-23884 was patched at 2026-01-20

28. Command Injection - Miniflux (CVE-2026-21885) - High [554]

Description: Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint (`GET /proxy/{encodedDigest}/{encodedURL}`) can be abused to perform Server-Side Request Forgery (SSRF). An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs embedded in feed entry content, including internal addresses (e.g., localhost, private RFC1918 ranges, or link-local metadata endpoints). Requesting the resulting `/proxy/...` URL makes Miniflux fetch and return the internal response. Version 2.2.16 fixes the issue.

debian: CVE-2026-21885 was patched at 2026-01-20

29. Denial of Service - igmpproxy (CVE-2025-50681) - High [553]

Description: igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a denial of service (application crash) via a crafted IGMPv3 membership report packet with a malicious source address. Due to insufficient validation in the `recv_igmp()` function in src/igmpproxy.c, an invalid group record type can trigger a NULL pointer dereference when logging the address using `inet_fmtsrc()`. This vulnerability can be exploited by sending malformed multicast traffic to a host running igmpproxy, leading to a crash. igmpproxy is used in various embedded networking environments and consumer-grade IoT devices (such as home routers and media gateways) to handle multicast traffic for IPTV and other streaming services. Affected devices that rely on unpatched versions of igmpproxy may be vulnerable to remote denial-of-service attacks across a LAN .

debian: CVE-2025-50681 was patched at 2026-01-20

30. Cross Site Scripting - Vega-functions (CVE-2023-26486) - High [547]

Description: Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega `scale` expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argument group to getScale, which is then used as if it were an internal context. The context.scales[name].value is accessed from group and called as a function back in scale. This can be exploited to escape the Vega expression sandbox in order to execute arbitrary JavaScript. This issue has been fixed in version 5.13.1.

debian: CVE-2023-26486 was patched at 2026-01-20

31. Cross Site Scripting - Vega-functions (CVE-2023-26487) - High [547]

Description: Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.`lassoAppend' function accepts 3 arguments and internally invokes `push` function on the 1st argument specifying array consisting of 2nd and 3rd arguments as `push` call argument. The type of the 1st argument is supposed to be an array, but it's not enforced. This makes it possible to specify any object with a `push` function as the 1st argument, `push` function can be set to any function that can be access via `event.view` (no all such functions can be exploited due to invalid context or signature, but some can, e.g. `console.log`). The issue is that`lassoAppend` doesn't enforce proper types of its arguments. This issue opens various XSS vectors, but exact impact and severity depends on the environment (e.g. Core JS `setImmediate` polyfill basically allows `eval`-like functionality). This issue was patched in 5.23.0.

debian: CVE-2023-26487 was patched at 2026-01-20

32. Denial of Service - ImageMagick (CVE-2025-68618) - High [546]

Description: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue.

altlinux: CVE-2025-68618 was patched at 2026-01-23

debian: CVE-2025-68618 was patched at 2026-01-20

33. Denial of Service - ImageMagick (CVE-2025-69204) - High [546]

Description: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attributes caused an integer overflow. This, in turn, triggered a buffer overflow and caused a DoS attack. Version 7.1.2-12 fixes the issue.

altlinux: CVE-2025-69204 was patched at 2026-01-23

debian: CVE-2025-69204 was patched at 2026-01-20

34. Denial of Service - GNU C Library (CVE-2025-59529) - High [544]

Description: Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS. Although `CLIENTS_MAX` is defined, `server_work()` unconditionally `accept()`s and `client_new()` always appends the new client and increments `n_clients`. There is no check against the limit. When client cannot be accepted as a result of maximal socket number of avahi-daemon, it logs unconditionally error per each connection. Unprivileged local users can exhaust daemon memory and file descriptors, causing a denial of service system-wide for mDNS/DNS-SD. Exhausting local file descriptors causes increased system load caused by logging errors of each of request. Overloading prevents glibc calls using nss-mdns plugins to resolve `*.local.` names and link-local addresses. As of time of publication, no known patched versions are available, but a candidate fix is available in pull request 808, and some workarounds are available. Simple clients are offered for nss-mdns package functionality. It is not possible to disable the unix socket `/run/avahi-daemon/socket`, but resolution requests received via DBus are not affected directly. Tools avahi-resolve, avahi-resolve-address and avahi-resolve-host-name are not affected, they use DBus interface. It is possible to change permissions of unix socket after avahi-daemon is started. But avahi-daemon does not provide any configuration for it. Additional access restrictions like SELinux can also prevent unwanted tools to access the socket and keep resolution working for trusted users.

debian: CVE-2025-59529 was patched at 2026-01-20

35. Denial of Service - Gpsd (CVE-2025-67269) - High [541]

Description: An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `lexer->length = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer->length` to a very large value (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition.

almalinux: CVE-2025-67269 was patched at 2026-01-19

debian: CVE-2025-67269 was patched at 2026-01-20

oraclelinux: CVE-2025-67269 was patched at 2026-01-19

redhat: CVE-2025-67269 was patched at 2026-01-19

ubuntu: CVE-2025-67269 was patched at 2026-01-08

36. Information Disclosure - cbor2 (CVE-2025-68131) - High [541]

Description: cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag (28) persist in memory and can be accessed by subsequent CBOR messages using the sharedref tag (29). This allows an attacker-controlled message to read data from previously decoded messages if the decoder is reused across trust boundaries. Version 5.8.0 patches the issue.

debian: CVE-2025-68131 was patched at 2026-01-20

37. Path Traversal - GNU Wget2 (CVE-2025-69194) - High [541]

Description: A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink <file name> elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially allow further compromise of the user’s environment.

debian: CVE-2025-69194 was patched at 2026-01-20

38. Denial of Service - FreeRDP (CVE-2026-23732) - High [534]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing trusts `cbData`/remaining length and never validates against the minimum size implied by `cx/cy`. A malicious server can trigger a client‑side global buffer overflow, causing a crash (DoS). Version 3.21.0 contains a patch for the issue.

altlinux: CVE-2026-23732 was patched at 2026-01-22, 2026-01-23

debian: CVE-2026-23732 was patched at 2026-01-20

39. Memory Corruption - FreeRDP (CVE-2026-22852) - High [534]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input (AUDIN) format lists. audin_process_formats reuses callback->formats_count across multiple MSG_SNDIN_FORMATS PDUs and writes past the newly allocated formats array, causing memory corruption and a crash. This vulnerability is fixed in 3.20.1.

altlinux: CVE-2026-22852 was patched at 2026-01-22, 2026-01-23

debian: CVE-2026-22852 was patched at 2026-01-20

40. Memory Corruption - FreeRDP (CVE-2026-22853) - High [534]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndr_read_uint8Array. This vulnerability is fixed in 3.20.1.

altlinux: CVE-2026-22853 was patched at 2026-01-22, 2026-01-23

debian: CVE-2026-22853 was patched at 2026-01-20

41. Memory Corruption - FreeRDP (CVE-2026-22854) - High [534]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap memory. This vulnerability is fixed in 3.20.1.

altlinux: CVE-2026-22854 was patched at 2026-01-22, 2026-01-23

debian: CVE-2026-22854 was patched at 2026-01-20

42. Memory Corruption - FreeRDP (CVE-2026-22857) - High [534]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irp_thread_func because the IRP is freed by irp->Complete() and then accessed again on the error path. This vulnerability is fixed in 3.20.1.

altlinux: CVE-2026-22857 was patched at 2026-01-22, 2026-01-23

debian: CVE-2026-22857 was patched at 2026-01-20

43. Denial of Service - Node.js (CVE-2025-59466) - High [532]

Description: We have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when `async_hooks.createHook()` is enabled. Instead of reaching `process.on('uncaughtException')`, the process terminates, making the crash unrecoverable. Applications that rely on `AsyncLocalStorage` (v22, v20) or `async_hooks.createHook()` (v24, v22, v20) become vulnerable to denial-of-service crashes triggered by deep recursion under specific conditions.

debian: CVE-2025-59466 was patched at 2026-01-20

44. Denial of Service - Binutils (CVE-2025-66862) - High [529]

Description: A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

debian: CVE-2025-66862 was patched at 2026-01-20

45. Denial of Service - Binutils (CVE-2025-66863) - High [529]

Description: An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

debian: CVE-2025-66863 was patched at 2026-01-20

46. Denial of Service - Binutils (CVE-2025-66865) - High [529]

Description: An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

debian: CVE-2025-66865 was patched at 2026-01-20

47. Denial of Service - Fast DDS (CVE-2025-65865) - High [529]

Description: An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service (DoS) via a crafted input.

debian: CVE-2025-65865 was patched at 2026-01-20

48. Denial of Service - UnRTF (CVE-2025-65411) - High [529]

Description: A NULL pointer dereference in the src/path.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the search_path parameter.

debian: CVE-2025-65411 was patched at 2026-01-20

49. Denial of Service - nodemailer (CVE-2025-14874) - High [529]

Description: A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser.

debian: CVE-2025-14874 was patched at 2026-01-20

50. Memory Corruption - QuickJS (CVE-2026-0821) - High [529]

Description: A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called c5d80831e51e48a83eab16ea867be87f091783c5. A patch should be applied to remediate this issue.

debian: CVE-2026-0821 was patched at 2026-01-20

51. Security Feature Bypass - Binutils (CVE-2025-66864) - High [529]

Description: An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

debian: CVE-2025-66864 was patched at 2026-01-20

52. Security Feature Bypass - Binutils (CVE-2025-66866) - High [529]

Description: An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

debian: CVE-2025-66866 was patched at 2026-01-20

53. Security Feature Bypass - Traefik (CVE-2025-66490) - High [529]

Description: Traefik is an HTTP reverse proxy and load balancer. For versions prior to 2.11.32 and 2.11.31 through 3.6.2, requests using PathPrefix, Path or PathRegex matchers can bypass path normalization. When Traefik uses path-based routing, requests containing URL-encoded restricted characters (/, \, Null, ;, ?, #) can bypass the middleware chain and reach unintended backends. For example, a request to http://mydomain.example.com/admin%2F could reach service-a without triggering my-security-middleware, bypassing security controls for the /admin/ path. This issue is fixed in versions 2.11.32 and 3.6.3.

altlinux: CVE-2025-66490 was patched at 2025-12-25, 2025-12-26

54. Denial of Service - Wireshark (CVE-2026-0962) - High [522]

Description: SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service

altlinux: CVE-2026-0962 was patched at 2026-01-19

debian: CVE-2026-0962 was patched at 2026-01-20

55. Memory Corruption - FreeRDP (CVE-2026-22855) - High [522]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. This vulnerability is fixed in 3.20.1.

altlinux: CVE-2026-22855 was patched at 2026-01-22, 2026-01-23

debian: CVE-2026-22855 was patched at 2026-01-20

56. Memory Corruption - FreeRDP (CVE-2026-22858) - High [522]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c <= 0 can be optimized into a simple c != 0 check. As a result, non-ASCII bytes (e.g., 0x80-0xFF) may bypass the intended range restriction and be used as an index into a global lookup table, causing out-of-bounds access. This vulnerability is fixed in 3.20.1.

altlinux: CVE-2026-22858 was patched at 2026-01-22, 2026-01-23

debian: CVE-2026-22858 was patched at 2026-01-20

57. Memory Corruption - FreeRDP (CVE-2026-22859) - High [522]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on server‑supplied MSUSB_INTERFACE_DESCRIPTOR values and uses them as indices in libusb_udev_complete_msconfig_setup, causing an out‑of‑bounds read. This vulnerability is fixed in 3.20.1.

altlinux: CVE-2026-22859 was patched at 2026-01-22, 2026-01-23

debian: CVE-2026-22859 was patched at 2026-01-20

58. Authentication Bypass - Curl (CVE-2025-15079) - High [520]

Description: When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.

debian: CVE-2025-15079 was patched at 2026-01-20

59. Authentication Bypass - Curl (CVE-2025-15224) - High [520]

Description: When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.

debian: CVE-2025-15224 was patched at 2026-01-20

60. Denial of Service - Jose4j (CVE-2024-29371) - High [517]

Description: In jose4j before 0.9.6, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.

debian: CVE-2024-29371 was patched at 2026-01-20

redos: CVE-2024-29371 was patched at 2026-01-22

61. Denial of Service - ProxyChains-NG (CVE-2025-34451) - High [517]

Description: rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 contain a stack-based buffer overflow vulnerability in the function proxy_from_string() located in src/libproxychains.c. When parsing crafted proxy configuration entries containing overly long username or password fields, the application may write beyond the bounds of fixed-size stack buffers, leading to memory corruption or crashes. This vulnerability may allow denial of service and, under certain conditions, could be leveraged for further exploitation depending on the execution environment and applied mitigations.

debian: CVE-2025-34451 was patched at 2026-01-20

62. Denial of Service - Recutils (CVE-2025-65409) - High [517]

Description: A divide-by-zero in the encryption/decryption routines of GNU Recutils v1.9 allows attackers to cause a Denial of Service (DoS) via inputting an empty value as a password.

debian: CVE-2025-65409 was patched at 2026-01-20

63. Denial of Service - uxplay (CVE-2025-60458) - High [517]

Description: UxPlay 1.72 contains a double free vulnerability in its RTSP request handling. A specially crafted RTSP TEARDOWN request can trigger multiple calls to free() on the same memory address, potentially causing a Denial of Service.

debian: CVE-2025-60458 was patched at 2026-01-20

64. Memory Corruption - Freeimage (CVE-2025-70968) - High [517]

Description: FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE().

debian: CVE-2025-70968 was patched at 2026-01-20

65. Memory Corruption - Matio (CVE-2025-50343) - High [517]

Description: An issue was discovered in matio 1.5.28. A heap-based memory corruption can occur in Mat_VarCreateStruct() when the nfields value does not match the actual number of strings in the fields array. This leads to out-of-bounds reads and invalid memory frees during cleanup, potentially causing a segmentation fault or heap corruption.

debian: CVE-2025-50343 was patched at 2026-01-20

66. Cross Site Scripting - Roundcube (CVE-2025-68461) - High [516]

Description: Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.

debian: CVE-2025-68461 was patched at 2025-12-19

67. Denial of Service - GPAC (CVE-2025-70308) - High [513]

Description: An out-of-bounds read in the GSF demuxer filter component of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .gsf file.

debian: CVE-2025-70308 was patched at 2026-01-20

68. Denial of Service - Wireshark (CVE-2026-0961) - High [510]

Description: BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service

altlinux: CVE-2026-0961 was patched at 2026-01-19

debian: CVE-2026-0961 was patched at 2026-01-20

69. Memory Corruption - FreeRDP (CVE-2026-22856) - High [510]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial->IrpThreads while another reads it. This vulnerability is fixed in 3.20.1.

altlinux: CVE-2026-22856 was patched at 2026-01-22, 2026-01-23

debian: CVE-2026-22856 was patched at 2026-01-20

70. Denial of Service - avahi (CVE-2025-68471) - High [505]

Description: Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2 seconds apart.

debian: CVE-2025-68471 was patched at 2026-01-20

ubuntu: CVE-2025-68471 was patched at 2026-01-19

71. Denial of Service - rtl_433 (CVE-2025-34450) - High [505]

Description: merbanan/rtl_433 versions up to and including 25.02 and prior to commit 25e47f8 contain a stack-based buffer overflow vulnerability in the function parse_rfraw() located in src/rfraw.c. When processing crafted or excessively large raw RF input data, the application may write beyond the bounds of a stack buffer, resulting in memory corruption or a crash. This vulnerability can be exploited to cause a denial of service and, under certain conditions, may be leveraged for further exploitation depending on the execution environment and available mitigations.

debian: CVE-2025-34450 was patched at 2026-01-20

72. Memory Corruption - QuickJS (CVE-2026-0822) - High [505]

Description: A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function js_typed_array_sort of the file quickjs.c. The manipulation leads to heap-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The identifier of the patch is 53eefbcd695165a3bd8c584813b472cb4a69fbf5. To fix this issue, it is recommended to deploy a patch.

debian: CVE-2026-0822 was patched at 2026-01-20

73. Memory Corruption - zlib (CVE-2026-22184) - High [505]

Description: zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.

debian: CVE-2026-22184 was patched at 2026-01-20

74. Denial of Service - GPAC (CVE-2025-70299) - High [501]

Description: A heap overflow in the avi_parse_input_file() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted AVI file.

debian: CVE-2025-70299 was patched at 2026-01-20

75. Denial of Service - GPAC (CVE-2025-70304) - High [501]

Description: A buffer overflow in the vobsub_get_subpic_duration() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet.

debian: CVE-2025-70304 was patched at 2026-01-20

76. Denial of Service - GPAC (CVE-2025-70307) - High [501]

Description: A stack overflow in the dump_ttxt_sample function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet.

debian: CVE-2025-70307 was patched at 2026-01-20

77. Memory Corruption - AMD SEV-SNP (CVE-2025-29943) - High [501]

Description: Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest.

debian: CVE-2025-29943 was patched at 2026-01-20

78. Denial of Service - Wireshark (CVE-2026-0960) - High [498]

Description: HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service

altlinux: CVE-2026-0960 was patched at 2026-01-19

debian: CVE-2026-0960 was patched at 2026-01-20

79. Denial of Service - UnRTF (CVE-2025-65410) - High [482]

Description: A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted input into the filename parameter.

debian: CVE-2025-65410 was patched at 2026-01-20

80. Memory Corruption - WABT (CVE-2025-15411) - High [482]

Description: A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself.

debian: CVE-2025-15411 was patched at 2026-01-20

81. Memory Corruption - WABT (CVE-2025-15412) - High [482]

Description: A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. Such manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself.

debian: CVE-2025-15412 was patched at 2026-01-20

82. Memory Corruption - fluidsynth (CVE-2025-56225) - High [482]

Description: fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file.

debian: CVE-2025-56225 was patched at 2026-01-20

83. Open Redirect - Curl (CVE-2025-14524) - High [479]

Description: When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.

debian: CVE-2025-14524 was patched at 2026-01-20

84. Memory Corruption - GPAC (CVE-2025-70298) - High [477]

Description: GPAC v2.4.0 was discovered to contain an out-of-bounds read in the oggdmx_parse_tags function.

debian: CVE-2025-70298 was patched at 2026-01-20

85. Memory Corruption - FreeRDP (CVE-2026-22851) - High [475]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap use-after-free. Specifically, an escaped pointer to sdl->primary (SDL_Surface) is accessed after it has been freed during RDPGFX ResetGraphics handling. This vulnerability is fixed in 3.20.1.

altlinux: CVE-2026-22851 was patched at 2026-01-22, 2026-01-23

debian: CVE-2026-22851 was patched at 2026-01-20

86. Denial of Service - JOSE (CVE-2024-29370) - High [472]

Description: In python-jose 3.3.0 (specifically jwe.decrypt), a vulnerability allows an attacker to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.

debian: CVE-2024-29370 was patched at 2026-01-20

87. Memory Corruption - Binaryen (CVE-2025-14956) - High [470]

Description: A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: 4f52bff8c4075b5630422f902dd92a0af2c9f398. It is recommended to apply a patch to fix this issue.

debian: CVE-2025-14956 was patched at 2026-01-20

88. Memory Corruption - Capstone (CVE-2025-67873) - High [470]

Description: Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make cs_disasm/cs_disasm_iter memcpy more than 24 bytes into cs_insn.bytes, causing a heap buffer overflow in the disassembly path. Commit cbef767ab33b82166d263895f24084b75b316df3 fixes the issue.

debian: CVE-2025-67873 was patched at 2026-01-20

89. Denial of Service - GPAC (CVE-2025-70302) - High [465]

Description: A heap overflow in the ghi_dmx_declare_opid_bin() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

debian: CVE-2025-70302 was patched at 2026-01-20

90. Denial of Service - GPAC (CVE-2025-70303) - High [465]

Description: A heap overflow in the uncv_parse_config() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

debian: CVE-2025-70303 was patched at 2026-01-20

91. Denial of Service - GPAC (CVE-2025-70305) - High [465]

Description: A stack overflow in the dmx_saf function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .saf file.

debian: CVE-2025-70305 was patched at 2026-01-20

92. Denial of Service - GPAC (CVE-2025-70309) - High [465]

Description: A stack overflow in the pcmreframe_flush_packet function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted WAV file.