Search CVE reports


Toggle filters

1 – 10 of 3183 results


CVE-2026-14241

Medium priority
Vulnerable

Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not affected
thunderbird Not affected Not affected Vulnerable
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Not in release Ignored
mozjs78 Not in release Not in release Ignored
mozjs91 Not in release Not in release Ignored
mozjs102 Not in release Ignored Ignored
mozjs115 Not in release Ignored Not in release
Show all 9 packages Show less packages

CVE-2026-56412

Medium priority
Needs evaluation

libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE:...

23 affected packages

expat, apache2, apr-util, cmake, ghostscript...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
expat Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vnc4 Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
insighttoolkit4 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gdcm Not affected Not affected Not affected Not affected Needs evaluation
ayttm Not in release Not in release Not in release
cableswig Not in release Not in release Not in release
coin3 Not affected Not affected Not affected Not affected Needs evaluation
matanza Ignored Ignored Ignored Ignored Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vtk Not in release Not in release Not in release
smart Not in release Not in release Not in release Needs evaluation
firefox Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected
libxmltok Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 23 packages Show less packages

CVE-2026-56411

Medium priority
Needs evaluation

xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations.

23 affected packages

expat, apache2, apr-util, cmake, ghostscript...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
expat Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vnc4 Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
insighttoolkit4 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gdcm Not affected Not affected Not affected Not affected Needs evaluation
ayttm Not in release Not in release Not in release
cableswig Not in release Not in release Not in release
coin3 Not affected Not affected Not affected Not affected Needs evaluation
matanza Ignored Ignored Ignored Ignored Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vtk Not in release Not in release Not in release
smart Not in release Not in release Not in release Needs evaluation
firefox Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected
libxmltok Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 23 packages Show less packages

CVE-2026-56410

Medium priority
Needs evaluation

xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId.

23 affected packages

expat, apache2, apr-util, cmake, ghostscript...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
expat Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vnc4 Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
insighttoolkit4 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gdcm Not affected Not affected Not affected Not affected Needs evaluation
ayttm Not in release Not in release Not in release
cableswig Not in release Not in release Not in release
coin3 Not affected Not affected Not affected Not affected Needs evaluation
matanza Ignored Ignored Ignored Ignored Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vtk Not in release Not in release Not in release
smart Not in release Not in release Not in release Needs evaluation
firefox Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected
libxmltok Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 23 packages Show less packages

CVE-2026-56409

Medium priority
Needs evaluation

xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used.

23 affected packages

expat, apache2, apr-util, cmake, ghostscript...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
expat Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vnc4 Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
insighttoolkit4 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gdcm Not affected Not affected Not affected Not affected Needs evaluation
ayttm Not in release Not in release Not in release
cableswig Not in release Not in release Not in release
coin3 Not affected Not affected Not affected Not affected Needs evaluation
matanza Ignored Ignored Ignored Ignored Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vtk Not in release Not in release Not in release
smart Not in release Not in release Not in release Needs evaluation
firefox Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected
libxmltok Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 23 packages Show less packages

CVE-2026-56408

Medium priority
Needs evaluation

libexpat before 2.8.2 has an integer overflow in copyString.

23 affected packages

expat, apache2, apr-util, cmake, ghostscript...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
expat Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vnc4 Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
insighttoolkit4 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gdcm Not affected Not affected Not affected Not affected Needs evaluation
ayttm Not in release Not in release Not in release
cableswig Not in release Not in release Not in release
coin3 Not affected Not affected Not affected Not affected Needs evaluation
matanza Ignored Ignored Ignored Ignored Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vtk Not in release Not in release Not in release
smart Not in release Not in release Not in release Needs evaluation
firefox Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected
libxmltok Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 23 packages Show less packages

CVE-2026-56407

Medium priority
Needs evaluation

libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen.

23 affected packages

expat, apache2, apr-util, cmake, ghostscript...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
expat Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vnc4 Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
insighttoolkit4 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gdcm Not affected Not affected Not affected Not affected Needs evaluation
ayttm Not in release Not in release Not in release
cableswig Not in release Not in release Not in release
coin3 Not affected Not affected Not affected Not affected Needs evaluation
matanza Ignored Ignored Ignored Ignored Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vtk Not in release Not in release Not in release
smart Not in release Not in release Not in release Needs evaluation
firefox Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected
libxmltok Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 23 packages Show less packages

CVE-2026-56406

Medium priority
Needs evaluation

libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.

23 affected packages

expat, apache2, apr-util, cmake, ghostscript...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
expat Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vnc4 Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
insighttoolkit4 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gdcm Not affected Not affected Not affected Not affected Needs evaluation
ayttm Not in release Not in release Not in release
cableswig Not in release Not in release Not in release
coin3 Not affected Not affected Not affected Not affected Needs evaluation
matanza Ignored Ignored Ignored Ignored Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vtk Not in release Not in release Not in release
smart Not in release Not in release Not in release Needs evaluation
firefox Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected
libxmltok Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 23 packages Show less packages

CVE-2026-56405

Medium priority
Needs evaluation

libexpat before 2.8.2 has an integer overflow in getAttributeId.

23 affected packages

expat, apache2, apr-util, cmake, ghostscript...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
expat Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vnc4 Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
insighttoolkit4 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gdcm Not affected Not affected Not affected Not affected Needs evaluation
ayttm Not in release Not in release Not in release
cableswig Not in release Not in release Not in release
coin3 Not affected Not affected Not affected Not affected Needs evaluation
matanza Ignored Ignored Ignored Ignored Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vtk Not in release Not in release Not in release
smart Not in release Not in release Not in release Needs evaluation
firefox Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected
libxmltok Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 23 packages Show less packages

CVE-2026-56404

Medium priority
Needs evaluation

libexpat before 2.8.2 has an integer overflow in addBinding.

23 affected packages

expat, apache2, apr-util, cmake, ghostscript...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
expat Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vnc4 Not in release Not in release Not in release Needs evaluation
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
insighttoolkit4 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gdcm Not affected Not affected Not affected Not affected Needs evaluation
ayttm Not in release Not in release Not in release
cableswig Not in release Not in release Not in release
coin3 Not affected Not affected Not affected Not affected Needs evaluation
matanza Ignored Ignored Ignored Ignored Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
vtk Not in release Not in release Not in release
smart Not in release Not in release Not in release Needs evaluation
firefox Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected
libxmltok Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 23 packages Show less packages