Search CVE reports


Toggle filters

11 – 20 of 43971 results

Status is adjusted based on your filters.


CVE-2026-57075

Medium priority
Needs evaluation

YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syck_base64dec. The base64 decoder in the bundled libsyck indexes the 256-entry static table b64_xtable with a signed...

1 affected package

libyaml-syck-perl

Package 22.04 LTS
libyaml-syck-perl Needs evaluation
Show less packages

CVE-2026-57074

Medium priority
Needs evaluation

XML::Bare versions through 0.53 for Perl have an unbounded character lookahead. The parserc_parse function attempts to check for multicharacter strings such as "<![CDATA" or element terminators such as ">" without checking...

1 affected package

libxml-bare-perl

Package 22.04 LTS
libxml-bare-perl Needs evaluation
Show less packages

CVE-2026-5674

Medium priority
Needs evaluation

A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal...

1 affected package

pipewire

Package 22.04 LTS
pipewire Needs evaluation
Show less packages

CVE-2026-54340

Medium priority
Needs evaluation

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit 9265bdd, there is an HTTP/2 state amplification issue that combines HPACK decompression amplification with Slowloris-style stream stalling....

2 affected packages

h2o, dnsdist

Package 22.04 LTS
h2o Needs evaluation
dnsdist Not affected
Show less packages

CVE-2026-47089

Medium priority
Needs evaluation

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. LISTRIGHTS os not limited to users with admin access. An authenticated user could call IMAP LISTRIGHTS against any mailbox they could name and learn what...

1 affected package

cyrus-imapd

Package 22.04 LTS
cyrus-imapd Needs evaluation
Show less packages

CVE-2026-47088

Medium priority
Needs evaluation

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is heap exposure in nested MIME comment parsing. An authenticated IMAP user could craft an email message containing an RFC 822 comment ending with...

1 affected package

cyrus-imapd

Package 22.04 LTS
cyrus-imapd Needs evaluation
Show less packages

CVE-2026-47087

Medium priority
Needs evaluation

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. URLAUTH does not honor revoked authorizer access. A URLAUTH URL minted while the authorizer had access continued to work after that access was revoked.

1 affected package

cyrus-imapd

Package 22.04 LTS
cyrus-imapd Needs evaluation
Show less packages

CVE-2026-47086

Medium priority
Needs evaluation

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. GENURLAUTH-issued tokens can bypass ACLs. Any authenticated user could mint a URLAUTH token (via the GENURLAUTH command) for any mailbox they could name, even...

1 affected package

cyrus-imapd

Package 22.04 LTS
cyrus-imapd Needs evaluation
Show less packages

CVE-2026-47085

Medium priority
Needs evaluation

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. URLAUTH token forgery can occur via a missing mboxkey. If an attacker knew a folder name on the victim's account for which the victim had never issued an auth...

1 affected package

cyrus-imapd

Package 22.04 LTS
cyrus-imapd Needs evaluation
Show less packages

CVE-2026-47084

Medium priority
Needs evaluation

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The LOCALDELETE command bypassed ACL checks. An authenticated but non-admin user could invoke the admin-only LOCALDELETE IMAP command and delete mailboxes for...

1 affected package

cyrus-imapd

Package 22.04 LTS
cyrus-imapd Needs evaluation
Show less packages