Search CVE reports


Toggle filters

181 – 190 of 43740 results

Status is adjusted based on your filters.


CVE-2026-55798

Medium priority
Needs evaluation

Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.get_command() constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to...

2 affected packages

pillow, pillow-python2

Package 22.04 LTS
pillow Needs evaluation
pillow-python2 Not in release
Show less packages

CVE-2026-55380

Medium priority
Needs evaluation

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a...

2 affected packages

pillow, pillow-python2

Package 22.04 LTS
pillow Needs evaluation
pillow-python2 Not in release
Show less packages

CVE-2026-55379

Medium priority
Needs evaluation

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdf_char() read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new() without...

2 affected packages

pillow, pillow-python2

Package 22.04 LTS
pillow Needs evaluation
pillow-python2 Not in release
Show less packages

CVE-2026-54291

Medium priority
Needs evaluation

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without...

1 affected package

libpgjava

Package 22.04 LTS
libpgjava Needs evaluation
Show less packages

CVE-2026-54060

Medium priority
Needs evaluation

Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile() assembled per-glyph images into a combined bitmap with Image.new("1", (xsize, ysize)) without calling Image._decompression_bomb_check(),...

2 affected packages

pillow, pillow-python2

Package 22.04 LTS
pillow Needs evaluation
pillow-python2 Not in release
Show less packages

CVE-2026-54059

Medium priority
Needs evaluation

Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without...

2 affected packages

pillow, pillow-python2

Package 22.04 LTS
pillow Needs evaluation
pillow-python2 Not in release
Show less packages

CVE-2026-41434

Medium priority

Not in release

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.10.0 and prior to version 4.11.0, an unbounded...

1 affected package

optee-os

Package 22.04 LTS
optee-os Not in release
Show less packages

CVE-2026-43825

Medium priority
Needs evaluation

Untrusted Java Deserialization in Apache OpenNLP SvmDoccatModel Versions Affected:   before 3.0.0-M4 (libsvm document categorization module; introduced in   OPENNLP-1808 and only present on the 3.x...

1 affected package

apache-opennlp

Package 22.04 LTS
apache-opennlp Needs evaluation
Show less packages

CVE-2026-40257

Medium priority

Not in release

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.21.0 and prior to version 4.11.0, the...

1 affected package

optee-os

Package 22.04 LTS
optee-os Not in release
Show less packages

CVE-2026-58203

Medium priority

Not in release

pydantic-settings provides settings management using Pydantic. From 2.12.0 until 2.14.2, NestedSecretsSettingsSource reads secret values from files in a configured secrets_dir. When secrets_nested_subdir=True, a directory entry...

1 affected package

pydantic-settings

Package 22.04 LTS
pydantic-settings Not in release
Show less packages