Search CVE reports


Toggle filters

21 – 30 of 42760 results

Status is adjusted based on your filters.


CVE-2026-47083

Medium priority
Needs evaluation

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an ESEARCH cross-user content oracle. By using the ESEARCH command, an authenticated IMAP user could enumerate folder names under any account they could...

1 affected package

cyrus-imapd

Package 20.04 LTS
cyrus-imapd Needs evaluation
Show less packages

CVE-2026-47082

Medium priority
Needs evaluation

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The vacation "fcc" feature skips the destination-mailbox ACL. A user whose vacation Sieve script used :fcc (to save a copy of the sent message) could deliver...

1 affected package

cyrus-imapd

Package 20.04 LTS
cyrus-imapd Needs evaluation
Show less packages

CVE-2026-47081

Medium priority
Needs evaluation

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an XAPPLEPUSHSERVICE folder existence oracle and push hijack. An authenticated IMAP user could probe for the existence of arbitrary mailboxes on other...

1 affected package

cyrus-imapd

Package 20.04 LTS
cyrus-imapd Needs evaluation
Show less packages

CVE-2026-44453

Medium priority
Needs evaluation

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit 6b5370d, h2o is vulnerable to a Denial of Service attack when calling alloca under certain conditions. When serving static files, h2o builds the...

2 affected packages

h2o, dnsdist

Package 20.04 LTS
h2o Needs evaluation
dnsdist Not affected
Show less packages

CVE-2026-44452

Medium priority
Needs evaluation

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit 8dc37cb, when h2o receives a ClientHello message over TLS or QUIC and it contains a zero-length SNI extension, the h2o server runs over...

2 affected packages

h2o, dnsdist

Package 20.04 LTS
h2o Needs evaluation
dnsdist Not affected
Show less packages

CVE-2026-15997

Medium priority
Needs evaluation

Out-of-bounds write vulnerability in Legion of the Bouncy Castle Inc. BC-LTS bcprov-lts8on on ARM allows Overflow Buffers. This vulnerability is associated with program...

1 affected package

bouncycastle

Package 20.04 LTS
bouncycastle Needs evaluation
Show less packages

CVE-2026-13713

Medium priority
Needs evaluation

YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the parser value stack. In the bundled libsyck, when an anchor name is redefined or...

1 affected package

libyaml-syck-perl

Package 20.04 LTS
libyaml-syck-perl Needs evaluation
Show less packages

CVE-2026-13401

Medium priority
Needs evaluation

XML::Bare versions through 0.53 for Perl will hang in an infinite loop when parsing malformed attributes. The parserc_parse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping...

1 affected package

libxml-bare-perl

Package 20.04 LTS
libxml-bare-perl Needs evaluation
Show less packages

CVE-2026-62389

Medium priority
Needs evaluation

(ws before 8.21.1 contains a memory exhaustion vulnerability in lib/rec ...)

1 affected package

node-ws

Package 20.04 LTS
node-ws Needs evaluation
Show less packages

CVE-2026-62294

Medium priority
Needs evaluation

(Flameshot is powerful yet simple to use screenshot software. Prior to ...)

1 affected package

flameshot

Package 20.04 LTS
flameshot Needs evaluation
Show less packages