gnome

357 tracked vulnerabilities.

CVE-2026-58016 HIGH
Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"
Jun 30, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-58015 MEDIUM
Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive
Jun 30, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-58014 HIGH
Glib: off-by-one error in glib/gkeyfile.c via "g_key_file_get_locale_string_list"
Jun 30, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-58013 MEDIUM
Glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend"
Jun 30, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-58012 MEDIUM
Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char()
Jun 30, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-58011 MEDIUM
Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime
Jun 30, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-58010 MEDIUM
Glib: buffer over-read in glib/gvariant-serialiser.c via gvs_tuple_is_normal()
Jun 30, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-13601 HIGH
Yelp yelp-xsl - Host File Disclosure via Flatpak OpenURI
Jun 29, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-12549 MEDIUM
libsoup SoupServer - Range Suffix Overflow Regression
Jun 22, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-6653 HIGH
libxml2: Use after free in xmlParseInternalSubset via improper entity resolution handling
Jun 22, 2026
EPSS 0.00
CVE-2026-2604 MEDIUM
Evolution-data-server: evolution data server: arbitrary file deletion via inconsistent uri handling
Jun 17, 2026
CVSS 5.6
EPSS 0.00
CVE-2026-1767 MEDIUM
GNOME localsearch MP3 Extractor - Heap Buffer Overflow
Jun 16, 2026
CVSS 5.6
EPSS 0.00
CVE-2026-1766 MEDIUM
Localsearch: tracker-miners: gnome localsearch mp3 extractor: denial of service and information disclosure via malformed mp3 files.
Jun 16, 2026
CVSS 5.6
EPSS 0.00
CVE-2026-1764 MEDIUM
Localsearch: tracker-miners: gnome localsearch mp3 extractor: heap buffer overflow leads to denial of service or information disclosure when parsing mp3 files
Jun 16, 2026
CVSS 5.6
EPSS 0.00
CVE-2026-44931 MEDIUM
malcontent: Disk Space Exhaustion via Globally Accessible D-Bus API
May 13, 2026
EPSS 0.00
CVE-2026-2708 LOW
Libsoup: libsoup: http request smuggling via duplicate content-length headers
Apr 23, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-5201 HIGH
Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image
Mar 31, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-5119 MEDIUM
Libsoup: libsoup: information disclosure via cleartext transmission of cookies during https tunnel establishment
Mar 30, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-2436 MEDIUM
Libsoup: libsoup: denial of service via use-after-free in soupserver during tls handshake
Mar 26, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-2369 MEDIUM
Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources
Mar 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-4271 MEDIUM
Libsoup: libsoup: denial of service via use-after-free in http/2 server
Mar 17, 2026
CVSS 5.3
EPSS 0.01
CVE-2026-3634 LOW
Libsoup: libsoup: http header injection and response splitting via crlf injection in content-type header
Mar 17, 2026
CVSS 3.9
EPSS 0.00
CVE-2026-3633 LOW
Libsoup: libsoup: header and http request injection via crlf injection
Mar 17, 2026
CVSS 3.9
EPSS 0.00
CVE-2026-3632 LOW
Libsoup: libsoup: http smuggling and server-side request forgery via malformed hostnames
Mar 17, 2026
CVSS 3.9
EPSS 0.00
CVE-2026-3099 MEDIUM
Red Hat Enterprise Linux - Digest Authentication Nonce Reuse
Mar 12, 2026
CVSS 5.8
EPSS 0.00