Operations

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 12 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: helvis — arbitrary file deletion problem Related CVEs: CVE-2005-0118 CVE-2005-0119 CVE-2005-0120 Upstream summary: The setuid root elvprsv utility, used to preserve recovery helvis files, can be abused by local users […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: py-strawberry-graphql — Multiple vulnerabilities Related CVEs: CVE-2026-35523 CVE-2026-35526 Upstream summary: The Strawberry GraphQL project reports: Strawberry up until version 0.312.3 is vulnerable to an authentication bypass on WebSocket subscription endpoints. […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: Jinja2 — Sandbox breakout through attr filter selecting format method Related CVEs: CVE-2024-34064 CVE-2025-27516 Upstream summary: [email protected] reports: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 12 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: libxml2 — Out-of-bounds memory access Related CVEs: CVE-2025-32414 Upstream summary: [email protected] reports: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: rubygem-redcarpet — XSS vulnerability Upstream summary: Daniel LeCheminant reports: When markdown is being presented as HTML, there seems to be a strange interaction between _ and @ that lets an […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: neon date parsing vulnerability Related CVEs: CVE-2004-0179 CVE-2004-0398 Upstream summary: Stefan Esser reports: A vulnerability within a libneon date parsing function could cause a heap overflow which could lead to […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: py-strawberry-graphql — Multiple vulnerabilities Related CVEs: CVE-2026-35523 CVE-2026-35526 Upstream summary: The Strawberry GraphQL project reports: Strawberry up until version 0.312.3 is vulnerable to an authentication bypass on WebSocket subscription endpoints. […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: sudo-rs — Authenticating user not recorded properly in timestamp Related CVEs: CVE-2025-64170 CVE-2025-64517 Upstream summary: Trifecta Tech Foundation reports: With Defaults targetpw (or Defaults rootpw) enabled, the password of the […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: logstash — password disclosure vulnerability Related CVEs: CVE-2014-3120 CVE-2014-4326 CVE-2015-4152 CVE-2015-5378 Upstream summary: Logstash developers report: Passwords Printed in Log Files under Some Conditions It was discovered that, in Logstash […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: End of Life Ports Upstream summary: These packages have reached End of Life status and/or have been removed from the Ports Tree. They may contain undocumented security issues. Please take […]