Package Management

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: mod_auth_mellon — Redirect URL validation bypass Related CVEs: CVE-2019-13038 Upstream summary: Jakub Hrozek reports: Version 0.17.0 and older of mod_auth_mellon allows the redirect URL validation to be bypassed by specifying […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 12 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: wordpress — XSS Upstream summary: The WordPress team reports: A cross-site scripting (XSS) vulnerability affecting the Avatar block type Table of contents Symptom & Impact Environment & Reproduction Root Cause […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: rails — multiple vulnerabilities Related CVEs: CVE-2012-2660 CVE-2012-2661 CVE-2013-4491 CVE-2013-6414 CVE-2013-6415 CVE-2013-6416 CVE-2013-6417 CVE-2015-7576  +5 more Upstream summary: Ruby on Rails blog: Rails 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, and 3.2.22.1 have been […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: mutt — Remote Buffer Overflow Vulnerability Upstream summary: SecurityFocus reports: Mutt is prone to a remote buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: Libgit2 — multiple vulnerabilities Related CVEs: CVE-2018-10887 CVE-2018-10888 CVE-2018-11235 CVE-2018-17456 CVE-2024-24577 Upstream summary: Git community reports: A bug in git_revparse_single is fixed that could have caused the function to enter […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 12 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: py-yaml — FullLoader (still) exploitable for arbitrary command execution Related CVEs: CVE-2017-18342 CVE-2020-1747 Upstream summary: Riccardo Schirone (https://github.com/ret2libc) reports: In FullLoader python/object/new constructor, implemented by construct_python_object_apply, has support for setting […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: mambo — multiple SQL injection vulnerabilities Related CVEs: CVE-2005-2002 CVE-2006-0871 CVE-2006-1794 CVE-2006-3262 CVE-2006-3263 Upstream summary: James Bercegay reports: Mambo is vulnerable to an Authentication Bypass issue that is due to […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: PostgreSQL — Multiple vulnerabilities Related CVEs: CVE-2025-12817 CVE-2025-12818 CVE-2026-6472 CVE-2026-6473 CVE-2026-6474 CVE-2026-6475 CVE-2026-6476 CVE-2026-6477  +5 more Upstream summary: The PostgreSQL project reports: Missing authorization in PostgreSQL CREATE TYPE allows an […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 12 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: libzip — integer overflow Related CVEs: CVE-2015-2331 Upstream summary: libzip developers report: Avoid integer overflow. Fixed similarly to patch used in PHP copy of libzip. Table of contents Symptom & […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 12 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: Wagtail — potential timing attack vulnerability Related CVEs: CVE-2020-11001 CVE-2020-11037 Upstream summary: Wagtail release notes: CVE-2020-11037: Potential timing attack on password-protected private pages This release addresses a potential timing attack […]