Package Management

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 12 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: py-cryptography — includes a vulnerable copy of OpenSSL Related CVEs: CVE-2023-0286 CVE-2023-23931 Upstream summary: pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: Matrix clients — mxc uri validation in js sdk Related CVEs: CVE-2021-40823 CVE-2021-40824 CVE-2022-36059 CVE-2022-36060 CVE-2022-39236 CVE-2022-39249 CVE-2022-39250 CVE-2022-39251  +3 more Upstream summary: matrix-js-sdk upstream reports: matrix-js-sdk before 34.11.0 is […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: vim6 — heap-based overflow while parsing shell metacharacters Related CVEs: CVE-2008-3432 Upstream summary: Description for CVE-2008-3432 says: Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: py-social-auth-app-django — Unsafe account association Related CVEs: CVE-2025-61783 Upstream summary: Michal Čihař reports: Upon authentication, the user could be associated by e-mail even if the associate_by_email pipeline was not included. […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: wemux — read-only can be bypassed Upstream summary: JonApps reports: The read-only mode can be bypassed and any command sent to bash session Table of contents Symptom & Impact Environment […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: PostgreSQL — libpq retains an error message from man-in-the-middle Related CVEs: CVE-2022-41862 CVE-2024-10977 CVE-2024-7348 Upstream summary: PostgreSQL project reports: Client use of server error message in PostgreSQL allows a server […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: MySQL Client — Multiple vulerabilities Related CVEs: CVE-2020-2752 CVE-2020-2875 CVE-2020-2922 CVE-2020-2933 CVE-2020-2934 Upstream summary: Oracle reports: This Critical Patch Update contains 45 new security patches for Oracle MySQL. 9 of […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: mustache – Possible Remote Code Execution Related CVEs: CVE-2022-0323 Upstream summary: huntr.dev reports: In Mustache.php v2.0.0 through v2.14.0, Sections tag can lead to arbitrary php code execution even if strict_callables […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 12 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: mpg123 — buffer overflow vulnerability Related CVEs: CVE-2003-0577 CVE-2003-0865 CVE-2004-0805 CVE-2004-0982 CVE-2004-0991 CVE-2004-1284 Upstream summary: Yuri D'Elia has found a buffer overflow vulnerability in mpg123's parsing of frame headers in […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: p5-Catalyst-Authentication-Credential-HTTP — Insecure source of randomness Related CVEs: CVE-2025-40920 Upstream summary: perl-catalyst project reports: Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID […]