Everyone that manages security reports for Open Source projects have been getting a higher workload because of AI. Both real reports and just slop - reports including vulnerabilities in code that doesn't exist. For some, this is becoming a denial of service attack, with developers having to spend valuable, and in some cases unpaid, time to sort out what's real and may be a vulnerability.

Jarek Potiuk, member of The Apache Software Foundation will talk about this on the GVIP Summit Wednesday Jan 28th in Brussels. We still have a few seats available - but hurry up to register!

https://www.gvip-project.org

#NVD #CVE #EUVD #EUCRA #CRA

🚨 EUVD-2026-3226

📊 Score: n/a
📅 Updated: 2026-01-19

📝 No description available.

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-3226

#cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-3227

📊 Score: n/a
📅 Updated: 2026-01-19

📝 No description available.

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-3227

#cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-3228

📊 Score: n/a
📅 Updated: 2026-01-19

📝 No description available.

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-3228

#cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-3229

📊 Score: n/a
📅 Updated: 2026-01-19

📝 No description available.

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-3229

#cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-3230

📊 Score: n/a
📅 Updated: 2026-01-19

📝 No description available.

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-3230

#cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-3231

📊 Score: n/a
📅 Updated: 2026-01-19

📝 No description available.

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-3231

#cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-3232

📊 Score: n/a
📅 Updated: 2026-01-19

📝 No description available.

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-3232

#cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-3225

📊 Score: n/a
📅 Updated: 2026-01-19

📝 No description available.

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-3225

#cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-3322

📊 Score: 8.5/10 (CVSS v3.1)
📦 Product: hexpm, hex.pm, hexpm
🏢 Vendor: hexpm
📅 Updated: 2026-01-19

📝 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in hexpm hexpm/hexpm ('Elixir.HexpmWeb.SharedAuthorizationView' modules) allows Cross-Site Scripting (XSS). This vulnerability is associated wi...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-3322

#cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2025-206302

📊 Score: 7.5/10 (CVSS v3.1)
📦 Product: quicly
🏢 Vendor: h2o
📅 Updated: 2026-01-19

📝 Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Comm...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-206302

#cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2025-206301

📊 Score: 7.5/10 (CVSS v3.1)
📦 Product: WeasyPrint
🏢 Vendor: Kozea
📅 Updated: 2026-01-19

📝 WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (s...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-206301

#cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-3321

📊 Score: 8.4/10 (CVSS v3.1)
📦 Product: middie
🏢 Vendor: fastify
📅 Updated: 2026-01-19

📝 @fastify/middie is the plugin that adds middleware support on steroids to Fastify. A security vulnerability exists in @fastify/middie prior to version 9.1.0 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters (e....

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-3321

#cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2022-55057

📊 Score: 7.8/10 (CVSS v3.1)
📦 Product: Linux, Linux, Linux (+10 more)
🏢 Vendor: Linux
📅 Published: 2025-02-27 | Updated: 2026-01-19

📝 In the Linux kernel, the following vulnerability has been resolved:

btrfs: do not clean up repair bio if submit fails

The submit helper will always run bio_endio() on the bio if it fails to
submit, so cleaning u...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-55057

#cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2022-54524

📊 Score: n/a
📦 Product: Linux, Linux, Linux (+5 more)
🏢 Vendor: Linux
📅 Published: 2025-02-27 | Updated: 2026-01-19

📝 In the Linux kernel, the following vulnerability has been resolved:

bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove()

In fsl_mc_bus_remove(), mc->root_mc_bus_dev->mc_io is passed to
fsl_destroy_mc_io(). However, ...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-54524

#cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2022-54764

📊 Score: 7.8/10 (CVSS v3.1)
📦 Product: Linux, Linux, Linux (+8 more)
🏢 Vendor: Linux
📅 Published: 2025-02-27 | Updated: 2026-01-19

📝 In the Linux kernel, the following vulnerability has been resolved:

blk-throttle: Set BIO_THROTTLED when bio has been throttled

1.In current process, all bio will set the BIO_THROTTLED flag
after __blk_throtl_bio...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-54764

#cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2022-54959

📊 Score: n/a
📦 Product: Linux, Linux, Linux (+5 more)
🏢 Vendor: Linux
📅 Published: 2025-10-21 | Updated: 2026-01-19

📝 In the Linux kernel, the following vulnerability has been resolved:

mmc: core: use sysfs_emit() instead of sprintf()

sprintf() (still used in the MMC core for the sysfs output) is vulnerable
to the buffer overflow. Use the new...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-54959

#cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2022-55180

📊 Score: n/a
📦 Product: Linux, Linux, Linux (+8 more)
🏢 Vendor: Linux
📅 Published: 2025-03-27 | Updated: 2026-01-19

📝 In the Linux kernel, the following vulnerability has been resolved:

ovl: Use "buf" flexible array for memcpy() destination

The "buf" flexible array needs to be the memcpy() destination to avoid
false positive run-time warning f...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-55180

#cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2023-59745

📊 Score: 7.8/10 (CVSS v3.1)
📦 Product: Linux, Linux, Linux (+8 more)
🏢 Vendor: Linux
📅 Published: 2025-03-27 | Updated: 2026-01-19

📝 In the Linux kernel, the following vulnerability has been resolved:

scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress

Bug report and analysis from Ding Hui.

During iSCSI session logout, i...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-59745

#cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2025-13966

📊 Score: n/a
📦 Product: Linux, Linux, Linux (+12 more)
🏢 Vendor: Linux
📅 Published: 2025-05-08 | Updated: 2026-01-19

📝 In the Linux kernel, the following vulnerability has been resolved:

cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()

cpufreq_cpu_get_raw() can return NULL when the target CPU is not present
in the policy->cpus mask...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-13966

#cybersecurity #infosec #euvd #cve #vulnerability