Known Vulnerabilities for products from GNU

Listed below are 20 of the newest known vulnerabilities associated with the vendor "GNU".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-58472 json GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the html_quote_string() fu... Not Provided 2026-07-07 2026-07-09
CVE-2026-58471 json GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convert_fname() functi... Not Provided 2026-07-07 2026-07-09
CVE-2026-58470 json GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parse_content_range() fun... Not Provided 2026-07-07 2026-07-09
CVE-2026-58469 json GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the clean_metalink_string... Not Provided 2026-07-07 2026-07-09
CVE-2026-57053 json GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling ... Not Provided 2026-06-23 2026-06-29
CVE-2026-56968 json GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could resu... Not Provided 2026-06-23 2026-06-29
CVE-2026-42010 json A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched... Not Provided 2026-05-07 2026-07-08
CVE-2026-42009 json A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet r... Not Provided 2026-05-18 2026-07-08
CVE-2026-41992 json GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared gl... Not Provided 2026-06-29 2026-07-01
CVE-2026-41991 json GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility i... Not Provided 2026-06-29 2026-07-01
CVE-2026-33845 json A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an intege... Not Provided 2026-04-30 2026-07-07
CVE-2026-32772 json telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND ... Not Provided 2026-03-16 2026-05-05
CVE-2026-32746 json telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handl... Not Provided 2026-03-13 2026-05-05
CVE-2026-9155 json OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arb... Not Provided 2026-06-25 2026-06-27
CVE-2026-9154 json Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attac... Not Provided 2026-06-25 2026-06-27
CVE-2026-9153 json Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitra... Not Provided 2026-06-25 2026-06-27
CVE-2026-6861 json A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted S... Not Provided 2026-04-22 2026-05-06
CVE-2026-6846 json A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended... Not Provided 2026-04-22 2026-07-01
CVE-2026-6845 json A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause ... Not Provided 2026-04-22 2026-07-02
CVE-2026-6844 json A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS)... Not Provided 2026-04-22 2026-05-20

Known software with vulnerabilities from GNU

Type Vendor Product Version
ApplicationGnuA2ps-
ApplicationGnuAdns1.5.2
ApplicationGnuAnubis-
ApplicationGnuAspell-
ApplicationGnuAspell Dictionary0.50-2
ApplicationGnuAutomake1.0
ApplicationGnuBash-
ApplicationGnuBc1.03
ApplicationGnuBinutils-
ApplicationGnuBison3.5.4
ApplicationGnuCfengine-
ApplicationGnuCflow-
ApplicationGnuChess-
ApplicationGnuCoreutils-
ApplicationGnuCpio-
ApplicationGnuCvs1.12.1
ApplicationGnuData Display Debugger-
ApplicationGnuEd-
ApplicationGnuEmacs-
ApplicationGnuEnscript-
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report