ROOT-OS-DEBIAN-11-CVE-2025-39885 CVE-2025-39885 in rootio-linux - Patched by Root

Root has patched CVE-2025-39885 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

CVE-2026-39885

FrontMCP is a TypeScript-first framework for the Model Context Protocol MCP. Prior to 2.3.0, the mcp-from-openapi library uses @apidevtools/json-schema-ref-parser to dereference $ref pointers in OpenAPI specifications without configuring any URL restrictions or custom resolvers. A malicious OpenA...

ROOT-OS-UBUNTU-2404-CVE-2025-39885 CVE-2025-39885 in rootio-linux - Patched by Root

Root has patched CVE-2025-39885 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

@frontmcp/adapters (>=1.0.0 <=1.0.3), @frontmcp/plugin-approval (>=1.0.0 <=1.0.3) +7 more potentially affected by CVE-2026-39885 via @frontmcp/sdk (>=1.0.0-beta.1 <=1.0.3)

@frontmcp/sdk NPM version =1.0.0-beta.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =1.0.0, =1.0.0, =0.0.1, =1.0.3 Source cves: CVE-2026-39885 Source advisory: SNYK:JS-FRONTMCPSDK-16423474...

CVE-2026-39885

creationtimestamp| type| source ---|---|--- 2026-04-08 02:35:34+00:00| published-proof-of-concept| https://github.com/agentfront/frontmcp/security/advisories/GHSA-v6ph-xcq9-qxxj 2026-04-08 02:35:34+00:00| published-proof-of-concept|...

CVE-2025-39885

creationtimestamp| type| source ---|---|--- 2026-04-02 17:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0397/ 2026-04-07 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/ubuntu-linux-kernel-multiple-vulnerabilities20260408 2026-05-10 18:00:00+00:00| seen|...

EUVD-2025-39885

Malicious code in dono-jengkol69-riris npm...

CVE-2025-39885

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix recursive semaphore deadlock in fiemap call syzbot detected a OCFS2 hang due to a recursive semaphore on a FSIOCFIEMAP of the extent list on a specially crafted mmap file. contextswitch kernel/sched/core.c:5357 inline...

DEBIAN-CVE-2025-39885

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix recursive semaphore deadlock in fiemap call syzbot detected a OCFS2 hang due to a recursive semaphore on a FSIOCFIEMAP of the extent list on a specially crafted mmap file. contextswitch kernel/sched/core.c:5357 inline...

CVE-2025-39885

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix recursive semaphore deadlock in fiemap call syzbot detected a OCFS2 hang due to a recursive semaphore on a FSIOCFIEMAP of the extent list on a specially crafted mmap file. contextswitch kernel/sched/core.c:5357 inline...

MAL-2025-39885 Malicious code in xmvnsfycjiqzbakg (npm)

The package xmvnsfycjiqzbakg was found to contain malicious code...

CVE-2022-39885

Improper access control vulnerability in BootCompletedReceiverCMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information...

CVE-2021-39885

A Stored XSS in merge request creation page in all versions of Gitlab EE starting from 13.7 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious...

GitLab 13.7 < 14.1.7 / 14.2 < 14.2.5 / 14.3 < 14.3.1 (CVE-2021-39885)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A Stored XSS in merge request creation page in all versions of Gitlab EE starting from 13.7 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before...

CVE-2021-39885

creationtimestamp| type| source ---|---|--- 2023-11-27 22:17:09+00:00| seen| https://t.me/arpsyndicate/599...

CVE-2022-39885

Improper access control vulnerability in BootCompletedReceiverCMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information...

CVE-2022-39885

CVE-2022-39885 affects Samsung DeviceManagement, BootCompletedReceiver_CMCC component, prior to SMR Nov-2022 Release 1. Root cause: improper access control allowing a local attacker to access device information via the BootCompletedReceiver_CMCC in DeviceManagement. Impact: local disclosure of de...

CVE-2021-39885

A Stored XSS in merge request creation page in all versions of Gitlab EE starting from 13.7 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious...

CVE-2021-39885

CVE-2021-39885 is a Stored XSS in GitLab EE merge request creation page. The issue affects multiple release branches: GitLab EE versions 13.7 to before 14.1.7, 14.2 before 14.2.5, and 14.3 before 14.3.1, enabling an attacker to execute arbitrary JavaScript on victims’ browsers via malicious appro...

CVE-2021-39885

Removed by vendor...