47155 matches found
Important: Red Hat Security Advisory: openexr security update
An update for openexr is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
Security Bulletin: Vulnerability in undici bundled with IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage include the undici library, which is affected by a denial of service vulnerability. CVE-2026-22036 Vulnerability Details CVEID:CVE-2026-22036 DESCRIPTION: Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0,...
CVE-2026-61500
Rejetto HFS 3.0.0 through 3.2.0 derives its session-cookie signing key from the non-cryptographic Math.random generator and discloses outputs of the same generator to unauthenticated clients during login. A remote attacker can collect a small number of login responses, reconstruct the generator's...
CVE-2026-49970
Vulnerability summary: Laravel-Mediable before 7.0.0 contains a path traversal flaw in File::sanitizePath() that lets attackers write uploaded files to arbitrary locations via MediaUploader::toDestination(), due to a permissive regex allowing dot/slash and a weak trailing trim. This can enable re...
CVE-2026-58228
Summary: CVE-2026-58228 affects phoenix_live_view (Phoenix.LiveView.Utils) and enables XSS via due to scheme validation bypass. The root cause is the internal uri_scheme/1 helper in Phoenix.LiveView.Utils that only detects schemes when the first byte is an ASCII letter; inputs starting with ASCI...
Security Bulletin: IBM DataStage Flow Designer application is affected by an information disclosure vulnerability (CVE-2026-9836)
Summary An information disclosure vulnerability was addressed in IBM DataStage Flow Designer . Vulnerability Details CVEID:CVE-2026-9836 DESCRIPTION: IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability. CWE:CWE-200: Exposure of...
ROOT-APP-MAVEN-CVE-2026-22748 CVE-2026-22748 in io.root.org.springframework.security:spring-security-oauth2-jose - Patched by Root
Root has patched CVE-2026-22748 in the io.root.org.springframework.security:spring-security-oauth2-jose package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-22732 CVE-2026-22732 in io.root.org.springframework.security:spring-security-web - Patched by Root
Root has patched CVE-2026-22732 in the io.root.org.springframework.security:spring-security-web package for Root:Maven. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-42338 CVE-2026-42338 in @rootio/ip-address - Patched by Root
Root has patched CVE-2026-42338 in the @rootio/ip-address package for Root:npm. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-54283 CVE-2026-54283 in rootio-starlette - Patched by Root
Root has patched CVE-2026-54283 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...
CVE-2026-57733
creationtimestamp| type| source ---|---|--- 2026-07-13 11:21:17+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjl6z33xh27 2026-07-13 21:33:04+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqknexzdpt27...
CVE-2026-22098
creationtimestamp| type| source ---|---|--- 2026-07-13 11:12:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqjkolksth2q 2026-07-13 18:50:11+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkebppgxf2f...
CVE-2026-57372
creationtimestamp| type| source ---|---|--- 2026-07-13 11:08:29+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjki53kpu2c 2026-07-13 18:59:12+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkersqb2a2w...
CVE-2026-59518
creationtimestamp| type| source ---|---|--- 2026-07-13 11:05:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjkc6f45w2l 2026-07-13 11:30:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqjlorfkkl2w 2026-07-13 11:55:15+00:00| seen|...
CVE-2026-57381
creationtimestamp| type| source ---|---|--- 2026-07-13 10:59:21+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjjxs6j7527 2026-07-13 18:57:03+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkenyr3e52f...
CVE-2026-56877
creationtimestamp| type| source ---|---|--- 2026-07-13 10:58:03+00:00| seen| https://bsky.app/profile/payloadforge.io/post/3mqjjvhw2y22k...
CVE-2026-61975
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetReviews jet-reviews allows Retrieve Embedded Sensitive Data.This issue affects JetReviews: from n/a through = 3.0.1...
CVE-2026-59515
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Sergey AIWU ai-copilot-content-generator allows Blind SQL Injection.This issue affects AIWU: from n/a through = 1.5.4...
CVE-2026-57800
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Overworld overworld allows PHP Local File Inclusion.This issue affects Overworld: from n/a through = 1.5...
CVE-2026-57793
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Flow flow allows PHP Local File Inclusion.This issue affects Flow: from n/a through = 1.8...