63 matches found
ROOT-OS-DEBIAN-12-CVE-2026-46072 CVE-2026-46072 in rootio-linux - Patched by Root
Root has patched CVE-2026-46072 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...
XWiki - Cross-Site Scripting
XWiki is vulnerable to reflected Cross-Site Scripting XSS via the viewer=changes endpoint. The rev2 parameter is not properly sanitised before being rendered in the response, allowing an attacker to inject arbitrary JavaScript. Affects XWiki versions prior to the patched release. id: CVE-2026-401...
CVE-2026-20706
Summary of CVE-2026-20706 (Gitea) Gitea versions up to and including 1.26.1 allow repository archive downloads to bypass token scope checks on the web archive download endpoint. The root cause is that the Download function (routers/web/repo/repo.go) did not invoke token scope validation (checkDow...
DEBIAN-CVE-2026-14382
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-11128 vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-11300 vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-6976 vulnerabilities
Vulnerabilities for packages: gitlab-runner...
Linux Distros Unpatched Vulnerability : CVE-2026-57436
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Documentroot= validated only that the new roo...
SUSE CVE-2026-13006
ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.35 in Java applications, allows an attacker to execute arbitrary code circumventing existing protections against CVE-2025-11226 by compromising an existing logback configuration...
DEBIAN-CVE-2026-53162
In the Linux kernel, the following vulnerability has been resolved: memcg: use round-robin victim selection in refillstock Harry Yoo reported that getrandomu32below is not safe to call in the nmi context and memcg charge draining can happen in nmi context. More specifically getrandomu32below is...
CVE-2026-53159
The CVE-2026-53159 entry describes a Linux kernel vulnerability in the fastrpc path where fastrpc_get_args() uses find_vma() to locate the VMA for a user pointer and compute a DMA address offset. If the address lies in a gap before the returned VMA, (ptr & PAGE_MASK) - vma->vm_start underflows...
DEBIAN-CVE-2026-52961
In the Linux kernel, the following vulnerability has been resolved: ceph: fix BUGON in cephbuildxattrsblob due to stale blob size The generic/642 test-case can reproduce the kernel crash: 40243.605254 ------------ cut here ------------ 40243.605956 kernel BUG at fs/ceph/xattr.c:918! 40243.607142...
CVE-2026-56114
dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6makemessage in src/dhcp6.c that allows unauthenticated same-link attackers to write beyond a fixed local buffer by serializing an oversized RFC6603 OPTIONPDEXCLUDE option body...
Splunk Enterprise & Cloud Platform - Unrestricted File Upload
In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.The vulnerability exists because the PostgreSQL sidecar...
CVE-2026-44663
OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, an integer overflow in htundoimpl in src/lib/OpenEXRCore/internalht.cpp leads to a heap-buffer overflow when decoding a crafted...
CVE-2026-46849
Technical details about CVE-2026-46849 are not provided in the supplied documents. No affected products, impact, root cause, or remediation are disclosed. Monitor for updates from sources linked in the records.
CVE-2026-12293 Use-after-free in the Graphics: WebGPU component
Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
SUSE SLES15 Security Update : strongswan (SUSE-SU-2026:2368-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2368-1 advisory. This update for strongswan fixes the following issues - CVE-2026-35328: infinite loop when handling supported versions TLS extensio...
UBUNTU-CVE-2026-9753
The $internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command...
CVE-2026-42908
creationtimestamp| type| source ---|---|--- 2026-06-09 15:44:28+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0181 2026-06-09 16:12:18+00:00| seen| https://www.thezdi.com/blog/2026/6/9/the-june-2026-security-update-review...