ROOT-OS-DEBIAN-11-CVE-2026-48959 CVE-2026-48959 in rootio-perl - Patched by Root

Root has patched CVE-2026-48959 in the rootio-perl package for Root:Debian:11. Multiple fixed versions available...

CVE-2026-9650

CVE-2026-9650 describes CWE-522: credentials stored within firmware or system files that are insufficiently protected. An unauthenticated attacker could access these credentials, potentially compromising the device if physical access is available. Connected sources reference Schneider Electric se...

CVE-2026-57435

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code had already accessed an attribute child node,...

CVE-2026-57236

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Documentencoding= with an invalid encoding e.g., a non-string, or a string containing a null byte raises an exception, but only after freeing the document's current encoding string without...

ROOT-OS-DEBIAN-11-CVE-2026-7598 CVE-2026-7598 in rootio-libssh2 - Patched by Root

Root has patched CVE-2026-7598 in the rootio-libssh2 package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2025-29088 CVE-2025-29088 in rootio-sqlite3 - Patched by Root

Root has patched CVE-2025-29088 in the rootio-sqlite3 package for Root:Debian:11. Multiple fixed versions available...

CVE-2026-54823

Contributor Remote Code Execution RCE in Widget Options = 4.2.3 versions...

CVE-2026-42389

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers...

CVE-2026-42387

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insuffcient input validation...

CVE-2026-42390

An invalid zone might pass ZONEMD validation while it should not. This is only relevant if ZoneToCache is configured with ZONEMD validation...

ROOT-OS-DEBIAN-11-CVE-2026-25210 CVE-2026-25210 in rootio-expat - Patched by Root

Root has patched CVE-2026-25210 in the rootio-expat package for Root:Debian:11. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2023-2976 CVE-2023-2976 in io.root.com.google.guava:guava - Patched by Root

Root has patched CVE-2023-2976 in the io.root.com.google.guava:guava package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2023-39410 CVE-2023-39410 in io.root.org.apache.avro:avro - Patched by Root

Root has patched CVE-2023-39410 in the io.root.org.apache.avro:avro package for Root:Maven. Multiple fixed versions available...

CVE-2026-13314 Stored XSS in pretix-digital

Malicious HTML content could be injected into the content rendered by the pretix-digital plugin...

CVE-2026-57588 SQL Injection in Nessus via Malicious Scan Result File Import

A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

CVE-2026-47152 Level Control Move divide-by-zero in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted...

CVE-2026-47151

In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can cause out-of-bounds writes in Door Lock schedule state. Impact: potential HIGH availability disruption and LOW integrity impact; no confidentiality change. These messages must originate from a device already joined to th...

CVE-2026-47146

CVE-2026-47146 affects EmberZNet v9.0.2 and earlier; malformed Color Control messages can trigger asserts that abort the process. Impact is limited to devices that have already joined the network and that support the Color Control cluster. The provided documents do not specify a patch version or ...

CVE-2026-56050 WordPress PPOM for WooCommerce plugin <= 33.0.18 - Broken Access Control vulnerability

Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18...

CVE-2026-54836

CVE-2026-54836 concerns the WordPress plugin “Filter & Grids” (versions up to 3.11.5). The issue is an SQL Injection due to improper neutralization of special elements in YMC Filter, affecting the plugin’s database queries. The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L) yields a base score...