CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities KEV catalog, following reports of active exploitation in the wild. The...

ROOT-APP-PYPI-CVE-2024-25128 CVE-2024-25128 in rootio-Flask-AppBuilder - Patched by Root

Root has patched CVE-2024-25128 in the rootio-Flask-AppBuilder package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-41481 CVE-2026-41481 in rootio-langchain-text-splitters - Patched by Root

Root has patched CVE-2026-41481 in the rootio-langchain-text-splitters package for Root:PyPI. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2026-31731 CVE-2026-31731 in rootio-linux - Patched by Root

Root has patched CVE-2026-31731 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2025-38574 CVE-2025-38574 in rootio-linux - Patched by Root

Root has patched CVE-2025-38574 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2025-39692 CVE-2025-39692 in rootio-linux - Patched by Root

Root has patched CVE-2025-39692 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2025-37887 CVE-2025-37887 in rootio-linux - Patched by Root

Root has patched CVE-2025-37887 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

EUVD-2026-34032

CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens Cloudburst/Protocol. This vulnerability impacts publicly accessible software...

CVE-2026-41569

authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter using a raw string prefix check rather than proper URL parsing. An attacker who can craft a login link can supply a wreply value on a different origin...

CVE-2026-40181 React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation

React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact...

CVE-2026-41577

authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, the SAML source response processor ResponseProcessor.parse does not validate the Conditions element on assertions. NotBefore, NotOnOrAfter, and AudienceRestriction are all ignored. This allows replay of expir...

CVE-2026-45680

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can become very large, causing the...

ROOT-OS-DEBIAN-13-CVE-2025-39691 CVE-2025-39691 in rootio-linux - Patched by Root

Root has patched CVE-2025-39691 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

ROOT-OS-DEBIAN-13-CVE-2025-71133 CVE-2025-71133 in rootio-linux - Patched by Root

Root has patched CVE-2025-71133 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

ROOT-OS-DEBIAN-13-CVE-2026-23312 CVE-2026-23312 in rootio-linux - Patched by Root

Root has patched CVE-2026-23312 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2026-46225 CVE-2026-46225 in rootio-linux - Patched by Root

Root has patched CVE-2026-46225 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2026-31570 CVE-2026-31570 in rootio-linux - Patched by Root

Root has patched CVE-2026-31570 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2025-68814 CVE-2025-68814 in rootio-linux - Patched by Root

Root has patched CVE-2025-68814 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2025-39750 CVE-2025-39750 in rootio-linux - Patched by Root

Root has patched CVE-2025-39750 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...

CVE-2026-45159

Nextcloud is an open source content collaboration platform. From versions 1.15.0 to before 1.15.4, 1.16.0 to before 1.16.3, 1.17.0 to before 1.17.1, and 1.18.0 to before 1.18.1, a malicious user with access to an end-to-end encrypted files drop link was able to also drop files into other end-to-e...