617 matches found
CVE-2026-15522 tugcantopaloglu godot-mcp run_project index.js validatePath path traversal
A security flaw has been discovered in tugcantopaloglu godot-mcp 2.0.0. Affected by this vulnerability is the function validatePath of the file build/index.js of the component runproject. The manipulation of the argument projectPath results in path traversal. Attacking locally is a requirement. T...
ROOT-APP-PYPI-CVE-2026-27459 CVE-2026-27459 in rootio-pyOpenSSL - Patched by Root
Root has patched CVE-2026-27459 in the rootio-pyOpenSSL package for Root:PyPI. Multiple fixed versions available...
CVE-2026-50181 Langroid: Path traversal in the file tools allows read/write outside configured current directory
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, Langroid's ReadFileTool and WriteFileTool appear to treat currdir as the intended working-directory boundary for file operations. However, the tools only change the process working directory t...
CVE-2026-45796
Coder allows organizations to provision remote development environments via Terraform. Versions prior tp 2.24.5, 2.29.13, 2.30.8, 2.31.12, 2.32.2, and 2.33.3 are vulnerable to unauthenticated semi-blind Server-Side Request Forgery SSRF via the Azure instance identity endpoint POST...
PYSEC-2026-1707 JupyterLab vulnerable to SXSS in Markdown Preview
Impact The vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user...
PYSEC-2026-1034 Segfault in `CompositeTensorVariantToComponents`
Impact An input encoded that is not a valid CompositeTensorVariant tensor will trigger a segfault in tf.rawops.CompositeTensorVariantToComponents. python import tensorflow as tf encode = tf.rawops.EmptyTensorListelementdtype=tf.int32, elementshape=10, 15, maxnumelements=2 meta= ""...
CVE-2026-43928
FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the PayPalEmail payment adapter accepts PayPal IPN callbacks and credits the IPN-supplied amount mcgross to the client's balance without validating it against the invoice total. Combined with a $0.05...
ROOT-OS-DEBIAN-13-CVE-2025-38662 CVE-2025-38662 in rootio-linux - Patched by Root
Root has patched CVE-2025-38662 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...
ROOT-OS-DEBIAN-13-CVE-2025-40279 CVE-2025-40279 in rootio-linux - Patched by Root
Root has patched CVE-2025-40279 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...
ROOT-OS-DEBIAN-13-CVE-2025-71154 CVE-2025-71154 in rootio-linux - Patched by Root
Root has patched CVE-2025-71154 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...
ROOT-OS-DEBIAN-13-CVE-2026-43299 CVE-2026-43299 in rootio-linux - Patched by Root
Root has patched CVE-2026-43299 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...
ROOT-OS-DEBIAN-13-CVE-2025-40078 CVE-2025-40078 in rootio-linux - Patched by Root
Root has patched CVE-2025-40078 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...
CVE-2026-14783
NousResearch hermes-agent 2026.5.29.2 is affected; the vulnerability is in skills_tool.py, function skill_view, where manipulating the Name argument enables path traversal via a remote attack. Public disclosure of the exploit exists. A patch identified as 56f833efa427ccb444c0f9ad1759af1012f2124d ...
ROOT-APP-MAVEN-CVE-2026-55471 CVE-2026-55471 in io.root.ca.uhn.hapi.fhir:org.hl7.fhir.utilities - Patched by Root
Root has patched CVE-2026-55471 in the io.root.ca.uhn.hapi.fhir:org.hl7.fhir.utilities package for Root:Maven. Multiple fixed versions available...
CVE-2026-14759 radareorg radare2 RBinJava Line Number Table class.c r_bin_java_inner_classes_attr_calc_size heap-based overflow
A security flaw has been discovered in radareorg radare2 up to 6.1.6. This issue affects the function rbinjavainnerclassesattrcalcsize of the file shlr/java/class.c of the component RBinJava Line Number Table Parser. Performing a manipulation results in heap-based buffer overflow. The attack...
ROOT-OS-UBUNTU-2204-CVE-2024-26759 CVE-2024-26759 in rootio-linux - Patched by Root
Root has patched CVE-2024-26759 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2204-CVE-2023-52624 CVE-2023-52624 in rootio-linux - Patched by Root
Root has patched CVE-2023-52624 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2204-CVE-2025-37854 CVE-2025-37854 in rootio-linux - Patched by Root
Root has patched CVE-2025-37854 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2204-CVE-2025-38663 CVE-2025-38663 in rootio-linux - Patched by Root
Root has patched CVE-2025-38663 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2204-CVE-2026-52909 CVE-2026-52909 in rootio-linux - Patched by Root
Root has patched CVE-2026-52909 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...