3541 matches found
Vite Dev Server - Information Exposure
Vite is a frontend tooling framework for JavaScript. Before versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Only apps explicitly exposing the Vite dev server to the network using...
ROOT-APP-PYPI-CVE-2025-62727 CVE-2025-62727 in rootio-starlette - Patched by Root
Root has patched CVE-2025-62727 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2023-5388 CVE-2023-5388 in rootio-nss - Patched by Root
Root has patched CVE-2023-5388 in the rootio-nss package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-32778 CVE-2026-32778 in rootio-expat - Patched by Root
Root has patched CVE-2026-32778 in the rootio-expat package for Root:Debian:12. Multiple fixed versions available...
CVE-2026-47422
Frappe is a full-stack web application framework. Prior to 15.107.5 and 16.18.2, an endpoint in reportview lacked appropriate permission checks and that has since been fixed. This vulnerability is fixed in 15.107.5 and 16.18.2...
CVE-2026-47422 Frappe: Unrestricted API access to save_report
Frappe is a full-stack web application framework. Prior to 15.107.5 and 16.18.2, an endpoint in reportview lacked appropriate permission checks and that has since been fixed. This vulnerability is fixed in 15.107.5 and 16.18.2...
ROOT-APP-PYPI-CVE-2023-32681 CVE-2023-32681 in rootio-requests - Patched by Root
Root has patched CVE-2023-32681 in the rootio-requests package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-25645 CVE-2026-25645 in rootio-requests - Patched by Root
Root has patched CVE-2026-25645 in the rootio-requests package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-54277 CVE-2026-54277 in rootio-aiohttp - Patched by Root
Root has patched CVE-2026-54277 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2025-69230 CVE-2025-69230 in rootio-aiohttp - Patched by Root
Root has patched CVE-2025-69230 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...
CVE-2026-41878
R-SOFT DMS is vulnerable to Insecure Direct Object Reference IDOR attack in multiple file download endpoints. The application fetches files from the database by ID and serves them to whoever requests them, relying only on session authentication, meaning any valid user can access any file. This...
ROOT-OS-DEBIAN-13-CVE-2026-3479 CVE-2026-3479 in rootio-python3.13 - Patched by Root
Root has patched CVE-2026-3479 in the rootio-python3.13 package for Root:Debian:13. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2024-2379 CVE-2024-2379 in rootio-curl - Patched by Root
Root has patched CVE-2024-2379 in the rootio-curl package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-34978 CVE-2026-34978 in rootio-cups - Patched by Root
Root has patched CVE-2026-34978 in the rootio-cups package for Root:Debian:12. Multiple fixed versions available...
CVE-2026-55590
CakePHP Authentication is an authentication plugin for CakePHP that can also be used in PSR-7 based applications. Prior to 2.11.1, 3.3.6, and 4.1.1, the getLoginRedirect method contains a weakness to backslash bypasses that allows redirect targets with attacker-controlled hostnames through the...
CVE-2026-55420
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, under certain non-default configurations, processing of PDF uploads could be exploited to obtain RCE on the server. This issue is patched in 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5...
ROOT-APP-PYPI-CVE-2026-22702 CVE-2026-22702 in rootio-virtualenv - Patched by Root
Root has patched CVE-2026-22702 in the rootio-virtualenv package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-24734 CVE-2026-24734 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root
Root has patched CVE-2026-24734 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2024-56337 CVE-2024-56337 in io.root.org.apache.tomcat:tomcat-catalina - Patched by Root
Root has patched CVE-2024-56337 in the io.root.org.apache.tomcat:tomcat-catalina package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-43515 CVE-2026-43515 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root
Root has patched CVE-2026-43515 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available...