webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

Users Ultra <= 3.1.0 - SQL Injection

The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the datatarget parameter before it is being interpolated in an SQL statement and then executed via the ratingvote AJAX action available to both unauthenticated and authenticated users, leading to an SQL Injection...

Navidrome <=0.54.5 - Authentication Bypass in Subsonic API

Navidrome is an open source web-based music collection server and streamer. Starting in version 0.52.0 and prior to version 0.54.5, in certain Subsonic API endpoints, a flaw in the authentication check process allows an attacker to specify any arbitrary username that does not exist on the system,...

Stable Diffusion Webui 1.10.0 - Open Redirect

An open redirect vulnerability exists in Stable-Diffusion-Webui 1.10.0, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs. id: CVE-2024-11044...

webkitgtk: An app may be able to access sensitive user data

A flaw was found in WebKitGTK. Processing or loading malicious web content can allow an app to access sensitive user data due to improper data protection...

samba: group policy certificate enrollment uses http:// without validation

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

samba: Missing access check on reparse point operations

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

CVE-2026-54099 Windows-machine-config-operator: windows-machine-config-operator: wicd csr extra-organization allows privilege escalation to system:masters

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...

ROOT-APP-PYPI-CVE-2026-26007 CVE-2026-26007 in rootio-cryptography - Patched by Root

Root has patched CVE-2026-26007 in the rootio-cryptography package for Root:PyPI. Multiple fixed versions available...

webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper input validation...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

ROOT-OS-UBUNTU-2404-CVE-2026-43069 CVE-2026-43069 in rootio-linux - Patched by Root

Root has patched CVE-2026-43069 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2025-68172 CVE-2025-68172 in rootio-linux - Patched by Root

Root has patched CVE-2025-68172 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2026-23164 CVE-2026-23164 in rootio-linux - Patched by Root

Root has patched CVE-2026-23164 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2026-43471 CVE-2026-43471 in rootio-linux - Patched by Root

Root has patched CVE-2026-43471 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2025-38565 CVE-2025-38565 in rootio-linux - Patched by Root

Root has patched CVE-2025-38565 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2025-39677 CVE-2025-39677 in rootio-linux - Patched by Root

Root has patched CVE-2025-39677 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2026-43194 CVE-2026-43194 in rootio-linux - Patched by Root

Root has patched CVE-2026-43194 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...