EUVD-2026-37523

Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

ROOT-APP-MAVEN-CVE-2025-41249 CVE-2025-41249 in io.root.org.springframework:spring-core - Patched by Root

Root has patched CVE-2025-41249 in the io.root.org.springframework:spring-core package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2024-22262 CVE-2024-22262 in io.root.org.springframework:spring-web - Patched by Root

Root has patched CVE-2024-22262 in the io.root.org.springframework:spring-web package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-22741 CVE-2026-22741 in io.root.org.springframework:spring-webmvc - Patched by Root

Root has patched CVE-2026-22741 in the io.root.org.springframework:spring-webmvc package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-35554 CVE-2026-35554 in io.root.org.apache.kafka:kafka-clients - Patched by Root

Root has patched CVE-2026-35554 in the io.root.org.apache.kafka:kafka-clients package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2025-68384 CVE-2025-68384 in io.root.org.elasticsearch.plugin:x-pack-security - Patched by Root

Root has patched CVE-2025-68384 in the io.root.org.elasticsearch.plugin:x-pack-security package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2025-27818 CVE-2025-27818 in io.root.org.apache.kafka:kafka_2.12 - Patched by Root

Root has patched CVE-2025-27818 in the io.root.org.apache.kafka:kafka2.12 package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2022-42004 CVE-2022-42004 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root

Root has patched CVE-2022-42004 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...

MAGMI - Cross-Site Request Forgery

MAGMI Magento Mass Importer is vulnerable to cross-site request forgery CSRF due to a lack of CSRF tokens. Remote code execution via phpcli command is also possible in the event that CSRF is leveraged against an existing admin session. id: CVE-2020-5776 info: name: MAGMI - Cross-Site Request...

EUVD-2026-37754

Missing Authentication for Critical Function vulnerability in RTI Connext Professional Security Plugins allows Identity Spoofing.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3., from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3.0 before 5.3...

CVE-2026-30799

CVE-2026-30799 documents describe a Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) that enables Identity Spoofing. Affected ranges include Connext Professional: 7.4.0–before 7.7.0, 7.0.0–before 7.3., 6.1.0–before 6.1. , 6.0.0–before 6.0.,...

CVE-2026-30799 Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Identity Spoofing.

Missing Authentication for Critical Function vulnerability in RTI Connext Professional Security Plugins allows Identity Spoofing.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3., from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3.0 before 5.3...

CVE-2026-2675

RTI Connext Professional (Security Plugins) is affected by CVE-2026-2675: Missing Authentication for a Critical Function. Affected Connext Professional versions include 5.3.* before 5.3., 6.0. before 6.0., 6.1. before 6.1.*, 7.0.0 before 7.3.1.3, and 7.4.0 before 7.7.0. The CVSS 4.0 base score is...

EUVD-2026-37771

Missing Authentication for Critical Function vulnerability in RTI Connext Professional Security Plugins allows Fake the Source of Data.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3.0 before 5.3...

CVE-2026-2675 Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.

Missing Authentication for Critical Function vulnerability in RTI Connext Professional Security Plugins allows Fake the Source of Data.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3.0 before 5.3...

Critical: Red Hat Security Advisory: OpenShift Container Platform 4.18.44 bug fix and security update

Red Hat OpenShift Container Platform release 4.18.44 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...

CVE-2025-71322

PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to bypass security checks. Malicious actors can craft pickle payloads using pty.spawn to achieve arbitrary code execution when files are processed by PickleScan...

Important: Red Hat Security Advisory: ruby:3.3 security update

An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CVE-2026-9697 undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent

Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...

eclipse-vertx/vert.x: eclipse-vertx/vert.x: Denial of Service via TLS handshake with wildcard server name

A flaw was found in eclipse-vertx/vert.x. A remote attacker can exploit this vulnerability by performing a Transport Layer Security TLS handshake and presenting a server name extension with a server wildcard name. This can lead to a denial of service DoS condition, impacting the availability of t...