ROOT-OS-UBUNTU-2204-CVE-2026-23085 CVE-2026-23085 in rootio-linux - Patched by Root

Root has patched CVE-2026-23085 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

EUVD-2026-31940

nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims...

Unity Linux 20.1060e / 20.1070e Security Update: redis (UTSA-2026-017529)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017529 advisory. Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2....

NPM: fast-jwt: JWT auth bypass due to empty HMAC secret accepted by async key resolver

NPM: fast-jwt: JWT auth bypass due to empty HMAC secret accepted by async key resolver vulnerability discovered by ? in WordPress Npm fast-jwt versions = 6.2.3...

EUVD-2026-20956

Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 and future 5.19.x releases but was missed for all 6.0.0+...

BIT-ACTIVEMQ-2026-34197 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

CVE-2026-33227 Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ: Improper Limitation of a Pathname to a Restricted Classpath Directory

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...

CVE-2026-34537

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior UB in CIccOpDefEnvVar::Exec due to invalid enum values being loaded for icSigCmmEnvVar. The issue is observable under UBSan a...

CVE-2025-13718

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors...

CVE-2025-13718

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors...

PT-2026-25340

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques...

PT-2026-25347

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token...

CVE-2026-25759

CVE-2026-25759 affects Statamic CMS (Laravel/Git-based). From version 6.0.0 up to, but not including, 6.2.3, there is a stored XSS in content titles. An authenticated user with content-creation permissions (and control-panel access) can inject JavaScript that executes for higher-privileged users,...

GHSA-FF9R-WW9C-43X8 Statamic CMS vulnerable to privilege escalation via stored cross-site scripting

Impact Stored XSS vulnerability in content titles allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Malicious user must have an account with control panel access and content creation permissions. This...

PT-2026-7714

Name of the Vulnerable Software and Affected Versions Statamic versions 6.0.0 through 6.2.2 Description Statamic is a Laravel and Git powered content management system CMS. A stored cross-site scripting XSS issue exists in content titles, allowing authenticated users with content creation...

SUSE CVE-2022-25634

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory...

convict 安全漏洞

convict is a featured configuration management library for Node.js. A security vulnerability exists in versions prior to convict 6.2.3...

CVE-2022-22687

Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in Authentication functionality in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2022-25634

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory...

Qt 路径遍历漏洞

Qt is a cross-platform C application development framework from the Norwegian company Qt. It is widely used for developing GUI programs, in which case it is also known as the widget toolkit. It can also be used to develop non-GUI programs, such as console tools and servers.Qt versions prior to...