ROOT-OS-UBUNTU-2204-CVE-2025-38348 CVE-2025-38348 in rootio-linux - Patched by Root

Root has patched CVE-2025-38348 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-44288 CVE-2026-44288 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-44288 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

ROOT-OS-DEBIAN-13-CVE-2026-31403 CVE-2026-31403 in rootio-linux - Patched by Root

Root has patched CVE-2026-31403 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2025-55752 CVE-2025-55752 in io.root.org.apache.tomcat:tomcat-catalina - Patched by Root

Root has patched CVE-2025-55752 in the io.root.org.apache.tomcat:tomcat-catalina package for Root:Maven. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2025-38004 CVE-2025-38004 in rootio-linux - Patched by Root

Root has patched CVE-2025-38004 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-41417 CVE-2026-41417 in io.root.io.netty:netty-codec-http - Patched by Root

Root has patched CVE-2026-41417 in the io.root.io.netty:netty-codec-http package for Root:Maven. Multiple fixed versions available...

UBUNTU-CVE-2026-42489

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these...

UBUNTU-CVE-2026-12330

Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12...

BELL-CVE-2026-46277 CVE-2026-46277 does not affect BellSoft software

Bulletin has no description...

ROOT-APP-NPM-CVE-2025-56200 CVE-2025-56200 in @rootio/validator - Patched by Root

Root has patched CVE-2025-56200 in the @rootio/validator package for Root:npm. Multiple fixed versions available...

DEBIAN-CVE-2026-50593

Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range...

DEBIAN-CVE-2026-11145

Race in Geolocation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

UBUNTU-CVE-2026-42321

GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

UBUNTU-CVE-2026-27145

x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...

@etherna/sdk-js (>=2.0.1 <=2.0.3), @eui/deps-base (>=21.0.0-alpha.33 <=23.0.0-alpha.1) +14 more potentially affected by CVE-2026-47429 via @vitest/ui (>=4.0.14 <=4.0.7)

@vitest/ui NPM version =4.0.14, =2.0.1, =21.0.0-alpha.33, =1.3.0, =0.3.5, =0.3.0, =0.3.5, =0.3.5, =0.3.5, =0.3.5, =0.3.5, =0.3.5, =0.3.5, =0.3.5, =0.3.5, =0.3.5, =0.4.2 and more Source cves: CVE-2026-47429 Source advisory: SNYK:JS-VITESTUI-17120328...

DEBIAN-CVE-2026-46055

In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix string overrun due to missing termination When booting Ubuntu 26.04 with Linux 7.0-rc4 on an ARM64 Qualcomm Snapdragon X1 we see a string buffer overrun: BUG: KASAN: slab-out-of-bounds in aadfamatch...

DEBIAN-CVE-2026-46011

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtkjpegrelease function frees the context structure ctx without first cancelling any pending or running work in ctx-jpegwork. This creates a race...

DEBIAN-CVE-2026-45949

In the Linux kernel, the following vulnerability has been resolved: hwrng: core - use RCU and workstruct to fix race condition Currently, hwrngfill is not cleared until the hwrngfillfn thread exits. Since hwrngunregister reads hwrngfill outside the rngmutex lock, a concurrent hwrngunregister may...

RHSA-2026:20586 Red Hat Security Advisory: thunderbird security update

Bulletin has no description...

UBUNTU-CVE-2026-41292

NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too many EDNS options can hold Unbound threads hostage while they are parsing and creating internal data...