ROOT-OS-UBUNTU-2404-CVE-2026-23452 CVE-2026-23452 in rootio-linux - Patched by Root

Root has patched CVE-2026-23452 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

GHSA-3XCQ-8MJW-H6MX Strapi Vulnerable to SQL Injection in Content Type Builder

Summary of CVE-2026-22599 Vulnerability Details - CVE: CVE-2026-22599 - CVSS v3.1 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N 9.3 — Critical - Affected Versions: @strapi/content-type-builder =5.33.2 v5 or =4.26.1 v4 Description of CVE-2026-22599 A database-query...

Grafana 8.0.0 < 11.6.14 / 12.0.0 < 12.1.10 / 12.2.0 < 12.2.8 / 12.3.0 < 12.3.6 / 12.4.0 < 12.4.2 DoS (CVE-2026-27879)

The version of Grafana installed on the remote host is 8.0.x through 11.6.x prior to 11.6.14, 12.0.x through 12.1.x prior to 12.1.10, 12.2.x prior to 12.2.8, 12.3.x prior to 12.3.6, or 12.4.x prior to 12.4.2. It is, therefore, affected by a denial of service vulnerability: - A resample query can ...

CVE-2026-34542 iccDEV: SBO in CIccCalculatorFunc::Apply()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a stack-buffer-overflow SBO in CIccCalculatorFunc::Apply when processed via iccApplyNamedCmm. Under AddressSanitizer, the failure is reported as...

CVE-2026-34155

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a...

GHSA-GJXX-92W9-8V8F Clerk: SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended host

Summary The clerkFrontendApiProxy function in @clerk/backend is vulnerable to Server-Side Request Forgery SSRF. An unauthenticated attacker can craft a request path that causes the proxy to send the application's Clerk-Secret-Key to an attacker-controlled server. Affected packages Only applicatio...

Advisory ROSA-SA-2026-3240

software: vim 9.1.2128 WASP: ROSA-CHROME unaffected versions = vim-9.1.2128-1 affected versions vim-9.1.2128-1 CVE-ID: CVE-2025-66476 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vim for Windows before version 9.1.1947 implements an unreliable search order for external commands: when using cmd.exe, the...

CVE-2026-28784 Craft is affected by potential authenticated Remote Code Execution via Twig SSTI

Craft is a content management system CMS. Prior to 5.8.22 and 4.16.18, it is possible to craft a malicious payload using the Twig map filter in text fields that accept Twig input under Settings in the Craft control panel or using the System Messages utility, which could lead to a RCE. For this to...

Security update for freerdp

This update for freerdp fixes the following issues: CVE-2026-24491: heap-use-after-free in videotimer bsc1257981. CVE-2026-24675: heap-use-after-free in urbselectinterface bsc1257982. CVE-2026-24676: heap-use-after-free in audioformatcompatible bsc1257983. CVE-2026-24677: heap-buffer-overflow in...

Fedora 44 : retroarch (2026-5e8ffdd3b9)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-5e8ffdd3b9 advisory. Automatic update for retroarch-1.22.0-20.fc44. Changelog Mon Jan 26 2026 Artem Polishchuk - 1.22.0-20 - Disable 7zip support due CVE - rhbz2432835 Tenable ha...

MiracleLinux 4 : patch-2.6-8.AXS4 (AXSA:2018-2973:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2018-2973:01 advisory. patch: Malicious patch files cause ed to execute arbitrary commands CVE-2018-1000156 Tenable has extracted the preceding description block directly from the...

PT-2026-1779

Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Management System versions up to 3.0.8 Description A remote OS command injection issue exists in the SessionController function within the /isomp-protocol/protocol/session file of the software. Manipulation of...

CVE-2022-31138

mailcow is a mailserver suite. Prior to mailcow-dockerized version 2022-06a, an extended privilege vulnerability can be exploited by manipulating the custom parameters regexmess, skipmess, regexflag, delete2foldersonly, delete2foldersbutnot, regextrans2, pipemess, or maxlinelengthcmd to execute...

CVE-2025-14942 Authentication Bypass

wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must...

Medium: libpng12

Issue Overview: A heap buffer over-read vulnerability exists in libpng's pngdoquantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palettelookup array bounds are not validated against externally-supplied image data, allowing an attacker to craf...

CVE-2024-56464

CVE-2024-56464 affects IBM QRadar SIEM versions 7.5 through 7.5.0 UP14 IF01, with an information-disclosure vulnerability exposing directory information (CWE-548). Underlying issue is directory listing exposure; CVSS v3.1 base score 2.7 (LOW), vector: AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N. IBM Secu...

PT-2025-45401

Name of the Vulnerable Software and Affected Versions LC Wizard plugin for WordPress versions 1.2.10 through 1.3.0 Description The LC Wizard plugin for WordPress has a flaw that allows lower-privileged users to escalate to administrator rights. This is due to a missing capability check in the...

PT-2025-44669

Name of the Vulnerable Software and Affected Versions Tenda AX-1803 version 1.0.0.1 Description The Tenda AX-1803 router contains a stack overflow issue through the timeZone parameter within the form fast setting wifi set function. A crafted request can lead to a Denial of Service DoS. The...

PT-2025-44583

Name of the Vulnerable Software and Affected Versions WordPress User Extra Fields versions up to and including 16.7 Description The WordPress User Extra Fields plugin is susceptible to arbitrary file deletion. This is due to inadequate file path validation within the save fields function...

Fedora: Security Advisory (FEDORA-2025-80c24c67b6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...