81 matches found
ROOT-OS-UBUNTU-2204-CVE-2025-37863 CVE-2025-37863 in rootio-linux - Patched by Root
Root has patched CVE-2025-37863 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...
BIT-ENVOY-2026-48042 Envoy: Stack overflow in destructor of highly nested JSON
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, destructor of JSON Object results in stack overflow when deeply O100K nested objects are present. This vulnerability is fixed in 1.35.11, 1.36.7, 1.37.3, and 1.38.1...
PYSEC-2026-509 qdrant input validation failure
qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the...
CVE-2026-55441
CVE-2026-55441 affects the Mise toolchain. The root cause is that, prior to 2026.6.4, task-include files loaded from directories without config files bypass trust checks and render task fields with a Terraform-like template engine that registers an exec() function. If a directory contains a task-...
CVE-2026-48529 GitHub MCP Server: Lockdown mode singleton in HTTP server causes cross-user GraphQL client confusion
GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1.1.2, when running in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as a process-global singleton initialized with the first authenticated user's GraphQL client. All subsequent requests from differe...
CVE-2026-54679
jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvpstringappend has a chance of integer/multiple overflowing and then causing a massive buffer overrun. This vulnerability is fixed in 1.8.2...
CVE-2026-12782
The CVE-2026-12782 entry concerns EaseUS Partition Master (up to 14.5). The affected component is EUEDKEPM.sys (Kernel Driver); a flaw in an unknown function leads to improper access controls. It requires local access to exploit, and an exploit has been publicly released. Impact is described as h...
ALPINE-CVE-2026-48111
7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an off-by-one out-of-bounds read vulnerability in the ParseDepedencyExpression function of the UEFI firmware image parserCPP/7zip/Archive/UefiHandler.cpp. The function validates an attacker-controlled opco...
CVE-2026-45108 Himmelblau: Authentication Bypass via Cross-User Local Session Impersonation in Device Authorization Grant (DAG) Flow
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...
CVE-2026-40127
OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key vulnerability in ApplicationID parameter. Any authenticated user, can read the Change Log containing actions performed by other users as well as application name of any application. This issue was fixed in...
EUVD-2026-30039
protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion...
PT-2026-40819
Name of the Vulnerable Software and Affected Versions ERPNext versions prior to 15.101.1 ERPNext versions prior to 16.10.0 Description An improper limitation of a pathname to a restricted directory, known as path traversal, allows an authenticated adjacent attacker to read arbitrary files via an...
CVE-2026-39963 Serendipity: Host Header Injection enables authentication cookie scoping to an attacker-controlled domain
Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the serendipitysetCookie function in include/functionsconfig.inc.php uses $SERVER'HTTPHOST' without validation as the domain parameter of setcookie. An attacker who can influence the Host header at login time, such as vi...
SUSE CVE-2026-34983
Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder API calls made by the host. Specifically, the following...
PT-2026-31783
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endpoint accepts an arbitrary webhook url in the request body with no URL validation. When a submitted job completes success or failure, the server makes an HTTP POST request to this URL using httpx.AsyncClient. An...
CVE-2026-34972
OpenFGA vulnerability CVE-2026-34972 affects OpenFGA versions 1.8.0 through 1.13.1. The issue arises when BatchCheck is invoked with multiple checks for the same object, relation, and user, leading to improper policy enforcement. It is resolved in version 1.14.0. CVSS metrics indicate high impact...
CVE-2026-33870
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...
CVE-2026-30986
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow write in CIccMatrixMath::SetRange causing memory corruption or crash. This vulnerability is fixed in 2.3.1.5...
EUVD-2026-16046
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, missing authorization in the AJAX deletion endpoint interface/forms/procedureorder/handledeletions.php allows any authenticated user, regardless of role, to...
CVE-2026-33176
CVE-2026-33176 — Active Support (Rails) number helpers incorrectly accept strings containing scientific notation (e.g., 1e10000). When expanded by BigDecimal, this can trigger extremely large decimal representations, leading to excessive memory and CPU usage and a potential DoS. The patch is incl...