ROOT-APP-PYPI-CVE-2023-6022 CVE-2023-6022 in rootio-prefect - Patched by Root

Root has patched CVE-2023-6022 in the rootio-prefect package for Root:PyPI. Multiple fixed versions available...

CVE-2026-12773

A flaw was found in BerriAI litellm, within its MCP Proxy component. A remote attacker could exploit an improper authentication vulnerability in the UserAPIKeyAuth function. This could allow unauthorized access, potentially compromising the confidentiality, integrity, and availability of data...

Malicious code in dtxto1ols (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 926fc822a2a507fafa6d2e1bb02a9b2bada7d89d3042bd3f0cac0ba2fd7c1991 package.json declares a postinstall script that runs automatically on npm install. The script performs filesystem reconnaissance find / -type f...

Malicious code in dtxtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de085e4b6d38025a5a0b959b19b1022deaa7525b427e66679b58b6892328297a package.json declares a postinstall lifecycle script that auto-executes on npm install. The hook performs a recursive filesystem search for database...

CVE-2026-53249

A flaw was found in the Linux kernel's IPv4 networking component. This vulnerability allows an unprivileged application to set specific IP options, namely Loose Source and Record Route LSRR and Strict Source and Record Route SSRR. By exploiting this, an attacker can force network packets to...

CVE-2026-57872

An unauthenticated directory traversal vulnerability exists in getfcont.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient validation of user-supplied file path input before the requested file is accessed by the CGI component. A remote attack...

CVE-2026-57877

An unauthenticated format string vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper handling of externally controlled input during log message formatting in the login processing path. A remote attacker may exploit this...

ROOT-APP-MAVEN-CVE-2023-39410 CVE-2023-39410 in io.root.org.apache.avro:avro - Patched by Root

Root has patched CVE-2023-39410 in the io.root.org.apache.avro:avro package for Root:Maven. Multiple fixed versions available...

CVE-2026-49486 Apache Airflow FTP provider: FTP Provider does not protect FTPS data channel (missing PROT_P)

The Apache Airflow FTP provider's FTPSHook.getconn created an ftplib.FTPTLS connection but never called protp, so although the control channel was TLS-protected the data channel was transmitted in cleartext. Any deployment using FTPSHook or FTPSFileTransmitOperator to move files over FTPS exposed...

CVE-2026-49486

The Apache Airflow FTP provider's FTPSHook.getconn created an ftplib.FTPTLS connection but never called protp, so although the control channel was TLS-protected the data channel was transmitted in cleartext. Any deployment using FTPSHook or FTPSFileTransmitOperator to move files over FTPS exposed...

CVE-2025-10268 Printcart Web to Print Product Designer for WooCommerce <= 2.4.8 - Unauthenticated Folder Content Disclosure via Path Traversal

The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server...

CVE-2025-10268

The CVE-2025-10268 entry concerns the Printcart Web to Print Product Designer for WooCommerce WordPress plugin up to version 2.4.8. The vulnerability is a path traversal flaw that allows an attacker to retrieve directory listings for arbitrary server directories. Affected component: the plugin’s ...

CVE-2025-10268

The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server...

CVE-2026-10835

The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as...

EUVD-2025-210347

The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server...

EUVD-2026-39624

The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts...

ROOT-OS-DEBIAN-13-CVE-2025-40026 CVE-2025-40026 in rootio-linux - Patched by Root

Root has patched CVE-2025-40026 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

ROOT-OS-DEBIAN-13-CVE-2025-40111 CVE-2025-40111 in rootio-linux - Patched by Root

Root has patched CVE-2025-40111 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

ROOT-OS-DEBIAN-13-CVE-2025-37966 CVE-2025-37966 in rootio-linux - Patched by Root

Root has patched CVE-2025-37966 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

ROOT-OS-DEBIAN-13-CVE-2025-39950 CVE-2025-39950 in rootio-linux - Patched by Root

Root has patched CVE-2025-39950 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...