ROOT-OS-DEBIAN-11-CVE-2022-48814 CVE-2022-48814 in rootio-linux - Patched by Root

Root has patched CVE-2022-48814 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2025-68261 CVE-2025-68261 in rootio-linux - Patched by Root

Root has patched CVE-2025-68261 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

CVE-2026-48936

A flaw in Node.js Permission API can cause a local server to be started via a Unix domain socket, even without the --allow-net permission. This vulnerability affects one supported release line: Node.js 26...

EUVD-2026-39615

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versions up to, and including, 4.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

EUVD-2026-39613

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

CVE-2026-48936

A flaw in Node.js Permission API can cause a local server to be started via a Unix domain socket, even without the --allow-net permission. This vulnerability affects one supported release line: Node.js 26...

CVE-2026-48619

A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

EUVD-2026-39563

Use after free in AdFilter in Google Chrome on Android prior to 149.0.7827.201 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

EUVD-2026-39584

Use after free in Payments in Google Chrome on Android prior to 149.0.7827.201 allowed a local attacker to potentially exploit heap corruption via physical access to the device. Chromium security severity: High...

EUVD-2021-34853

Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with write access. No releases were published with these tags; a project was exposed only if it define...

EUVD-2021-34852

Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this by specifying affected version tags in dependency declarations to execute unreviewed and...

CVE-2026-9222

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access...

CVE-2026-43920

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, which allowed unauthenticated remote users to trigger update patch routines that modify configurati...

UBUNTU-CVE-2026-56788

RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in g...

CVE-2026-30040

A heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the context of the current process via supplying a crafted JPEG 2000 JP2 file...

CVE-2026-13083

A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting XSS payload into cluster objects such as ClusterVersion...

CVE-2026-40080

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Open Redirect through a substring check rather than a host check at strcontains$referer, CACTIPATHURL. When the user's loginopts == '1' redirect to referer after login, the function use...

CVE-2026-43920

CVE-2026-43920 affects FOSSBilling versions 0.5.4–0.7.2 where the unauthenticated /run-patcher endpoint allowed privileged maintenance operations (config migrations, DB schema changes including ALTER/DROP/UPDATE, filesystem deletions/renames, and cache clearing) to be executed without admin auth,...

CVE-2026-40941 Cacti: Package Import Signature Validation Bypass Allows Self-Signed Packages

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which allows self-signed packages. This issue has been fixed in version 1.2.31...

CVE-2026-40941

CVE-2026-40941 affects Cacti up to version 1.2.30 and is caused by a package import signature validation bypass that allows the use of self-signed packages. The issue has been fixed in version 1.2.31. Affected software is Cacti (open source performance and fault management framework). Remediation...