CVE-2026-47693

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 are vulnerable to CSV Injection Formula Injection in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizing...

CVE-2026-54518

The CVE-2026-54518 issue affects jackson-databind’s UnwrappedPropertyHandler path. From 2.21.0 through 2.21.4 and 3.1.0 through 3.1.4, UnwrappedPropertyHandler.processUnwrappedCreatorProperties() replays buffered JSON into creator parameters without consulting prop.visibleInView(activeView). This...

EUVD-2026-38596

Spring Statemachine's Kryo-based persistence backends JPA, MongoDB, Redis and ZooKeeper deserialise persisted state-machine contexts without enforcing a class allowlist CWE-502, deserialisation of untrusted data, which can lead to remote code execution inside the application JVM. Affected version...

CVE-2026-41862

CVE-2026-41862 affects Spring Statemachine Kryo-based persistence backends (JPA, MongoDB, Redis and ZooKeeper) which deserialize persisted StateMachineContext without a class allowlist. This can enable a gadget chain leading to remote code execution inside the application JVM. Affected versions a...

EUVD-2026-38595

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, jackson-databind's PolymorphicTypeValidator PTV is the primary safety mechanism guarding polymorphic deserialization. When polymorphic...

EUVD-2026-38593

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray allowlists any array type based only on clazz.isArray, without validating th...

EUVD-2026-38592

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...

CVE-2026-54517

Summary: CVE-2026-54517 affects jackson-databind. In BeanDeserializer._deserializeUsingPropertyBased, the active-view filter was only applied to creator properties; the path for regular properties lacked a visibleInView check. This allowed setterless Collection/Map properties annotated with a res...

CVE-2025-64105

Summary: FOSSBilling

CVE-2026-45692

Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the authorization layer and the /config traversal layer do not agree on what object the path refers to. In this case, a path authorized for one config object is accepted, but then resolves to a different...

CVE-2020-9695

Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a...

EUVD-2020-31258

Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation o...

CVE-2020-9711 Acrobat Reader | Out-of-bounds Read (CWE-125)

Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation o...

ROOT-APP-NPM-CVE-2026-44575 CVE-2026-44575 in @rootio/next - Patched by Root

Root has patched CVE-2026-44575 in the @rootio/next package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-44573 CVE-2026-44573 in @rootio/next - Patched by Root

Root has patched CVE-2026-44573 in the @rootio/next package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-44577 CVE-2026-44577 in @rootio/next - Patched by Root

Root has patched CVE-2026-44577 in the @rootio/next package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-44579 CVE-2026-44579 in @rootio/next - Patched by Root

Root has patched CVE-2026-44579 in the @rootio/next package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-44578 CVE-2026-44578 in @rootio/next - Patched by Root

Root has patched CVE-2026-44578 in the @rootio/next package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-44581 CVE-2026-44581 in @rootio/next - Patched by Root

Root has patched CVE-2026-44581 in the @rootio/next package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-44572 CVE-2026-44572 in @rootio/next - Patched by Root

Root has patched CVE-2026-44572 in the @rootio/next package for Root:npm. Multiple fixed versions available...