ROOT-OS-DEBIAN-13-CVE-2026-23060 CVE-2026-23060 in rootio-linux - Patched by Root

Root has patched CVE-2026-23060 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

ROOT-OS-DEBIAN-13-CVE-2026-31594 CVE-2026-31594 in rootio-linux - Patched by Root

Root has patched CVE-2026-31594 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2026-31623 CVE-2026-31623 in rootio-linux - Patched by Root

Root has patched CVE-2026-31623 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2024-35794 CVE-2024-35794 in rootio-linux - Patched by Root

Root has patched CVE-2024-35794 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2025-37992 CVE-2025-37992 in rootio-linux - Patched by Root

Root has patched CVE-2025-37992 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2025-22080 CVE-2025-22080 in rootio-linux - Patched by Root

Root has patched CVE-2025-22080 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

CVE-2026-48513

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionResolver do not call MessagePackSecurity.DepthStepref reader and do not decrement reader.Depth around recursive deserialization and skip paths. This means...

EUVD-2026-36524

form-data: CRLF injection in form-data via unescaped multipart field names and filenames...

CVE-2026-40072

web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...

PT-2026-45383

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions prior to 5.19.7 Apache ActiveMQ Broker versions 6.0.0 through 6.2.5 Apache ActiveMQ versions prior to 5.19.7 Apache ActiveMQ versions 6.0.0 through 6.2.5 Apache ActiveMQ All versions prior to 5.19.7 Apache...

CVE-2026-40902

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the XLSX reader's ColumnAndRowAttributes::readRowAttributes method reads row numbers from XML attributes without validating them against the spreadsheet maximum row...

CVE-2026-40902

CVE-2026-40902 affects PhpSpreadsheet’s XLSX reader. The vulnerability arises when ColumnAndRowAttributes::readRowAttributes() reads the row index (r attribute) from XML without validating against the maximum row limit (AddressRange::MAX_ROW = 1,048,576). An attacker can craft a tiny XLSX file co...

EUVD-2026-21534

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the session course edit page allows an attacker to redirect an authenticated administrator to an arbitrary external URL after saving coach assignment changes. The redirect also leaks th...

EUVD-2026-20988

Wasmtime: Heap OOB read in component model UTF-16 to latin1+utf16 string transcoding...

CVE-2026-3306

An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a user with read access to a repository and write access to a project to modify issue and pull request metadata through the project. When adding an item to a project that already existed, column value...

CVE-2026-24471

continuwuity is a Matrix homeserver written in Rust. This vulnerability allows an attacker with a malicious remote server to cause the local server to sign an arbitrary event upon user interaction. Upon a user account leaving a room rejecting an invite, joining a room or knocking on a room, the...

CVE-2025-8307

Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able to decode them by using an algorithm...

CVE-2025-68953 Certain Frappe requests are vulnerable to Path Traversal

Frappe is a full-stack web application framework. Versions 14.99.5 and below and 15.0.0 through 15.80.1 include requests that are vulnerable to path traversal attacks. Arbitrary files from the server could be retrieved due to a lack of proper sanitization on some requests. This issue is fixed in...

CVE-2025-11578 Pre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege Escalation

A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker...

CVE-2025-61907

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...