ROOT-OS-DEBIAN-11-CVE-2025-39846 CVE-2025-39846 in rootio-linux - Patched by Root

Root has patched CVE-2025-39846 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2024-49908 CVE-2024-49908 in rootio-linux - Patched by Root

Root has patched CVE-2024-49908 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

PT-2026-49001

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, fallbackToFrontend in the dashboard's NoRoute handler treats any URL whose raw string starts with /dashboard as an admin-frontend asset request. The check uses strings.HasPrefi...

EUVD-2026-36221

A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import. This vulnerability was...

EUVD-2026-36192

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, a crafted multi-frame can result in a heap buffer over-write when encoding it with the SF3 encoder. This issue has been patched in version 7.1.2-25...

EUVD-2026-36182

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, a crafted MVG file could result in a stack overflow due to a missing depth or visited-set check. This issue has been patched in versions 6.9.13-49 and 7.1.2-24...

EUVD-2026-36163

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, because of a missing check in the MNG coder it would be possible to read more images than the list limit policy would allow resulting in excessive resource use...

EUVD-2026-36154

JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's "proto" member is an own enumerable property,...

CVE-2026-48096

OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to OpenFGA reusing an earlier cached result for a subsequent request. This issue has been patched in...

ROOT-APP-NPM-CVE-2026-27980 CVE-2026-27980 in @rootio/next - Patched by Root

Root has patched CVE-2026-27980 in the @rootio/next package for Root:npm. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2026-32882 CVE-2026-32882 in rootio-libheif - Patched by Root

Root has patched CVE-2026-32882 in the rootio-libheif package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2025-68431 CVE-2025-68431 in rootio-libheif - Patched by Root

Root has patched CVE-2025-68431 in the rootio-libheif package for Root:Debian:11. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-34517 CVE-2026-34517 in rootio-aiohttp - Patched by Root

Root has patched CVE-2026-34517 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

PT-2026-48351

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in esp secure services.c and esp secure services iram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked...

PT-2026-48470

A stored cross-site scripting vulnerability existed in MISP BSimVis tag rendering code. Several client-side rendering paths interpolated tag names, collection names, entity identifiers, cluster names, and tag metadata directly into HTML, HTML attributes, inline JavaScript event handlers, and CSS...

PT-2026-48504

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a low-privilege developer who could create a KubernetesWatchTrigger KWT in their own namespace was able to establish a persistent...

ROOT-OS-DEBIAN-12-CVE-2026-28421 CVE-2026-28421 in rootio-vim - Patched by Root

Root has patched CVE-2026-28421 in the rootio-vim package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2024-41957 CVE-2024-41957 in rootio-vim - Patched by Root

Root has patched CVE-2024-41957 in the rootio-vim package for Root:Debian:12. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-44902 CVE-2026-44902 in @rootio/opentelemetry__sdk-node - Patched by Root

Root has patched CVE-2026-44902 in the @rootio/opentelemetrysdk-node package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2025-69873 CVE-2025-69873 in @rootio/ajv - Patched by Root

Root has patched CVE-2025-69873 in the @rootio/ajv package for Root:npm. Multiple fixed versions available...