ROOT-OS-DEBIAN-12-CVE-2026-46072 CVE-2026-46072 in rootio-linux - Patched by Root

Root has patched CVE-2026-46072 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...

XWiki - Cross-Site Scripting

XWiki is vulnerable to reflected Cross-Site Scripting XSS via the viewer=changes endpoint. The rev2 parameter is not properly sanitised before being rendered in the response, allowing an attacker to inject arbitrary JavaScript. Affects XWiki versions prior to the patched release. id: CVE-2026-401...

DEBIAN-CVE-2026-53162

In the Linux kernel, the following vulnerability has been resolved: memcg: use round-robin victim selection in refillstock Harry Yoo reported that getrandomu32below is not safe to call in the nmi context and memcg charge draining can happen in nmi context. More specifically getrandomu32below is...

CVE-2026-53159

The CVE-2026-53159 entry describes a Linux kernel vulnerability in the fastrpc path where fastrpc_get_args() uses find_vma() to locate the VMA for a user pointer and compute a DMA address offset. If the address lies in a gap before the returned VMA, (ptr & PAGE_MASK) - vma->vm_start underflows...

DEBIAN-CVE-2026-52961

In the Linux kernel, the following vulnerability has been resolved: ceph: fix BUGON in cephbuildxattrsblob due to stale blob size The generic/642 test-case can reproduce the kernel crash: 40243.605254 ------------ cut here ------------ 40243.605956 kernel BUG at fs/ceph/xattr.c:918! 40243.607142...

CVE-2026-56114

dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6makemessage in src/dhcp6.c that allows unauthenticated same-link attackers to write beyond a fixed local buffer by serializing an oversized RFC6603 OPTIONPDEXCLUDE option body...

Splunk Enterprise & Cloud Platform - Unrestricted File Upload

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.The vulnerability exists because the PostgreSQL sidecar...

CVE-2026-44663

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, an integer overflow in htundoimpl in src/lib/OpenEXRCore/internalht.cpp leads to a heap-buffer overflow when decoding a crafted...

CVE-2026-46849

Technical details about CVE-2026-46849 are not provided in the supplied documents. No affected products, impact, root cause, or remediation are disclosed. Monitor for updates from sources linked in the records.

SUSE SLES15 Security Update : strongswan (SUSE-SU-2026:2368-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2368-1 advisory. This update for strongswan fixes the following issues - CVE-2026-35328: infinite loop when handling supported versions TLS extensio...

UBUNTU-CVE-2026-9753

The $internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command...

CVE-2026-42908

creationtimestamp| type| source ---|---|--- 2026-06-09 15:44:28+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0181 2026-06-09 16:12:18+00:00| seen| https://www.thezdi.com/blog/2026/6/9/the-june-2026-security-update-review...

CVE-2026-10620

A flaw has been found in code-projects Student Admission System 1.0. Affected is an unknown function of the file /index.php. This manipulation of the argument eid/did causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...

CVE-2026-8363

A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources:...

CVE-2026-9093 CVE-2026-9093

In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/samlsp.go never sets AudienceURI on the gosaml2 SAMLServiceProvider struct and never inspects...

CVE-2026-6938

IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query...

VulnCheck KEV: CVE-2026-48027

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for 18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the...

CVE-2026-9118

Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2026-20916 BIG-IQ iControl REST vulnerability

An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Linux Distros Unpatched Vulnerability : CVE-2026-41293

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from...