CVE-2026-47733

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, the ImageElement component in packages/gazzodown renders user-controlled src values directly into and attributes without protocol sanitization. Unlike the analogous LinkSpan component — which uses...

CVE-2026-50129

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.11, 4.4.18, and 4.3.24, a DoS can be triggered by Uncaught Exception vulerability, due to missing exception handling in the math sanitizer. Malformed nodes can result in a DoS of a whole server or targeted...

CVE-2026-50128

Mastodon is a free, open-source social network server based on ActivityPub. From 4.3.0 until 4.5.11 and 4.4.18, Mastodon has a feature to let websites credit authors of their articles. To prevent false attribution claims, Mastodon uses the attributionDomains JSON-LD term, however, an error in how...

CVE-2026-11878

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OpenText Access Manager allows Cross-Site Scripting XSS. This issue affects Access Manager: from 5.1 through 5.1.2...

CVE-2026-11877

An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3...

EUVD-2026-38791

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OpenText Access Manager allows Cross-Site Scripting XSS. This issue affects Access Manager: from 5.1 through 5.1.2...

CVE-2026-56338 Capgo - Denial of Service in 2FA Email Verification via /auth/v1/otp Endpoint

Capgo before 12.128.2 contains a denial of service vulnerability in the /auth/v1/otp endpoint that prevents email verification for two-factor authentication due to captcha validation failures. Authenticated users cannot complete 2FA enrollment as the backend consistently returns HTTP 500 errors...

EUVD-2026-38748

Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database...

ROOT-OS-UBUNTU-2404-CVE-2025-38458 CVE-2025-38458 in rootio-linux - Patched by Root

Root has patched CVE-2025-38458 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2025-21795 CVE-2025-21795 in rootio-linux - Patched by Root

Root has patched CVE-2025-21795 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2025-68376 CVE-2025-68376 in rootio-linux - Patched by Root

Root has patched CVE-2025-68376 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2026-43495 CVE-2026-43495 in rootio-linux - Patched by Root

Root has patched CVE-2026-43495 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2025-39805 CVE-2025-39805 in rootio-linux - Patched by Root

Root has patched CVE-2025-39805 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2025-38190 CVE-2025-38190 in rootio-linux - Patched by Root

Root has patched CVE-2025-38190 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2025-71192 CVE-2025-71192 in rootio-linux - Patched by Root

Root has patched CVE-2025-71192 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2025-38225 CVE-2025-38225 in rootio-linux - Patched by Root

Root has patched CVE-2025-38225 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2025-40156 CVE-2025-40156 in rootio-linux - Patched by Root

Root has patched CVE-2025-40156 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

CVE-2026-52923

CVE-2026-52923 concerns the Linux kernel and a bug in the checkpoint/restore path related to SysV IPC id allocation. The issue occurs when ids->next_id is passed to idr_alloc() with an open-ended upper bound, allowing the valid tail of the IPC id space to spill past ipc_mni. The result can be ...

CVE-2026-7761 Ultimate Member <= 2.11.4 - Authenticated (Contributor+) Account Takeover via Password Reset Link Disclosure

The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This is due to a chain of three logic bugs: 1 an MD5 hash fallback in getdirectorybyhash that allows any post to be used as a member directory ...

CVE-2026-9620

CVE-2026-9620 concerns the WordPress plugin WP Latest Posts (≤ 5.0.11). It enables a Stored Cross-Site Scripting (XSS) via crafted image src attributes in post content. The root cause is insufficient output escaping in the plugin’s field() and loop() functions, which extract the raw src from img ...