259 matches found
CVE-2026-49356
Babel is a compiler for writing next generation JavaScript. Prior to 8.0.0-rc.6 and 7.29.6, @babel/core affected by an arbitrary file read via a sourceMappingURL comment. Using @babel/core to compile maliciously crafted code can allow an attacker to read any source map from the system that is...
ROOT-OS-UBUNTU-2404-CVE-2025-22120 CVE-2025-22120 in rootio-linux - Patched by Root
Root has patched CVE-2025-22120 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2025-38574 CVE-2025-38574 in rootio-linux - Patched by Root
Root has patched CVE-2025-38574 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2026-43439 CVE-2026-43439 in rootio-linux - Patched by Root
Root has patched CVE-2026-43439 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-DEBIAN-13-CVE-2025-71077 CVE-2025-71077 in rootio-linux - Patched by Root
Root has patched CVE-2025-71077 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...
ROOT-OS-DEBIAN-13-CVE-2026-23378 CVE-2026-23378 in rootio-linux - Patched by Root
Root has patched CVE-2026-23378 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...
ROOT-OS-DEBIAN-13-CVE-2026-23070 CVE-2026-23070 in rootio-linux - Patched by Root
Root has patched CVE-2026-23070 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...
ROOT-OS-DEBIAN-13-CVE-2025-39966 CVE-2025-39966 in rootio-linux - Patched by Root
Root has patched CVE-2025-39966 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...
ROOT-OS-DEBIAN-13-CVE-2025-40099 CVE-2025-40099 in rootio-linux - Patched by Root
Root has patched CVE-2025-40099 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...
CVE-2026-56383
Craft CMS contains a stored cross-site scripting XSS vulnerability in the editableTable.twig component when using the 'Row Heading' column type. The application fails to sanitize input within row heading default values, allowing an attacker with an administrator account with allowAdminChanges...
ROOT-OS-DEBIAN-12-CVE-2025-37949 CVE-2025-37949 in rootio-linux - Patched by Root
Root has patched CVE-2025-37949 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-43318 CVE-2026-43318 in rootio-linux - Patched by Root
Root has patched CVE-2026-43318 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-23242 CVE-2026-23242 in rootio-linux - Patched by Root
Root has patched CVE-2026-23242 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2025-37982 CVE-2025-37982 in rootio-linux - Patched by Root
Root has patched CVE-2025-37982 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2025-39873 CVE-2025-39873 in rootio-linux - Patched by Root
Root has patched CVE-2025-39873 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2019-16943 CVE-2019-16943 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root
Root has patched CVE-2019-16943 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...
CVE-2026-50631 Apache CXF: OAuth2: TOCTOU Race Condition in Refresh Token Processing
A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by multiple attackers or...
CVE-2025-65954
SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the...
CVE-2026-39851
Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, the requestEmailChange mutation was revealing the existence of user-provided email addresses in error messages. This vulnerability is fixed in 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118...
CVE-2026-44198
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7...