Vite Dev Server - Directory Traversal

Vite is a modern frontend build tool. In Vite prior to versions 6.4.3, 6.3.4, and 5.4.23, a directory traversal vulnerability affects the Vite development server. When the Vite dev server is launched with the --host or server.host option, an unauthenticated attacker can craft a request with a pat...

CVE-2026-48167

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the ImageColumn and ImageEntry components render raw database values without escaping HTML. Where the data passed to these components isn't validated, an attacker could plant...

CVE-2026-48500

Summary: Filament (Laravel components) had an unauthenticated temporary file upload issue on some auth-related schemas. Affected versions: 3.0.0–3.3.52, 4.11.5, and 5.6.5. Root cause: The Livewire component embeddings could apply WithFileUploads to forms that don’t require uploads, allowing unaut...

EUVD-2026-38392

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, a flaw in the handling of recovery codes for app-based multi-factor authentication allows the same recovery code to be reused via concurrent submission. This issue does not...

EUVD-2026-38383

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionResolver do not call MessagePackSecurity.DepthStepref reader and do not decrement reader.Depth around recursive deserialization and skip paths. This means...

CVE-2026-47242 Net::IMAP: Command Injection via ID command argument

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, when Net::IMAPid is called with a hash argument, although the ID field value strings are correctly quoted escaping quoted specials, they were not validated to prohibit CRLF sequence...

CVE-2026-55599

phpseclib is a PHP secure communications library. From 0.1.1 until 1.0.30, 2.0.55, and 3.0.54, when an application validates an untrusted X.509 certificate with phpseclib, X509::validateSignature reads a URL out of that certificate's Authority Information Access AIA extension and connects to it...

CVE-2026-54269

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 8.6.0 and 7.6.3, protobufjs accepted certain schema-derived names that could collide with properties used by protobufjs runtime helpers. The known affected names are fields named hasOwnProperty, field or oneof names...

CVE-2026-50556

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino wh...

CVE-2026-54268

The CVE affects Angular’s Date formatting in the @angular/common package. The formatDate utility (and DatePipe) can trigger a Denial of Service when confronted with a maliciously long or attacker-controlled date format string. The root cause is an internal parser that iteratively splits the forma...

EUVD-2026-38271

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, to optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via...

ROOT-APP-NPM-CVE-2026-9697 CVE-2026-9697 in @rootio/undici - Patched by Root

Root has patched CVE-2026-9697 in the @rootio/undici package for Root:npm. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-40192 CVE-2026-40192 in rootio-pillow - Patched by Root

Root has patched CVE-2026-40192 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-25990 CVE-2026-25990 in rootio-pillow - Patched by Root

Root has patched CVE-2026-25990 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-42311 CVE-2026-42311 in rootio-pillow - Patched by Root

Root has patched CVE-2026-42311 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...

ROOT-OS-DEBIAN-13-CVE-2026-49261 CVE-2026-49261 in rootio-mariadb - Patched by Root

Root has patched CVE-2026-49261 in the rootio-mariadb package for Root:Debian:13. Multiple fixed versions available...

ROOT-APP-NPM-GHSA-VVJJ-XCJG-GR5G GHSA-vvjj-xcjg-gr5g in @rootio/nodemailer - Patched by Root

Root has patched GHSA-vvjj-xcjg-gr5g in the @rootio/nodemailer package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2025-14874 CVE-2025-14874 in @rootio/nodemailer - Patched by Root

Root has patched CVE-2025-14874 in the @rootio/nodemailer package for Root:npm. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2024-47081 CVE-2024-47081 in rootio-requests - Patched by Root

Root has patched CVE-2024-47081 in the rootio-requests package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2018-18074 CVE-2018-18074 in rootio-requests - Patched by Root

Root has patched CVE-2018-18074 in the rootio-requests package for Root:PyPI. Multiple fixed versions available...