ROOT-OS-UBUNTU-2404-CVE-2026-43213 CVE-2026-43213 in rootio-linux - Patched by Root

Root has patched CVE-2026-43213 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2204-CVE-2025-37794 CVE-2025-37794 in rootio-linux - Patched by Root

Root has patched CVE-2025-37794 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

CVE-2026-8391 Other issue in the JavaScript Engine component

Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11...

UBUNTU-CVE-2026-43073

In the Linux kernel, the following vulnerability has been resolved: x86-64: rename misleadingly named 'copyusernocache' function This function was a masterclass in bad naming, for various historical reasons. It claimed to be a non-cached user copy. It is literally neither of those things. It's a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: kunit: fixed the reference count leak in kfreeatend The reference counting issue occurs during the normal execution of kfreeatend. When kunitallocandgetresource is called, the function fails to properly handle the returned resour...

CVE-2026-33077

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxysectionsave interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue...

CVE-2026-6765

Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

PT-2026-24757

Name of the Vulnerable Software and Affected Versions Anytype Heart versions prior to 0.48.4 Anytype-CLI versions prior to 0.1.11 Anytype Desktop versions prior to 0.54.5 Description The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain...

CVE-2026-29069 Craft has an unauthenticated activation email trigger with potential user enumeration

Craft is a content management system CMS. Prior to 5.9.0-beta.2 and 4.17.0-beta.2, the actionSendActivationEmail endpoint is accessible to unauthenticated users and does not require a permission check for pending users. An attacker with no prior access can trigger activation emails for any pendin...

PT-2026-22074

Name of the Vulnerable Software and Affected Versions WireGuard Portal versions prior to 2.1.3 Description WireGuard Portal, a web-based configuration portal for WireGuard server management, contains a flaw that allows authenticated non-admin users to escalate their privileges to full administrat...

CVE-2025-48724

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 2026/01/20 and...

CVE-2025-15334

Tanium addressed an information disclosure vulnerability in Threat Response...

CVE-2026-0613

The Librarian contains an internal port scanning vulnerability, facilitated by the webfetch tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has...

CVE-2022-50840 scsi: snic: Fix possible UAF in snic_tgt_create()

In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fix possible UAF in snictgtcreate Smatch reports a warning as follows: drivers/scsi/snic/snicdisc.c:307 snictgtcreate warn: '&tgt-list' not removed from list If deviceadd fails in snictgtcreate, tgt will be freed, but...

CVE-2025-68227

In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix proto fallback detection with BPF The sockmap feature allows bpf syscall from userspace, or based on bpf sockops, replacing the skprot of sockets during protocol stack processing with sockmap's custom read/write...

CLSA-2025-1765378381 jasper: Fix of CVE-2025-8836

CVE-2025-8836: fix manipulation in function jpcfloorlog2 to prevent reachable assertion...

CVE-2025-66405 Portkey.ai Gateway: Server-Side Request Forgery (SSRF) in Custom Host

Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch...

EUVD-2018-1929

Malware in sbrugna...

EUVD-2018-19066

Malware in sbrugna...

EUVD-2015-7259

Malware in sbrugna...