25599 matches found
ROOT-OS-DEBIAN-13-CVE-2026-27456 CVE-2026-27456 in rootio-util-linux - Patched by Root
Root has patched CVE-2026-27456 in the rootio-util-linux package for Root:Debian:13. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-32630 CVE-2026-32630 in @rootio/file-type - Patched by Root
Root has patched CVE-2026-32630 in the @rootio/file-type package for Root:npm. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-25210 CVE-2026-25210 in rootio-expat - Patched by Root
Root has patched CVE-2026-25210 in the rootio-expat package for Root:Debian:11. Multiple fixed versions available...
Jenkins build-metrics 1.3 - Cross-Site Scripting
Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...
GeoServer and GeoTools - Remote Code Execution
GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6...
golang security, bug fix, and enhancement update
An update is available for golang. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The golang packages provide the Go programming language compiler. Security...
Updated libarchive packages fix security vulnerabilities
The updated packages fix bugs including security ones...
CVE-2026-57212 RabbitMQ management HTTP API accepts request bodies larger than configured max_http_body_size
RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmqmanagement HTTP API accepts oversized valid JSON bodies on withdecode and directrequest paths because readcompletebody checks the accumulated size before the final chunk but not the final combin...
CVE-2026-56665
ZITADEL's external JWT Identity Provider validation (internal/idp/providers/jwt/session.go) does not enforce expiration when an incoming token omits the exp claim, causing tokens from trusted issuers to be treated as valid without an automatic expiration window. Affected releases: 3.0.0-rc.1 thro...
ROOT-OS-DEBIAN-13-CVE-2025-14524 CVE-2025-14524 in rootio-curl - Patched by Root
Root has patched CVE-2025-14524 in the rootio-curl package for Root:Debian:13. Multiple fixed versions available...
podman security, bug fix, and enhancement update
An update is available for podman. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The podman tool manages pods, container images, and containers. It is part of...
ROOT-APP-PYPI-CVE-2024-30251 CVE-2024-30251 in rootio-aiohttp - Patched by Root
Root has patched CVE-2024-30251 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-GHSA-MV93-W799-CJ2W GHSA-mv93-w799-cj2w in rootio-GitPython - Patched by Root
Root has patched GHSA-mv93-w799-cj2w in the rootio-GitPython package for Root:PyPI. Multiple fixed versions available...
ROOT-OS-DEBIAN-13-CVE-2026-3479 CVE-2026-3479 in rootio-python3.13 - Patched by Root
Root has patched CVE-2026-3479 in the rootio-python3.13 package for Root:Debian:13. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2025-10148 CVE-2025-10148 in rootio-curl - Patched by Root
Root has patched CVE-2025-10148 in the rootio-curl package for Root:Debian:12. Multiple fixed versions available...
PT-2026-57306
Name of the Vulnerable Software and Affected Versions RabbitMQ versions prior to 3.13.15 RabbitMQ versions prior to 4.0.20 RabbitMQ versions prior to 4.1.11 RabbitMQ versions prior to 4.2.6 Description RabbitMQ fails to perform authorization checks on passive queue.declare and exchange.declare AM...
CVE-2026-53962
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, insufficient SVG sanitization in upload and user avatar handling could lead to cross-site scripting when a user visited specific URLs that are not normally part of community browsing. This issue ...
CVE-2026-44787
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the signup flow could allow newly registered users to set primarygroupid and gain whisper-group privileges without legitimate group membership on sites with whispersallowedgroups configured. This...
Important: Red Hat Security Advisory: golang security, bug fix, and enhancement update
An update for golang is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
CVE-2026-50188 Kirby: Request header injection in `Http\Remote`
Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins using the Kirby Http Remote class, including Remote::request, Remote::get, and Remote::post, to send outgoing HTTP requests with untrusted data in the headers option could allow newline characters...