ROOT-OS-UBUNTU-2404-CVE-2025-39826 CVE-2025-39826 in rootio-linux - Patched by Root

Root has patched CVE-2025-39826 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

CVE-2025-1788

A vulnerability, which was classified as critical, was found in rizinorg rizin up to 0.8.0. This affects the function rzutf8encode in the library /librz/util/utf8.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the...

EUVD-2021-27152

Malware in sbrugna...

EUVD-2025-6698

Malicious code in bioql PyPI...

EUVD-2023-37082

Malicious code in bioql PyPI...

EUVD-2022-7195

Malicious code in bioql PyPI...

EUVD-2022-7262

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-35811

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: brcmfmac: Fix use-after-free bug in brcmfcfg80211detach This is the candidate patch of CVE-2023-47233 : https://nvd.nist.gov/vuln/detail/CVE-2023-47233 I...

CVE-2025-52903

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In version 2.32.0, the Command Execution feature of File Browser only allows the execution of shell command which have been predefined on a...

CVE-2025-31482

CVE-2025-31482 – FreshRSS denial of service via logout . Affected: FreshRSS versions prior to 1.26.2. Vulnerability causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively resulting in denial of service. Root cause details are not elaborated beyond the observe...

CVE-2025-48472

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, there is no check to ensure that the user is disabling notifications for the mailbox to which they already have access. Moreover, the code explicitly implements functionality that if the user does not have...

PT-2025-23224 · Vllm · Vllm

Name of the Vulnerable Software and Affected Versions: vLLM versions 0.6.4 through 0.9.0 Description: The issue is a Regular Expression Denial of Service ReDoS vulnerability in the file vllm/entrypoints/openai/tool parsers/pythonic tool parser.py. The root cause is the use of a highly complex and...

CVE-2023-33193

Emby Server is a user-installable home media server which stores and organizes a user's media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices. This vulnerability may allow administrative access to an Emby Server system,...

CVE-2021-32684

magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec,...

CVE-2025-46333

z2d is a pure Zig 2D graphics library. Versions of z2d after 0.5.1 and up to and including 0.6.0, when writing from one surface to another using z2d.compositor.StrideCompositor.run, and higher-level operations when the anti-aliasing mode is set to .default such as Context.fill, Context.stroke,...

CVE-2025-2174

A vulnerability was found in libzvbi up to 0.2.43. It has been declared as problematic. Affected by this vulnerability is the function vbistrndupiconvucs2 of the file src/conv.c. The manipulation of the argument srclength leads to integer overflow. The attack can be launched remotely. The exploit...

@fastify/session reuses destroyed session cookie

Impact When restoring the cookie from the session store, the expires field is overriden if the maxAge field was set. This means a cookie is never correctly detected as expired and thus expired sessions are not destroyed. Patches Updating to v10.9.0 will solve this. Workarounds None References...

CVE-2024-26892

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix use-after-free in freeirq From commit a304e1b82808 "PATCH Debug shared irqs", there is a test to make sure the shared irq handler should be able to handle the unexpected event after deregistration. For th...

CVE-2024-20033

In nvram, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08499945; Issue ID: ALPS08499945...

PT-2024-19376 · Ministry Of Agriculture · Electronic Delivery Check System

Name of the Vulnerable Software and Affected Versions: Electronic Delivery Check System Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version versions 14.0.001.002 and earlier Description: The issue is related to the improper restriction of XML...