ROOT-OS-ALPINE-320-CVE-2024-32487 CVE-2024-32487 in rootio-less - Patched by Root

Root has patched CVE-2024-32487 in the rootio-less package for Root:Alpine:3.20. Multiple fixed versions available...

ROOT-OS-ALPINE-319-CVE-2024-32487 CVE-2024-32487 in rootio-less - Patched by Root

Root has patched CVE-2024-32487 in the rootio-less package for Root:Alpine:3.19. Multiple fixed versions available...

OpenClaw's Trusted-proxy Control UI sessions retain privileged scopes without device identity on device-less allow paths

Summary Trusted-proxy Control UI sessions without device identity could retain self-declared privileged scopes on the device-less allow path. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

EUVD-2026-15864

Deserialization of Untrusted Data vulnerability in Edge-Themes Kamperen kamperen allows Object Injection.This issue affects Kamperen: from n/a through 1.3...

CVE-2026-25358

The CVE-2026-25358 entry covers a PHP object-injection vulnerability in the WordPress Meloo theme, affecting Meloo versions prior to 2.8.2. Root cause: deserialization of untrusted data could lead to object injection. Impact as stated includes high confidentiality, integrity, and availability con...

PT-2026-27915

Name of the Vulnerable Software and Affected Versions skygroup Reebox versions prior to 1.4.8 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-site Scripting XSS condition. This allows for the injection of...

PT-2026-27889

Name of the Vulnerable Software and Affected Versions Goldish versions prior to 3.47 Description An issue exists in Goldish that allows for object injection due to deserialization of untrusted data. Recommendations Update Goldish to version 3.47 or later...

CVE-2026-4687

Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

CVE-2026-4111 affecting package libarchive for versions less than 3.6.1-9

CVE-2026-4111 affecting package libarchive for versions less than 3.6.1-9. A patched version of the package is available...

CVE-2026-26018 affecting package coredns for versions less than 1.11.4-15

CVE-2026-26018 affecting package coredns for versions less than 1.11.4-15. A patched version of the package is available...

CVE-2026-26018 affecting package coredns for versions less than 1.11.1-26

CVE-2026-26018 affecting package coredns for versions less than 1.11.1-26. A patched version of the package is available...

CVE-2026-32417

CVE-2026-32417 affects the WordPress Pochipp plugin, versions prior to 1.18.9. The issue is a Missing Authorization vulnerability stemming from incorrectly configured access control, allowing unauthorized access according to the description. The affected component is the Pochipp plugin (pochipp) ...

CVE-2025-30204 affecting package influxdb for versions less than 2.7.5-13

CVE-2025-30204 affecting package influxdb for versions less than 2.7.5-13. A patched version of the package is available...

Ubuntu: Security Advisory (USN-8079-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : less vulnerability (USN-8079-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8079-1 advisory. It was discovered that less incorrectly handled certain file names. An attacker could possibly use this issue to cause a denial of service or execute arbitrary...

CVE-2025-68553

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Lendiz lendiz allows Upload a Web Shell to a Web Server.This issue affects Lendiz: from n/a through 2.0.1...

USN-8079-1: less vulnerability

It was discovered that less incorrectly handled certain file names. An attacker could possibly use this issue to cause a denial of service or execute arbitrary commands...

UBUNTU-CVE-2026-2807

Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

CVE-2026-2777

CVE-2026-2777 is a privilege-escalation vulnerability in the Firefox/Thunderbird Messaging System component. The issue is fixed in Firefox 148, Firefox ESR 115.33/140.8, Thunderbird 148, and Thunderbird 140.8. Connected sources (Astra Linux, AWS advisories, Debian security notes) confirm the same...

CVE-2026-2765 Use-after-free in the JavaScript Engine component

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...