ROOT-OS-UBUNTU-2404-CVE-2025-21751 CVE-2025-21751 in rootio-linux - Patched by Root

Root has patched CVE-2025-21751 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

CVE-2026-50091

CVE-2026-50091 affects Aqara Home Android (package com.lumiunited.aqarahome, version 6.0.0 and white-label clients embedding liblumidevsdk.so). The vulnerability arises from hard-coded cryptographic keys (CWE-321) in the related library, as described in the NVD/CVE entries. The CVSS v3.1 base sco...

CVE-2026-11879

MobaXterm Personal Edition Portable, in its 26.3 version Build 5154, allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified by the user. During startup, the application searches for specific DLLs in this location before resorti...

EUVD-2026-36425

MobaXterm Personal Edition Portable, in its 26.3 version Build 5154, allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified by the user. During startup, the application searches for specific DLLs in this location before resorti...

CVE-2026-11879

MobaXterm Personal Edition (Portable) 26.3 (Build 5154) is affected by arbitrary code execution due to DLL loading from a user-modifiable, predictable temporary directory during startup, before the system secure paths are consulted. An attacker with local access can place a crafted DLL in that lo...

CVE-2026-11879 Arbitrary code execution in MobaXterm Personal Edition (Portable)

MobaXterm Personal Edition Portable, in its 26.3 version Build 5154, allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified by the user. During startup, the application searches for specific DLLs in this location before resorti...

PT-2026-48863

Name of the Vulnerable Software and Affected Versions MobaXterm Personal Edition Portable version 26.3 Build 5154 Description The application allows arbitrary code execution by loading malicious DLLs from a predictable temporary directory that can be modified by the user. During startup, the...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenJDK 21 vulnerabilities (USN-8328-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8328-1 advisory. Thomas Beckers discovered that the JAXP component of OpenJDK 21 did not correctly authenticate certain APIs. ...

CVE-2026-24064 Local Privilege Escalation via Dynamic Library Injection in Waves Central for macOS

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLDINSERTLIBRARIES...

CamView installer insecurely loads Dynamic Link Libraries

Overview CamView installer provided by ARUCOM Inc. insecurely loads Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2015-9268 The CVSS evaluation above assume that a victim user is directed to download and place a specially crafted DLL file with the affected installer and t...

ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +2463 more potentially affected by CVE-2026-44250 via io.netty:netty-codec-redis (>=4.1.0.Final <=4.1.134.Final)

io.netty:netty-codec-redis MAVEN version =4.1.0.Final, =0.0.86, =0.0.86, =0.0.86, =3.30.1.1, =3.10.0.5, =0.2.3.5, =0.0.1, =2.0.24, =1.1.9, =0.3.36, =0.3.39 and more Source cves: CVE-2026-44250 Source advisory: OSV:GHSA-3244-J874-RHC2...

CVE-2026-25856

OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C code on the server host by creating or modifying job configurations. Attackers can leverage the plain C execution mode, which lacks reference...

CVE-2026-46294 dm: fix a buffer overflow in ioctl processing

In the Linux kernel, the following vulnerability has been resolved: dm: fix a buffer overflow in ioctl processing Tony Asleson using Claude found a buffer overflow in dm-ioctl in the function retrievestatus: 1. The code in retrievestatus checks that the output string fits into the output buffer a...

JLSEC-2026-603

Symlink following in PostgreSQL pgbasebackup plain format and in pgrewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the orig...

CVE-2026-48921

A flaw was found in the Jenkins Pipeline: Groovy Libraries Plugin. This vulnerability allows an attacker, who can control the content of a library used by a Pipeline job, to read arbitrary files from the Jenkins controller filesystem. This could lead to the disclosure of sensitive information...

CVE-2025-59851

HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or compromise the...

CVE-2025-15638

Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include versions of libtomcrypt v1.18.1 or earlier, which is affected by CVE-2016-6129 and CVE-2018-12437...

CVE-2026-34273

Vulnerability in Oracle GoldenGate component: Libraries. Supported versions that are affected are 23.4-23.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in...

CVE-2026-42884

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/collections and GET /api/collections/:id endpoints return collections from all libraries without checking whether the requesting user has access to each collection's library. An authenticated user with...

CVE-2026-44776

Kavita is a cross platform reading server. Prior to 0.9.0, the download, size-check, and chapter metadata endpoints do not enforce library-level authorization. A low-privileged user who knows or guesses a chapterId, volumeId, or seriesId belonging to a library they are not assigned to can downloa...