ROOT-APP-NPM-CVE-2026-44574 CVE-2026-44574 in @rootio/next - Patched by Root

Root has patched CVE-2026-44574 in the @rootio/next package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-44487 CVE-2026-44487 in @rootio/axios - Patched by Root

Root has patched CVE-2026-44487 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-27904 CVE-2026-27904 in @rootio/minimatch - Patched by Root

Root has patched CVE-2026-27904 in the @rootio/minimatch package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2025-54798 CVE-2025-54798 in @rootio/tmp - Patched by Root

Root has patched CVE-2025-54798 in the @rootio/tmp package for Root:npm. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2022-42004 CVE-2022-42004 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root

Root has patched CVE-2022-42004 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2026-43162 CVE-2026-43162 in rootio-linux - Patched by Root

Root has patched CVE-2026-43162 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2204-CVE-2024-36903 CVE-2024-36903 in rootio-linux - Patched by Root

Root has patched CVE-2024-36903 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2204-CVE-2023-54019 CVE-2023-54019 in rootio-linux - Patched by Root

Root has patched CVE-2023-54019 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-22731 CVE-2026-22731 in io.root.org.springframework.boot:spring-boot-starter-actuator - Patched by Root

Root has patched CVE-2026-22731 in the io.root.org.springframework.boot:spring-boot-starter-actuator package for Root:Maven. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2026-23111 CVE-2026-23111 in rootio-linux - Patched by Root

Root has patched CVE-2026-23111 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2025-40275 CVE-2025-40275 in rootio-linux - Patched by Root

Root has patched CVE-2025-40275 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2025-38584 CVE-2025-38584 in rootio-linux - Patched by Root

Root has patched CVE-2025-38584 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2022-48887 CVE-2022-48887 in rootio-linux - Patched by Root

Root has patched CVE-2022-48887 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2020-35728 CVE-2020-35728 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root

Root has patched CVE-2020-35728 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2023-30798 CVE-2023-30798 in rootio-starlette - Patched by Root

Root has patched CVE-2023-30798 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2020-36179 CVE-2020-36179 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root

Root has patched CVE-2020-36179 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2024-21534 CVE-2024-21534 in @rootio/jsonpath-plus - Patched by Root

Root has patched CVE-2024-21534 in the @rootio/jsonpath-plus package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2024-39338 CVE-2024-39338 in @rootio/axios - Patched by Root

Root has patched CVE-2024-39338 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

CVE-2026-46490 samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions

samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elemen...

RHSA-2026:23470 Red Hat Security Advisory: kpatch-patch-4_18_0-553_109_1, kpatch-patch-4_18_0-553_40_1, kpatch-patch-4_18_0-553_53_1, kpatch-patch-4_18_0-553_72_1, and kpatch-patch-4_18_0-553_85_1 security update

Bulletin has no description...