CVE-2026-42539

CVE-2026-42539 affects the IRIS web collaborative platform. Versions prior to 2.4.28 expose sensitive data to users that is not required for operation. The root cause is an excessive data exposure in these older builds. Version 2.4.28 includes a patch to fix this. CVSS 3.1 metrics indicate a Medi...

ROOT-APP-NPM-CVE-2024-43796 CVE-2024-43796 in @rootio/express - Patched by Root

Root has patched CVE-2024-43796 in the @rootio/express package for Root:npm. Multiple fixed versions available...

CVE-2026-10814

A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kvcatalog.go of the component Grantee ID Hash Handler. The manipulation leads to use of weak hash. The attack needs to be performed locally. The...

PT-2026-46252

Name of the Vulnerable Software and Affected Versions milvus-io milvus versions prior to 2.6.14 Description An issue exists in the Grantee ID Hash Handler component within the file internal/metastore/kv/rootcoord/kv catalog.go. This flaw allows for the use of a weak hash, which can be manipulated...

Linux Distros Unpatched Vulnerability : CVE-2026-46258

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: gpio: cdev: Avoid NULL dereference in linehandlecreate In linehandlecreate, there is a...

Linux Distros Unpatched Vulnerability : CVE-2026-42320

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a technician can read arbitrary file...

Linux Distros Unpatched Vulnerability : CVE-2026-10722

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component...

AIOHTTP is Vulnerable to Deserialization of Untrusted Data

Summary Using CookieJar.load with untrusted input may allow arbitrary code execution. Impact Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications. Workaround If an application does allow attacker controlled files to be...

ROOT-APP-PYPI-CVE-2023-25577 CVE-2023-25577 in rootio-Werkzeug - Patched by Root

Root has patched CVE-2023-25577 in the rootio-Werkzeug package for Root:PyPI. Multiple fixed versions available...

CVE-2026-10264

A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit has been publicly...

CVE-2026-42318 GLPI Vulnerable to Arbitrary Item Deletion via Planning Endpoint

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 10.0.25 and 11.0.7, low privilege users with access to planning can delete any object in GLPI. Upgrade to 11.0.7 or 10.0.25 to receive a patch. As a workaround, disable delete rights for User'...

EUVD-2026-34095

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 10.0.25 and 11.0.7, low privilege users with access to planning can delete any object in GLPI. Upgrade to 11.0.7 or 10.0.25 to receive a patch. As a workaround, disable delete rights for User'...

CVE-2022-31114 backpack/crud Vulnerable to Cross-site Scripting

backpack/crud provides Create, Read, Update & Delete CRUD functions for Backpack, a collection of Laravel packages that help users build custom administration panels. Versions prior to 5.0.13, 4.1.69, and 4.0.63 are vulnerable to cross-site scripting. An attacker could conduct a targeted phishing...

EUVD-2026-34053

A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component readfile. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote...

PT-2026-45957

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 10.0.25 and 11.0.7, low privilege users with access to planning can delete any object in GLPI. Upgrade to 11.0.7 or 10.0.25 to receive a patch. As a workaround, disable delete rights for User'...

Linux Distros Unpatched Vulnerability : CVE-2026-46020

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/damon/core: validate damosquotagoal-nid for nodememused,freebp Patch series mm/damon/core: validate damosquotagoal-nid. nodememcgused,freebp DAMOS quota goal...

Linux Distros Unpatched Vulnerability : CVE-2026-41283

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead t...

Linux Distros Unpatched Vulnerability : CVE-2026-37713

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the...

Linux Distros Unpatched Vulnerability : CVE-2026-47326

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a memory leak in the handling of big responses to AppArmor notifications. The bug can be triggered by ...

Linux Distros Unpatched Vulnerability : CVE-2026-28901

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5,...