Lucene search
K

161041 matches found

OSV
OSV
โ€ขadded 2026/06/23 5:48 p.m.โ€ข10 views

ROOT-APP-NPM-CVE-2026-44574 CVE-2026-44574 in @rootio/next - Patched by Root

Root has patched CVE-2026-44574 in the @rootio/next package for Root:npm. Multiple fixed versions available...

8.1CVSS5.8AI score0.00449EPSS
Exploits2
NVD
NVD
โ€ขadded 2026/06/23 5:16 p.m.โ€ข6 views

CVE-2026-44791

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could bypass the patch for CVE-2026-42232 in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. This...

9.9CVSS0.00634EPSS
Exploits0References1
OSV
OSV
โ€ขadded 2026/06/23 5:6 p.m.โ€ข4 views

ROOT-APP-MAVEN-CVE-2026-33227 CVE-2026-33227 in io.root.org.apache.activemq:activemq-client - Patched by Root

Root has patched CVE-2026-33227 in the io.root.org.apache.activemq:activemq-client package for Root:Maven. Multiple fixed versions available...

4.3CVSS5.2AI score0.00419EPSS
Exploits0
OSV
OSV
โ€ขadded 2026/06/23 5:6 p.m.โ€ข12 views

ROOT-APP-MAVEN-CVE-2025-66168 CVE-2025-66168 in io.root.org.apache.activemq:activemq-mqtt - Patched by Root

Root has patched CVE-2025-66168 in the io.root.org.apache.activemq:activemq-mqtt package for Root:Maven. Multiple fixed versions available...

8.8CVSS5.8AI score0.0078EPSS
Exploits0
OSV
OSV
โ€ขadded 2026/06/23 5:6 p.m.โ€ข16 views

ROOT-APP-MAVEN-CVE-2026-39304 CVE-2026-39304 in io.root.org.apache.activemq:activemq-client - Patched by Root

Root has patched CVE-2026-39304 in the io.root.org.apache.activemq:activemq-client package for Root:Maven. Multiple fixed versions available...

7.5CVSS5.8AI score0.00896EPSS
Exploits0
Github Security Blog
Github Security Blog
โ€ขadded 2026/06/23 5:2 p.m.โ€ข8 views

Gogs has DOM-based XSS via Milestone Name on New Issue Page

Summary The fix for GHSA-vgjm-2cpf-4g7c DOM-based XSS via milestone selection was only applied to templates/repo/issue/viewcontent.tmpl but not to templates/repo/issue/newform.tmpl. An attacker can store an HTML/JavaScript payload in a milestone name, and when any user opens the New Issue page an...

4.8CVSS6AI score0.00483EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
โ€ขadded 2026/06/23 4:46 p.m.โ€ข34 views

CVE-2026-54013 Open WebUI: Stored XSS to Account Takeover via Model Profile Images in Open WebUI

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI patched SVG XSS in user profile images and webhook profile images but forgot to apply the same fix to model profile images. The ModelMeta class has no...

7.6CVSS0.00174EPSS
Exploits1References1
Cvelist
Cvelist
โ€ขadded 2026/06/23 3:54 p.m.โ€ข31 views

CVE-2026-44791 n8n: XML Node Prototype Pollution Patch Bypass

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could bypass the patch for CVE-2026-42232 in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. This...

9.4CVSS0.00634EPSS
Exploits0References1
OSV
OSV
โ€ขadded 2026/06/23 3:42 p.m.โ€ข5 views

ROOT-APP-PYPI-CVE-2025-66221 CVE-2025-66221 in rootio-Werkzeug - Patched by Root

Root has patched CVE-2025-66221 in the rootio-Werkzeug package for Root:PyPI. Multiple fixed versions available...

5.3CVSS5.4AI score0.00474EPSS
Exploits0
NVD
NVD
โ€ขadded 2026/06/23 3:16 p.m.โ€ข8 views

CVE-2026-27604

FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged /api/system/ endpoints. Because system resolves to the cron admin identity,...

10CVSS0.00408EPSS
Exploits0References3
NVD
NVD
โ€ขadded 2026/06/23 3:16 p.m.โ€ข10 views

CVE-2026-28496

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection SSTI vulnerability in the template rendering system. Administrators with access to features that render Twig templates email templates, mass mail campaigns, custo...

9.4CVSS0.01892EPSS
Exploits1References3
OSV
OSV
โ€ขadded 2026/06/23 1:55 p.m.โ€ข8 views

ROOT-APP-MAVEN-CVE-2024-24549 CVE-2024-24549 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root

Root has patched CVE-2024-24549 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available...

7.5CVSS5.8AI score0.23072EPSS
Exploits1
OSV
OSV
โ€ขadded 2026/06/23 1:55 p.m.โ€ข10 views

ROOT-APP-MAVEN-CVE-2024-34750 CVE-2024-34750 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root

Root has patched CVE-2024-34750 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available...

7.5CVSS6.9AI score0.04602EPSS
Exploits0
RedhatCVE
RedhatCVE
โ€ขadded 2026/06/23 1:28 p.m.โ€ข9 views

CVE-2026-53663

A flaw was found in React Router. Insufficient Cross-Site Request Forgery CSRF checks in the framework mode allow a remote attacker to bypass these protections on PUT, PATCH, and DELETE requests. This could lead to a low integrity impact, where an attacker might be able to perform unintended...

3.1CVSS5.8AI score0.00106EPSS
Exploits0References4
OSV
OSV
โ€ขadded 2026/06/23 1:3 p.m.โ€ข6 views

ROOT-APP-NPM-CVE-2026-3304 CVE-2026-3304 in @rootio/multer - Patched by Root

Root has patched CVE-2026-3304 in the @rootio/multer package for Root:npm. Multiple fixed versions available...

8.7CVSS5.8AI score0.00663EPSS
Exploits1
OSV
OSV
โ€ขadded 2026/06/23 12:59 p.m.โ€ข6 views

JLSEC-2026-622 Predictable WebSocket masking key and handshake nonce in HTTP.jl client

Description The WebSocket client masking key wssendframe! and the Sec-WebSocket-Key handshake nonce wsrandomhandshakekey were generated with randUInt8, n, which draws from the task-local Xoshiro256++ PRNG. Xoshiro is not cryptographically secure: its internal state can be recovered from a short r...

5.9AI score
Exploits0References2
OSV
OSV
โ€ขadded 2026/06/23 9:47 a.m.โ€ข4 views

ROOT-APP-PYPI-CVE-2023-43804 CVE-2023-43804 in rootio-urllib3 - Patched by Root

Root has patched CVE-2023-43804 in the rootio-urllib3 package for Root:PyPI. Multiple fixed versions available...

5.9CVSS8.3AI score0.01207EPSS
Exploits0
OSV
OSV
โ€ขadded 2026/06/23 9:47 a.m.โ€ข5 views

ROOT-APP-PYPI-CVE-2023-45803 CVE-2023-45803 in rootio-urllib3 - Patched by Root

Root has patched CVE-2023-45803 in the rootio-urllib3 package for Root:PyPI. Multiple fixed versions available...

4.2CVSS7.5AI score0.00544EPSS
Exploits0
OSV
OSV
โ€ขadded 2026/06/23 9:47 a.m.โ€ข5 views

ROOT-APP-PYPI-CVE-2020-26137 CVE-2020-26137 in rootio-urllib3 - Patched by Root

Root has patched CVE-2020-26137 in the rootio-urllib3 package for Root:PyPI. Multiple fixed versions available...

6.5CVSS8.2AI score0.02269EPSS
Exploits0
OSV
OSV
โ€ขadded 2026/06/23 9:47 a.m.โ€ข12 views

ROOT-APP-PYPI-CVE-2025-66471 CVE-2025-66471 in rootio-urllib3 - Patched by Root

Root has patched CVE-2025-66471 in the rootio-urllib3 package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.4AI score0.00622EPSS
Exploits0
Rows per page
Query Builder