ROOT-APP-NPM-CVE-2026-3520 CVE-2026-3520 in @rootio/multer - Patched by Root

Root has patched CVE-2026-3520 in the @rootio/multer package for Root:npm. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-5588 CVE-2026-5588 in io.root.org.bouncycastle:bcpkix-jdk18on - Patched by Root

Root has patched CVE-2026-5588 in the io.root.org.bouncycastle:bcpkix-jdk18on package for Root:Maven. Multiple fixed versions available...

Langflow < 1.3.0 - Remote Code Execution via validate_code() exec()

Langflow contains a remote code execution caused by inclusion of functionality from untrusted control sphere in the execglobals parameter at the validate endpoint, letting remote attackers execute arbitrary code as root, exploit requires no authentication. id: CVE-2026-0770 info: name: Langflow...

Vite Dev Server - Directory Traversal

Vite is a modern frontend build tool. In Vite prior to versions 6.4.3, 6.3.4, and 5.4.23, a directory traversal vulnerability affects the Vite development server. When the Vite dev server is launched with the --host or server.host option, an unauthenticated attacker can craft a request with a pat...

WAVLINK WN530H4 live_api.cgi - Command Injection

A remote command-line injection vulnerability in the /cgi-bin/liveapi.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication. id: CVE-2020-12124 info: name: WAVLINK WN530H4 liveapi.cgi - Command Injection author...

Cisco IOS XE WLC - Arbitrary File Upload

A vulnerability in the Out-of-Band Access Point AP Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system.This vulnerability is due to the presence of a hard-coded JSON Web...

EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 Root Remote Code Execution

An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier.The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands.The injected comman...

Cisco Secure Firewall Management Center - Authentication Bypass

Cisco Secure Firewall Management Center Software contains an authentication bypass caused by improper system process creation at boot, letting unauthenticated remote attackers execute scripts and gain root access, exploit requires crafted HTTP requests. id: CVE-2026-20079 info: name: Cisco Secure...

TerraMaster TOS <.1.29 - Remote Code Execution

TerraMaster TOS before 4.1.29 has invalid parameter checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with for example OS commands in the opt parameter. id:...

Vite Dev Server - Information Exposure

Vite is a frontend tooling framework for JavaScript. Before versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Only apps explicitly exposing the Vite dev server to the network using...

Grandstream UCM6200 - SQL Injection

Grandstream UCM6200 series contains an unauthenticated remote SQL injection caused by crafted HTTP requests, letting attackers execute shell commands as root on versions before 1.0.19.20 or inject HTML in emails before 1.0.20.17. id: CVE-2020-5722 info: name: Grandstream UCM6200 - SQL Injection...

Vite Dev Server - Information Exposure

Vite dev server could allow reading files from the Vite project root by bypassing server.fs.deny with double forward-slash paths //. This affects exposed dev servers only. id: CVE-2023-34092 info: name: Vite Dev Server - Information Exposure author: ritikchaddha severity: high description: | Vite...

NocoBase - VM Sandbox Escape to Remote Code Execution

NocoBase Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODULES env var. The console object passed into the sandbox context exposes host-realm WritableWorkerStdio stream objects via console.stdout and...

ROOT-OS-UBUNTU-2404-CVE-2025-37776 CVE-2025-37776 in rootio-linux - Patched by Root

Root has patched CVE-2025-37776 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2023-53681 CVE-2023-53681 in rootio-linux - Patched by Root

Root has patched CVE-2023-53681 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2026-31568 CVE-2026-31568 in rootio-linux - Patched by Root

Root has patched CVE-2026-31568 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2025-38521 CVE-2025-38521 in rootio-linux - Patched by Root

Root has patched CVE-2025-38521 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2025-40259 CVE-2025-40259 in rootio-linux - Patched by Root

Root has patched CVE-2025-40259 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2026-43050 CVE-2026-43050 in rootio-linux - Patched by Root

Root has patched CVE-2026-43050 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2024-57922 CVE-2024-57922 in rootio-linux - Patched by Root

Root has patched CVE-2024-57922 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...