ROOT-OS-UBUNTU-2404-CVE-2026-43439 CVE-2026-43439 in rootio-linux - Patched by Root

Root has patched CVE-2026-43439 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-DEBIAN-13-CVE-2025-38520 CVE-2025-38520 in rootio-linux - Patched by Root

Root has patched CVE-2025-38520 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2026-43048 CVE-2026-43048 in rootio-linux - Patched by Root

Root has patched CVE-2026-43048 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2026-46229 CVE-2026-46229 in rootio-linux - Patched by Root

Root has patched CVE-2026-46229 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

CVE-2026-9057 Security fix for Qlik Talend Administration Center URL access control vulnerability

A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to modify the Talend Studio update URL. This issue was resolved in a patch, which is already available...

CVE-2026-1682

A flaw has been found in Free5GC SMF up to 4.1.0. Affected is the function HandlePfcpAssociationReleaseRequest of the file internal/pfcp/handler/handler.go of the component PFCP UDP Endpoint. Executing a manipulation can lead to null pointer dereference. The attack may be launched remotely. The...

CVE-2023-49274

Umbraco is an ASP.NET content management system CMS. Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a user enumeration attack is possible when SMTP is not set up correctly, but reset password is enabled. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this...

EUVD-2019-19301

Malware in sbrugna...

EUVD-2020-17032

Malware in sbrugna...

EUVD-2022-38829

Malicious code in bioql PyPI...

EUVD-2024-2329

Malicious code in bioql PyPI...

GHSA-PRWH-7838-XF82 XWiki allows SQL injection in query endpoint of REST API with Oracle

Impact It's possible to execute any SQL query in Oracle by using the function like DBMSXMLGEN or DBMSXMLQUERY. The XWiki query validator does not sanitize functions that would be used in a simple select and Hibernate allows using any native function in an HQL query. Patches This has been patched ...

Slackware Linux 15.0 / current mozilla-thunderbird Vulnerability (SSA:2025-162-01)

The version of mozilla-thunderbird installed on the remote host is prior to 128.11.1esr. It is, therefore, affected by a vulnerability as referenced in the SSA:2025-162-01 advisory. New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Tenable has...

CVE-2025-48888 Deno run with --allow-read and --deny-read flags results in allowed

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2, deno run --allow-read --deny-read main.ts results in allowed, even though 'deny' should be stronger. The result is the same with all global unary permissions give...

CVE-2022-24890

Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There...

CVE-2025-32012 Jellyfin Vulnerable to Denial of Service (DoS) via IP Spoofing

Jellyfin is an open source self hosted media server. In versions 10.9.0 to before 10.10.7, the /System/Restart endpoint provides administrators the ability to restart their Jellyfin server. This endpoint is intended to be admins-only, but it also authorizes requests from any device in the same...

CVE-2025-30151 Shopware allows Denial Of Service via password length

Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin...

tough root metadata version is not checked for sequential versioning

Summary When updating the root role, a TUF client must establish a trusted line of continuity to the latest set of keys. While sequentially downloading new versions of the root metadata file, tough will not check that the root object version it received was the next sequential version from the...

CVE-2025-27601 Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality

Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be...

GHSA-38H4-FX85-QCX7 Exiv2 allows Use After Free

Impact A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are not affected. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The heap overflow is triggered whe...