CVE-2026-34210 mppx has Stripe charge credential replay via missing idempotency check

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a valid credential containing the same spt token against a new...

ROOT-OS-DEBIAN-12-CVE-2026-30937 CVE-2026-30937 in rootio-imagemagick - Patched by Root

Root has patched CVE-2026-30937 in the rootio-imagemagick package for Root:Debian:12. Multiple fixed versions available...

PYSEC-2026-35

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography...

DEBIAN-CVE-2026-34073

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography...

CVE-2026-34060 Ruby LSP has arbitrary code execution through branch setting

Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a...

EUVD-2026-17285

vcpkg is a free and open-source C/C++ package manager. Prior to version 3.6.13, vcpkg's Windows builds of OpenSSL set openssldir to a path on the build machine, making that path be attackable later on customer machines. This issue has been patched in version 3.6.13...

CVE-2026-34043

Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service DoS vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object an object that inherits from Array.prototype but ha...

CVE-2026-30880

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability in the installer. This issue has been patched in version 5.2.3...

CVE-2026-30880

The CVE-2026-30880 issue affects baserCMS prior to version 5.2.3, where an OS command injection vulnerability exists in the installer. The root cause is an inadequate input validation/command execution handling during installation, allowing an attacker who places baserCMS on a server (not yet ins...

PT-2026-29145

baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using require once without validating or restricting the filename. An attack...

PT-2026-29250

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a...

PT-2026-29315

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the discourse-subscriptions plugin leaks stripe API keys across sites in a multisite cluster resulting in the potential fo...

PT-2026-29333

Name of the Vulnerable Software and Affected Versions Nautobot versions prior to 2.4.30 Nautobot versions prior to 3.0.10 Description The application fails to enforce password validation rules defined by Django's AUTH PASSWORD VALIDATORS setting when creating or editing users via the REST API. Th...

PT-2026-29343

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Invoice PDF generation module. User-supplied HTML in the invoice Notes field i...

PT-2026-29383

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a heap-buffer-overflow HBO in CIccMpeSpectralMatrix::Describe. The issue is observable under AddressSanitizer as an out-of-bounds heap read when...

PT-2026-29372

Name of the Vulnerable Software and Affected Versions APTRS versions prior to 2.0.1 Description APTRS Automated Penetration Testing Reporting System is a Python and Django-based automated reporting tool. A flaw exists in the edit user API endpoint '/api/auth/edituser/' where a user can elevate...

PT-2026-29413

Name of the Vulnerable Software and Affected Versions FastMCP versions prior to 3.2.0 Description FastMCP, a framework for building MCP applications, is susceptible to command injection on Windows systems when server names contain shell metacharacters, such as &. This occurs during the fastmcp...

PT-2026-29356

Name of the Vulnerable Software and Affected Versions Alerta versions prior to 9.1.0 Description Alerta, a monitoring tool, had a SQL injection issue in the Query string search API. The vulnerability stemmed from directly interpolating user-supplied search terms into SQL strings via f-strings whe...

CVE-2026-33977 FreeRDP: DoS via WINPR_ASSERT in IMA ADPCM audio decoder (dsp.c:331)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value = 89. The unvalidated step index is read directly from the network and...

CVE-2026-32883

Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate status code, but critically omitted verifying the signature of the OCSP response itself. This issue has been patched in version 3.11.0...