CVE-2026-32877

Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value C3 failed to check that the encoded value was of the expected length prior to comparison. An invalid ciphertext can cause a heap over-read o...

UBUNTU-CVE-2026-32883

Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate status code, but critically omitted verifying the signature of the OCSP response itself. This issue has been patched in version 3.11.0...

CVE-2026-32877

Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value C3 failed to check that the encoded value was of the expected length prior to comparison. An invalid ciphertext can cause a heap over-read o...

CVE-2026-34558

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within the Methods Management functionality when creating or...

CVE-2026-31831

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /newsletter/image/images API endpoint is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files from the application server's filesystem. This issue has be...

EUVD-2026-17190

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /pmsimageproxy endpoint accepts a user-supplied img parameter and forwards it to Plex Media Server's /photo/:/ transcode transcoder without authentication and without restricting the scheme...

UBUNTU-CVE-2026-5124

A security vulnerability has been detected in osrg GoBGP up to 4.3.0. Affected is the function BGPHeader.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP Header Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The...

CVE-2026-5124 osrg GoBGP BGP Header bgp.go BGPHeader.DecodeFromBytes access control

A security vulnerability has been detected in osrg GoBGP up to 4.3.0. Affected is the function BGPHeader.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP Header Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The...

CVE-2026-5123

Summary: CVE-2026-5123 affects osrg GoBGP up to version 4.3.0. It concerns the function DecodeFromBytes in pkg/packet/bgp/bgp.go, where manipulating the data[1] argument can trigger an off-by-one condition. The issue potentially allows a remote attacker, with a highly complex attack surface, to i...

CVE-2026-5122 osrg GoBGP BGP OPEN Message bgp.go DecodeFromBytes access control

A security flaw has been discovered in osrg GoBGP up to 4.3.0. This affects the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP OPEN Message Handler. Performing a manipulation of the argument domainNameLen results in improper access controls. The attack may be...

ROOT-OS-DEBIAN-11-CVE-2026-28689 CVE-2026-28689 in rootio-imagemagick - Patched by Root

Root has patched CVE-2026-28689 in the rootio-imagemagick package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2023-34152 CVE-2023-34152 in rootio-imagemagick - Patched by Root

Root has patched CVE-2023-34152 in the rootio-imagemagick package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2026-26284 CVE-2026-26284 in rootio-imagemagick - Patched by Root

Root has patched CVE-2026-26284 in the rootio-imagemagick package for Root:Debian:11. Multiple fixed versions available...

Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: Version 5.2.6-0 Update translation strings uyuni-tools: Version 5.2.5-0 Remove migrate command Remove template script from mgradm: use the one in the image Split the TFTP server into a separate container Explicitly start proxy pods after operation...

CVE-2026-5107

A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function processtype2route of the file bgpd/bgpevpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to ha...

freerdp security update

2:2.11.7-1.3 - Backport several CVE fixes Resolves: RHEL-151988, RHEL-152215...

ROOT-OS-DEBIAN-12-CVE-2025-2925 CVE-2025-2925 in rootio-hdf5 - Patched by Root

Root has patched CVE-2025-2925 in the rootio-hdf5 package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-ALPINE-322-CVE-2025-32990 CVE-2025-32990 in rootio-gnutls - Patched by Root

Root has patched CVE-2025-32990 in the rootio-gnutls package for Root:Alpine:3.22. Multiple fixed versions available...

ROOT-OS-ALPINE-319-CVE-2023-27482 CVE-2023-27482 in rootio-supervisor - Patched by Root

Root has patched CVE-2023-27482 in the rootio-supervisor package for Root:Alpine:3.19. Multiple fixed versions available...

ROOT-OS-ALPINE-319-CVE-2024-3935 CVE-2024-3935 in rootio-mosquitto - Patched by Root

Root has patched CVE-2024-3935 in the rootio-mosquitto package for Root:Alpine:3.19. Multiple fixed versions available...