EUVD-2026-36285

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...

EUVD-2026-36282

Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...

EUVD-2026-36276

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channel they can read. The bot then logs deleted and edited message contents from every channel it can...

CVE-2026-49214

CVE-2026-49214 affects guzzlehttp/psr7 up to version 2.10.1. Versions prior to 2.10.2 do not reject ASCII control characters/whitespace/DEL in URI host components. If a user-controlled URL is used to build a PSR-7 Uri/Request and the host contains CRLF or similar, the host may be copied into the ...

SUSE CVE-2026-49219

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink. This issue has been patched i...

ROOT-OS-DEBIAN-13-CVE-2026-6276 CVE-2026-6276 in rootio-curl - Patched by Root

Root has patched CVE-2026-6276 in the rootio-curl package for Root:Debian:13. Multiple fixed versions available...

ROOT-OS-DEBIAN-13-CVE-2025-10966 CVE-2025-10966 in rootio-curl - Patched by Root

Root has patched CVE-2025-10966 in the rootio-curl package for Root:Debian:13. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-22741 CVE-2026-22741 in io.root.org.springframework:spring-webmvc - Patched by Root

Root has patched CVE-2026-22741 in the io.root.org.springframework:spring-webmvc package for Root:Maven. Multiple fixed versions available...

ROOT-APP-NUGET-CVE-2025-55247 CVE-2025-55247 in Rootio.Microsoft.Build.Tasks.Core - Patched by Root

Root has patched CVE-2025-55247 in the Rootio.Microsoft.Build.Tasks.Core package for Root:NuGet. Multiple fixed versions available...

CasaOS < 0.4.4 - Authentication Bypass via Random JWT Token

CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as root on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit 705bf1f...

Pega Infinity - Authentication Bypass

Pega Infinity versions 8.2.1 through 8.5.2 contain an authentication bypass vulnerability because the password reset functionality for local accounts can be used to bypass local authentication checks. id: CVE-2021-27651 info: name: Pega Infinity - Authentication Bypass author: idealphase,daffainf...

Nova noVNC - Open Redirect

Nova noVNC contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-3654 info: name: Nova noVNC - Open Redirect author: geeknik severity: medium...

EyesOfNetwork 5.1-5.3 - SQL Injection/Remote Code Execution

EyesOfNetwork 5.1 to 5.3 contains SQL injection and remote code execution vulnerabilities. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. See also CVE-2020-8655,...

Dolibarr Unauthenticated Contacts Database Theft

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists. id: CVE-2023-33568 info: name: Dolibarr Unauthenticated Contacts Database Theft...

Security update for java-17-openj9 (important)

openSUSE Security Update: Security update for java-17-openj9 Announcement ID: openSUSE-SU-2025:0067-1 Rating: important References: 1204468 1204471 1204472 1204473 1204475 1204480 1204703 1206549 1207246 1207248 1207922 1210628 1210631 1210632 1210634 1210635 1210636 1210637 1211615 1213470 12134...

PT-2026-48647

A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import. This vulnerability was...

PT-2026-48708

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a user with Manage Server / ManageGuild, but without Manage Roles or Administrator, can configure the bot’s AutoRole feature to assign an arbitrary role to new members. If the select...

PT-2026-48706

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.1, any guild member who can invoke slash commands can use /automod add, /automod remove, and /automod list because the command has no Discord default permission requirement and no runti...

PT-2026-48698

Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds registered the unauthenticated AJAX action wp ajax nopriv ftf get site info includes/Site Info.php that verified a nonce ftf-fediverse-embeds-nonce and then called file get html$site url on the...

CVE-2026-53463

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when passing incorrect arguments in the distort operation a null pointer deference will occur. This issue has been patched in versions 6.9.13-50 and 7.1.2-25...