ROOT-APP-PYPI-CVE-2021-28363 CVE-2021-28363 in rootio-urllib3 - Patched by Root

Root has patched CVE-2021-28363 in the rootio-urllib3 package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-33230 CVE-2026-33230 in rootio-nltk - Patched by Root

Root has patched CVE-2026-33230 in the rootio-nltk package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2024-3651 CVE-2024-3651 in rootio-idna - Patched by Root

Root has patched CVE-2024-3651 in the rootio-idna package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2023-34110 CVE-2023-34110 in rootio-Flask-AppBuilder - Patched by Root

Root has patched CVE-2023-34110 in the rootio-Flask-AppBuilder package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2025-43859 CVE-2025-43859 in rootio-h11 - Patched by Root

Root has patched CVE-2025-43859 in the rootio-h11 package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2025-69196 CVE-2025-69196 in rootio-fastmcp - Patched by Root

Root has patched CVE-2025-69196 in the rootio-fastmcp package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-33936 CVE-2026-33936 in rootio-ecdsa - Patched by Root

Root has patched CVE-2026-33936 in the rootio-ecdsa package for Root:PyPI. Multiple fixed versions available...

EUVD-2026-34092

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...

CVE-2026-10722

A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a...

CVE-2026-10722

A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a...

CVE-2026-47065

CVE-2026-47065 (Apache MINA context) describes two deserialization bypass issues: first, resolveProxyClass bypasses the accept/allow-list when JDK resolves proxy interfaces from a serialized proxy via ObjectInputStream.readProxyDesc(), and second, readClassDescriptor triggers static initializers ...

EUVD-2026-34067

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...

PT-2026-45900

Name of the Vulnerable Software and Affected Versions Laravel affected versions not specified Description A CRLF injection flaw allows for mail relay abuse, email hijacking, and header abuse. CRLF injection occurs when an attacker inserts Carriage Return CR and Line Feed LF characters into an inp...

PT-2026-46105

Impact The METS-GBS backend's XML parsing and the input document format detection lacked security controls, enabling: - XML External Entity XXE attacks to read local files or cause denial of service - Decompression bombs zip bombs to exhaust memory and disk space - Unbounded archive extraction...

Security update for python-pip (moderate)

openSUSE security update: security update for python-pip ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20880-1 Rating: moderate References: bsc1262429 bsc1263442 Cross-References: CVE-2026-1703 CVE-2026-3219 CVE-2026-6357 CVSS scores: CVE-2026-170...

CVE-2026-10692

The CVE-2026-10692 affects johnhuang316 code-index-mcp up to version 2.14.0, specifically the is_safe_regex_pattern function in the search_code_advanced component. Manipulating the regex argument can cause inefficient regex processing (potentially a denial-of-service), with remote attack potentia...

CVE-2026-42849

The CVE-2026-42849 entryffects authentik, an open-source identity provider. Affected component: SFE (Simple Flow Executor) autosubmit stage, where legacy-browser compatibility logic enabled a reflected XSS. Root cause: XSS in AutosubmitStage enables an attacker to potentially take over an IDP acc...

CVE-2026-47265

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

EUVD-2026-33983

NamelessMC is website software for Minecraft servers. In version 2.2.4, core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This means that authenticated low-privileged users can add reactions to private...

CVE-2026-45678

The CVE-2026-45678 vulnerability affects OpenTelemetry eBPF Instrumentation before version 0.9.0, where the Postgres BIND parsing logic mishandles BIND payloads that are empty or unterminated. The issue arises in the Postgres protocol parser that assumes a NUL-terminated portal name; a crafted pa...