ROOT-APP-PYPI-CVE-2026-34517 CVE-2026-34517 in rootio-aiohttp - Patched by Root

Root has patched CVE-2026-34517 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2025-38538 CVE-2025-38538 in rootio-linux - Patched by Root

Root has patched CVE-2025-38538 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

EUVD-2026-34025

authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter using a raw string prefix check rather than proper URL parsing. An attacker who can craft a login link can supply a wreply value on a different origin...

CVE-2023-29507

XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is used for checking...

EUVD-2018-19060

Malware in sbrugna...

EUVD-2023-37081

Malicious code in bioql PyPI...

EUVD-2025-16790

Malicious code in bioql PyPI...

EUVD-2023-2750

Malicious code in bioql PyPI...

EUVD-2024-0204

Malicious code in bioql PyPI...

CVE-2025-53371

DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel. DiscordNotifications allows sending requests via curl and filegetcontents to arbitrary URLs set via $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls...

CVE-2025-53106

Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the...

CVE-2024-49364 tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment

tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package. This affects only environments where require'buffer' is the NPM buffer package. The...

CVE-2025-52487 DNN.PLATFORM possibly allows bypass of IP Filters

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 7.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request or proxy to be created that could bypass the design of DNN Login IP Filters allowing login attempts from IP...

Debian: Security Advisory (DLA-4203-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-42483

ESP-NOW Component provides a connectionless Wi-Fi communication protocol. An replay attacks vulnerability was discovered in the implementation of the ESP-NOW because the caches is not differentiated by message types, it is a single, shared resource for all kinds of messages, whether they are...

CVE-2023-38493

Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via TomcatService or JettyService with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not invoked because of t...

CVE-2023-38695

cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in...

Linux Distros Unpatched Vulnerability : CVE-2022-49100

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - virtioconsole: eliminate anonymous moduleinit & moduleexit Eliminate anonymous moduleinit and moduleexit, which can lead to confusion or ambiguity when reading...

CVE-2024-55601

Hugo, a static site generator, is affected in versions 0.123.0 through 0.139.3 (prior to 0.139.4). The issue: certain HTML attributes in Markdown in internal templates are not escaped in render hooks, specifically in templates _default/_markup/render-link.html (v0.123.0), _default/_markup/render-...

MGASA-2023-0310 Updated libsndfile packages fix a security vulnerability

Add upstream patch to fix CVE-2022-33065...