22713 matches found
ROOT-OS-DEBIAN-12-CVE-2026-23242 CVE-2026-23242 in rootio-linux - Patched by Root
Root has patched CVE-2026-23242 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2025-71073 CVE-2025-71073 in rootio-linux - Patched by Root
Root has patched CVE-2025-71073 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2025-38154 CVE-2025-38154 in rootio-linux - Patched by Root
Root has patched CVE-2025-38154 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2024-56588 CVE-2024-56588 in rootio-linux - Patched by Root
Root has patched CVE-2024-56588 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...
CVE-2026-62188
OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability in which the Feishu permission tools could ignore per-account disablement settings. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could...
EUVD-2024-24347
GeoNode: Stored XSS to full account takeover...
CVE-2026-58065 Apache Airflow Git provider: Git provider hook defaults to StrictHostKeyChecking=no, disabling SSH host-key verification
The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...
ROOT-OS-DEBIAN-12-CVE-2026-3184 CVE-2026-3184 in rootio-util-linux - Patched by Root
Root has patched CVE-2026-3184 in the rootio-util-linux package for Root:Debian:12. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-45732 CVE-2026-45732 in @rootio/n8n - Patched by Root
Root has patched CVE-2026-45732 in the @rootio/n8n package for Root:npm. Multiple fixed versions available...
Vite - Arbitrary File Read
Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. @fs denies access to files outside of Vite serving allow list. Adding ?raw?? or ?import&raw?? to the URL bypasses this limitation and returns the file content if it...
UBUNTU-CVE-2026-3494
In MariaDB server version through 11.8.5, when server audit plugin is...
CVE-2026-49394 Frappe: Auth. bypass via update_page
Frappe is a full-stack web application framework. Prior to 16.19.0, authorization bypass was possible via the updatepage endpoint in Workspace because public workspaces did not receive the required Workspace Manager edit check. This issue is fixed in version 16.19.0...
CVE-2026-57221
RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ does not perform authorization checks on passive queue.declare and exchange.declare AMQP 0-9-1 operations, allowing any authenticated user who can connect to a virtual host to enumerate queue and...
CVE-2026-57575 Misskey: SSRF bypass in URL Preview
Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a Server-Side Request Forgery SSRF vulnerability in URL preview functionality in UrlPreviewService. Due to missing network restrictions before establishing outbound connections, a remote attacker can...
CVE-2026-55405
LangChain4j contains a SQL injection vulnerability in the embedding stores for MariaDB and pgvector. Prior to versions 1.2.1-beta8, 1.5.1-beta11, 1.11.8-beta19, and 1.16.3-beta26, metadata filter keys (and, for MariaDB, some string values) are concatenated directly into SQL in EmbeddingSearchRequ...
CVE-2026-55843
Snipe-IT is an IT asset/license management system. Prior to 8.6.0, UsersController::update passes a missing permission request field through NormalizePermissionsPayloadAction and PreserveUnauthorizedPrivilegedPermissionsAction in a way that can overwrite a target user’s permissions with a sparse...
gstreamer1-plugins-bad-free security update
An update is available for gstreamer1-plugins-bad-free. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GStreamer is a streaming media framework based on graphs ...
CVE-2026-53363
CVE-2026-53363 affects the Linux kernel’s xfrm/iptfs path. The vulnerability arises because iptfs_consume_frags() fails to propagate the SKBFL_SHARED_FRAG flag when transferring paged fragments, mirroring the issue fixed in skb_try_coalesce() for CVE-2026-46300. The documented remediation is to a...
ROOT-APP-NPM-CVE-2026-44574 CVE-2026-44574 in @rootio/next - Patched by Root
Root has patched CVE-2026-44574 in the @rootio/next package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2025-62718 CVE-2025-62718 in @rootio/axios - Patched by Root
Root has patched CVE-2025-62718 in the @rootio/axios package for Root:npm. Multiple fixed versions available...