53725 matches found
ROOT-OS-UBUNTU-2204-CVE-2025-38345 CVE-2025-38345 in rootio-linux - Patched by Root
Root has patched CVE-2025-38345 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...
ROOT-OS-DEBIAN-13-CVE-2026-31516 CVE-2026-31516 in rootio-linux - Patched by Root
Root has patched CVE-2026-31516 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2022-49167 CVE-2022-49167 in rootio-linux - Patched by Root
Root has patched CVE-2022-49167 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-53108 CVE-2026-53108 in rootio-linux - Patched by Root
Root has patched CVE-2026-53108 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-23038 CVE-2026-23038 in rootio-linux - Patched by Root
Root has patched CVE-2026-23038 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-52913 CVE-2026-52913 in rootio-linux - Patched by Root
Root has patched CVE-2026-52913 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...
eyoucms v.1.6.5 - Cross-Site Scripting
Cross Site Scripting XSS vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. id: CVE-2024-22927 info: name: eyoucms v.1.6.5 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross Site Scripting XSS...
Mage AI - Insecure Default Authentication Setup
A vulnerability was found in Mage AI 0.9.75. It has been classified as problematic. This affects an unknown part. The manipulation leads to insecure default initialization of resource. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability i...
Relevanssi <= 4.24.4 (Free) - Unauthenticated SQL Injection
The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 Free and = 2.27.4 Premium due to insufficient escaping on the user supplied parameter and lack of sufficient...
Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover
The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to chan...
Roundcube Webmail - Remote Code Execution
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization. id: CVE-2025-49113 info: name: Roundcube Webmail - Remote...
GiveWP - PHP Object Injection
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'givetitle' parameter. id: CVE-2024-5932 info: name: GiveWP - PHP Object Injection author:...
Wordpress Email Subscribers by Icegram Express - SQL Injection
The Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IGESSubscribersQuery' class in all versions up to, and including, 5.7.14 due to insufficient escaping ...
Apache Solr - Authentication Bypass
Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass.A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the origina...
CVE-2026-55516
creationtimestamp| type| source ---|---|--- 2026-07-10 20:56:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqczwdg25w26 2026-07-11 01:07:42+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdhxyfvrz2y 2026-07-11 17:00:47+00:00| seen|...
GHSA-V853-W46P-FV2H vulnerabilities
Vulnerabilities for packages: apache-tomee, geoserver...
PT-2026-57282
Name of the Vulnerable Software and Affected Versions Logto versions prior to 1.41.0 Description The Account Center step-up check accepts any active verification record belonging to the current user where isVerified is set to true. An attacker with an existing Account API bearer token can create...
GHSA-G33C-4GX6-V8XR vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-13846 vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-13803 vulnerabilities
Vulnerabilities for packages: chromium...