PT-2026-44374

Name of the Vulnerable Software and Affected Versions Notepad++ versions prior to 8.9.6.1 Description Multiple issues exist in the software, including a buffer over-read in the inter-process communication mechanism that can lead to a denial of service. Additionally, remote code execution is...

PT-2026-47096

A vulnerability was determined in raysan5 raylib up to 909f040. Affected by this vulnerability is the function GenImageFontAtlas of the file src/rtext.c. Executing a manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclos...

glibc security update

2.28-251.0.4.37 - Forward port of Oracle patches Reviewed-by: David Faust Oracle history: May-7-2026 Cupertino Miranda - 2.28-251.0.4.34 - Forward port of Oracle patches Reviewed-by: Jose E. Marchesi March-18-2026 Cupertino Miranda - 2.28-251.0.4.31 - Forward port of Oracle patches Reviewed-by:...

Unauthenticated Remote Code Execution

Description Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. This leads to a remote code execution vulnerability. Print servers configured with "printing...

ROOT-OS-DEBIAN-13-CVE-2026-47166 CVE-2026-47166 in rootio-imagemagick - Patched by Root

Root has patched CVE-2026-47166 in the rootio-imagemagick package for Root:Debian:13. Multiple fixed versions available...

ROOT-OS-DEBIAN-13-CVE-2026-46522 CVE-2026-46522 in rootio-imagemagick - Patched by Root

Root has patched CVE-2026-46522 in the rootio-imagemagick package for Root:Debian:13. Multiple fixed versions available...

CLSA-2026-1779694105 Fix CVE(s): CVE-2026-42307

SECURITY UPDATE: fix shell-injection in netrw via crafted sftp:// and file:// URLs by escaping the tempfile name and restricting the filename-suffix regex to word characters runtime/autoload/netrw.vim, upstream patch 9.2.0383 - debian/patches/CVE-2026-42307.patch: fix shell-injection in netrw via...

Spring Cloud Gateway Code Injection

Applications using Spring Cloud Gateway prior to 3.1.1+ and 3.0.7+ are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote...

Adobe ColdFusion - Unrestricted File Upload Remote Code Execution

Adobe ColdFusion versions July 12 release 2018.0.0.310739, Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. id: CVE-2018-15961 info: name: Adobe ColdFusion - Unrestricted File Upload...

GHSA-38M6-82C8-4XFM Parse Server: Pre-authentication denial of service via client version header regex backtracking

Impact An unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains adversarial input that triggers polynomial backtracking in a request-header parser. The parsing runs before session authentication and before...

USN-8297-1 linux-gcp-5.15 vulnerabilities

Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. CVE-2023-2640 Shir Tamari and Sagi Tzadik...

OESA-2026-2448 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

CLSA-2025-1754649018 Fix CVE(s): CVE-2025-1176

SECURITY UPDATE: heap-based Buffer Overflow in ELF ld Component - debian/patches/CVE-2025-1176.patch: prevent illegal memory access when indexing into the symhashes array of the elf bfd cookie structure - CVE-2025-1176...

ROOT-APP-MAVEN-CVE-2025-67030 CVE-2025-67030 in io.root.org.codehaus.plexus:plexus-utils - Patched by Root

Root has patched CVE-2025-67030 in the io.root.org.codehaus.plexus:plexus-utils package for Root:Maven. Multiple fixed versions available...

Chromium: CVE-2026-9119 Heap buffer overflow in WebRTC

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

[SECURITY] Fedora 44 Update: kernel-7.0.9-205.fc44

The kernel meta package...

CVE-2026-43499

In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in removewaiter removewaiter is used by the slowlock paths, but it is also used for proxy-lock rollback in rtmutexstartproxylock when invoked from futexrequeue. In the latter case...

PT-2026-42694

Impact The ajax lookup endpoint in application.py bypasses the is accessible access control check that all other endpoints enforce. If a developer restricts model access by overriding is accessible, an authenticated user can still query that model's data through the ajax lookup endpoint — silentl...

CVE-2026-23734

XWiki Platform suffers a Path Traversal vulnerability in which configuration files can be read via the resources parameter on the ssx and jsx endpoints using a leading slash (e.g., /../../WEB-INF/xwiki.cfg). Affected releases:

GHSA-FVVM-949W-QJ4W RTK improperly trusts project-local filter configuration, allowing silent tampering of command output shown to LLM

RTK Rust Token Killer improperly trusts project-local configuration files. In versions prior to 0.32.0, RTK automatically loads .rtk/filters.toml from the working directory with highest priority and without user notification. An attacker can place a malicious filter file in a repository to apply...