ROOT-OS-DEBIAN-12-CVE-2025-8291 CVE-2025-8291 in rootio-python3.11 - Patched by Root

Root has patched CVE-2025-8291 in the rootio-python3.11 package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2025-12084 CVE-2025-12084 in rootio-python3.11 - Patched by Root

Root has patched CVE-2025-12084 in the rootio-python3.11 package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2025-13462 CVE-2025-13462 in rootio-python3.11 - Patched by Root

Root has patched CVE-2025-13462 in the rootio-python3.11 package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2026-28493 CVE-2026-28493 in rootio-imagemagick - Patched by Root

Root has patched CVE-2026-28493 in the rootio-imagemagick package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2026-25967 CVE-2026-25967 in rootio-imagemagick - Patched by Root

Root has patched CVE-2026-25967 in the rootio-imagemagick package for Root:Debian:12. Multiple fixed versions available...

PT-2026-35952

Name of the Vulnerable Software and Affected Versions pgjdbc versions 42.2.0 through 42.7.10 Description A client-side denial of service occurs during SCRAM-SHA-256 authentication. A malicious server can force the driver to execute SCRAM authentication using an excessively large iteration count,...

Security update for python-requests

This update for python-requests fixes the following issues: CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation bsc1260589. Patch Instructions: To install this SUSE update use the SUSE...

SUSE-SU-2026:21414-1 Security update for vim

This update for vim fixes the following issue: Update to version 9.2.0398. Security issues fixed: - CVE-2026-39881: missing sanitization in defineAnnoType and specialKeys can lead to arbitrary Ex command injection via a malicious NetBeans server bsc1261833...

PT-2026-35575

A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extract to json of the file src/entry.py. Performing a manipulation of the argument output filename results in sql injection. Remote exploitation of the attack is possible. The exploit has...

CVE-2026-7012

A vulnerability was detected in MaxSite CMS up to 109.3. This affects an unknown part of the component Redirect Plugin. The manipulation of the argument fall/fall404 results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to versi...

CVE-2026-7135

A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elngboxread of the file src/isomedia/boxcodebase.c of the component MP4Box. Performing a manipulation of the argument elng results in out-of-bounds read. The attack...

CVE-2026-7135 GPAC MP4Box box_code_base.c elng_box_read out-of-bounds

A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elngboxread of the file src/isomedia/boxcodebase.c of the component MP4Box. Performing a manipulation of the argument elng results in out-of-bounds read. The attack...

CVE-2026-7135 GPAC MP4Box box_code_base.c elng_box_read out-of-bounds

A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elngboxread of the file src/isomedia/boxcodebase.c of the component MP4Box. Performing a manipulation of the argument elng results in out-of-bounds read. The attack...

PT-2026-35448

A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elng box read of the file src/isomedia/box code base.c of the component MP4Box. Performing a manipulation of the argument elng results in out-of-bounds read. The...

netfilter: xt_multiport: validate range encoding in checkentry

...

CVE-2026-7018

A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/core/utils/TokenManager.java of the component JWT Token Handler. Executing a manipulation of the...

CVE-2026-7018

Datavane Datavines (up to build 13607645e14a4982468cfdbcf75c85cde63bae71) exposes a vulnerability in the JWT Token Handler component, specifically in TokenManager.java. Manipulation of the tokenSecret parameter can cause use of a hard-coded cryptographic key. The issue is exploitable remotely wit...

CVE-2026-7016 MaxSite CMS ushki Plugin cross site scripting

A vulnerability was found in MaxSite CMS up to 109.3. Impacted is an unknown function of the component ushki Plugin. Performing a manipulation of the argument fushkanew/fushk results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could...

CVE-2026-7015

A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects some unknown processing of the component Guestbook Plugin. Such manipulation of the argument ftext/fslug/flimit/femail leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed t...

EUVD-2026-25690

A flaw has been found in MaxSite CMS up to 109.3. This vulnerability affects unknown code of the component downcount Plugin. This manipulation of the argument ffile/fprefix causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading...