CVE-2026-5107

A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function processtype2route of the file bgpd/bgpevpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to ha...

freerdp security update

2:2.11.7-1.3 - Backport several CVE fixes Resolves: RHEL-151988, RHEL-152215...

ROOT-OS-DEBIAN-12-CVE-2025-2925 CVE-2025-2925 in rootio-hdf5 - Patched by Root

Root has patched CVE-2025-2925 in the rootio-hdf5 package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-ALPINE-322-CVE-2025-32990 CVE-2025-32990 in rootio-gnutls - Patched by Root

Root has patched CVE-2025-32990 in the rootio-gnutls package for Root:Alpine:3.22. Multiple fixed versions available...

ROOT-OS-ALPINE-319-CVE-2023-27482 CVE-2023-27482 in rootio-supervisor - Patched by Root

Root has patched CVE-2023-27482 in the rootio-supervisor package for Root:Alpine:3.19. Multiple fixed versions available...

ROOT-OS-ALPINE-319-CVE-2024-3935 CVE-2024-3935 in rootio-mosquitto - Patched by Root

Root has patched CVE-2024-3935 in the rootio-mosquitto package for Root:Alpine:3.19. Multiple fixed versions available...

ROOT-OS-ALPINE-318-CVE-2000-0547 CVE-2000-0547 in rootio-krb5 - Patched by Root

Root has patched CVE-2000-0547 in the rootio-krb5 package for Root:Alpine:3.18. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2024-28757 CVE-2024-28757 in rootio-expat - Patched by Root

Root has patched CVE-2024-28757 in the rootio-expat package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2026-24515 CVE-2026-24515 in rootio-expat - Patched by Root

Root has patched CVE-2026-24515 in the rootio-expat package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2026-25210 CVE-2026-25210 in rootio-expat - Patched by Root

Root has patched CVE-2026-25210 in the rootio-expat package for Root:Debian:11. Multiple fixed versions available...

EUVD-2026-16715

AVideo: Missing Authorization in Playlist Schedule Creation Allows Cross-User Broadcast Hijacking...

GHSA-W73W-G5XW-RWHF Parse Server has an MFA single-use token bypass via concurrent authData login requests

Impact An attacker who possesses a valid authentication provider token and a single MFA recovery code or SMS one-time password can create multiple authenticated sessions by sending concurrent login requests via the authData login endpoint. This defeats the single-use guarantee of MFA recovery cod...

mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality

Impact The tempo/session cooperative close handler validated the close voucher amount using instead of = against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled amount, which would be accepted without committing any new funds, effectively closing...

SUSE CVE-2026-32695

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 3.6.11 and 3.7.0-ea.2, Traefik's Knative provider builds router rules by interpolating user-controlled values into backtick-delimited rule expressions without escaping. In live cluster validation, Knative rules.hosts was...

PT-2026-28731

Name of the Vulnerable Software and Affected Versions code-projects Simple Food Order System version 1.0 Description A security flaw exists in code-projects Simple Food Order System version 1.0. The issue resides in the Parameter Handler component, specifically within the file /all-tickets.php...

Security update for curl (important)

openSUSE security update: security update for curl ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20404-1 Rating: important References: bsc1259362 bsc1259363 bsc1259364 bsc1259365 Cross-References: CVE-2026-1965 CVE-2026-3783 CVE-2026-3784...

CVE-2026-33531

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.6, a path traversal vulnerability in the report template engine allows a staff-level user to read arbitrary files from the server filesystem via crafted template tags. Affected functions: encodesvgimage, asset, and...

EUVD-2026-16866

MCP Ruby SDK is the official Ruby SDK for Model Context Protocol servers and clients. Prior to version 0.9.2, the Ruby SDK's streamablehttptransport.rb implementation contains a session hijacking vulnerability. An attacker who obtains a valid session ID can completely hijack the victim's...

CVE-2026-33896

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, pki.verifyCertificateChain does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions...

CVE-2026-33874

Gematik Authenticator securely authenticates users for login to digital health applications. Starting in version 4.12.0 and prior to version 4.16.0, the Mac OS version of the Authenticator is vulnerable to remote code execution, triggered when victims open a malicious file. Update the gematik...