BIT-APACHE-2026-34356 Apache HTTP Server: ProxyPassReverseCookieMap buffer overflow

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

BIT-APACHE-2026-34355 Apache HTTP Server: mod_proxy_html buffer overflow

A buffer overflow in modproxyhtml in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

BIT-APACHE-2026-29170 Apache HTTP Server: mod_proxy_ftp XSS

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

BIT-APACHE-2026-29167 Apache HTTP Server: mod_ldap per-dir use-after-free

Use After Free vulnerability in Apache HTTP Server with modldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

ROOT-OS-DEBIAN-11-CVE-2026-50256 CVE-2026-50256 in rootio-xorg-server - Patched by Root

Root has patched CVE-2026-50256 in the rootio-xorg-server package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2026-50264 CVE-2026-50264 in rootio-xorg-server - Patched by Root

Root has patched CVE-2026-50264 in the rootio-xorg-server package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2023-5574 CVE-2023-5574 in rootio-xorg-server - Patched by Root

Root has patched CVE-2023-5574 in the rootio-xorg-server package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2026-50257 CVE-2026-50257 in rootio-xorg-server - Patched by Root

Root has patched CVE-2026-50257 in the rootio-xorg-server package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2026-50260 CVE-2026-50260 in rootio-xorg-server - Patched by Root

Root has patched CVE-2026-50260 in the rootio-xorg-server package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2026-34001 CVE-2026-34001 in rootio-xorg-server - Patched by Root

Root has patched CVE-2026-34001 in the rootio-xorg-server package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2026-34002 CVE-2026-34002 in rootio-xorg-server - Patched by Root

Root has patched CVE-2026-34002 in the rootio-xorg-server package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2026-33999 CVE-2026-33999 in rootio-xorg-server - Patched by Root

Root has patched CVE-2026-33999 in the rootio-xorg-server package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2026-34003 CVE-2026-34003 in rootio-xorg-server - Patched by Root

Root has patched CVE-2026-34003 in the rootio-xorg-server package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2026-34000 CVE-2026-34000 in rootio-xorg-server - Patched by Root

Root has patched CVE-2026-34000 in the rootio-xorg-server package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2026-50259 CVE-2026-50259 in rootio-xorg-server - Patched by Root

Root has patched CVE-2026-50259 in the rootio-xorg-server package for Root:Debian:11. Multiple fixed versions available...

Gitlab CE/EE 10.5 - Server-Side Request Forgery

GitLab CE/EE versions starting from 10.5 are susceptible to a server-side request forgery vulnerability when requests to the internal network for webhooks are enabled, even on a GitLab instance where registration is limited. The same vulnerability actually spans multiple CVEs, due to similar...

WordPress Fusion Builder <3.6.2 - Server-Side Request Forgery

WordPress Fusion Builder plugin before 3.6.2 is susceptible to server-side request forgery. The plugin does not validate a parameter in its forms, which can be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. An attacker can...

Blueimp jQuery-File-Upload v9.22.0 - Unrestricted File Upload

Blueimp jQuery-File-Upload v9.22.0 contains an unauthenticated arbitrary file upload caused by insufficient validation in the upload component, letting remote attackers upload malicious files, exploit requires no authentication. id: CVE-2018-9206 info: name: Blueimp jQuery-File-Upload v9.22.0 -...

Updated libssh packages fix security vulnerabilities

CVE-2025-4877 Write beyond bounds in binary to base64 conversion functions CVE-2025-4878 Use of uninitialized variable in privatekeyfromfile CVE-2025-5318 Likely read beyond bounds in sftp server handle management CVE-2025-5351 Double free in functions exporting keys CVE-2025-5372 sshkdf returns ...

CVE-2026-36723

An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables unauthorized access to...