1840 matches found
CVE-2026-26378
Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features...
EUVD-2026-34097
GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...
ROOT-OS-UBUNTU-2404-CVE-2025-38225 CVE-2025-38225 in rootio-linux - Patched by Root
Root has patched CVE-2025-38225 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2025-38458 CVE-2025-38458 in rootio-linux - Patched by Root
Root has patched CVE-2025-38458 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2025-40156 CVE-2025-40156 in rootio-linux - Patched by Root
Root has patched CVE-2025-40156 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2025-71192 CVE-2025-71192 in rootio-linux - Patched by Root
Root has patched CVE-2025-71192 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2025-38190 CVE-2025-38190 in rootio-linux - Patched by Root
Root has patched CVE-2025-38190 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2025-21795 CVE-2025-21795 in rootio-linux - Patched by Root
Root has patched CVE-2025-21795 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2025-39805 CVE-2025-39805 in rootio-linux - Patched by Root
Root has patched CVE-2025-39805 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2025-68376 CVE-2025-68376 in rootio-linux - Patched by Root
Root has patched CVE-2025-68376 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2025-21955 CVE-2025-21955 in rootio-linux - Patched by Root
Root has patched CVE-2025-21955 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2025-38530 CVE-2025-38530 in rootio-linux - Patched by Root
Root has patched CVE-2025-38530 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2025-23146 CVE-2025-23146 in rootio-linux - Patched by Root
Root has patched CVE-2025-23146 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...
Ubuntu 25.10 / 26.04 LTS : LibreOffice vulnerability (USN-8352-1)
The remote Ubuntu 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8352-1 advisory. Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use thi...
PT-2026-45722
LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to the database...
EUVD-2026-33550
An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X...
GHSA-PJWM-PJ3P-43MV axios's shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)
Summary shouldBypassProxy, introduced in v1.15.0 to fix CVE-2025-62718, does not normalise IPv4-mapped IPv6 addresses. When NOPROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-mapped IPv6 form ::ffff:7f00:1, ::ffff:a9fe:a9fe still routes through the...
USN-8334-1: CRaC JDK 25 vulnerabilities
Thomas Beckers discovered that the JAXP component of CRaC JDK 25 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of CRa...
ROOT-OS-UBUNTU-2204-CVE-2025-37876 CVE-2025-37876 in rootio-linux - Patched by Root
Root has patched CVE-2025-37876 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2204-CVE-2025-68733 CVE-2025-68733 in rootio-linux - Patched by Root
Root has patched CVE-2025-68733 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...