ROOT-OS-DEBIAN-13-CVE-2026-23070 CVE-2026-23070 in rootio-linux - Patched by Root

Root has patched CVE-2026-23070 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2025-37949 CVE-2025-37949 in rootio-linux - Patched by Root

Root has patched CVE-2025-37949 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2025-37982 CVE-2025-37982 in rootio-linux - Patched by Root

Root has patched CVE-2025-37982 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2025-39873 CVE-2025-39873 in rootio-linux - Patched by Root

Root has patched CVE-2025-39873 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2026-43439 CVE-2026-43439 in rootio-linux - Patched by Root

Root has patched CVE-2026-43439 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2025-22120 CVE-2025-22120 in rootio-linux - Patched by Root

Root has patched CVE-2025-22120 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

CVE-2026-8034 Server-side request forgery vulnerability in GitHub Enterprise Server notebook viewer via URL parser confusion

A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...

CVE-2026-6736

CVE-2026-6736 describes an authentication bypass in GitHub Enterprise Server (GHES) : when external authentication is enabled, the signup endpoint could create a local user account and establish a session without validating the external identity provider. This unauthenticated access required netw...

EUVD-2026-27478

Masa CMS is an open source content management system. In versions 7.5.2 and earlier, a SQL injection vulnerability exists in the beanFeed.cfc component within the getQuery function's processing of the sortBy parameter. The application fails to properly sanitize or parameterize this input before...

GHSA-M9HQ-H476-H2G8 Pyroscope Exposes Storage Secret

Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...

CVE-2026-35403 LORIS has potential cross-site scripting in survey_accounts module

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 15.10 to before 27.0.3 and 28.0.1, there is a potential for a cross-site scripting attack in the surveyaccounts module if a user provid...

CVE-2026-29074

SVGO, short for SVG Optimizer, is a Node.js library and command-line application for optimizing SVG files. From version 2.1.0 to before version 2.8.1, from version 3.0.0 to before version 3.3.3, and before version 4.0.1, SVGO accepts XML with custom entities, without guards against entity expansi...

CVE-2026-28695

Craft is a content management system CMS. There is an authenticated admin RCE in Craft CMS 5.8.21 via Server-Side Template Injection using the create Twig function combined with a Symfony Process gadget chain. The create Twig function exposes Craft::createObject, which allows instantiation of...

CVE-2025-64499

Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API...

CVE-2025-62427

The Angular SSR is a server-rise rendering tool for Angular applications. The vulnerability is a Server-Side Request Forgery SSRF flaw within the URL resolution mechanism of Angular's Server-Side Rendering package @angular/ssr before 19.2.18, 20.3.6, and 21.0.0-next.8. The function createRequestU...

CVE-2025-62427 Server-Side Request Forgery (SSRF) in Angular SSR

The Angular SSR is a server-rise rendering tool for Angular applications. The vulnerability is a Server-Side Request Forgery SSRF flaw within the URL resolution mechanism of Angular's Server-Side Rendering package @angular/ssr before 19.2.18, 20.3.6, and 21.0.0-next.8. The function createRequestU...

VulnCheck KEV: CVE-2023-34105

SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV, SRT, MPEG-DASH, and GB28181. Prior to versions 5.0.157, 5.0-b1, and 6.0.48, SRS's api-server server is vulnerable to a drive-by command injection. An attacker may send a request to the /api/v1/snapshots endpoint containing an...

CVE-2021-29528

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.QuantizedMul. This is because the...

SUSE CVE-2021-32778

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy's procedure for resetting a HTTP/2 stream has ON^2 complexity, leading to high CPU utilization when a large number of streams are reset. Deployments are...

CVE-2024-24722

An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain elevated privileges via the 12d Synergy Server and/or 12d Synergy File Replication Server executable service path. This is fixed in 4.3.10.192, 5.1.5.221, and...