4810 matches found
ROOT-OS-DEBIAN-13-CVE-2026-31438 CVE-2026-31438 in rootio-linux - Patched by Root
Root has patched CVE-2026-31438 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...
ROOT-OS-DEBIAN-13-CVE-2026-46330 CVE-2026-46330 in rootio-linux - Patched by Root
Root has patched CVE-2026-46330 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2024-35794 CVE-2024-35794 in rootio-linux - Patched by Root
Root has patched CVE-2024-35794 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2025-38185 CVE-2025-38185 in rootio-linux - Patched by Root
Root has patched CVE-2025-38185 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2025-38723 CVE-2025-38723 in rootio-linux - Patched by Root
Root has patched CVE-2025-38723 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2025-37769 CVE-2025-37769 in rootio-linux - Patched by Root
Root has patched CVE-2025-37769 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2024-56538 CVE-2024-56538 in rootio-linux - Patched by Root
Root has patched CVE-2024-56538 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-31623 CVE-2026-31623 in rootio-linux - Patched by Root
Root has patched CVE-2026-31623 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2025-71185 CVE-2025-71185 in rootio-linux - Patched by Root
Root has patched CVE-2025-71185 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...
EUVD-2026-35091
phpMyFAQ has Weak Cryptography - SHA1 for Password Hashing...
EUVD-2026-38597
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.13.0 until 2.14.0, a potential Denial-of-Service exists when attacker sends deeply nested JSON if and only if the service reads deeply nested 1000s of levels JSON as JsonNode...
EUVD-2026-38589
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, in BeanDeserializer.deserializeUsingPropertyBased, the active-view @JsonView filter was applied only to creator properties; the regular...
CVE-2026-47381
CVE-2026-47381 affects NocoDB prior to 2026.05.1, where a user in one workspace could abuse the testConnection endpoint to access another workspace’s integration due to the integration being fetched in a bypass scope and permission checks being evaluated against any base in any workspace. The iss...
CVE-2026-47388
NocoDB is affected by CVE-2026-47388: Missing ownership check in MCP Attachment Read allows a low-privilege MCP token holder with knowledge of an attachment path to read files in shared storage (including attachments from other bases/workspaces). The issue arises because readAttachment did not ve...
CVE-2026-54016
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI has a Broken Object Level Authorization BOLA vulnerability in the builtin searchknowledgefiles tool. When native function calling is enabled and the selected model has no...
EUVD-2026-38569
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the safeevalexpression function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes giframe, fback, fbuiltins do NOT...
CVE-2026-54013
CVE-2026-54013 describes a stored XSS in Open WebUI where the model profile image URL could be a data:image/svg+xml;base64 payload. The root cause is missing input validation on ModelMeta.profile_image_url and missing output protections in the model image endpoint (no MIME allowlist, no nosniff, ...
EUVD-2026-38517
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference IDOR vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in...
CVE-2026-54309
CVE-2026-54309 affects n8n when the MCP Browser is run with HTTP transport. The MCP endpoint accepts session initialization and tool invocation without authentication, enabling unauthenticated callers (including websites visited by the user) to access browser-control tools (navigation, JavaScript...
ROOT-APP-PYPI-CVE-2026-42311 CVE-2026-42311 in rootio-pillow - Patched by Root
Root has patched CVE-2026-42311 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...