ROOT-APP-NPM-CVE-2026-27606 CVE-2026-27606 in @rootio/rollup - Patched by Root

Root has patched CVE-2026-27606 in the @rootio/rollup package for Root:npm. Multiple fixed versions available...

UBUNTU-CVE-2026-47265

AIOHTTP is an asynchronous HTTP client/server framework for asyncio an...

CVE-2026-10701 Incorrect boundary conditions in the Graphics: Text component

Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 151.0.3...

CVE-2026-32253

Sunshine is a self-hosted game stream host for Moonlight. In versions prior to 2026.516.143833, the client-certificate authentication can be bypassed because of how OpenSSL verification results are handled. In src/crypto.cpp, the custom verify callback treats X509VERRUNABLETOGETISSUERCERTLOCALLY,...

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in requests (CVE-2024-47081)

Summary A vulnerability in the requests library CVE-2024-47081 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading to version 2.32.5. Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to...

Request Tracker 安全漏洞

Request Tracker is a problem and ticket tracking system developed by Request Tracker Inc. Versions prior to Request Tracker 5.0.10, as well as versions 6.0.0 to 6.0.2, contained security vulnerabilities. These vulnerabilities stemmed from the fact that data controlled by users during spreadsheet...

Astra Linux - уязвимость в firefox, thunderbird

Firefox has a spoofing issue. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

In the Linux kernel before version 6.4.12, amdgpucswaitallfences in drivers/gpu/drm/amd/amdgpu/amdgpucs.c contains a use-of-fence issue...

EUVD-2026-30522

Permission control vulnerability in calls. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2026-6962 Cost of Goods: Product Cost & Profit Calculator for WooCommerce <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Cost of Goods: Product Cost & Profit Calculator for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'algwccogproductcost' and 'algwccogproductprofit' shortcodes in all versions up to, and including, 4.1.0 due to insufficient input sanitization an...

CVE-2026-40359 Microsoft Excel Remote Code Execution Vulnerability

...

CVE-2026-8097

CVE-2026-8097 affects CodeAstro Online Classroom 1.0. The vulnerability is in unknown code of /askquery.php, where manipulating the squeryx argument enables SQL injection. Exploitation can be performed remotely, and public exploits exist. CVSS-derived metrics in the provided data indicate a MEDIU...

CVE-2026-7974

Use after free in Blink in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

Security Bulletin:ACE Vulnerability in QOS.CH Logback-core 1.5.24: Class Instantiation via Compromised Configuration File

Summary ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a...

Astra Linux - уязвимость в dcmtk

There is an incorrect type conversion vulnerability in the DVPSSoftcopyVOIPList::createFromImage function of OFFIS DCMTK 3.6.8. A specially crafted, malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to exploit this vulnerability...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: Zoned: Skipping splitting and logical rewriting during pre-alloc write operations. During relocation, there is a possibility that at the time of btrfsrelocclonecsums, there is no checksum for the corresponding region. I...

GHSA-3VR4-CVMG-7FX4 copilot-api has Reliance on Reverse DNS Resolution for a Security-Critical Action

A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The explo...

CVE-2026-6781

Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

UBUNTU-CVE-2025-14813

: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all core modules. This vulnerability is associated with program files G3413CTRBlockCipher. This issue affects BC-JAVA: from 1.59 before 1.80.2, from 1.81 before 1.81.1, from 1.82...

SUSE CVE-2026-39979

jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jvparsesized API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jvstringfmt, which reads until a NUL terminat...