2790 matches found
XWiki >= 6.0-rc-1 - Cross-Site Scripting
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the delete template to perform a XSS, e.g. by using URL such as:...
ROOT-APP-NPM-CVE-2026-44902 CVE-2026-44902 in @rootio/opentelemetry__sdk-node - Patched by Root
Root has patched CVE-2026-44902 in the @rootio/opentelemetrysdk-node package for Root:npm. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-34517 CVE-2026-34517 in rootio-aiohttp - Patched by Root
Root has patched CVE-2026-34517 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-34518 CVE-2026-34518 in rootio-aiohttp - Patched by Root
Root has patched CVE-2026-34518 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-6429 CVE-2026-6429 in rootio-curl - Patched by Root
Root has patched CVE-2026-6429 in the rootio-curl package for Root:Debian:12. Multiple fixed versions available...
CVE-2026-55604
DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.7.0, the process-global SessionStore accepts caller-supplied sessionid values without binding them to any authenticated principal or transport session. An attacker can enumerate active session I...
ROOT-APP-NPM-CVE-2026-27980 CVE-2026-27980 in @rootio/next - Patched by Root
Root has patched CVE-2026-27980 in the @rootio/next package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-3304 CVE-2026-3304 in @rootio/multer - Patched by Root
Root has patched CVE-2026-3304 in the @rootio/multer package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2024-8373 CVE-2024-8373 in @rootio/angular - Patched by Root
Root has patched CVE-2024-8373 in the @rootio/angular package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2021-44906 CVE-2021-44906 in @rootio/minimist - Patched by Root
Root has patched CVE-2021-44906 in the @rootio/minimist package for Root:npm. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2023-50447 CVE-2023-50447 in rootio-pillow - Patched by Root
Root has patched CVE-2023-50447 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...
PYSEC-2026-1313 docling-core vulnerable to Remote Code Execution via unsafe PyYAML usage
Impact A PyYAML-related Remote Code Execution RCE vulnerability, namely CVE-2020-14343, is exposed in docling-core =2.21.0, 2.48.4 and, specifically only if the application uses pyyaml 5.4 and invokes doclingcore.types.doc.DoclingDocument.loadfromyaml passing it untrusted YAML data. Patches The...
ROOT-APP-MAVEN-CVE-2026-42587 CVE-2026-42587 in io.root.io.netty:netty-codec-http - Patched by Root
Root has patched CVE-2026-42587 in the io.root.io.netty:netty-codec-http package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-42583 CVE-2026-42583 in io.root.io.netty:netty-codec - Patched by Root
Root has patched CVE-2026-42583 in the io.root.io.netty:netty-codec package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-45673 CVE-2026-45673 in io.root.io.netty:netty-resolver-dns - Patched by Root
Root has patched CVE-2026-45673 in the io.root.io.netty:netty-resolver-dns package for Root:Maven. Multiple fixed versions available...
RHSA-2026:35896 Red Hat Security Advisory: kernel security update
Bulletin has no description...
PT-2026-56237
Name of the Vulnerable Software and Affected Versions Chevereto versions 3.7.5 through 4.5.3 Description An issue exists in the self-hosted media-sharing platform where the /json AJAX listing endpoint fails to enforce private profile restrictions. While the profile HTML route /username correctly...
ROOT-OS-DEBIAN-13-CVE-2026-37555 CVE-2026-37555 in rootio-libsndfile - Patched by Root
Root has patched CVE-2026-37555 in the rootio-libsndfile package for Root:Debian:13. Multiple fixed versions available...
ROOT-OS-DEBIAN-13-CVE-2025-40203 CVE-2025-40203 in rootio-linux - Patched by Root
Root has patched CVE-2025-40203 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...
ROOT-OS-DEBIAN-13-CVE-2026-46066 CVE-2026-46066 in rootio-linux - Patched by Root
Root has patched CVE-2026-46066 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...