ROOT-OS-UBUNTU-2404-CVE-2025-22056 CVE-2025-22056 in rootio-linux - Patched by Root

Root has patched CVE-2025-22056 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2025-38495 CVE-2025-38495 in rootio-linux - Patched by Root

Root has patched CVE-2025-38495 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2026-46003 CVE-2026-46003 in rootio-linux - Patched by Root

Root has patched CVE-2026-46003 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2025-39824 CVE-2025-39824 in rootio-linux - Patched by Root

Root has patched CVE-2025-39824 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-42583 CVE-2026-42583 in io.root.io.netty:netty-codec - Patched by Root

Root has patched CVE-2026-42583 in the io.root.io.netty:netty-codec package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-42587 CVE-2026-42587 in io.root.io.netty:netty-codec-http - Patched by Root

Root has patched CVE-2026-42587 in the io.root.io.netty:netty-codec-http package for Root:Maven. Multiple fixed versions available...

CVE-2026-46399

HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Git filter commands and achieve code execution on the HAX CM...

CVE-2026-34065

nimiq-primitives contains primitives e.g., block, account, transaction to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can cause a node to panic by announcing an election macro block whose validators set contains an invalid compressed BLS voting key. Hashi...

CVE-2026-41904

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the auto-reply email sent to every customer who...

ROOT-APP-NPM-CVE-2025-13466 CVE-2025-13466 in @rootio/body-parser - Patched by Root

Root has patched CVE-2025-13466 in the @rootio/body-parser package for Root:npm. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2023-50447 CVE-2023-50447 in rootio-pillow - Patched by Root

Root has patched CVE-2023-50447 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2026-6429 CVE-2026-6429 in rootio-curl - Patched by Root

Root has patched CVE-2026-6429 in the rootio-curl package for Root:Debian:12. Multiple fixed versions available...

PT-2026-47016

Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.3.2 Description Termix is a web-based server management platform providing SSH terminal, tunneling, and file editing capabilities. Sixteen file-manager endpoints fail to verify if the requesting user owns the SSH...

CVE-2026-42538

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...

CVE-2026-42543

IRIS (web collaboration platform) is affected by CVE-2026-42543 in versions prior to 2.4.28. The vulnerability is CSRF caused by using HTTP GET to perform state-changing actions on the server. A patch exists in 2.4.28. Impact details are limited to what the sources state; there is no exploitation...

ROOT-APP-NPM-CVE-2026-3304 CVE-2026-3304 in @rootio/multer - Patched by Root

Root has patched CVE-2026-3304 in the @rootio/multer package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2024-55565 CVE-2024-55565 in @rootio/nanoid - Patched by Root

Root has patched CVE-2024-55565 in the @rootio/nanoid package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2021-44906 CVE-2021-44906 in @rootio/minimist - Patched by Root

Root has patched CVE-2021-44906 in the @rootio/minimist package for Root:npm. Multiple fixed versions available...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands that use Kafka are vulnerable to loss of confidentiality (CVE-2025-27817, CVE-2025-27818)

Summary Apache Kafka Client is used by IBM App Connect Enterprise Certified Container when running flows that connect to a Kafka server. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use Kafka Client are vulnerable to loss of confidentiality...

EUVD-2026-34286

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public /image/ route that resolves attacker-controlled entries from imagehashlookup and replays them through the same server-side image fetch logic used by authenticated image proxying...