CVE Vulnerabilities - 8 April 2026

The rootio-linux package on Debian 12 has a security issue that could allow someone to access the root account without proper permission. This means that a malicious user could gain control of the ent...

A security patch has been released for the rootio-linux package to prevent unauthorized access to files on a Debian 12 system. This update addresses a previously known issue and is recommended for ins...

A security patch has been released for rootio-linux, a component of the Root platform, which could allow unauthorized users to access sensitive data. This vulnerability affects Root users and requires...

A weakness in Pygments' AdlLexer can lead to high CPU usage, potentially causing slow performance or system crashes. This issue affects older versions of Pygments. Upgrade to the latest version to res...

Adobe Reader for Android stores sensitive data in an unsecured location, allowing unauthorized access to documents and user information. This could lead to sensitive data theft or unauthorized access ...

Adobe Flash Player on Windows computers may allow an attacker to run malicious code on the system without permission. This could happen if a user visits a website that contains a malicious Flash file....

A bug in certificate validation can allow a malicious certificate to be accepted as trusted, even if it shouldn't be. This happens when a certificate has a wildcard domain name that doesn't match the ...

A security issue affects how certain certificate chains are verified. Specifically, it overlooks wildcard DNS certificates if their domain name doesn't match the case of the excluded DNS constraint. T...

Using JavaScript template literals in specific cases could lead to incorrect content escaping, potentially allowing malicious code to be injected. This affects users of JavaScript template literals, p...

A bug in some HTML templates can allow hackers to inject malicious code into a website, potentially taking control of it. This issue affects websites that use a specific type of template engine. To st...

A malicious archive can cause GNU tar to consume excessive memory, potentially crashing or freezing the system. This issue affects systems that use GNU tar to extract archives. To mitigate this risk, ...

Libarchive's tar reader can be exploited to consume an excessive amount of memory by processing a specially crafted archive. This can cause the program to crash or become unresponsive. To protect agai...

A vulnerability in TLS 1.3 can cause connections to become stuck, wasting server resources. This happens when a server or client sends multiple key update messages in one go, freezing the connection. ...

If you're using TLS 1.3, an attacker can potentially crash your server or connection by sending multiple key updates at once. This could lead to a denial of service, where your server becomes unrespon...

Linux systems using the Chmod function may allow unauthorized access to sensitive files if an attacker replaces the target with a symbolic link. This could potentially lead to unauthorized changes or ...

This issue affects Linux systems and can occur when a symbolic link to a file outside the root directory is created during a chmod operation. This may allow unauthorized changes to files outside the i...

Apache HTTP Server may become unresponsive when validating certain large certificate chains. This affects trusted certificate chains, but does not compromise security. Update your Apache HTTP Server t...

Certain software that checks digital certificates for trust may take a long time to validate certificates that have many policy mappings. This can cause the software to become unresponsive or slow. If...

A bug in OpenSSL's certificate verification process can cause it to take a long time to verify certificates when dealing with many intermediate certificates. This can cause slowdowns and potentially i...

When verifying a chain of digital certificates, a large number of intermediate certificates can cause the system to become unresponsive or even crash. This issue affects users of the crypto/x509 and c...