CVE Vulnerabilities - 18 May 2026

An unauthorized attacker can gain elevated privileges over a network if they exploit a weakness in Azure Local Disconnected Operations. This means they could access sensitive information or make chang...

The @rootio/vm2 package in Root:npm has a memory access issue that could be exploited by attackers. This could lead to unauthorized data access or system crashes. Update to a fixed version of @rootio/...

If you're using Root's npm package and haven't updated vm2 recently, you may be at risk of a security issue. This issue has been fixed by Root in newer versions of vm2. We recommend updating to the la...

A security patch has been released for the Root VM2 software to prevent unauthorized access. This affects users of Root's npm package. To stay secure, update to a patched version of the software as so...

Dokploy's free, self-hosted Platform as a Service is affected by a security issue. An authenticated attacker can inject malicious system commands by manipulating the application name. To fix this, upd...

A patch has been released for the vm2 library in Root:npm to prevent malicious code from being executed. This library is used by Root, so it's essential to update to the latest version to ensure the s...

An unauthenticated attacker can execute arbitrary code on Debian Linux systems. This is a significant security risk, as it allows an attacker to take control of the system without needing a password. ...

A remote attacker can cause a stack overflow in the lwIP SNMPv3 handler, potentially leading to a crash or malicious code execution. This affects all systems using lwIP versions up to 2.2.1. To fix th...

A security issue in Microsoft Edge (Chromium-based) could allow hackers to run unauthorized code on a user's device. This could happen if a user visits a malicious website or opens a compromised file....

The SGLangs scheduler has a default setting that makes it accessible from the internet, allowing hackers to execute malicious code on your system. This can happen if you have the scheduler exposed to ...

A vulnerability in SGLangs allows attackers to run malicious code on a server without being authenticated. This is possible when a specific option is enabled. To stay safe, update SGLangs to the lates...

A patch has been released for the Apache Tomcat library that prevents attackers from potentially running unauthorized code on your server. This affects systems running outdated versions of the library...

The @rootio/protobufjs package in Root:npm has a data tampering risk. This means that an attacker could manipulate data to deceive users. Root has released a patch to fix this issue, and you should up...

When using the Apache JServ Protocol (AJP) with Apache Tomcat, attackers can trick the system into returning sensitive files if they can connect to it. This is a risk if the AJP port is accessible to ...

A security patch has been released for Root VM2 software, which fixes a vulnerability that could allow unauthorized access. This affects users who rely on Root VM2 for their operations. To stay secure...

The Root VM2 software had a security issue that allowed unauthorized access to internal services. This could have allowed attackers to access sensitive information or take control of the system. Root ...

A security patch has been released for Root's VM2 package. If not updated, attackers could potentially gain unauthorized access to Root systems. Update to the latest version of the package to ensure s...

A security patch has been released for the Root:npm @rootio/vm2 package. If left unpatched, this vulnerability could allow attackers to execute malicious code within virtual machines. Update to the la...

A security patch has been released for Root's VM2 package. This patch fixes a security issue that could have allowed unauthorized access to Root's systems. To stay secure, update to the latest version...

A malicious version of the Mistralai software, version 2.4.6, has been uploaded to the PyPI package repository. This version contains code that can download and run a malicious script on Linux systems...

Dify versions 1.14.1 and prior have a security flaw that allows attackers to access internal data they shouldn't be able to see. This happens because the software doesn't properly check URLs, making i...

The ChromaDB Python project, version 1.0.0 or later, is vulnerable to a security threat. An attacker can send malicious data to the database, allowing them to run any code on the server without needin...

A security patch has been released for the @rootio/sanitize-html package used by Root. This update addresses a security issue that could potentially allow malicious code to be executed. To ensure secu...

Creartia's ICMS software has a security issue that could allow an attacker to access parts of the system they shouldn't be able to access. This could happen if someone manipulates the way the system r...

An attacker can delete any file on the server without needing a password, which could cause the server to stop working. This is a concern because it could allow an attacker to delete important files t...