CVE-2026-35193 Potential exposure of private data via missing Vary: Authorization in UpdateCacheMiddleware

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

CVE-2026-47265

AIOHTTP prior to 3.14.0 is vulnerable: cookies provided via the cookies parameter on per-request calls are sent after following a cross-origin redirect, which may leak sensitive data if an attacker can control the redirect. Version 3.14.0 patches the issue. As a workaround, using a Cookie header ...

GHSA-X368-4G9H-FVV4 vulnerabilities

Vulnerabilities for packages: tritonserver-backend-vllm-cuda-13.0...

CVE-2026-44222 vulnerabilities

Vulnerabilities for packages: tritonserver-backend-vllm-cuda-13.0...

CVE-2026-45043

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper validation in the PUT /rustfs/admin/v3/import-iam endpoint allows a user with ImportIAMAction to create service accounts under arbitrary parent identities, including the root user minioadmin. The endpoint...

📄 D-Link DSL2600U Password Disclosure

D-Link DSL2600U suffers from an administrative password disclosure vulnerability. Exploit Title: D-Link DSL2600U - 'rom-0' Admin Password Disclosure Date: 2026-05-02 Exploit Author: Amir Hossein Jamshidi Vendor Homepage: https://www.dlink.com Version: DSL-2600U Tested on: ubuntu CVE : N/A Firmwar...

CVE-2026-9996

Out of bounds read in WebRTC in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

PT-2026-44782

These are all security issues fixed in the libsuricata8 0 5-8.0.5-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-44776

These are all security issues fixed in the libsuricata8 0 5-8.0.5-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-45022

CVE-2026-45022 affects the Go Git library, go-git, where prior to v5.19.0 and v6.0.0-alpha.3 it may parse malformed commit/tag objects differently from upstream Git. The decoded representation can expose values differently and the commit signing/verification may operate on reconstructed data rath...

D-Link DSL2600U - 'rom-0' Admin Password Disclosure

Exploit Title: D-Link DSL2600U - 'rom-0' Admin Password Disclosure Date: 2026-05-02 Exploit Author: Amir Hossein Jamshidi Vendor Homepage: https://www.dlink.com Version: DSL-2600U Tested on: ubuntu CVE : N/A Firmware Version: v1.08 from routersploit.libs.lzs.lzs import LZSDecompress import reques...

PT-2026-42856

A malicious archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, and tar1 rejects such extractions, but ocaml-tar decompresses it anyway. The impact is that it allows arbitrary file write outside of the desired extraction director...

[SECURITY] [DSA 6284-1] pdns security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6284-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 20, 2026 https://www.debian.org/security/faq -...

Astra Linux - уязвимость в imagemagick

In the CropImage and CropImageToTiles routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets were causing undefined behavior, including integer overflow and out-of-range values, as reported by UndefinedBehaviorSanitizer. Such issues could negatively...

Astra Linux - уязвимость в imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the InterpretImageFilename function. The issue arises from an off-by-one error that causes out-of-bounds memory access when...

Astra Linux - уязвимость в imagemagick

A flaw was discovered in ImageMagick within MagickCore/statistic.c. An attacker who submits a crafted file processed by ImageMagick could induce undefined behavior, resulting in an excessively large value for the 64-bit type ssizet. This likely leads to a disruption in the application’s...

Astra Linux - уязвимость в imagemagick

In the function SetImageExtent in /MagickCore/image.c, an incorrect image depth value can lead to a memory leak. This occurs because the code that checks for the correct image depth value does not reset the value if an invalid size is encountered. The patch resets the depth value to a valid one...

PT-2026-42187

Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7...

CVE-2026-36438

The CVE-2026-36438 entry concerns Intelbras VIP-1230-D-G4, firmware V2.800.00IB00C.0.T. A vulnerability in the password reset functionality under /OutsideCmd could allow a remote attacker to obtain sensitive information. The provided sources indicate an information-disclosure issue but do not spe...

CVE-2026-43989

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the uploadwasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is...