CVE-2026-10521

creationtimestamp| type| source ---|---|--- 2026-06-23 07:36:29+00:00| seen| https://infosec.exchange/users/certvde/statuses/116798271507262478 2026-06-23 07:45:43+00:00| seen| https://infosec.exchange/users/certvde/statuses/116798307883543003...

Important: Red Hat Security Advisory: redis security update

An update for redis is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2026-9733

Affected software: Mojolicious::Plugin::Web::Auth::OAuth2 (Perl) up to version 0.17. Root cause: when no state generator is set, the module uses a SHA-1 hash of low-entropy sources (including epoch time leaked via the HTTP Date header) and Perl rand(), producing a predictable OAuth2 state. Impact...

CVE-2026-41523

creationtimestamp| type| source ---|---|--- 2026-06-23 02:37:07+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3moweld2smf2l 2026-06-23 05:13:50+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3mowndjk4ct2x...

Important: Red Hat Security Advisory: skopeo security update

An update for skopeo is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Important: Red Hat Security Advisory: samba security update

An update for samba is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Syste...

Important: Red Hat Security Advisory: samba security update

An update for samba is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

CVE-2026-48746

creationtimestamp| type| source ---|---|--- 2026-06-23 00:20:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mow4wr4po422 2026-06-23 02:39:02+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3moweoh5uiy2r...

CVE-2026-50556

creationtimestamp| type| source ---|---|--- 2026-06-22 23:25:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3movzuf2ets2s...

CVE-2026-45177

creationtimestamp| type| source ---|---|--- 2026-06-22 23:01:47+00:00| seen| https://bsky.app/profile/securitycyberuk.bsky.social/post/3movykbs7g52w...

DEBIAN-CVE-2026-54275

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the serverhostname TLS SNI check can be bypassed when an existing connection is reused. If an application makes multiple requests to the same domain, but with different per-request serverhostname...

DEBIAN-CVE-2026-54273

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that could be queued. An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. This...

DEBIAN-CVE-2026-54279

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, host-only cookies that are saved with CookieJar.save and then restored later with CookieJar.load lose their host-only status. This vulnerability is fixed in 3.14.1...

CVE-2026-48746

vLLM OpenAI auth bypass (CVE-2026-48746) affects vLLM versions 0.3.0 through 0.21.0. Root cause: ASGI servers and Starlette trust the Host header from the request scope, enabling manipulation of the reconstructed URL path and bypassing the OpenAI API AuthenticationMiddleware for routes beginning ...

DEBIAN-CVE-2026-54282

Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating scheme://hostpath and re-parsing the result, a path that does not begin with / for example...

DEBIAN-CVE-2026-54293

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

DEBIAN-CVE-2026-54283

Starlette is a lightweight ASGI framework/toolkit. From 0.4.1 until 1.3.1, request.form accepts maxfields and maxpartsize to bound resource consumption while parsing form data. These limits are enforced for multipart/form-data, but silently ignored for application/x-www-form-urlencoded. An...

CVE-2026-48512

CVE-2026-48512 affects MessagePack-CSharp’s JSON conversion helpers. Before versions 2.5.301 and 3.1.7, ConvertFromJsonCore and related paths can recurse without enforcing a consistent depth limit, and TinyJsonReader can parse tokens with unbounded recursion. The typeless ext-100 path also recurs...

CVE-2026-48514

MessagePack-CSharp vulnerability CVE-2026-48514 affects Unity UnsafeBlitFormatterBase.Deserialize, where an attacker-controlled byteLength inside an extension payload can cause allocation of a very large T[] before validating header/remaining payload bounds. This unbounded allocation is possible ...

CVE-2026-56321

Capgo (backend Supabase edge functions) before 12.128.2 fails to apply the global authentication middleware to GET /private/role_bindings/:org_id, unlike POST/DELETE for the same resource. Unaunthenticated requests reach the handler instead of middleware rejection, but the handler still performs ...