FreeBSD-kernel -- ASLR bypass for setuid executables via procctl(2)

Problem Description: The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE base address, rather than before. As a result, a user-requested ASLR disable was still in effect at the point where the base address was chosen. Impact: ...

PT-2026-47841

Issue summary: When the X509 VERIFY PARAM set1 email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of bounds read can happen. Impact summary: This out of bounds read will not directly exfiltrate the data read to the attacker so...

UBUNTU-CVE-2026-8833

Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an authenticated user to bypass URL validation and inject malicious URLs such as javascript: URIs, resulting in cross-site scripting when another...

CVE-2026-36822

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the macAddr parameter of the formDelStaState function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

PT-2026-47704

A remote, unauthenticated BLE peer can trigger a 2-byte out-of-bounds write in the Bluetooth host during L2CAP LE CoC SDU reassembly. When the application enables segmentation via chan ops.alloc buf and the chosen RX pool has a user data size smaller than 2 bytes, the segmentation counter stored ...

PT-2026-47626

Impact Puma is vulnerable to source IP spoofing when set remote address proxy protocol: :v1 is enabled and persistent connections are used. PROXY protocol v1 is a connection-level protocol. Support was added to Puma in v5.5.0. A proxy sends one PROXY header at the beginning of a TCP connection,...

FreeBSD-SA-26:32.elf

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:32.elf Security Advisory The FreeBSD Project Topic: ASLR bypass for setuid executables via procctl2 Category: core Module: kernel Announced: 2026-06-09...

PT-2026-47834

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...

CVE-2026-36822

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the macAddr parameter of the formDelStaState function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

GHSA-CMM3-54F8-PX4J Netty's Default QUIC token handler accepts any client-supplied token

NoQuicTokenHandler is the tokenHandler used when the application does not set one. Its writeToken returns false server will not send Retry — acceptable, but validateToken unconditionally return 0. In QuicheQuicServerCodec.handlePacket, a non-negative return from validateToken is interpreted as...

Netty's Default QUIC token handler accepts any client-supplied token

NoQuicTokenHandler is the tokenHandler used when the application does not set one. Its writeToken returns false server will not send Retry — acceptable, but validateToken unconditionally return 0. In QuicheQuicServerCodec.handlePacket, a non-negative return from validateToken is interpreted as...

CVE-2026-29170

creationtimestamp| type| source ---|---|--- 2026-06-08 21:33:38+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mnsmy6kpfq2g 2026-06-09 12:35:07+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mnu7hq6yhy25...

CVE-2026-11556

A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. Remote exploitation of the attack i...

CVE-2026-11534

A vulnerability was detected in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this issue is some unknown functionality of the file /add.php. The manipulation of the argument name/address/fname results in cross site scripting. It is possible to launch...

USN-8406-1 libnet-cidr-lite-perl vulnerabilities

Dave Rolsky discovered that Net::CIDR::Lite did not properly handle extraneous zero characters at the beginning of an IP address string. A remote attacker could possibly use this issue to bypass access controls that are based on IP addresses. This issue only affected Ubuntu 16.04 LTS and Ubuntu...

CVE-2026-49233

creationtimestamp| type| source ---|---|--- 2026-06-08 15:29:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnryrdiyxt2n...

CVE-2026-11569

creationtimestamp| type| source ---|---|--- 2026-06-08 12:55:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnrq5vv63p23...

WordPress Email Address Encoder plugin < 1.0.25 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Matthew Rollings in WordPress Plugin Email Address Encoder versions 1.0.25...

CVE-2026-9506

creationtimestamp| type| source ---|---|--- 2026-06-08 11:30:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnrlfqxm5c2t...

CVE-2026-11485

creationtimestamp| type| source ---|---|--- 2026-06-08 07:47:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnr6vtkaip2s...