CVE-2026-9733

Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time which is leaked via t...

CVE-2026-41523

creationtimestamp| type| source ---|---|--- 2026-06-23 02:37:07+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3moweld2smf2l 2026-06-23 05:13:50+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3mowndjk4ct2x...

Important: Red Hat Security Advisory: samba security update

An update for samba is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

CVE-2026-50556

creationtimestamp| type| source ---|---|--- 2026-06-22 23:25:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3movzuf2ets2s...

CVE-2026-48746

vLLM OpenAI auth bypass (CVE-2026-48746) affects vLLM versions 0.3.0 through 0.21.0. Root cause: ASGI servers and Starlette trust the Host header from the request scope, enabling manipulation of the reconstructed URL path and bypassing the OpenAI API AuthenticationMiddleware for routes beginning ...

DEBIAN-CVE-2026-54283

Starlette is a lightweight ASGI framework/toolkit. From 0.4.1 until 1.3.1, request.form accepts maxfields and maxpartsize to bound resource consumption while parsing form data. These limits are enforced for multipart/form-data, but silently ignored for application/x-www-form-urlencoded. An...

CVE-2026-48512

CVE-2026-48512 affects MessagePack-CSharp’s JSON conversion helpers. Before versions 2.5.301 and 3.1.7, ConvertFromJsonCore and related paths can recurse without enforcing a consistent depth limit, and TinyJsonReader can parse tokens with unbounded recursion. The typeless ext-100 path also recurs...

CVE-2026-48514

MessagePack-CSharp vulnerability CVE-2026-48514 affects Unity UnsafeBlitFormatterBase.Deserialize, where an attacker-controlled byteLength inside an extension payload can cause allocation of a very large T[] before validating header/remaining payload bounds. This unbounded allocation is possible ...

CVE-2026-56321

Capgo (backend Supabase edge functions) before 12.128.2 fails to apply the global authentication middleware to GET /private/role_bindings/:org_id, unlike POST/DELETE for the same resource. Unaunthenticated requests reach the handler instead of middleware rejection, but the handler still performs ...

CVE-2026-48517

CVE-2026-48517 affects MessagePack for C# where typeless deserialization does not recursively inspect array element types or generic type arguments, allowing a type that is blocked directly to slip through when wrapped in an array or a constructed generic type. The default safety check (ThrowIfDe...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (golang-uber-multierr) security update

An update for golang-uber-multierr is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-pyasn1) security update

An update for python-pyasn1 is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2026-54531

CVE-2026-54531 affects the pypdf library. Vulnerability: when merging a file containing outlines/bookmarks into a writer, an attacker can craft a PDF that leads to an infinite loop. Affected product: pypdf (Python library for PDF manipulation); vulnerable condition occurs prior to version 6.13.0....

CVE-2026-55767 vulnerabilities

Vulnerabilities for packages: nextcloud-server...

CVE-2026-6734 vulnerabilities

Vulnerabilities for packages: code-server...

CVE-2026-9679 vulnerabilities

Vulnerabilities for packages: npm, code-server...

CVE-2026-44271

Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...

CVE-2026-48931

A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

CVE-2026-44272

Dell Wyse Management Suite (WMS) is affected by an SQL Injection vulnerability (Improper Neutralization of Special Elements used in SQL commands) in versions prior to WMS 2605. A low-privilege, remotely connected attacker could exploit this to achieve unauthorized access. CVSS 3.1 base metrics in...

Important: Red Hat Security Advisory: .NET 8.0 security update

An update for .NET 8.0 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...