CVE-2026-9733

Affected software: Mojolicious::Plugin::Web::Auth::OAuth2 (Perl) up to version 0.17. Root cause: when no state generator is set, the module uses a SHA-1 hash of low-entropy sources (including epoch time leaked via the HTTP Date header) and Perl rand(), producing a predictable OAuth2 state. Impact...

CVE-2026-41523

creationtimestamp| type| source ---|---|--- 2026-06-23 02:37:07+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3moweld2smf2l 2026-06-23 05:13:50+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3mowndjk4ct2x...

Important: Red Hat Security Advisory: skopeo security update

An update for skopeo is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Important: Red Hat Security Advisory: samba security update

An update for samba is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Syste...

Important: Red Hat Security Advisory: samba security update

An update for samba is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

CVE-2026-50556

creationtimestamp| type| source ---|---|--- 2026-06-22 23:25:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3movzuf2ets2s...

CVE-2026-48746

vLLM OpenAI auth bypass (CVE-2026-48746) affects vLLM versions 0.3.0 through 0.21.0. Root cause: ASGI servers and Starlette trust the Host header from the request scope, enabling manipulation of the reconstructed URL path and bypassing the OpenAI API AuthenticationMiddleware for routes beginning ...

DEBIAN-CVE-2026-54283

Starlette is a lightweight ASGI framework/toolkit. From 0.4.1 until 1.3.1, request.form accepts maxfields and maxpartsize to bound resource consumption while parsing form data. These limits are enforced for multipart/form-data, but silently ignored for application/x-www-form-urlencoded. An...

CVE-2026-48512

CVE-2026-48512 affects MessagePack-CSharp’s JSON conversion helpers. Before versions 2.5.301 and 3.1.7, ConvertFromJsonCore and related paths can recurse without enforcing a consistent depth limit, and TinyJsonReader can parse tokens with unbounded recursion. The typeless ext-100 path also recurs...

CVE-2026-48514

MessagePack-CSharp vulnerability CVE-2026-48514 affects Unity UnsafeBlitFormatterBase.Deserialize, where an attacker-controlled byteLength inside an extension payload can cause allocation of a very large T[] before validating header/remaining payload bounds. This unbounded allocation is possible ...

CVE-2026-56321

Capgo (backend Supabase edge functions) before 12.128.2 fails to apply the global authentication middleware to GET /private/role_bindings/:org_id, unlike POST/DELETE for the same resource. Unaunthenticated requests reach the handler instead of middleware rejection, but the handler still performs ...

CVE-2026-48517

CVE-2026-48517 affects MessagePack for C# where typeless deserialization does not recursively inspect array element types or generic type arguments, allowing a type that is blocked directly to slip through when wrapped in an array or a constructed generic type. The default safety check (ThrowIfDe...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (golang-uber-multierr) security update

An update for golang-uber-multierr is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-pyasn1) security update

An update for python-pyasn1 is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: gvisor-tap-vsock security update

An update for gvisor-tap-vsock is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2026-54531

CVE-2026-54531 affects the pypdf library. Vulnerability: when merging a file containing outlines/bookmarks into a writer, an attacker can craft a PDF that leads to an infinite loop. Affected product: pypdf (Python library for PDF manipulation); vulnerable condition occurs prior to version 6.13.0....

CVE-2026-55767 vulnerabilities

Vulnerabilities for packages: nextcloud-server...

CVE-2026-9679 vulnerabilities

Vulnerabilities for packages: npm, code-server...

CVE-2026-6734 vulnerabilities

Vulnerabilities for packages: code-server...

CVE-2026-44271

Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...