CVE-2026-42462

creationtimestamp| type| source ---|---|--- 2026-05-20 17:38:59+00:00| seen| https://bsky.app/profile/fedify.hollo.social.ap.brid.gy/post/3mmcgyic3lig2 2026-05-20 18:10:13+00:00| seen| https://bsky.app/profile/hollo.hollo.social.ap.brid.gy/post/3mmcinnvfjdd2 2026-05-21 02:33:02+00:00| seen|...

Missing Authentication for Critical Function

Overview symfony/twilio-notifier is a Symfony Twilio Notifier Bridge Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the doParse webhook request parser in the notifier bridge. An attacker can submit forged webhook status events because the pars...

Algernon: Auto-refresh SSE event server sets Access-Control-Allow-Origin: *

Summary The SSE event server's Access-Control-Allow-Origin response header was hardcoded to the wildcard regardless of the caller's Origin. Because EventSource does not preflight and does not send cookies, the wildcard is sufficient to let any third-party page the developer visits open a...

Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS

Summary The SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort"", ":5553" resolves to ":5553" — a Go http.Server.Addr of ":5553" listens on every interface. On...

CVE-2026-45070

creationtimestamp| type| source ---|---|--- 2026-05-20 13:37:36+00:00| seen| https://bsky.app/profile/symfony.com/post/3mmbzn2gy7z2m 2026-05-20 14:15:12+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mmc3qc4eg22q...

CVE-2026-8469 Unauthenticated denial-of-service via BEAM atom table exhaustion in phoenix_storybook

Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenixstorybook allows unauthenticated denial-of-service via BEAM atom table exhaustion. Multiple LiveView event handlers convert user-supplied event parameter strings to atoms using String.toatom/1 without...

CVE-2026-47783

creationtimestamp| type| source ---|---|--- 2026-05-20 11:52:24+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mmbtqvnqvt2k 2026-05-21 23:37:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mmfllxhfro2s...

CVE-2026-47212

creationtimestamp| type| source ---|---|--- 2026-05-20 11:02:20+00:00| seen| https://bsky.app/profile/symfony.com/post/3mmbqxgdjg72y 2026-05-20 14:15:14+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mmc3qc4eg22q...

CVE-2026-42534

creationtimestamp| type| source ---|---|--- 2026-05-20 10:36:25+00:00| seen| https://social.nlnetlabs.nl/users/nlnetlabs/statuses/116606458492280712 2026-05-20 10:41:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmbps2tve32k...

CVE-2026-24425

creationtimestamp| type| source ---|---|--- 2026-05-20 10:30:25+00:00| seen| https://bsky.app/profile/symfony.com/post/3mmbp6dmkls26 2026-05-20 15:48:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmcawp4kev2t 2026-06-02 02:37:07+00:00| seen|...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: perf: Avoid undefined behavior from stopping/starting inactive events Calling pmu-start/stop on perf events in PERFEVENTSTATEOFF can leave event-hw.idx at -1. When PMU drivers later attempt to use this negative index as a shift...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Tracing: Ensure that traceeventfile has a ref counter. The following actions can cause the kernel to crash: bash cd /sys/kernel/tracing echo 'p:sched schedule' kprobeevents exec 5events/kprobes/sched/enable kprobeevents exec 5&-...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: clockevents: Added missing resets to the nexteventforced flag. The mechanism used to prevent timer interrupts from being missed failed to reset the nexteventforced flag in several locations: - When the state of the clock event...

Astra Linux - уязвимость в thunderbird

matrix-js-sdk is a client-server SDK for the Matrix messaging protocol, designed for JavaScript. In versions prior to 19.4.0, events sent with special strings in key locations could temporarily disrupt or hinder the proper functioning of matrix-js-sdk, potentially affecting the consumer’s ability...

Astra Linux - уязвимость в linux-5.15

A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perfgroupdetach function did not check the attachstate of the event’s siblings before calling addeventtogroups, and the removeonexec function made it possible t...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

A heap out-of-bounds write vulnerability in the Linux Kernel Performance Events perf component of the Linux kernel can be exploited to achieve local privilege escalation. If the perfreadgroup function is called when the siblinglist of an event is smaller than that of its child, it may increment o...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ignore -EBUSY when checking nested events from vcpublock Ignore -EBUSY when checking nested events after exiting a blocking state while L2 is active. Exiting to userspace will generate a spurious userspace exit, usually...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: drm/amdkfd: Fixed an illegal memory access In the kfdwaitonevents function, the kfdeventwaiter structure is allocated by alloceventwaiters. However, the event field of the waiter structure is not initialized. When the...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

A heap-out-of-bounds write vulnerability in the Linux kernel’s Performance Events system component can be exploited to achieve local privilege escalation. The readsize of a perfevent can overflow, resulting in an out-of-bounds increment or write in perfreadgroup. We recommend upgrading to a versi...

CVE-2026-43619

creationtimestamp| type| source ---|---|--- 2026-05-20 03:03:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmaw6p2mn32p 2026-05-20 04:18:43+00:00| seen| https://vulnerability.circl.lu/bundle/98dfc241-f74a-4ad3-9b5d-a312ab6e6c87 2026-05-20 09:58:24+00:00| seen|...