CVE-2026-54413

creationtimestamp| type| source ---|---|--- 2026-06-14 19:57:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mobkka4mwn22 2026-06-14 20:00:31+00:00| seen| https://infosec.exchange/users/offseq/statuses/116750236419774889 2026-06-14 20:00:33+00:00| seen|...

[SECURITY] Fedora 43 Update: chromium-149.0.7827.102-1.fc43

Chromium is an open-source web browser, powered by WebKit Blink...

[SECURITY] Fedora 43 Update: apptainer-1.5.1-1.fc43

Apptainer provides functionality to make portable containers that can be used across host environments...

[SECURITY] Fedora 43 Update: composer-2.10.1-1.fc43

Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...

CVE-2026-54420

creationtimestamp| type| source ---|---|--- 2026-06-14 05:00:20+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mo7yf3f7kw26 2026-06-14 07:18:49+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3moaa4qot2j2m 2026-06-14 09:02:38+00:00| seen|...

SUSE SLED15 / SLES15 Security Update : python311 (SUSE-SU-2026:2298-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2298-1 advisory. - CVE-2026-3446: Base64 decoding stops at first padded quad by default bsc1261970. Tenable has extracted the preceding...

Fedora 43 : python-django5 (2026-f140cb16b6)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f140cb16b6 advisory. Fixes five low-severity CVEs - CVE-2026-6873: Signed cookie salt namespace collision - CVE-2026-7666: Potential unencrypted email transmission via...

CVE-2026-5513

creationtimestamp| type| source ---|---|--- 2026-06-13 18:01:43+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mo6tilwrx22o 2026-06-14 06:01:57+00:00| seen| https://infosec.exchange/users/offseq/statuses/116746932965862347 2026-06-14 06:02:36+00:00| seen|...

Exploit for CVE-2026-11450

GL.iNet Beryl AX Triple RCE PoC PoC for three unauthenticated...

CVE-2026-9109

creationtimestamp| type| source ---|---|--- 2026-06-13 09:00:25+00:00| seen| https://infosec.exchange/users/offseq/statuses/116741978443656575 2026-06-13 09:01:21+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mo5vdj745l2x 2026-06-13 09:44:36+00:00| seen|...

CVE-2026-11769 Operator - Namespaced User Path Traversal

We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templatin...

CVE-2026-48748

A flaw was found in Netty. A remote attacker can exploit a memory exhaustion vulnerability in the Netty HTTP/3 codec by creating an infinite number of blocked streams. This can lead to an Out Of Memory OOM error, resulting in a Denial of Service DoS for the affected system. Mitigation Mitigation...

[SECURITY] Fedora 44 Update: vmod-uuid-1.10-31.fc44

UUID Varnish vmod used to generate a uuid, including versions 1, 3, 4 and 5 as specified in RFC 4122. See the RFC for details about the various versions...

Photon OS 4.0: Python3 PHSA-2026-4.0-1032

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1032. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2025-7018 Avira antivirus engine null pointer dereference when scanning a malformed PE file

Null pointer dereference vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.64...

CVE-2026-47260

Koel is a free, open-source music streaming solution. Prior to version 9.3.5, Koel validates the podcast feed URL via the SafeUrl rule DNS resolution + public IP check, but the individual episode values extracted from the RSS XML are stored directly into the database without any SSRF validation...

GHSA-P5J5-4J3Q-8MQ8 TYPO3 HTML Sanitizer allows Cross-site Scripting

Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2. Credits to Doyensec in collaboration with Claude and Anthropic Research for reporting this vulnerability...

GHSA-JH32-V29G-68PQ TYPO3 CMS has Privilege Escalation & SQL Injection in its Form Framework

Problem Backend users with write access to the formdefinition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the Form Framework's persistence validation and permission checks. This allowed injecting arbitrary form configurations,...

GHSA-45QJ-4XQ3-3C45

creationtimestamp| type| source ---|---|--- 2026-06-12 18:22:18+00:00| seen| https://gist.github.com/sandh0t/45fdee24a7907e0cd836aed26f2d5a7a...

EUVD-2026-36522

Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access...