OESA-2026-2549 rsync security update

Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files a...

CVE-2026-38579

Multiple reflected Cross-Site Scripting XSS vulnerabilities in damasac thaipalliativelte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter line 24, the id parameter lines 25, 75, and the ptidkey parameter lines 26, 42 in...

CVE-2026-10879 DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders

DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require fou...

CVE-2026-48020

creationtimestamp| type| source ---|---|--- 2026-06-05 13:08:01+00:00| seen| https://bsky.app/profile/dbt3.ch/post/3mnk7guqlhu2h 2026-06-05 13:35:31+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mnkay2lpgr2j 2026-06-05 15:00:01+00:00| seen|...

CVE-2026-34956 affecting package openvswitch for versions less than 3.3.0-3

CVE-2026-34956 affecting package openvswitch for versions less than 3.3.0-3. A patched version of the package is available...

MINI-XW47-FF69-2R63

Bulletin has no description...

MINI-FG3P-3VFX-5VRH

Bulletin has no description...

CVE-2026-21033

Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...

CVE-2026-21033

The CVE-2026-21033 entry concerns Samsung Assistant, specifically the ExpressHomeWidgetReceiver component. The flaw is described as an improper export of Android application components that, in versions prior to 9.3.14, can allow a local attacker to execute arbitrary scripts. The available docume...

CVE-2026-21033

Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...

CVE-2026-21032

Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...

ROOT-OS-ALPINE-323-CVE-2026-49975 CVE-2026-49975 in rootio-apache2 - Patched by Root

Root has patched CVE-2026-49975 in the rootio-apache2 package for Root:Alpine:3.23. Multiple fixed versions available...

CVE-2026-43965

creationtimestamp| type| source ---|---|--- 2026-06-05 09:52:49+00:00| seen| https://bsky.app/profile/janvhs.com/post/3mnjujssgpk2p 2026-06-05 10:19:37+00:00| seen| https://bsky.app/profile/janvhs.com/post/3mnjvzqchfk2a 2026-06-05 10:19:37+00:00| seen|...

Exploit for Server-Side Request Forgery in Apeworx Web3.Py

CVE-2026-40072 SSRF Lab Hands-on local lab to demonstrate CVE...

CVE-2026-6274

CVE-2026-6274 concerns an authentication weakness in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200, where improper/missing authentication for a critical function allows accessing functionality not properly constrained by ACLs. Affected firmware ranges are 7.1.3 through before 7.1.8. ...

BIT-MLFLOW-2026-10803 MLflow Dataset Digest Computation digest_utils.py mlflow.data.digest_utils weak hash

A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digestutils of the file mlflow/data/digestutils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local host. The attack is...

CVE-2026-7763

creationtimestamp| type| source ---|---|--- 2026-06-05 05:11:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnjes4nney2t 2026-06-05 06:00:26+00:00| seen| https://infosec.exchange/users/offseq/statuses/116695972228723736 2026-06-05 06:00:27+00:00| seen|...

MINI-3MWR-4X5C-7Q5W

Bulletin has no description...

[SECURITY] Fedora 43 Update: nextcloud-33.0.4-1.fc43

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

[SECURITY] Fedora 43 Update: rust-sequoia-sop-0.37.3-4.fc43

An implementation of the Stateless OpenPGP Interface using Sequoia...