Important: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

CVE-2026-8885

creationtimestamp| type| source ---|---|--- 2026-06-03 05:15:50+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mnee4piqoh2c...

CVE-2026-21870

creationtimestamp| type| source ---|---|--- 2026-06-03 05:13:24+00:00| seen| https://bsky.app/profile/theresidentmachine.bsky.social/post/3mnedydo7z62r...

CVE-2026-7421

creationtimestamp| type| source ---|---|--- 2026-06-03 03:10:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mne54cz3e32e 2026-06-03 23:15:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mngagm4t4t2t...

CVE-2026-9334

creationtimestamp| type| source ---|---|--- 2026-06-03 02:57:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mne4fdfgs223...

CVE-2026-41412

creationtimestamp| type| source ---|---|--- 2026-06-03 02:50:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mne3yun5nu2g...

CVE-2026-9516

creationtimestamp| type| source ---|---|--- 2026-06-03 02:49:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mne3vbsygx2y 2026-06-03 07:15:19+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mnekscgcm32i 2026-06-04 05:02:42+00:00| seen|...

CVE-2026-42507

creationtimestamp| type| source ---|---|--- 2026-06-03 02:41:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mne3iwbcgy25 2026-06-03 12:01:22+00:00| seen| https://bsky.app/profile/lambdawatchdog.bsky.social/post/3mnf2rtqtu32f 2026-06-08 13:20:20+00:00| seen|...

EUVD-2026-34037

A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The affected element is the function requests.get of the file src/blendermcp/server.py of the component ZIP File Handler. The manipulation of the argument zipfileurl results in server-side request...

EUVD-2026-34036

A vulnerability has been found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. Impacted is the function Open of the file src/blendermcp/server.py. The manipulation of the argument inputimageurl leads to injection. Remote exploitation of the attack is possible. The exploit...

Desktop Commander MCP 安全漏洞

Desktop Commander MCP is an MCP server developed by Eduard Ruzga. Version 0.2.37 of Desktop Commander MCP contains a security vulnerability. This vulnerability stems from the handling of the url parameter in the readFileFromUrl function found in the src/tools/filesystem.ts file. This vulnerabilit...

PT-2026-46054

Name of the Vulnerable Software and Affected Versions Securly Chrome Extension version 3.0.7 Description The software uses deprecated SHA-1 hashing for IWF CSAM URL matching and CIPA blocklist matching. SHA-1 is a cryptographic hash function that is no longer considered secure against well-funded...

RockyLinux 10 : podman (RLSA-2026:19017)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19017 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denia...

WordPress plugin Passeum Ticketing 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

RockyLinux 10 : skopeo (RLSA-2026:19031)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19031 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Tenable has extracted the preceding description block directly from the RockyLinux...

RockyLinux 10 : yggdrasil (RLSA-2026:19126)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19126 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 ke...

CVE-2026-7421 Passeum Ticketing <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'shop_name' Setting

The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to the getshopurl method returning the shopname setting value without sanitization when it begins with "http", combined with insufficient validation in th...

CVE-2026-32625

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol MCP server integration resolves $VAR placeholders against the server's process.env during Zod schema validation of user-supplied MCP server URLs. Any...

CVE-2026-10662

A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The affected element is the function requests.get of the file src/blendermcp/server.py of the component ZIP File Handler. The manipulation of the argument zipfileurl results in server-side request...

CVE-2026-10690

A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component readfile. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote...