ROOT-APP-PYPI-CVE-2026-23949 CVE-2026-23949 in rootio-jaraco.context - Patched by Root

Root has patched CVE-2026-23949 in the rootio-jaraco.context package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-GHSA-58PV-8J8X-9VJ2 GHSA-58pv-8j8x-9vj2 in rootio-jaraco.context - Patched by Root

Root has patched GHSA-58pv-8j8x-9vj2 in the rootio-jaraco.context package for Root:PyPI. Multiple fixed versions available...

PYSEC-2026-199

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15.django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation concatenating the cookie name and salt argument, which allows a remote attacker to use a cookie in a context different from the one where...

CVE-2026-6873

CVE-2026-6873 affects Django 6.0 before 6.0.6 and 5.2 before 5.2.15. The issue is a non-injective salt derivation in django.http.HttpRequest.get_signed_cookie that concatenates the cookie name and salt argument, enabling a remote attacker to use a signed cookie in a context different from where i...

CVE-2026-6873

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation concatenating the cookie name and salt argument, which allows a remote attacker to use a cookie in a context different from the one wher...

EUVD-2026-34086

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation concatenating the cookie name and salt argument, which allows a remote attacker to use a cookie in a context different from the one wher...

OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option

A flaw was found in OpenSSH. This vulnerability arises from the incorrect handling of the authorizedkeys principals option in uncommon scenarios. Specifically, when a principals list is used with a Certificate Authority that includes comma characters, OpenSSH may misinterpret the input. This coul...

cybersec-mcp

🛡️ Cybersecurity Professor MCP Server Prof. Null — Tu pro...

PT-2026-46019

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the NFS LOCALIO, an optimization for loopback mounts that bypasses the network for READ, WRITE, and COMMIT operations when the client and server are on the same system...

PT-2026-46126

Name of the Vulnerable Software and Affected Versions jupyter enterprise gateway versions prior to 3.3.0 Description Unsafe Jinja2 template rendering allows for Kubernetes manifest injection. The server interpolates untrusted environment variables such as KERNEL XXX into Kubernetes manifests...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the NFC HCI SHDLC timer not stopping before releasing context, potentially allowing reuse...

Linux Distros Unpatched Vulnerability : CVE-2026-46029

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/slab: return NULL early from kmallocnolock in NMI on UP On UP kernels !CONFIGSMP, spintrylock is a no-op that unconditionally succeeds even when the lock is...

Linux Distros Unpatched Vulnerability : CVE-2026-46087

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/damon/stat: fix memory leak on damonstart failure in damonstatstart Destroy the DAMON context and reset the global pointer when damonstart fails. Otherwise,...

Linux Distros Unpatched Vulnerability : CVE-2026-45980

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - accel/amdxdna: Stop job scheduling across aie2releaseresource Running jobs on a hardware context while it is in the process of releasing resources can lead to...

Linux Distros Unpatched Vulnerability : CVE-2025-71308

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - accel/amdxdna: Fix potential NULL pointer dereference in context cleanup aiedestroycontext is invoked during error handling in aie2createcontext. However,...

CVE-2026-32625

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol MCP server integration resolves $VAR placeholders against the server's process.env during Zod schema validation of user-supplied MCP server URLs. Any...

CVE-2026-49143 BrowserStack Runner 0.9.5 Unauthenticated RCE via /_log HTTP Handler

BrowserStack Runner through 0.9.5 contains a remote code execution vulnerability in the /log HTTP handler that allows unauthenticated network-adjacent attackers to execute arbitrary code by submitting crafted JSON request bodies to the handler, which passes user-supplied data to vm.runInNewContex...

CVE-2026-49143

CVE-2026-49143 affects BrowserStack Runner up to version 0.9.5. The vulnerability is in the /_log HTTP handler, permitting unauthenticated, network-adjacent attackers to achieve remote code execution by sending crafted JSON bodies that are passed to vm.runInNewContext() with eval(); attackers can...

CVE-2026-49143

BrowserStack Runner through 0.9.5 contains a remote code execution vulnerability in the /log HTTP handler that allows unauthenticated network-adjacent attackers to execute arbitrary code by submitting crafted JSON request bodies to the handler, which passes user-supplied data to vm.runInNewContex...

ECHO-C032-E81F-5AD9

Bulletin has no description...