Android Security Bulletin—June 2026Stay organized with collectionsSave and categorize content based on your preferences.

The Wear OS Security Bulletin contains details of security vulnerabilities affecting the Wear OS platform. The full Wear OS update comprises the security patch level of 2026-06-05 or later from the June 2026 Android Security Bulletin in addition to all issues in this bulletin. We encourage all...

CVE-2025-22741

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RiceTheme Felan Framework allows Reflected XSS. This issue affects Felan Framework: from n/a through 1.1.3...

tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments

A flaw was found in Tornado. A remote attacker could exploit this vulnerability by injecting specially crafted characters into the domain, path, and samesite arguments when setting cookies. This could lead to cookie attribute injection, potentially allowing for information disclosure or...

CVE-2026-9520 blitz-js blitz Sign-in LoginForm.tsx cross site scripting

A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...

Joomla! 跨站脚本漏洞

Joomla! is an open-source, free-content management system developed by Joomla! Foundation. The Joomla! Framework has a cross-site scripting vulnerability, which stems from the lack of input filtering. This leads to the presence of cross-site scripting vectors in the HTML filtering code...

Astra Linux - уязвимость в ffmpeg

There is a heap-based Buffer Overflow vulnerability in FFmpeg 4.2, located in the file libavfilter/vfvmafmotion.c, within the convolutiony8bit module. This vulnerability could allow a remote malicious user to cause a Denial of Service attack...

Exploit for Incorrect Authorization in Vercel Next.Js

Himalaya Tech Admin Panel — CVE-2025-29927 Demo WARNING:...

Yii 输入验证错误漏洞

Yii is a high-performance PHP framework developed by the YII team. It is designed for developing large-scale web applications using components. Yii 2 versions 2.0.54 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from a logical flaw in the cor...

GHSA-6V92-PH9P-HRPC AMF Vulnerable to Improper Resource Shutdown or Release

A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference. The attack can be executed remotely. The exploit has been disclosed publicl...

CVE-2026-42874

Microdot is a minimalistic Python web framework. Prior to 2.6.1, the Response.setcookie method does not sanitize its string arguments, and in particular will not detect the presence of the \r\n sequence in them. This can be a potential source of header injection attacks. For a header injection...

CVE-2026-32177

CVE-2026-32177 is a heap-based buffer overflow in the .NET Framework that enables local privilege escalation. The issue is described across multiple sources as affecting the .NET Framework components in versions 3.5 and 4.8.1, with impact described as unauthorized elevation of privileges locally ...

dotnet: .NET: Security Bypass and Denial of Service Vulnerability

A flaw was found in .NET. A remote attacker could exploit a vulnerability related to unsafe transforms in EncryptedXml. This could lead to a Denial of Service DoS, making the service unavailable, and a bypass of security features...

Astra Linux - уязвимость в ffmpeg

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodecalloccontext3 at options.c...

.net: .NET: Denial of Service via out-of-bounds read

A flaw was found in .NET. An unauthorized attacker can exploit an out-of-bounds read vulnerability over a network, leading to a Denial of Service DoS. This can prevent legitimate users from accessing the affected service...

dotnet: .NET: Denial of Service via stack overflow

A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service DoS. This could make the affected system unavailable to legitimate users...

dotnet: .NET: Security Bypass and Denial of Service Vulnerability

A flaw was found in .NET. A remote attacker could exploit a vulnerability related to unsafe transforms in EncryptedXml. This could lead to a Denial of Service DoS, making the service unavailable, and a bypass of security features...

CVE-2026-23666

CVE-2026-23666 is described in connected sources as a race condition Denial of Service flaw in the .NET Framework caused by concurrent access to a shared resource. Public writeups (Qualys blog and NCSC) confirm a DoS impact over the network, without detailing specific affected versions. The initi...

CVE-2026-33116

Loop with unreachable exit condition 'infinite loop' in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network...

.NET Framework Denial of Service Vulnerability

Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network...

NVIDIA NeMo Framework contains a vulnerability leading to Remote Code Execution

NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering...