CVE-2025-60467

creationtimestamp| type| source ---|---|--- 2026-06-27 03:32:46+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mpajkjapgq2v 2026-06-28 02:30:49+00:00| seen| https://bsky.app/profile/pmloik.bsky.social/post/3mpcwkncjr422 2026-06-29 23:49:46+00:00| seen|...

SUSE SLES16: bind / bind-doc / bind-modules-generic / bind-modules-ldap / etc (SUSE-SU-2026:22198-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22198-1 advisory. This update for bind fixes the following issues Upgrade to release 9.20.23: - CVE-2026-3039: BIND 9 server memory exhaustion durin...

CVE-2026-40208

An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame...

CVE-2026-40208

CVE-2026-40208 concerns DoH3 servers handling DoH3 GET queries with an invalid DATA frame, potentially delaying processing and causing a denial of service. The available records state the impact as availability loss (LOW) with a CVSS 3.1 base score of 3.7, network-exposed and requiring no privile...

CVE-2026-55568

Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain configurations, traffic expected to be protected by TLS on the hop to the proxy is transmitted in cleartext. Proxy authentication credentials the Proxy-Authorization header, proxy userinfo in the proxy URL, or CURLOPTPROXYUSERPW...

CVE-2026-56784

creationtimestamp| type| source ---|---|--- 2026-06-23 14:05:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moxkzjwhcv2u...

CVE-2026-56425

The Azure Active Directory AAD authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol. The application used the PHP session identifier sessionid as the OAuth state...

EUVD-2026-38228

The Azure Active Directory AAD authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol. The application used the PHP session identifier sessionid as the OAuth state...

MAL-2026-6310 Malicious code in @petitcode/eb-retry (npm)

@petitcode/eb-retry malicious version 1.3.5, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern...

CVE-2026-54665

Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from one of several HTTP request headers that provide an alternative to the standard Host header without validating the values provided. Apache NiFi 1.6.0 introduced a configurable application property to restrict values provided in...

CVE-2026-54665

Apache NiFi (versions 0.0.1–2.9.0) is affected by an input-validation flaw where URL redirection/data references can be influenced by non-standard host headers. NiFi 1.6.0 added a proxy-host header validation mechanism, but validation was not applied to alternative headers (X-ProxyHost, X-Forward...

EUVD-2026-38216

Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from one of several HTTP request headers that provide an alternative to the standard Host header without validating the values provided. Apache NiFi 1.6.0 introduced a configurable application property to restrict values provided in...

CVE-2026-12770

creationtimestamp| type| source ---|---|--- 2026-06-21 03:59:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3morib5g34w2r...

CVE-2023-33190

creationtimestamp| type| source ---|---|--- 2026-06-20 09:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mopknjoa4c25...

SUSE-SU-2026:22198-1 Security update for bind

This update for bind fixes the following issues Upgrade to release 9.20.23: - CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation bsc1265591. - CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. - CVE-2026-3593: Heap use-after-free...

GHSA-WPWQ-4J6V-78M3 guzzlehttp/guzzle: Silent HTTPS-Proxy Downgrade to Cleartext

Impact The built-in cURL handlers GuzzleHttp\Handler\CurlHandler and GuzzleHttp\Handler\CurlMultiHandler, used by default whenever the PHP cURL extension is available accept an https:// proxy — a proxy reached over a TLS-encrypted connection — through the proxy request option, client-level proxy...

Astra Linux – Vulnerability in Firefox

The exception page for the HTTPS-Only feature, which appears when a website is accessed via HTTP, lacked an anti-clickjacking mechanism. This allowed attackers to trick users into granting an exception and loading a webpage via HTTP. This vulnerability has been fixed in Firefox 140 and Thunderbir...

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Security. The supported versions affected include Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3, and 22.2.0. This easily exploitable...

Astra Linux – Vulnerability in Squid

A issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, sensitive information about clients using the proxy may be exposed through an HTTPS request to an internal cache manager URL. This issue has been fixed in version 5.7...

Astra Linux – Vulnerability in Perl

CPAN.pm before version 2.35 does not verify TLS certificates when downloading distributions via HTTPS...