keycloak: org.keycloak.authentication: Keycloak: Unauthorized account takeover via WebAuthn token replay

A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...

CVE-2026-45066

creationtimestamp| type| source ---|---|--- 2026-05-20 10:57:42+00:00| seen| https://bsky.app/profile/symfony.com/post/3mmbqp4m3gj25...

CVE-2026-45071

creationtimestamp| type| source ---|---|--- 2026-05-20 10:57:38+00:00| seen| https://bsky.app/profile/symfony.com/post/3mmbqoyndsy2h...

CVE-2026-45068

creationtimestamp| type| source ---|---|--- 2026-05-20 10:57:29+00:00| seen| https://bsky.app/profile/symfony.com/post/3mmbqoqvzdp2y...

CVE-2026-45063

creationtimestamp| type| source ---|---|--- 2026-05-20 10:57:14+00:00| seen| https://bsky.app/profile/symfony.com/post/3mmbqocmwr72o...

CVE-2026-44933

creationtimestamp| type| source ---|---|--- 2026-05-20 10:43:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmbpv2jchj2p...

CVE-2026-47730

creationtimestamp| type| source ---|---|--- 2026-05-20 10:32:34+00:00| seen| https://bsky.app/profile/symfony.com/post/3mmbpc6qxek26...

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

CVE-2026-7472

creationtimestamp| type| source ---|---|--- 2026-05-20 09:32:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mmblw3hnlg2l...

CVE-2026-47668

creationtimestamp| type| source ---|---|--- 2026-05-20 09:31:29+00:00| published-proof-of-concept| https://github.com/dbgate/dbgate/security/advisories/GHSA-8v3q-9vmx-36vc 2026-05-20 13:24:13+00:00| confirmed|...

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

CVE-2026-9057

creationtimestamp| type| source ---|---|--- 2026-05-20 07:01:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmbdic7ytg2n...

CVE-2026-7522

creationtimestamp| type| source ---|---|--- 2026-05-20 06:44:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmbckxjs6e2n...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Call dcstreamrelease for removing the link enc assignment. Reason A porting error caused the stream assignment for the link to be retained instead of being released—resulting in a memory leak. How The issue was...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ice: Fixed the LAG and VF lock dependencies in iceresetvf. In version 9f74a3dfcf83, the ice driver acquired the LAG mutex in iceresetvf. This lock acquisition was placed just before acquiring the VF configuration lock. If...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: fixed to avoid dirent corruption As Al reported in link 1: f2fsrename ... if olddir != newdir && !whiteout f2fssetlinkoldinode, olddirentry, olddirpage, newdir; else f2fsputpageolddirpage, 0; You need the correct inumber...

Astra Linux - уязвимость в firefox, thunderbird

By using a link with rel="localization", a use-after-free could occur if an object is destroyed during JavaScript execution, and then the object is referenced through a freed pointer, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefo...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Squashfs: sanity check for symbolic link sizes Syzkiller reports a bug named “KMSAN: uninit-value in picklink”. This issue is caused by an uninitialized page, which ultimately results from reading a corrupted symbolic link siz...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: PCI: rcar: The WARN function has been replaced with devwarnratelimited in rcarpciewakeup. It is sufficient to warn the user that there has been a link problem. Either the link has failed and the system requires maintenance, or th...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

A use-after-free flaw was discovered in the nfcllcpfindlocal function in net/nfc/llcpcore.c within NFC in the Linux kernel. This flaw allows a local user with special privileges to cause a kernel information leak issue...