PT-2026-45019

Summary Binary delta apply intermediate-symlink traversal in malicious .delta Autoupdate/SUBinaryDeltaApply.m enforces relativePath.pathComponents containsObject:@".." and rejects writes whose immediate parent directory IS itself a symbolic link, but does not detect symlinks deeper in the relativ...

Vim < 9.2.0383 OS Command Injection in netrw (GHSA-85ch-p2qr-m5gx)

The version of Vim installed on the remote host is prior to 9.2.0383. It is, therefore, affected by a vulnerability as referenced in the GHSA-85ch-p2qr-m5gx advisory. - An OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. The suffix extraction logic in...

SUSE SLES15 Security Update : rsync (SUSE-SU-2026:2083-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2083-1 advisory. This update for rsync fixes the following issues - CVE-2026-29518: Symlink-Race TOCTOU in Daemon bsc1264511. - CVE-2026-41035: coun...

ROS-20260529-73-0021

The vulnerability in opensearch relates to the use of a name with an incorrect link. Exploiting this vulnerability could allow a perpetrator to cause a service failure...

ROS-20260529-73-0002

The vulnerability in opensearch relates to the use of a name with an incorrect link. Exploiting this vulnerability could allow a perpetrator to cause a service failure...

CVE-2026-6891

CVE-2026-6891 affects My Image Garden for macOS (version 3.6.8 or earlier). The installer improperly handles symbolic links, enabling a local user with login privileges to exploit a specially crafted symbolic link during installation to modify permissions on files they normally wouldn’t be author...

CVE-2026-45343

creationtimestamp| type| source ---|---|--- 2026-05-28 23:49:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmx7k4dw572k...

CVE-2026-46827

creationtimestamp| type| source ---|---|--- 2026-05-28 23:41:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmx74m6puz2p 2026-06-04 00:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mngddmeksl25...

CVE-2026-46826

creationtimestamp| type| source ---|---|--- 2026-05-28 23:30:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmx6isfqoe2x 2026-06-03 23:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mngbnvoka32o...

CVE-2026-35277

creationtimestamp| type| source ---|---|--- 2026-05-28 22:34:37+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mmx3ennnnk23 2026-06-04 01:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mngieinue22s...

CVE-2026-49130

creationtimestamp| type| source ---|---|--- 2026-05-28 22:03:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmwzn5yp5f2e...

CVE-2026-46834

creationtimestamp| type| source ---|---|--- 2026-05-28 22:01:00+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmwzijx34t2z 2026-05-29 14:45:07+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mmyrm2jspk2x...

CVE-2026-49129

creationtimestamp| type| source ---|---|--- 2026-05-28 21:58:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmwze7lssy2e...

CVE-2026-46231

A flaw was found in the Linux kernel's batman-adv Better Approach To Mobile Ad-hoc Networking - Advanced Basic Link Arbitration BLA module. When the batadvblaaddclaim function fails to insert a new claim into the hash, it leaks a reference to the backbonegw object. This resource leak can accumula...

CVE-2026-45058

creationtimestamp| type| source ---|---|--- 2026-05-28 20:33:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmwum6exuo2e...

CVE-2026-9646 ScadaBR Unauthenticated Reflected Cross-Site Scripting

A reflected cross-site scripting issue exists in URL handling...

CVE-2026-9646

CVE-2026-9646 describes a reflected cross-site scripting issue in URL handling affecting ScadaBR (Unauthenticated). Root cause: insufficient sanitization/validation of URL input leading to reflected script execution. Impact: low confidentiality and integrity impact; no availability impact reporte...

CVE-2026-39292

creationtimestamp| type| source ---|---|--- 2026-05-28 19:00:10+00:00| seen| Telegram/AjSHmHRDLOBOpzCV-4U21SLO-NmWFsOh3UaLlMKSyTjmcys 2026-05-29 16:58:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmyz3g7nz32x...

CVE-2026-46125

A flaw was found in the Linux kernel's mac80211 Wi-Fi subsystem. When Multi-Link Operation MLO connection preparation fails, the system may not correctly remove the associated station. This can lead to a use-after-free or double-free vulnerability in the debugfs component, potentially causing...

CVE-2026-9985

creationtimestamp| type| source ---|---|--- 2026-05-28 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/microsoft-edge-multiple-vulnerabilities20260529 2026-05-28 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260529 2026-05-29...