CVE-2026-41091

Improper link resolution before file access 'link following' in Microsoft Defender allows an authorized attacker to elevate privileges locally...

CVE-2026-41091

CVE-2026-41091 affects Microsoft Defender. It describes an improper link resolution before file access ("link following") vulnerability that lets an authorized local attacker elevate privileges. Based on the provided metadata, the exploit vector is LOCAL with LOW privileges required, no user inte...

keycloak: org.keycloak.authentication: Keycloak: Unauthorized account takeover via WebAuthn token replay

A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...

CVE-2026-8469

creationtimestamp| type| source ---|---|--- 2026-05-20 11:02:18+00:00| published-proof-of-concept| https://github.com/phenixdigital/phoenixstorybook/security/advisories/GHSA-833p-95jq-929q 2026-05-20 15:18:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmc7caqjxm2i 2026-06-09...

CVE-2026-8467

creationtimestamp| type| source ---|---|--- 2026-05-20 11:02:01+00:00| published-proof-of-concept| https://github.com/phenixdigital/phoenixstorybook/security/advisories/GHSA-55hg-8qxv-qj4p 2026-05-20 15:38:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmcaes4zid2e 2026-06-09...

CVE-2026-45066

creationtimestamp| type| source ---|---|--- 2026-05-20 10:57:42+00:00| seen| https://bsky.app/profile/symfony.com/post/3mmbqp4m3gj25...

CVE-2026-45071

creationtimestamp| type| source ---|---|--- 2026-05-20 10:57:38+00:00| seen| https://bsky.app/profile/symfony.com/post/3mmbqoyndsy2h...

CVE-2026-45068

creationtimestamp| type| source ---|---|--- 2026-05-20 10:57:29+00:00| seen| https://bsky.app/profile/symfony.com/post/3mmbqoqvzdp2y...

CVE-2026-45063

creationtimestamp| type| source ---|---|--- 2026-05-20 10:57:14+00:00| seen| https://bsky.app/profile/symfony.com/post/3mmbqocmwr72o...

CVE-2026-44933

creationtimestamp| type| source ---|---|--- 2026-05-20 10:43:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmbpv2jchj2p...

CVE-2026-47730

creationtimestamp| type| source ---|---|--- 2026-05-20 10:32:34+00:00| seen| https://bsky.app/profile/symfony.com/post/3mmbpc6qxek26...

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

CVE-2026-7472

creationtimestamp| type| source ---|---|--- 2026-05-20 09:32:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mmblw3hnlg2l...

CVE-2026-47668

creationtimestamp| type| source ---|---|--- 2026-05-20 09:31:29+00:00| published-proof-of-concept| https://github.com/dbgate/dbgate/security/advisories/GHSA-8v3q-9vmx-36vc 2026-05-20 13:24:13+00:00| confirmed|...

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

CVE-2026-9057

creationtimestamp| type| source ---|---|--- 2026-05-20 07:01:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmbdic7ytg2n...

CVE-2026-7522

creationtimestamp| type| source ---|---|--- 2026-05-20 06:44:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmbckxjs6e2n...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: mac802154: fixed the issue where key resources were released in mac802154llseckeydel. The mac802154llseckeydel function can free resources associated with a key directly, without following the RCU rules for waiting before the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Octeontx2-af: Added proper checks for fwdata. Firmware populates the MAC address, link modes supported, advertised, and EEPROM data in the shared firmware structure. Kernel access is via the MAC block CGX/RPM. Accessing fwdata...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Added a signal type check for dcn401 getphyd32clksrc Attempting to access link enc on a dpia link will cause a crash...