CVE-2026-35359

A Time-of-Check to Time-of-Use TOCTOU vulnerability in the cp utility of uutils coreutils allows an attacker to bypass no-dereference intent. The utility checks if a source path is a symbolic link using path-based metadata but subsequently opens it without the ONOFOLLOW flag. An attacker with...

Malicious Package

Overview modern-events is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2026-40690

creationtimestamp| type| source ---|---|--- 2026-04-24 15:32:37+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mkatwrvm6d2u...

Lemmy has SSRF in /api/v3/post via Webmention dispatch

Summary Lemmy allows an authenticated low-privileged user to create a link post through POST /api/v3/post. When a post is created in a public community, the backend asynchronously sends a Webmention to the attacker-controlled link target. The submitted URL is checked for syntax and scheme, but th...

CVE-2026-31629

In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: add missing return after LLCPCLOSED checks In nfcllcprecvhdlc and nfcllcprecvdisc, when the socket state is LLCPCLOSED, the code correctly calls releasesock and nfcllcpsockput but fails to return. Execution falls throu...

CVE-2026-31594

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown epfntbepcdestroy duplicates the teardown that the caller is supposed to perform later. This leads to an oops when .allowlink fails or when .droplink is performed. Th...

CVE-2026-31629

In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: add missing return after LLCPCLOSED checks In nfcllcprecvhdlc and nfcllcprecvdisc, when the socket state is LLCPCLOSED, the code correctly calls releasesock and nfcllcpsockput but fails to return. Execution falls throu...

EUVD-2026-25522

In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: add missing return after LLCPCLOSED checks In nfcllcprecvhdlc and nfcllcprecvdisc, when the socket state is LLCPCLOSED, the code correctly calls releasesock and nfcllcpsockput but fails to return. Execution falls throu...

CVE-2026-31629

The CVE-2026-31629 vulnerability affects the Linux kernel NFC LLCP subsystem. Specifically, in nfc_llcp_recv_hdlc() and nfc_llcp_recv_disc(), when the socket state is LLCP_CLOSED, the code correctly releases resources but lacks an early return, causing fall-through to subsequent release calls. Th...

CVE-2026-31541 tracing: Fix trace_marker copy link list updates

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix tracemarker copy link list updates When the "copytracemarker" option is enabled for an instance, anything written into /sys/kernel/tracing/tracemarker is also copied into that instances buffer. When the option is set...

CVE-2026-31541

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix tracemarker copy link list updates When the "copytracemarker" option is enabled for an instance, anything written into /sys/kernel/tracing/tracemarker is also copied into that instances buffer. When the option is set...

CVE-2026-3361

creationtimestamp| type| source ---|---|--- 2026-04-24 14:33:08+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mkaqmfcqb32s...

CVE-2026-40973

creationtimestamp| type| source ---|---|--- 2026-04-24 13:35:33+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mkanfgg2pj2e 2026-04-28 09:27:42+00:00| seen| https://ccb.belgium.be/advisories/warning-multiple-vulnerabilities-spring-boot-patch-immediately...

CVE-2026-41174

creationtimestamp| type| source ---|---|--- 2026-04-24 13:35:19+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mkanez5th22k 2026-04-30 23:26:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkqragm5z42k...

CVE-2026-40536

creationtimestamp| type| source ---|---|--- 2026-04-24 13:35:12+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mkanes5drn2e...

CVE-2026-40534

creationtimestamp| type| source ---|---|--- 2026-04-24 13:35:12+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mkanes5drn2e...

CVE-2026-40540

creationtimestamp| type| source ---|---|--- 2026-04-24 13:35:12+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mkanes5drn2e...

CVE-2026-40416

creationtimestamp| type| source ---|---|--- 2026-04-24 13:30:29+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mkan4fglmn2e 2026-05-12 16:38:43+00:00| seen| https://www.thezdi.com/blog/2026/5/12/the-may-2026-security-update-review 2026-05-13 01:08:48+00:00| seen|...

CVE-2026-42039

creationtimestamp| type| source ---|---|--- 2026-04-24 13:10:47+00:00| published-proof-of-concept| https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9 2026-04-27 20:00:07+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mkiubtgzug2f 2026-05-05 02:10:29+00:0...

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2024-7399link is external Samsung MagicINFO 9 Server Path Traversal Vulnerability CVE-2024-57726link is external SimpleHelp Missing Authorization Vulnerability...