SUSE CVE-2026-45915

In the Linux kernel, the following vulnerability has been resolved: fat: avoid parent link count underflow in rmdir Corrupted FAT images can leave a directory inode with an incorrect inlink e.g. 2 even though subdirectories exist. rmdir then unconditionally calls dropnlinkdir and can drive inlink...

SUSE CVE-2026-45930

In the Linux kernel, the following vulnerability has been resolved: net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar @farazsth98 from Zellic, and Pumpkin @u1f383 from DEVCORE Research Team working with Trend Micro Zero Day Initiative report that a RTMGETNEIGH will return...

SUSE CVE-2026-46027

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smcclcwaitmsg A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group. The decline handling in smcclcwaitmsg...

CVE-2026-45104

creationtimestamp| type| source ---|---|--- 2026-05-28 03:02:20+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmuzuhgahs2c...

CVE-2026-4888

creationtimestamp| type| source ---|---|--- 2026-05-28 02:49:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmuz4qomi52p...

CVE-2026-8362

creationtimestamp| type| source ---|---|--- 2026-05-28 00:01:48+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmupr5ugvq2w 2026-05-28 04:18:30+00:00| seen| https://www.acn.gov.it/portale/w/gladinet-disponibili-poc-per-nuove-vulnerabilita-in-triofox...

PT-2026-44189

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the handle oauth redirect function, which is registered on the admin init hook and processes Square OAuth tokens fr...

PT-2026-44412

Name of the Vulnerable Software and Affected Versions GitButler versions prior to 0.19.7 Description A remote code execution issue exists in the Tauri-based desktop application. An attacker can inject a malicious link into a pull request body; if a user clicks this link, it allows for arbitrary...

AnythingLLM 后置链接漏洞

AnythingLLM is an integrated AI application developed by Mintplex. Versions of AnythingLLM prior to 1.13.0 contained a post-link vulnerability. This vulnerability stemmed from the file system replication tool only verifying the top-level source and target paths. The recursive replication assistan...

TP-Link多款产品 安全漏洞

TP-Link Tapo L535E are products of the TP-Link company from China. The TP-Link Tapo L535E is a smart color-adjustable LED bulb. The TP-Link Tapo P300 is a smart Wi-Fi multi-port plug-in device. The TP-Link Tapo D100C is a smart video doorbell with a wireless doorbell buzzer. Several TP-Link...

TP-Link Archer C64 安全漏洞

The TP-Link Archer C64 is a wireless router produced by TP-Link Corporation. The TP-Link Archer C64 V1 version has a security vulnerability. This vulnerability stems from improper execution of the authentication rate limit during the debugging of the SSH service. As a result, attackers in adjacen...

CVE-2026-44720

creationtimestamp| type| source ---|---|--- 2026-05-27 23:48:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmuozqgbbg2q...

CVE-2026-45136

creationtimestamp| type| source ---|---|--- 2026-05-27 23:19:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmunfckcpg2p...

CVE-2026-46538

creationtimestamp| type| source ---|---|--- 2026-05-27 22:52:02+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmulur5st42p...

CVE-2026-45973

A flaw was found in the Linux kernel's RDMA/mlx5 driver. A race condition during firmware reset in Link Aggregation Group LAG mode can cause the driver to hang indefinitely while waiting for Unregister Memory Region UMR completion during device unload. This can lead to a denial of service, making...

CVE-2026-46027

A flaw was found in the Linux kernel's net/smc component. A remote attacker could exploit this by sending a Connection Less Connection CLC decline message during an early handshake stage. This causes the system to attempt to update link-group level synchronization state before it is properly...

CVE-2026-4390

creationtimestamp| type| source ---|---|--- 2026-05-27 20:21:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmudh4gtow2i...

CVE-2026-9712

creationtimestamp| type| source ---|---|--- 2026-05-27 20:15:46+00:00| seen| https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3mmud5hme4r2y 2026-05-28 00:05:03+00:00| seen| https://bsky.app/profile/nixpkgs-prs-bot.bsky.social/post/3mmupxgygio2d...

GHSA-QC95-4862-92FH Symfony has an HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification

Description symfony/html-sanitizer lets applications sanitise untrusted HTML. The configuration methods allowLinkHosts... and allowLinkSchemes... are intended to restrict targets to an allowlist of hosts/schemes; allowMediaHosts / allowMediaSchemes do the same for etc. Three distinct bypasses all...

CVE-2024-24790

creationtimestamp| type| source ---|---|--- 2026-05-27 19:48:15+00:00| seen| https://bsky.app/profile/andresbohren.bsky.social/post/3mmubm7gb3s22...