EUVD-2026-31104

Improper link resolution before file access 'link following' in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally...

CVE-2026-42834

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network...

EUVD-2026-31101

Improper link resolution before file access 'link following' in Microsoft Defender allows an authorized attacker to elevate privileges locally...

CVE-2026-41091

Improper link resolution before file access 'link following' in Microsoft Defender allows an authorized attacker to elevate privileges locally...

CVE-2026-41091

CVE-2026-41091 affects Microsoft Defender. It describes an improper link resolution before file access ("link following") vulnerability that lets an authorized local attacker elevate privileges. Based on the provided metadata, the exploit vector is LOCAL with LOW privileges required, no user inte...

keycloak: org.keycloak.authentication: Keycloak: Unauthorized account takeover via WebAuthn token replay

A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...

CVE-2026-45066

creationtimestamp| type| source ---|---|--- 2026-05-20 10:57:42+00:00| seen| https://bsky.app/profile/symfony.com/post/3mmbqp4m3gj25...

CVE-2026-45071

creationtimestamp| type| source ---|---|--- 2026-05-20 10:57:38+00:00| seen| https://bsky.app/profile/symfony.com/post/3mmbqoyndsy2h...

CVE-2026-45068

creationtimestamp| type| source ---|---|--- 2026-05-20 10:57:29+00:00| seen| https://bsky.app/profile/symfony.com/post/3mmbqoqvzdp2y...

CVE-2026-45063

creationtimestamp| type| source ---|---|--- 2026-05-20 10:57:14+00:00| seen| https://bsky.app/profile/symfony.com/post/3mmbqocmwr72o...

CVE-2026-44933

creationtimestamp| type| source ---|---|--- 2026-05-20 10:43:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmbpv2jchj2p...

CVE-2026-47730

creationtimestamp| type| source ---|---|--- 2026-05-20 10:32:34+00:00| seen| https://bsky.app/profile/symfony.com/post/3mmbpc6qxek26...

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

CVE-2026-7472

creationtimestamp| type| source ---|---|--- 2026-05-20 09:32:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mmblw3hnlg2l...

CVE-2026-47668

creationtimestamp| type| source ---|---|--- 2026-05-20 09:31:29+00:00| published-proof-of-concept| https://github.com/dbgate/dbgate/security/advisories/GHSA-8v3q-9vmx-36vc 2026-05-20 13:24:13+00:00| confirmed|...

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

CVE-2026-9057

creationtimestamp| type| source ---|---|--- 2026-05-20 07:01:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmbdic7ytg2n...

CVE-2026-7522

creationtimestamp| type| source ---|---|--- 2026-05-20 06:44:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmbckxjs6e2n...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fixed a NULL pointer dereference in amdgpudmi2cxfer. When ddcserviceconstruct is called, it explicitly checks both the link type and whether there is something on the link that will determine whether the pin is...

Astra Linux - уязвимость в firefox, thunderbird

By using a link with rel="localization", a use-after-free could occur if an object is destroyed during JavaScript execution, and then the object is referenced through a freed pointer, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefo...