1318 matches found
CVE-2026-61429
creationtimestamp| type| source ---|---|--- 2026-07-11 14:35:37+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqev4ocscu26 2026-07-11 15:01:57+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mqewli45ax2j 2026-07-11 15:34:33+00:00| seen|...
CVE-2026-58378
creationtimestamp| type| source ---|---|--- 2026-07-09 18:53:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqacm3aa3b2x...
CVE-2026-54769
creationtimestamp| type| source ---|---|--- 2026-07-06 21:32:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mpz22qfgd22g 2026-07-06 22:35:25+00:00| published-proof-of-concept| https://github.com/langroid/langroid/security/advisories/GHSA-q9p7-wqxg-mrhc 2026-07-10...
BIT-MASTODON-2026-48028 Mastodon: Removal of integrity-protected JSON entries from signed activities
Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activities from a certain class of spoofing, allowing threat actors...
BIT-MASTODON-2026-46349 Mastodon: LD-Signature Bypass via JSON-LD Named-Graph Restructuring
Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activities from a certain class of spoofing, allowing attackers to...
CVE-2026-48205
creationtimestamp| type| source ---|---|--- 2026-07-05 20:21:56+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mpwfofkvu425 2026-07-06 20:34:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mpywszkc562b 2026-07-09 08:07:07+00:00| seen|...
CVE-2026-35097
creationtimestamp| type| source ---|---|--- 2026-07-01 02:37:38+00:00| seen| https://cert.pl/en/posts/2026/06/CVE-2026-35095...
CVE-2026-54899
creationtimestamp| type| source ---|---|--- 2026-07-01 02:25:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpkhnr7sqg26 2026-07-02 01:13:05+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmu3d3qlr22...
CVE-2025-15660
creationtimestamp| type| source ---|---|--- 2026-06-30 14:45:07+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mpjajjku442c 2026-07-01 02:50:50+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0819...
CVE-2026-13474
Denial of service via malformed HTTP/2 requests in NetScaler ADC and NetScaler Gateway if HTTP/2 is enabled in HTTP Profile and associated with the virtual server of type LB, CS, VPN or the service configured on NetScaler...
CVE-2026-48294
creationtimestamp| type| source ---|---|--- 2026-06-29 17:27:26+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpgz4tnidx2d...
PYSEC-2026-284 Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC
Impact When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation document.proof was not factored into the final verified value true/false on the presentation record. Below is an example result from verifying a JSON-LD...
Malicious code in express-mocha-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01d87351be0d9f68d73ec05867e55fe5712d4885fa76c70c5ec9b003ef512825 [email protected] declares a postinstall lifecycle hook that loads the package's main module, which calls fetch against an anonymous...
ALSA: PCM: Fix wait queue list corruption in snd_pcm_drain() on linked streams
...
CVE-2026-49355
OpenProject is open-source, web-based project management software. Prior to 17.4.0, GET /api/v3/meetings/:meetingid/agendaitems/:agendaitemid discloses private work package data from a linked work package that belongs to a private/inaccessible project. This vulnerability is fixed in 17.4.0...
CVE-2026-55677
creationtimestamp| type| source ---|---|--- 2026-06-26 18:24:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp7kwlsngg2x...
CVE-2026-9222
creationtimestamp| type| source ---|---|--- 2026-06-26 00:00:43+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mp5naf23d32g 2026-06-26 00:00:45+00:00| seen| https://infosec.exchange/users/offseq/statuses/116813466196592988 2026-06-26 02:17:08+00:00| seen|...
PT-2026-52908
Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.4.0 Description An issue exists where the endpoint GET /api/v3/meetings/:meeting id/agenda items/:agenda item id discloses private work package data. This occurs when a linked work package belongs to a project...
UBUNTU-CVE-2026-53242
In the Linux kernel, the following vulnerability has been resolved: ALSA: PCM: Fix wait queue list corruption in sndpcmdrain on linked streams sndpcmdrain uses initwaitqueueentry which does not clear entry.prev/next, and addwaitqueue with a conditional removewaitqueue that is skipped when tocheck...
CVE-2026-53242
CVE-2026-53242 affects the Linux kernel ALSA PCM path (snd_pcm_drain) on linked streams. The bug arises from wait queue handling: init_waitqueue_entry does not clear prev/next and add_wait_queue/remove_wait_queue sequencing can leave an orphaned wait entry on an old sleep queue after UNLINK, caus...