CVE-2026-52915

CVE-2026-52915 relates to Linux kernel netfilter ip6t_hbh handling. The issue arises because struct ip6t_opts has a fixed opts[IP6T_OPTS_OPTSNR] array (IPT_OPTS_OPTSNR = 16) and hbh_mt6_check() did not reject larger optsnr values from userspace, enabling an off-by-one array access. The patch vali...

ROOT-OS-DEBIAN-13-CVE-2025-68339 CVE-2025-68339 in rootio-linux - Patched by Root

Root has patched CVE-2025-68339 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2026-43241 CVE-2026-43241 in rootio-linux - Patched by Root

Root has patched CVE-2026-43241 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2026-31498 CVE-2026-31498 in rootio-linux - Patched by Root

Root has patched CVE-2026-31498 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2024-26661 CVE-2024-26661 in rootio-linux - Patched by Root

Root has patched CVE-2024-26661 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...

JLSEC-2026-622 Predictable WebSocket masking key and handshake nonce in HTTP.jl client

Description The WebSocket client masking key wssendframe! and the Sec-WebSocket-Key handshake nonce wsrandomhandshakekey were generated with randUInt8, n, which draws from the task-local Xoshiro256++ PRNG. Xoshiro is not cryptographically secure: its internal state can be recovered from a short r...

CVE-2026-6734 vulnerabilities

Vulnerabilities for packages: pelias-api, code-server, kibana...

CVE-2026-54235

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, ll temperature validation gates use comparison operators , which silently evaluate to False for NaN and for positive Infinity in Python's IEEE 754 float semantics. Both values pass every guard and propagat...

CVE-2026-54235 vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, ll temperature validation gates use comparison operators , which silently evaluate to False for NaN and for positive Infinity in Python's IEEE 754 float semantics. Both values pass every guard and propagat...

DEBIAN-CVE-2026-54279

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, host-only cookies that are saved with CookieJar.save and then restored later with CookieJar.load lose their host-only status. This vulnerability is fixed in 3.14.1...

CVE-2026-50171

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a Denial of Service DoS vulnerability exists in the @angular/common package of Angular. The formatNumber functio...

CVE-2025-33128

creationtimestamp| type| source ---|---|--- 2026-06-22 16:28:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3movclgmg3t2y...

CVE-2026-50171

The CVE concerns Angular (vulnerable in @angular/common) where formatNumber used by DecimalPipe, PercentPipe, and CurrencyPipe mishandles digitsInfo bounds. Specifically, parsing digitsInfo with large fraction digits (e.g., 1.200000000-200000000) causes an unbounded loop in roundNumber, leading t...

CVE-2026-50171 Angular: Denial of Service (DoS) via OOM in Number Formatting (digitsInfo)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a Denial of Service DoS vulnerability exists in the @angular/common package of Angular. The formatNumber functio...

EUVD-2026-38236

Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on...

ROOT-OS-UBUNTU-2404-CVE-2025-21956 CVE-2025-21956 in rootio-linux - Patched by Root

Root has patched CVE-2025-21956 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

MINI-WG6V-2MRH-HQRC

Bulletin has no description...

CVE-2023-54353

creationtimestamp| type| source ---|---|--- 2026-06-19 15:37:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3monodtrlcm2g...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ublk: It is necessary to sanitize the arguments from userspace when adding a device. The Sanity function checks the values for queue depth and the number of queues that we obtain from userspace when adding a device...

Astra Linux – Vulnerability in Zabbix

Zabbix allows for the configuration of SMS notifications. AT command injection occurs on the “Zabbix Server” because there is no validation of the “Number” field either on the web interface or on the Zabbix server side. An attacker can send specially crafted phone numbers via SMS and execute...