CVE-2026-7742

creationtimestamp| type| source ---|---|--- 2026-05-04 10:43:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkzihtdlcr2v...

DEBIAN-CVE-2026-43863

mutt before 2.3.2 has an infinite loop in dataobjecttostream in crypt-gpgme.c...

CVE-2026-29200

A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call...

Rejetto HTTP File Server - Template injection

This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. id: CVE-2024-23692 info: name: Rejetto HTTP File Server - Template injection author: johnk3r severity: critical description: | This...

ai-24sea (>=0.1.0 <=1.1.1), ai-documentation-writer (>=0.1.0 <=0.1.1) +31 more potentially affected by CVE-2026-7724 via prefect (>=3.0.0rc20 <=3.6.22)

prefect PYPI version =3.0.0rc20, =0.1.0, =0.1.0, =0.16.0, =0.6.1, =6.0.0, =1.0.1, =2.2.8, =2.25.0, =1.1.0, =1.3.0b5, =0.0.2, =0.1.11, =1.1.0, =2.3.0rc19 - mcp-prefect =0.1.0 and more Source cves: CVE-2026-7724 Source advisory: SNYK:PYTHON-PREFECT-16383760...

CVE-2025-10162

creationtimestamp| type| source ---|---|--- 2026-05-04 03:43:16+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-10162.yaml 2026-05-30 23:00:12+00:00| seen| Telegram/3mngSjKUXzIr4rXrtnOexYdn2OqPN6q9dtxM6wmfmtD4 2026-05-31 03:00:04+00:00| see...

Malicious Package

Overview @google-pay-trust/init-google-pay is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

PT-2026-37436

CVE-2026-34882 - Apache XSS CVE ID :CVE-2026-34882 Published : May 4, 2026, 8:16 p.m. | 1 hour, 41 minutes ago Description :Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2026-6074. Reason: This record is a reservation duplicate of CVE-2026-6074. Notes: All CVE users should referenc...

RHCOS 9 : OpenShift Container Platform 4.15.45 (RHSA-2025:1130)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:1130 advisory. - jinja2: Jinja has a sandbox breakout through malicious filenames CVE-2024-56201 - jinja2: Jinja has a sandbox breakout through...

RHCOS 4 / 9 : OpenShift Container Platform 4.16.33 (RHSA-2025:0830)

The remote Red Hat Enterprise Linux CoreOS 4 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:0830 advisory. - podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile...

📄 UltimatePOS 4.8 Cross Site Scripting

The administrative panel in UltimatePOS version 4.8 suffers from a persistent cross site scripting vulnerability. CVE-2025-60503 — Stored Cross-Site Scripting XSS in UltimatePOS UltimateFosters v4.8 Publication date: 2025-10-30 CVE ID: CVE-2025-60503 RESERVED Researcher: Vivien Lebas Vendor:...

PT-2026-37199

Name of the Vulnerable Software and Affected Versions Pillow versions 4.2.0 through 12.1.x Description A flaw in the PdfParser allows an attacker to supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This occurs because...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: kernfs: The constraint in the draining guard has been relaxed. The active reference lifecycle provides a mechanism for breaking and unbreaking references, but the active reference is not truly active after being unbroken—callers ...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Softwarenodegetreferenceargs: A OOB check was corrected. Softwarenodegetreferenceargs attempts to retrieve the @index-th element. The property value requires at least index + 1 sizeofref bytes. However, this condition cannot be...

Astra Linux – Vulnerability in Linux 5.10, Linux

Several Linux PV device frontends are vulnerable to attacks by backends that use grant table interfaces to remove access rights from resources. This can lead to potential data leaks, data corruption by malicious backends, and denial of service attacks. The backends that use these interfaces may n...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: vhost: Take a reference on the task in the struct vhosttask. The vhosttaskcreate function creates a task and maintains a reference to its taskstruct. This task may exit early due to a signal, and its taskstruct will be released. ...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: PCI/DPC: Fixed a use-after-free issue when a DPC event occurs concurrently with hot-removal of the same portion of the hierarchy. Keith reported a use-after-free when a DPC event occurred concurrently with the hot-removal of t...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: cpufreq: Avoid a bad reference count on the CPU node. In the parseperfdomain function, if the call to ofparsephandlewithargs returns an error, then the reference to the CPU device node acquired at the beginning of the function wi...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: s390/uv: Do not call foliowaitwriteback without a folio reference. foliowaitwriteback requires that no spinlocks are held and that a folio reference is held, as documented. After we removed the PTL, the folio object could be free...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: kernfs: A use-after-free issue has been fixed in kernfsremove. Syzkaller managed to trigger concurrent calls to kernfsremovebynamens for the same file, resulting in a KASAN detected use-after-free. This race condition occurs...