CVE-2026-47148 Groups GetGroupMembership count/list-length mismatch in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...

CVE-2026-33612

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning...

CVE-2026-54226

A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.6.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

EUVD-2026-39229

"Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, even after the configured expiration time has passed. This issue affects all Apache Shiro versions from 1.2.4 through 2.x, and 3.0.0-alpha-1, only whe...

Critical: Red Hat Security Advisory: OpenShift Container Platform 4.12.92 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.92 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

CVE-2026-53246

CVE-2026-53246 affects the Linux kernel SCTP implementation. When a listening SCTP server processes a COOKIE_ECHO chunk, a cached peer INIT chunk embedded after the cookie could have its header length inflated beyond the remaining COOKIE_ECHO data. This allowed the parameter walk performed by sct...

EUVD-2026-39300

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: reject oversized Broadcast Announcement prepend Existing advertising instances can already hold the maximum extended advertising payload. When hciadvbcastannoucement prepends the Broadcast Announcement service...

CVE-2026-53143

CVE-2026-53143 affects the Linux kernel DRM/amdkfd path for SDMA queues on GFX11. The v11 MQD manager incorrectly reused the 2048-byte v11_compute_mqd path for SDMA queues, causing a 1536-byte overflow when checkpointing and restoring MQDs (CRIU context). This led to leaking adjacent GTT memory d...

CVE-2026-53132

CVE-2026-53132 concerns the Linux kernel via vsock/virtio, addressing an unbounded skb queue in the virtio transport path. The root cause is that virtio_transport_inc_rx_pkt() and virtio_transport_recv_enqueue() can allow a growing queue when fed with packets of length 0 ending with VIRTIO_VSOCK_...

CVE-2026-12244

creationtimestamp| type| source ---|---|--- 2026-06-25 08:00:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp3xkkigqf2x...

BIT-PYTHON-2026-6019 BaseCookie.js_output() does not neutralize embedded characters

http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value...

CVE-2026-9702

creationtimestamp| type| source ---|---|--- 2026-06-25 07:30:29+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mp3vvpptdm2u 2026-06-25 07:30:30+00:00| seen| https://infosec.exchange/users/offseq/statuses/116809572458310891...

CVE-2026-12245

NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response...

Important: Red Hat Security Advisory: runc security update

An update for runc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CVE-2026-13038

creationtimestamp| type| source ---|---|--- 2026-06-25 05:46:18+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260625 2026-06-25 07:09:07+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116809488538860724 2026-06-25 09:45:07+00:00| seen|...

CVE-2026-13037

creationtimestamp| type| source ---|---|--- 2026-06-25 05:46:16+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260625 2026-06-25 12:00:14+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mp4ey2p4eu2c...

CVE-2026-13035

creationtimestamp| type| source ---|---|--- 2026-06-25 05:46:11+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260625 2026-06-25 08:04:13+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116809705187882392 2026-06-25 12:00:13+00:00| seen|...

CVE-2026-13034

creationtimestamp| type| source ---|---|--- 2026-06-25 05:46:08+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260625 2026-06-25 12:00:13+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mp4ey2p4eu2c...

CVE-2026-13033

creationtimestamp| type| source ---|---|--- 2026-06-25 05:46:06+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260625 2026-06-25 12:00:13+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mp4ey2p4eu2c...