PYSEC-2026-191

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. This vulnerability is fixed in 1.152.1...

CVE-2026-45348

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates a stored link URL into a template literal inside single-quoted HTML and then writes the result to...

CVE-2026-45017

creationtimestamp| type| source ---|---|--- 2026-05-28 17:12:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmwje74zcu2q...

CVE-2026-44672

creationtimestamp| type| source ---|---|--- 2026-05-28 17:06:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmwj2ndvgr2c...

CVE-2026-42999

creationtimestamp| type| source ---|---|--- 2026-05-28 16:08:57+00:00| seen| https://bsky.app/profile/jssfr.zombofant.net.ap.brid.gy/post/3mmwfswfjiez2 2026-05-28 16:09:26+00:00| seen| https://bsky.app/profile/jssfr.zombofant.net.ap.brid.gy/post/3mmwftqupgjt2 2026-05-28 21:13:02+00:00| seen|...

CVE-2026-8980

creationtimestamp| type| source ---|---|--- 2026-05-28 15:53:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmwext56qh2n...

grafana security update

An update is available for grafana. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Grafana is an open source, feature rich metrics dashboard and graph editor fo...

RLSA-2026:19352 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: Grafana: Information disclosure of data-source passwords via public dashboards CVE-2026-27877 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of...

CVE-2025-5199

creationtimestamp| type| source ---|---|--- 2026-05-28 15:00:22+00:00| seen| https://bsky.app/profile/euvd-bot.bsky.social/post/3mmwbygig6j2g...

CVE-2026-49237

creationtimestamp| type| source ---|---|--- 2026-05-28 15:00:07+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmwbxwuwqy2n...

CVE-2026-9813

creationtimestamp| type| source ---|---|--- 2026-05-28 14:48:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmwbdjaxaw2k 2026-06-22 00:37:24+00:00| seen| https://bsky.app/profile/securitycyberuk.bsky.social/post/3motng6arir2j...

Malicious code in @neon-i18n/core-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis dbdc5bd090d8e85771f77fa3a7a113e08fbfb31de54ae399ed92565bdac246df The OpenSSF Package Analysis project identified '@neon-i18n/core-ui' @ 99.99.99 npm as malicious. It is considered malicious because: - The...

CVE-2026-46241

creationtimestamp| type| source ---|---|--- 2026-05-28 14:16:07+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116652622887186501...

MAL-2026-4839 Malicious code in hellowornd (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e9b9637d126bc60120f015b0af88898fae5cf613a015fd572ab74d2554e6d7f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2026-46240

creationtimestamp| type| source ---|---|--- 2026-05-28 14:03:06+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116652571732542987...

Malicious code in justsaying-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e1728e1b0cb2ea174743b9e437b707c768bb8979ba6299fedabfd49ea8a7d8e2 The OpenSSF Package Analysis project identified 'justsaying-docs' @ 2.4.4 npm as malicious. It is considered malicious because: - The package...

CVE-2026-6455

creationtimestamp| type| source ---|---|--- 2026-05-28 12:29:02+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mmvzjt2esl2w...

CVE-2026-44604

creationtimestamp| type| source ---|---|--- 2026-05-28 12:27:51+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mmvzhoyjfl2w...

CVE-2026-47074

creationtimestamp| type| source ---|---|--- 2026-05-28 12:19:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmvyyac4xx2q 2026-06-26 22:35:07+00:00| published-proof-of-concept| https://github.com/benoitc/hackney/security/advisories/GHSA-jq4m-q6p2-8gwc 2026-06-26 22:35:42+00:00|...

CVE-2026-9227

creationtimestamp| type| source ---|---|--- 2026-05-28 12:03:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmvy3kradz2n 2026-05-28 16:01:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmwffy2zzt2w...