WordPress Themify Builder < 7.5.8 - Open Redirect

The Themify Builder WordPress plugin before version 7.5.8 contains an open redirect vulnerability. The plugin does not validate the tbredirectfail parameter before redirecting users to its value, which could allow attackers to redirect users to malicious websites. id: CVE-2024-3032 info: name:...

Gitea 1.22.0 - Cross-Site Scripting

Gitea 1.22.0 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability allows an attacker to inject malicious scripts that get stored on the server and executed in the context of another user's session. id: CVE-2024-6886 info: name: Gitea 1.22.0 - Cross-Site Scripting...

ROOT-OS-DEBIAN-11-CVE-2026-46187 CVE-2026-46187 in rootio-linux - Patched by Root

Root has patched CVE-2026-46187 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

CVE-2026-42914

creationtimestamp| type| source ---|---|--- 2026-06-09 15:44:28+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0181 2026-06-09 16:12:18+00:00| seen| https://www.thezdi.com/blog/2026/6/9/the-june-2026-security-update-review...

aiidalab (>=22.6.0 <=26.5.2), aiidalab-chemshell (>=0.0.1 <=0.1.1) +137 more potentially affected by CVE-2026-47712 via dulwich (>=0.24.1 <=1.0.0)

dulwich PYPI version =0.24.1, =22.6.0, =0.0.1, =0.1.0, =1.3.4, =0.12.0, =0.1.0, =0.2.0, =0.2.0, =0.2.1, =0.2.1, =0.1.0, =0.1.6 - artificial-detection =0.1.0 - attp =0.1.0a0 and more Source cves: CVE-2026-47712 Source advisory: OSV:GHSA-555P-6GRF-MH7F...

ROOT-OS-UBUNTU-2204-CVE-2025-71289 CVE-2025-71289 in rootio-linux - Patched by Root

Root has patched CVE-2025-71289 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

CVE-2026-8784

A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function changefilestatus of the file cramfsck.c. Performing a manipulation results in symlink following. The attack requires a local approach. The exploit is now public and may be used. The patch is named...

CVE-2026-45776 Open XDMoD has Broken Access Control via Client-Controlled Session Variable

OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a flaw in Open XDMoD's access control logic allows an attacker to submit a crafted HTTPS POST request that sets a session variable used for authorization decisions. If an installation of Open XDMoD...

Linux Distros Unpatched Vulnerability : CVE-2026-11192

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via...

@beemstream/keystone-document-gallery (>=2.0.0 <=2.0.6), @k6js/admin-ui (>=0.3.0-20250618-02 <=0.4.7) +19 more potentially affected by CVE-2026-10802 via @keystone-6/core (>=1.1.1 <=6.5.2)

@keystone-6/core NPM version =1.1.1, =2.0.0, =0.3.0-20250618-02, =1.0.17, =1.0.19, =0.0.1, =2.1.0, =2.1.0-beta.0, =0.0.1-alpha.1, =1.0.0, =6.0.21, =1.0.0, =1.0.3, =1.0.12 and more Source cves: CVE-2026-10802 Source advisory: SNYK:JS-KEYSTONE6CORE-17179719...

UBUNTU-CVE-2026-46270

In the Linux kernel, the following vulnerability has been resolved: p...

1zlab-emp-ide (=0.0.3), 1zlab-homepage (>=0.0.2 <=0.0.3) +11108 more potentially affected by CVE-2026-48587 via django (>=6.0.0 <=6.0.5)

django PYPI version =6.0.0, =0.0.2, =2.2.0, =0.1.0, =0.1.0.1, =0.1.1, =0.2.0, =0.0.4a0, =0.0.7, =0.1.10 and more Source cves: CVE-2026-48587 Source advisory: OSV:PYSEC-2026-198...

Linux Distros Unpatched Vulnerability : CVE-2025-71313

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PCI: endpoint: Add missing NULL check for allocworkqueue allocworkqueue can return NULL on memory allocation failure. Without proper error checking, this may le...

CVE-2026-44881

creationtimestamp| type| source ---|---|--- 2026-05-29 00:23:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmxbhnzpaf2w 2026-06-11 19:22:45+00:00| seen| https://bsky.app/profile/securitycyberuk.bsky.social/post/3mnzx6hyanz2x 2026-06-11 19:27:32+00:00| seen|...

Linux Distros Unpatched Vulnerability : CVE-2026-46135

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nvmet-tcp: fix race between ICReq handling and queue teardown nvmettcphandleicreq updates queue-state after sending an Initialization Connection Response ICResp...

17fe-ui23 (>=0.0.0 <=0.0.24), @2kog/pkg-editor (>=0.0.1 <=0.1.3) +553 more potentially affected by CVE-2026-47760 via tinymce (>=6.8.1 <=7.0.1)

tinymce NPM version =6.8.1, =0.0.0, =0.0.1, =12.1.0, =4.1.0, =1.0.0-beta.1, =4.1.2-rc, =1.0.0, =0.1.0, =0.1.0, =0.1.1, =0.1.7 - @arkxos/arkos-example =0.1.0 and more Source cves: CVE-2026-47760 Source advisory: SNYK:JS-TINYMCE-17056157...

5mghost-rover (>=0.0.1 <=0.0.3), ace-framework (>=0.6.0 <=0.7.3) +94 more potentially affected by CVE-2026-48156 via pypdf (>=6.0.0 <=6.11.0)

pypdf PYPI version =6.0.0, =0.0.1, =0.6.0, =0.1.0, =0.0.2, =0.1.0, =0.0.24, =1.45.0, =0.1.2, =0.0.1.dev0, =0.0.1, =0.0.2, =0.0.5 - autopattern =0.2.0 and more Source cves: CVE-2026-48156 Source advisory: SNYK:PYTHON-PYPDF-17054920...

CVE-2026-9091

Casdoor versions 2.362.0 and earlier contain a logic flaw in the social‑login binding flow that allows users to bypass configured MFA requirements. The binding‑rule code path in controllers/auth.go calls HandleLoggedIn directly without invoking checkMfaEnable. Any user authenticating via this pat...

@fedify/cli (>=2.2.0 <=2.2.3-dev.1098) potentially affected by CVE-2026-42462 via @fedify/fedify (>=2.2.0 <=2.2.3-dev.1098)

@fedify/fedify NPM version =2.2.0, =2.2.0, =2.2.3-dev.1098 Source cves: CVE-2026-42462 Source advisory: OSV:GHSA-9RFG-V8G9-9367...

CVE-2026-47073 Unbounded memory consumption in WebSocket client in hackney

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackneyws.erl imposes no upper bound on memory consumption in three code paths. First, readhandshakeresponse/3 accumulates received bytes into a growing buffer with n...