CVE ID :CVE-2026-7656 Published : June 29, 2026, 10:09 p.m. | 3 hours, 3 minutes ago Description :The IPv6 Neighbor Discovery handlers in subsys/net/ip/ipv6_nbr.c (handle_ra_input, handle_ns_input, handle_na_input) used an incorrect boolean expression that combined…
CVE-2026-34594 – Coolify: Authenticated Remote Code Execution via Command Injection in Destination Network Management
CVE ID :CVE-2026-34594 Published : June 29, 2026, 8:21 p.m. | 4 hours, 50 minutes ago Description :Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, an…
CVE-2026-34597 – Coolify: Authenticated Host RCE
CVE ID :CVE-2026-34597 Published : June 29, 2026, 8:18 p.m. | 4 hours, 53 minutes ago Description :Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.470, a…
CVE-2026-57498 – Coolify Cross-Team IDOR: Livewire Components Accept Unscoped server_id and destination_uuid — Deploy to Other Teams’ Servers
CVE ID :CVE-2026-57498 Published : June 29, 2026, 8:12 p.m. | 5 hours ago Description :Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Coolify’s API…
CVE-2026-13763 – HTTP/2 Stream Parser Confusion Body-Inspection Bypass in AWS Application Load Balancer with AWS WAF
CVE ID :CVE-2026-13763 Published : June 29, 2026, 8:03 p.m. | 5 hours, 8 minutes ago Description :Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer with AWS WAF enabled might allow remote…
CVE-2026-58054 – MyBB – Privilege Escalation from Limited ACP User Management to Administrator
CVE ID :CVE-2026-58054 Published : June 28, 2026, 1:32 a.m. | 23 hours, 39 minutes ago Description :MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating…
CVE-2026-58053 – Gitea act_runner – Container Hardening Bypass via Workflow Container Options
CVE ID :CVE-2026-58053 Published : June 28, 2026, 1:32 a.m. | 23 hours, 39 minutes ago Description :Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow’s container.options string to the Docker…
CVE-2026-58051 – libssh2 – Free of Uninitialized Pointer in publickey List Cleanup
CVE ID :CVE-2026-58051 Published : June 28, 2026, 1:32 a.m. | 23 hours, 39 minutes ago Description :libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but does not zero-initialize new entries before parsing…
CVE-2026-58050 – libssh2 – Integer Overflow in publickey Subsystem Attribute Allocation
CVE ID :CVE-2026-58050 Published : June 28, 2026, 1:32 a.m. | 23 hours, 39 minutes ago Description :libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in…
CVE-2026-58049 – FFmpeg – Out-of-Bounds Write in RASC Decoder decode_dlta()
CVE ID :CVE-2026-58049 Published : June 28, 2026, 1:32 a.m. | 23 hours, 39 minutes ago Description :FFmpeg’s RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at the row cursor before…