CVE ID :CVE-2026-46703 Published : June 10, 2026, 11:16 p.m. | 2 hours, 48 minutes ago Description :Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI…
CVE-2026-46695 – BoxLite: Permission Bypass in boxlite Allows Modification of Read-Only Files
CVE ID :CVE-2026-46695 Published : June 10, 2026, 11:16 p.m. | 2 hours, 48 minutes ago Description :Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI…
CVE-2026-44693 – Pi-hole FTL: Unauthenticated Session Hijacking via Race Condition on Global Session Buffer
CVE ID :CVE-2026-44693 Published : June 10, 2026, 11:16 p.m. | 2 hours, 48 minutes ago Description :Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version…
CVE-2026-42305 – Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows
CVE ID :CVE-2026-42305 Published : June 10, 2026, 11:16 p.m. | 2 hours, 48 minutes ago Description :Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and…
CVE-2026-53738 – Copy & Delete Posts through 1.5.4 Privilege Escalation via cdp_action_handling Handler
CVE ID :CVE-2026-53738 Published : June 10, 2026, 10:17 p.m. | 1 hour ago Description :Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdp_action_handling AJAX…
CVE-2026-50131 – Fedify has an incomplete SSRF mitigation after GHSA-p9cg-vqcc-grcx: validatePublicUrl allows special-use IPv4 ranges
CVE ID :CVE-2026-50131 Published : June 10, 2026, 10:17 p.m. | 1 hour ago Description :Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network…
CVE-2026-46689 – Kanidm: Unauthenticated process abort via SCIM filter stack exhaustion
CVE ID :CVE-2026-46689 Published : June 10, 2026, 10:17 p.m. | 1 hour ago Description :Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/… endpoint…
CVE-2026-46669 – `openvm-pairing` pairing check missing proper subfield check on scaling factor
CVE ID :CVE-2026-46669 Published : June 10, 2026, 10:17 p.m. | 1 hour ago Description :OpenVM is a performant and modular zkVM framework built for customization and extensibility. Prior to version 1.6.0, the…
CVE-2026-46654 – Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss
CVE ID :CVE-2026-46654 Published : June 10, 2026, 10:16 p.m. | 1 hour ago Description :Plonky3 is a toolkit for polynomial IOPs (PIOPs). Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side…
CVE-2026-53673 – BuddyPress 14.4.0 Private Message IDOR via REST API user_id Parameter
CVE ID :CVE-2026-53673 Published : June 10, 2026, 12:16 a.m. | 58 minutes ago Description :BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers…