5590 matches found
CVE-2007-3500
creationtimestamp| type| source ---|---|--- 2026-06-20 00:37:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3moomhxmepg2k...
CVE-2026-11551
creationtimestamp| type| source ---|---|--- 2026-06-20 00:00:39+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mookgqp4bp2f 2026-06-20 00:00:46+00:00| seen| https://infosec.exchange/users/offseq/statuses/116779492087943579 2026-06-20 01:01:06+00:00| seen|...
CVE-2026-48117 DroneAware's Improper Account Activation in Registration and SSO Flows Leads to Account Takeover
DroneAware is a drone detection platform. The centralized DroneAware server backing droneaware.io was vulnerable to an account pre-hijacking attack in which an attacker could register an account using a victim's email address with an attacker-controlled password before the victim completed accoun...
CVE-2026-42851
creationtimestamp| type| source ---|---|--- 2026-06-12 22:20:14+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mo4rkr3aqf2m 2026-06-13 10:04:29+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mo5yph3aqi2y...
CVE-2026-49433
The DeepAI endpoint 'https://api.deepai.org/changeuseremail' accepts POST requests without any CSRF protection. If an attacker can trick a logged-in user into clicking a malicious link, the attacker can change the user's email address and take over their account. Fixed on 2026-05-20...
CVE-2026-39356
Drizzle is a modern TypeScript ORM. Prior to 0.45.2 and 1.0.0-beta.20, Drizzle ORM improperly escaped quoted SQL identifiers in its dialect-specific escapeName implementations. In affected versions, embedded identifier delimiters were not escaped before the identifier was wrapped in quotes or...
CVE-2026-49433
The DeepAI endpoint 'https://api.deepai.org/changeuseremail' accepts POST requests without any CSRF protection. If an attacker can trick a logged-in user into clicking a malicious link, the attacker can change the user's email address and take over their account. Fixed on 2026-05-20...
CVE-2026-10286
creationtimestamp| type| source ---|---|--- 2026-06-01 20:39:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnawsjmsdr26...
DeepAI.org CSRF
RISK EVALUATION The DeepAI.org endpoint https://api.deepai.org/changeuseremail accepts POST requests without any CSRF protection. If a logged-in user is tricked into visiting a malicious HTML page, an attacker can change the user's email address to their own and take over the account via...
CVE-2026-45632
creationtimestamp| type| source ---|---|--- 2026-05-29 20:43:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmzfnfqmcj2s 2026-05-30 04:00:41+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mn262lpag62r...
CVE-2026-45629
creationtimestamp| type| source ---|---|--- 2026-05-29 20:30:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmzew26v5d2h 2026-05-30 17:01:43+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mn3jp7itoj25...
CVE-2026-9051
creationtimestamp| type| source ---|---|--- 2026-05-29 20:00:21+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmzd7piucp2i...
CVE-2026-45039
creationtimestamp| type| source ---|---|--- 2026-05-28 20:02:13+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmwsu52wag2z...
CVE-2026-4391
creationtimestamp| type| source ---|---|--- 2026-05-27 20:16:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmud65vf7g2q...
Unity Linux 20.1050e / 20.1070e Security Update: perl-Net-CIDR-Lite (UTSA-2026-016598)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016598 advisory. The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some...
Unity Linux 20.1070e Security Update: infinispan (UTSA-2026-016749)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016749 advisory. Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not...
Unity Linux 20.1070e Security Update: mariadb (UTSA-2026-021672)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021672 advisory. getsortbytable in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. Tenable has extracted the preceding description block...
CVE-2026-4046 affecting package glibc for versions less than 2.38-20
CVE-2026-4046 affecting package glibc for versions less than 2.38-20. A patched version of the package is available...
CVE-2026-40092
creationtimestamp| type| source ---|---|--- 2026-05-20 22:44:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmcy7grcig2r...
CVE-2026-24218
creationtimestamp| type| source ---|---|--- 2026-05-20 20:52:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmcrw542q32e 2026-05-22 22:00:51+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmhwoqlnxh2l...