CVE-2026-4299

The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...

CVE-2025-63743

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is execut...

EUVD-2026-21958

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/manageactivity.php...

CVE-2026-36942

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/manageactivity.php...

CERTFR-2026-ACT-017

creationtimestamp| type| source ---|---|--- 2026-04-13 13:44:42+00:00| seen| https://bsky.app/profile/cert-fr.bsky.social/post/3mjeyroej5f2c 2026-04-13 13:44:48+00:00| seen| https://social.numerique.gouv.fr/users/certfr/statuses/116397695370532777 2026-04-13 13:57:52+00:00| seen|...

EUVD-2026-21895

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent. This issue may be leveraged by malware to perform malicious activity without detection...

CVE-2026-0232 Cortex XDR Agent: Local Administrator can disable the agent on Windows

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent. This issue may be leveraged by malware to perform malicious activity without detection...

CVE-2025-63743

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is execut...

CVE-2026-36942

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/manageactivity.php...

PT-2026-32361

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/manage activity.php...

CVE-2025-63743

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is execut...

CVE-2025-63743

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is execut...

CVE-2026-36942

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/manageactivity.php...

MAL-2026-2567 Malicious code in pt-sc-demo-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08bb315a7617ec23d04aeb4d4518c1539efbeef21894d42401af06f0ec36fdb6 The package pt-sc-demo-app was found to contain malicious code. Source: ghsa-malware 755b0ca70d35b05cdaa098b0bd7a331c5f40f35f8d5bb0dcf56333ce7acce6e0...

MAL-2026-2560 Malicious code in @b2b-portal/uch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89eb419e1f7beb102007973e2d226cb2cb5f534096cbc2be8dc538324f3f19db The package @b2b-portal/uch was found to contain malicious code. Source: ghsa-malware e559f0d2d934ad98bda8c11ca6613644ecf3f2584bee7e75c7edf59ecda35d3...

MAL-2026-2552 Malicious code in paysafe-google-pay (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3bd5f70910fb7ec96da87043782f13c0a98612ef9303db86393d58ffb82093d0 The package paysafe-google-pay was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2554 Malicious code in paysafe-venmo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fce8d34aa19e18a627c71bd9fd4d16246319ca05abafd983708a534663a573f The package paysafe-venmo was found to contain malicious code. Source: ghsa-malware 678a8d684fa9e6f72f98c45d404c3e749491bd582d4b78ddc4bc3d020ae3c172...

MAL-2026-2547 Malicious code in ixosmonitoring (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cfca4d7a38a0805f56b3bddcef1b421a8584a4d52df7a1a22676369679347bf5 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2026-22750

creationtimestamp| type| source ---|---|--- 2026-04-10 09:17:39+00:00| published-proof-of-concept| Telegram/6sW88BjwOE3AHA0v9w1zrWgG5EAJrhgxrYoPay5W7gN4tNI 2026-04-10 10:07:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj53au3zyx2z 2026-04-10 10:08:36+00:00| seen|...

Falco 0.43.1

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco...