CVE-2026-25791

creationtimestamp| type| source ---|---|--- 2026-02-06 22:41:59+00:00| published-proof-of-concept| https://github.com/BishopFox/sliver/security/advisories/GHSA-wxrw-gvg8-fqjp 2026-02-09 21:20:15+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3meheu7qmj72g 2026-02-09...

Flickr Notifies Users of Data Breach After External Partner Security Flaw

Flickr says a third-party email vendor flaw may have exposed user names, emails, IP data, and activity logs,…...

CVE-2026-2096

creationtimestamp| type| source ---|---|--- 2026-02-06 12:06:00+00:00| seen| https://www.twcert.org.tw/en/cp-139-10700-3534d-2.html 2026-02-10 07:19:39+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3meige2n54a23 2026-02-10 07:21:12+00:00| seen|...

MAL-2026-786 Malicious code in @rsgweb/locale-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b1882e2ffa769f9383127f2bfc582935b3bb1145e172eb6941a0276989a983f The package @rsgweb/locale-tools was found to contain malicious code. Source: ghsa-malware...

MAL-2026-770 Malicious code in xpack-per-user (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd02e72044e1a432dd520594d89d568cdd80feaef160f24160f04cc549662c08 The package xpack-per-user was found to contain malicious code. Source: ghsa-malware 1182af58fca66833bb4a361e986f5ba960d9e9ab320cd787464bda92246392fb...

CVE-2026-20985

Improper input validation in Samsung Members prior to version 5.6.00.11 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability...

CVE-2026-20979

Improper privilege management in Settings prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Settings privilege...

CVE-2026-20983

Improper export of android application components in Samsung Dialer prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Samsung Dialer privilege...

EUVD-2026-5329

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web cache poisoning via Rails.cache. When AUTHORIZEDFETCH is enabled, the ActivityPub endpoints for pinned posts and featured hashtags have contents that...

CVE-2026-23105

In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use clisactive to determine whether class is active in qfqrmfromag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq...

CVE-2026-0617

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer profile fields in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for...

MAL-2026-734 Malicious code in xpack-subscription-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2447449c96d24d0c693d9105d432d9818fa96fb0c408fb371a3dc15167960feb The package xpack-subscription-test was found to contain malicious code. Source: ghsa-malware...

CVE-2026-20985

Improper input validation in Samsung Members prior to version 5.6.00.11 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability...

CVE-2026-20983

Improper export of android application components in Samsung Dialer prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Samsung Dialer privilege...

CVE-2026-20985

Improper input validation in Samsung Members prior to version 5.6.00.11 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability...

CVE-2026-20983

Improper export of android application components in Samsung Dialer prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Samsung Dialer privilege...

CVE-2026-20979

Improper privilege management in Settings prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Settings privilege...

CVE-2026-20985

Improper input validation in Samsung Members prior to version 5.6.00.11 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability...

CVE-2026-20985

Improper input validation in Samsung Members prior to version 5.6.00.11 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability...

CVE-2026-20985

Improper input validation in Samsung Members prior to version 5.6.00.11 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability...