CVE-2026-8605

creationtimestamp| type| source ---|---|--- 2026-05-19 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-03 2026-05-19 20:57:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmabqdi6532n 2026-06-22 01:32:12+00:00| seen|...

CVE-2026-8604

creationtimestamp| type| source ---|---|--- 2026-05-19 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-03 2026-05-19 20:52:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmabhezf7b2i...

SUSE CVE-2026-41889

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

midnight-ownpublickey-attack

Bounty 295: Why ownPublicKey Can't Be Trusted for Access...

CVE-2026-33514

Summary: CVE-2026-33514 affects Discourse. In affected releases prior to 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1, an authenticated user with the form templates feature enabled could read the name and structured content of form templates that are intended only for categories the user i...

PT-2026-42021

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability, which stems from an authentication flaw in the WebAuthn process. This flaw allows remote attackers to reissue the ExecuteActionsActionToken token, enabling them ...

编号撤回

BYD Atto3 is a pure electric compact SUV produced by BYD Corporation of China. The BYD Atto3 has a security vulnerability. This vulnerability allows attackers to obtain permanently valid authentication keys through brute-force attacks, enabling them to perform flash memory operations on the ECUs...

Mozilla Firefox和Mozilla Thunderbird 访问控制错误漏洞

Mozilla Firefox and Mozilla Thunderbird are both products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. This software supports IMAP and POP email...

CtrlPanel.gg 访问控制错误漏洞

CtrlPanel.gg is an open-source host service billing management tool developed by CtrlPanel.gg. Versions of CtrlPanel.gg 1.1.1 and earlier contained a security vulnerability related to access control. This vulnerability arose from multiple administrator controllers performing permission checks on...

Apache OFBiz 访问控制错误漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained a security vulnerability related to access control, which stemmed fro...

Security Advisory 0139

Security Advisory 0139 PDF Date: May 19, 2026 Revision | Date | Changes ---|---|--- 1.0 | May 19, 2026 | Initial release The CVE-ID tracking this issue: CVE-2025-49844 CVSSv3.1 Base Score: 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSSv4.0 Base Score: 9.4...

PT-2026-41892

Name of the Vulnerable Software and Affected Versions Sparx Pro Cloud Server versions 6.1 build 167 and earlier Description Broken Access Control exists in the communication with the database. Due to a lack of permission checks, a low privileged user can execute arbitrary SQL queries within the...

Sparx Systems Sparx Pro Cloud Server 安全漏洞

Sparx Systems' Sparx Pro Cloud Server is a modeling and service platform developed by the Australian company Sparx Systems. It supports remote access to model repositories and collaborative management. Versions of Sparx Pro Cloud Server prior to version 6.1 contained security vulnerabilities. The...

WordPress plugin Presto Player 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

EUVD-2025-209899

In BYD Atto3, an attacker can obtain an authentication key through Brute Force attack, which is permanently available. The authentication key enables flash to the Electronic Parking Break EPB and Supplemental Restoration System SRS related ECUs...

CVE-2025-61081

DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

Apache OFBiz 授权问题漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 had vulnerabilities related to authorization issues, which stemmed from imprope...

Mantis Bug Tracker 信息泄露漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker 2.28.1 and earlier contained a vulnerability related to information leakage. This vulnerability stemmed from allowing users to list and download attachments that they had...

Mantis Bug Tracker 访问控制错误漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker 2.28.1 and earlier contained a access control vulnerability. This vulnerability stemmed from insufficient access control checks in the ProjectUsersAddCommand, allowing users...