CVE-2026-48710

creationtimestamp| type| source ---|---|--- 2026-05-26 07:49:13+00:00| seen| https://bsky.app/profile/dragostech.bsky.social/post/3mmqixgpa4s2n 2026-05-26 07:55:47+00:00| seen| https://bsky.app/profile/dragostech.bsky.social/post/3mmqjd6idtk2n 2026-05-26 18:30:45+00:00| seen|...

WordPress Events Schedule - WordPress Events Calendar Plugin plugin <= 2.7.2 - SQL Injection vulnerability

WordPress Events Schedule - WordPress Events Calendar Plugin plugin = 2.7.2 - SQL Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Events Schedule - WordPress Events Calendar Plugin versions = 2.7.2...

algernon 安全漏洞

Algernon is a web server developed by Alexander F. Rødseth. Versions of Algernon prior to 1.17.7 contained a security vulnerability. This vulnerability stemmed from the hardcoded wildcard in the Access-Control-Allow-Origin header of the SSE event server, which could allow any third-party page to...

Oban Web 安全漏洞

Oban Web is an embedded real-time backend task monitoring dashboard developed under the Oban Framework open source project. Versions of Oban Web from 2.12.0 to 2.12.5 contained a security vulnerability. This vulnerability originated from the Elixir.Oban.Web.Jobs.DetailComponent module, where the...

GitLab MCP Server 安全漏洞

GitLab MCP Server is an open-source tool developed by yoda.digital that connects AI agents with GitLab repositories. Versions of GitLab MCP Server prior to 0.6.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authentication mechanisms at the HTTP transport laye...

eventsource-encoder 注入漏洞

eventsource-encoder is a server-side event encoding tool developed by Espen Hovlandsdal. Versions of eventsource-encoder prior to 1.0.2 contained an injection vulnerability. This vulnerability stemmed from the lack of cleanup of event or ID fields during serialization of EventSourceMessage. An...

GHSA-QX2V-QP2M-JG93

creationtimestamp| type| source ---|---|--- 2026-05-25 11:11:11+00:00| seen| https://gist.github.com/konard/0fa64e99614f285a77b6079698b5b5e3 2026-05-25 11:12:19+00:00| seen| https://gist.github.com/konard/649db61832d01e9e237bbf281b033df5 2026-05-30 02:23:48+00:00| seen|...

CVE-2026-9407

creationtimestamp| type| source ---|---|--- 2026-05-25 03:00:26+00:00| seen| https://infosec.exchange/users/offseq/statuses/116632979036479792 2026-05-25 03:00:28+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mmniedcwxa26...

Ubuntu 24.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-8296-1)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8296-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

Malicious code in events-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5482b17f0abd8f4ae8fed4fa5c53ea035a15b252efec406ae65dfe3365a7412 [email protected] impersonates the events EventEmitter polyfill README and Travis badge copied verbatim from browserify/events and ships a...

MAL-2026-4555 Malicious code in events-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5482b17f0abd8f4ae8fed4fa5c53ea035a15b252efec406ae65dfe3365a7412 [email protected] impersonates the events EventEmitter polyfill README and Travis badge copied verbatim from browserify/events and ships a...

CVE-2026-34909

creationtimestamp| type| source ---|---|--- 2026-05-22 07:30:27+00:00| seen| https://infosec.exchange/users/offseq/statuses/116617053903196416 2026-05-22 07:30:29+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mmgg2g4mix26 2026-05-26 09:13:20+00:00| seen|...

CVE-2026-8205

Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since actiongetevents does not check canView on the calendar which results in restricted event details being disclosed. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...

CVE-2026-8205 Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in Calendar Block since action_get_events does not check canView on the calendar

Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since actiongetevents does not check canView on the calendar which results in restricted event details being disclosed. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...

CVE-2026-8205

Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since actiongetevents does not check canView on the calendar which results in restricted event details being disclosed. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...

CVE-2026-8205

Concrete CMS

CVE-2026-28910

creationtimestamp| type| source ---|---|--- 2026-05-21 17:47:19+00:00| seen| https://infosec.exchange/users/alexandreborges/statuses/116613816857863838 2026-05-21 17:47:29+00:00| seen| https://bsky.app/profile/alexandreborges.bsky.social/post/3mmexyl75a22g 2026-05-22 04:40:06+00:00| seen|...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to stream corruption in Spring MVC and WebFlux [CVE-2026-22735]

Summary IBM Watson Speech Services Cartridge is vulnerable to stream corruption in Spring MVC and WebFlux when using Server-Sent Events SSE CVE-2026-22735. Spring MVC and WebFlux are used in our speech microservices. This vulnerabilitiy has been addressed. Please read the details for remediation...

CVE-2026-9141

creationtimestamp| type| source ---|---|--- 2026-05-20 21:00:47+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmcsfgqmlg2k 2026-05-21 01:30:30+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mmdbhrxmv52l 2026-05-21 01:30:33+00:00| seen|...

CVE-2025-32750

creationtimestamp| type| source ---|---|--- 2026-05-20 17:56:56+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mmci4r6pzr2q 2026-05-20 20:00:45+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmcp25o5552e...