CVE-2026-4944

creationtimestamp| type| source ---|---|--- 2026-05-28 20:01:05+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmwss4nokb2g 2026-05-28 21:34:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmwxykvxhb2i...

CVE-2026-42591 Gotenberg: Server-Side Request Forgery (SSRF) in github.com/gotenberg/gotenberg/v8

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the LibreOffice conversion endpoint /forms/libreoffice/convert passes uploaded documents directly to LibreOffice without inspecting their content. LibreOffice then fetches any embedded external URLs on its own, completely...

CVE-2026-41513

Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects...

CVE-2026-41513

Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects...

Astra Linux - уязвимость в thunderbird

When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is displayed when the mouse hovers over any attachment. Although the correct link is used upon clicking, the misleading hover text may lead users to download conten...

Weblate 安全漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.17 contained security vulnerabilities, which stemmed from the ZIP download feature not verifying the files being downloaded; these vulnerabilities could exploit symbolic...

CVE-2026-32920

creationtimestamp| type| source ---|---|--- 2026-03-31 12:51:11+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mie7pzf3zw2h 2026-03-31 13:19:01+00:00| seen| Telegram/jSTFa01DEWFRhQKHtf4fP3tqxxyDE1Jfuh4yALHVDvczs38 2026-03-31 13:51:47+00:00| seen|...

CVE-2026-33728

creationtimestamp| type| source ---|---|--- 2026-03-27 01:30:32+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mhyxta3ux52y 2026-03-27 01:30:32+00:00| seen| https://infosec.exchange/users/offseq/statuses/116298549180324287 2026-03-27 03:05:08+00:00| seen|...

CVE-2026-28536

creationtimestamp| type| source ---|---|--- 2026-03-05 07:30:28+00:00| seen| https://infosec.exchange/users/offseq/statuses/116175393685481196 2026-03-05 07:30:29+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mgcboltqp32m 2026-03-05 08:01:30+00:00| seen|...

CVE-2026-1628

Mattermost Desktop App versions =5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a malicious server to expose preload script functionality to untrusted servers via having a user open an external link in their Mattermost server...

CVE-2026-1628

Mattermost Desktop App versions =5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a malicious server to expose preload script functionality to untrusted servers via having a user open an external link in their Mattermost server...

CVE-2026-1628

Mattermost Desktop App versions

PT-2026-22584

Mattermost Desktop App versions =5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a malicious server to expose preload script functionality to untrusted servers via having a user open an external link in their Mattermost server...

EUVD-2026-8777

Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools readfile, editfile. It allows reading and writing files outside the project directory when a project contains symbolic links pointing to external paths. This bypasses the intended workspace...

PT-2026-21823

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Eye Exam form module allows any authenticated user to be redirected to an arbitrary external URL. This can be exploited for phishing attacks against healthcare...

Keras has a Local File Disclosure via HDF5 External Storage During Keras Weight Loading

Summary TensorFlow / Keras continues to honor HDF5 “external storage” and ExternalLink features when loading weights. A malicious .weights.h5 or a .keras archive embedding such weights can direct loadweights to read from an arbitrary readable filesystem path. The bytes pulled from that path...

EUVD-2026-4865

The Easy Replace Image plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.5.2. This is due to missing capability checks on the imagereplacementfromurl function that is hooked to the erifromurl AJAX action. This makes it possible for authenticated...

CVE-2022-50937

Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise user sessions and manipulate application modul...

CVE-2022-50937 Ametys CMS v4.4.1 - Cross Site Scripting (XSS)

Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise user sessions and manipulate application modul...

PT-2026-2413

Name of the Vulnerable Software and Affected Versions Ametys CMS version 4.4.1 Description Ametys CMS version 4.4.1 has a persistent cross-site scripting issue in the link directory’s input fields for external links. An attacker can inject malicious script code into the link text and descriptions...