CVE-2026-53927

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the spreadsheet-fetch endpoint axiosRequestMake accepted URLs whose path contained a permitted extension anywhere in the string, and applied a hand-rolled regex blocklist that omitted 127.0.0.0/8 and 169.254.0.0/16,...

CVE-2026-47279

NocoDB's CVE-2026-47279 describes an Access Control problem in public shared-view relation endpoints (LTAR columns). Before patch 2026.05.1, endpoints accepted a caller-supplied column ID without verifying the column’s visibility, allowing anyone with a share UUID to read links from hidden LTAR c...

CVE-2026-47379

CVE-2026-47379 – NocoDB : The shared-view password check used a strict-equality comparison for legacy plaintext passwords, leaking the password length and per-character prefix via response timing. The bcrypt branch was unaffected; the vulnerability lies in the legacy comparison path in the shared...

CVE-2026-54420

LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...

CVE-2026-54420

LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...

CVE-2026-54420

CVE-2026-54420 is a symlink-following vulnerability in LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM Plugin before 5.3.2.0). A user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS can abuse improperly validated symbolic links to access or ...

PT-2026-49104

Name of the Vulnerable Software and Affected Versions LiteSpeed cPanel plugin versions prior to 2.4.8 LiteSpeed WHM PlugIn versions prior to 5.3.2.0 Description A symlink-following flaw exists in the LiteSpeed cPanel plugin where the software mishandles symbolic links provided by a user. An...

CVE-2026-21020

Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions...

CVE-2026-21022

Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...

CVE-2026-44888

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile endpoint writes user-supplied numeric config values e.g., SMTPPORT directly into pialert.conf without validation. Since pialert.conf is loaded via Python's exec every 3–5 minutes...

Attackers Actively Exploiting Critical Vulnerability in Burst Statistics Plugin

On May 13th, 2026, we publicly disclosed a critical Authentication Bypass vulnerability in Burst Statistics, a WordPress plugin with 200,000 active installations. This vulnerability can be leveraged by unauthenticated attackers, with knowledge of an administrator username, to impersonate that...

VulnCheck KEV: CVE-2026-54420

LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...

PT-2026-45209

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description An out-of-bounds read can occur in the iavb parse key data function within avb rsa.c due to improper input validation. This issue allows for local information...

MAL-2026-5091 Malicious code in discord-ban (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4e19806a65bf83b5648eb280baedca899972d98e8c3f921080390458e8394413 Package steals data from web browsers credentials, credit cards, history, ... --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

Security Bulletin: Multiple security vulnerabilities addressed with IBM Business Automation Workflow cumulative fixes May 2026

Summary In addition to updating many operating system level packages, the following security vulnerabilities are addressed with IBM Business Automation Workflow cumulative fixes. Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and...

CVE-2026-44596

creationtimestamp| type| source ---|---|--- 2026-05-29 15:00:15+00:00| seen| Telegram/a86W4JR7O--z7UEFDSjPGooPu8cJg6Qw5misZZ2a8xOkaUM 2026-05-29 21:00:04+00:00| seen| Telegram/7EeES1995AuZh7L7sqmaK3TqJ83qHuwNNd4oo-aSS2rD4M...

CVE-2026-33386

creationtimestamp| type| source ---|---|--- 2026-05-29 07:15:00+00:00| seen| https://cert.pl/en/posts/2026/05/CVE-2026-33384...

CVE-2026-41236

creationtimestamp| type| source ---|---|--- 2026-05-29 06:30:36+00:00| published-proof-of-concept| https://github.com/froxlor/froxlor/security/advisories/GHSA-mq5v-pxpm-8jw2 2026-06-04 18:44:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnibsgjzcn2y...

CVE-2026-10004

creationtimestamp| type| source ---|---|--- 2026-05-28 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260529 2026-05-28 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/microsoft-edge-multiple-vulnerabilities20260529 2026-05-29...

CVE-2026-47759

creationtimestamp| type| source ---|---|--- 2026-05-28 17:01:01+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmwiq4djr42l 2026-05-28 17:23:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmwjz5vnzt2i 2026-05-28 21:37:06+00:00| seen|...