CVE-2025-71334

creationtimestamp| type| source ---|---|--- 2026-06-26 02:12:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp5ulem5oj2x...

CVE-2026-12937

CVE-2026-12937 concerns the Tourfic WordPress plugin (versions ≤ 2.22.7). The issue is a generic SQL Injection via the post_id parameter caused by insufficient escaping and lack of prepared statements in the vulnerable SQL path. The vulnerability is exploitable by unauthenticated users, who can a...

CVE-2021-32988

creationtimestamp| type| source ---|---|--- 2026-06-24 13:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mozyaqqr3u2k...

CVE-2026-56340

creationtimestamp| type| source ---|---|--- 2026-06-21 02:57:03+00:00| seen| https://bsky.app/profile/suriq.io/post/3morer3vst42y...

CVE-2026-53807

creationtimestamp| type| source ---|---|--- 2026-06-14 17:00:29+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mobamt2x672p...

CVE-2026-10715 Camaleon CMS 2.9.2 - Improper authorization in draft autosave endpoint

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary postid to POST /admin/posttype//drafts and overwrite the draft associated with another user's post...

CVE-2026-10715 Camaleon CMS 2.9.2 - Improper authorization in draft autosave endpoint

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary postid to POST /admin/posttype//drafts and overwrite the draft associated with another user's post...

PT-2026-48948

Name of the Vulnerable Software and Affected Versions Camaleon CMS version 2.9.2 Description Improper authorization in the administrator draft autosave endpoint allows a low-privileged authenticated user to overwrite a draft associated with another user's post. This is achieved by sending an...

CVE-2026-10733

creationtimestamp| type| source ---|---|--- 2026-06-11 12:45:12+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mnzaxmissr2y 2026-06-11 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities20260612...

CVE-2026-41862

creationtimestamp| type| source ---|---|--- 2026-06-11 12:40:07+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mnzaoi3n5f2d 2026-06-24 00:10:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moymtyjg6x2a 2026-06-24 00:16:48+00:00| seen|...

CVE-2026-0267

creationtimestamp| type| source ---|---|--- 2026-06-10 19:03:23+00:00| seen| https://bsky.app/profile/ripjyr.bsky.social/post/3mnxfmwtg2m2k 2026-06-10 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1917 2026-06-10 22:58:09+00:00| seen|...

CVE-2026-5961

A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vulnerability affects unknown code of the file /topic-details.php. The manipulation of the argument postid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed...

CVE-2026-50258

creationtimestamp| type| source ---|---|--- 2026-06-05 13:33:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnkatubr7y2v 2026-06-06 02:00:45+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnlkmlszlr2l 2026-06-06 18:17:27+00:00| seen|...

CVE-2026-10155

creationtimestamp| type| source ---|---|--- 2026-05-31 01:14:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mn4fb2pxi327...

CVE-2025-41279

creationtimestamp| type| source ---|---|--- 2026-05-29 13:20:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmymuebmrv27...

WordPress plugin Advanced Custom Fields: Extended 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2025-14481 Yoast SEO <= 26.5 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via 'post_id' Parameter

The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership. This makes it possible for authenticated...

CVE-2026-9011

The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

CVE-2026-44790

creationtimestamp| type| source ---|---|--- 2026-05-20 00:16:19+00:00| seen| https://bsky.app/profile/securitylab-jp.bsky.social/post/3mmamu5rnds2m 2026-06-27 10:37:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mpbbbc4iiu2n...

CVE-2026-8578

creationtimestamp| type| source ---|---|--- 2026-05-14 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260515 2026-05-14 21:37:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mltrmr5sjx2q 2026-05-17 18:00:00+00:00| seen|...