Ruby on Rails - Open Redirect via Host Header Injection

Ruby on Rails action pack before 6.1.2.1, 6.0.3.5 contains an open redirect caused by special crafted Host headers in combination with allowed host formats, letting attackers redirect users to malicious websites, exploit requires attacker to control Host headers. id: CVE-2021-22881 info: name: Ru...

CVE-2026-48114

creationtimestamp| type| source ---|---|--- 2026-06-15 20:08:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moe3lahrka2v...

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage , OptinMonster , and TrustPulse , turning those files into a way to break into the sites. When a site administrator was logged in as the file loaded, the code created an admin account under the attacker'...

CVE-2026-50889

creationtimestamp| type| source ---|---|--- 2026-06-13 12:46:02+00:00| seen| https://gist.github.com/pyuysig/41937c47514ff63d66a3be98ab8e8a7d...

CVE-2026-50869

creationtimestamp| type| source ---|---|--- 2026-06-13 12:45:34+00:00| seen| https://gist.github.com/pyuysig/95931ed2140f3bd85dc67057dd23a47f...

CVE-2026-9638

creationtimestamp| type| source ---|---|--- 2026-06-12 15:58:30+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mo44a67sb42j 2026-06-12 18:29:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo4enoz4jo22...

CVE-2026-49261

creationtimestamp| type| source ---|---|--- 2026-06-11 19:00:37+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnzvwulfix24...

CVE-2026-9648

creationtimestamp| type| source ---|---|--- 2026-06-11 16:53:27+00:00| seen| https://bsky.app/profile/drweb2.bsky.social/post/3mnzotj3lap23 2026-06-11 17:44:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnzro3zxu52w...

EUVD-2026-36251

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...

CVE-2026-11859

creationtimestamp| type| source ---|---|--- 2026-06-11 11:39:39+00:00| seen| https://bsky.app/profile/cybersecinsight.bsky.social/post/3mnz5ceuvon23...

Malicious code in sass-formats (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ccda832d10cb642350129278ae1fc341d3be8b8302ddbf9bdcfc15eeeb6eae8 The package name sass-formats is one character-edit away from the popular sass-formatter package and reuses its original author field "author": "Syle...

CVE-2026-53742

creationtimestamp| type| source ---|---|--- 2026-06-10 23:22:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnxu3uqusn2d...

CVE-2026-53475

creationtimestamp| type| source ---|---|--- 2026-06-10 16:33:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnx5aw3rxy2p 2026-06-14 23:16:35+00:00| seen| https://bsky.app/profile/securitycyberuk.bsky.social/post/3mobvneo55v2k 2026-06-16 17:07:36+00:00| seen|...

ServiceNow Discloses Security Incident Exposing Customer Data

ServiceNow applied a security update after an API access issue exposed customer data, with affected firms notified through direct support cases...

CVE-2026-52884

creationtimestamp| type| source ---|---|--- 2026-06-10 11:18:20+00:00| seen| https://bsky.app/profile/hn100.bsky.social/post/3mnwlmv624n2n 2026-06-10 11:19:33+00:00| seen| https://bsky.app/profile/hnws.bsky.social/post/3mnwlpjjr3e22 2026-06-10 11:20:05+00:00| seen|...

CVE-2026-47913

creationtimestamp| type| source ---|---|--- 2026-06-10 09:01:17+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnwdxp5yde2q...

MAL-2026-5493 Malicious code in @builder.io/dev-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 670a0957692786d7cd690da1c51472380e131ceb1149cf37e265a8549ad5339b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2026-46532

creationtimestamp| type| source ---|---|--- 2026-06-10 05:03:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnvwogeuti2f...

CVE-2026-45328

creationtimestamp| type| source ---|---|--- 2026-06-10 03:00:07+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnvpsfjeoy27 2026-06-10 03:00:38+00:00| seen| https://infosec.exchange/users/offseq/statuses/116723576453195786 2026-06-10 03:00:44+00:00| seen|...

CVE-2026-41981

creationtimestamp| type| source ---|---|--- 2026-06-09 11:28:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnu3qoetz42t...