CVE-2021-47983

creationtimestamp| type| source ---|---|--- 2026-06-08 04:46:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnqutppcwy2r...

CVE-2022-50953

creationtimestamp| type| source ---|---|--- 2026-06-08 04:45:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnquqk7yuu2k...

CVE-2021-47982

creationtimestamp| type| source ---|---|--- 2026-06-08 04:41:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnqukpsbin2d...

Astro - Information Disclosure

Astro versions v5.0.3 through v5.0.7 and Astro v4.16.17 or older with sourcemaps enabled contain a source code disclosure caused by sourcemap files being publicly accessible in the build output folder, letting unauthenticated users read server source code, exploit requires sourcemaps to be enable...

LG Supersign EZ CMS - Remote Code Execution

LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsrserver/device/getThumbnail. id: CVE-2018-17173 info: name: LG Supersign EZ CMS - Remote Code Execution author: pussycat0x severity: critical description: | LG SuperSign CMS allows remote attackers...

DNN (DotNetNuke) - Unicode Path Normalization NTLM Hash Disclosure

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been...

Oracle iPlanet Web Server 7.0.x - Image Injection

Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. id: CVE-2020-9314 info: name: Oracle iPlanet Web Server 7.0.x - Image Injection author:...

Processwire CMS <2.7.1 - Local File Inclusion

Processwire CMS prior to 2.7.1 is vulnerable to local file inclusion because it allows a remote attacker to retrieve sensitive files via the download parameter to index.php. id: CVE-2020-27467 info: name: Processwire CMS 2.7.1 - Local File Inclusion author: 0xAkoko severity: high description:...

TrakSYS 11.x.x - Sensitive Data Exposure

A vulnerability was found in Parsec Automation TrackSYS 11.x.x and classified as problematic. This issue affects some unknown processing of the file /TS/export/pagedefinition. The manipulation of the argument ID leads to direct request. The attack may be initiated remotely. The exploit has been...

Zitadel - User Registration Bypass

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the...

DataEase - Remote Code Execution

DataEase is an open-source business intelligence and data visualization platform. Public advisories state that CVE-2025-49002 is related to a bypass in the previous fix for CVE-2025-32966 involving case-insensitive handling of restricted H2 JDBC keywords. This template is a non-invasive detection...

LaRecipe < 2.8.1 Remote Code Execution via SSTI

LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection SSTI, which could potentially lead to Remote Code Execution RCE in vulnerable configurations. id: CVE-2025-53833 info:...

Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion

Oracle GlassFish Server Open Source Edition 3.0.1 build 22 is vulnerable to unauthenticated local file inclusion vulnerabilities that allow remote attackers to request arbitrary files on the server. id: CVE-2017-1000029 info: name: Oracle GlassFish Server Open Source Edition 3.0.1 - Local File...

FlatPress 1.2.1 - Stored Cross-Site Scripting

FlatPress 1.2.1 contains a stored cross-site scripting vulnerability that allows for arbitrary execution of JavaScript commands through blog content. An attacker can possibly steal cookie-based authentication credentials and launch other attacks. id: CVE-2021-41432 info: name: FlatPress 1.2.1 -...

CVE-2026-11484

SourceCodester Class and Exam Timetabling System 1.0 is affected by a SQL injection via the archive3.php file (argument sy). The vulnerability is exploitable remotely and reportedly has publicly available exploit code. The records do not specify the exact vulnerable function name beyond archive3....

Kyocera TASKalfa printer - Path Traversal

CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings. id: CVE-2023-34259 info: name: Kyocera TASKalfa printer - Path...

[SECURITY] Fedora 44 Update: chromium-149.0.7827.53-1.fc44

Chromium is an open-source web browser, powered by WebKit Blink...

[SECURITY] Fedora 44 Update: haveged-1.9.22-1.fc44

A Linux entropy source using the HAVEGE algorithm Haveged is a user space entropy daemon which is not dependent upon the standard mechanisms for harvesting randomness for the system entropy pool. This is important in systems with high entropy needs or limited user interaction e.g. headless server...

CVE-2026-11464

creationtimestamp| type| source ---|---|--- 2026-06-08 01:21:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnqjemn5z62i...

CVE-2026-11467

creationtimestamp| type| source ---|---|--- 2026-06-08 01:16:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnqj3o6h2f2i...