Remote Code Execution (RCE)

UmbracoForms is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of user-supplied WSDL URLs used as data sources, which allows an authenticated attacker to supply a malicious web service definition and execute arbitrary code on the server...

CVE-2026-1137

creationtimestamp| type| source ---|---|--- 2026-01-19 06:03:36+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mcqxtsnhgs2w 2026-01-19 07:04:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mcr37zbymc2x...

CVE-2026-1139

creationtimestamp| type| source ---|---|--- 2026-01-19 06:03:29+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mcqxtl5vjg2i 2026-01-19 07:09:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mcr3ixplwd27...

CVE-2024-5206

creationtimestamp| type| source ---|---|--- 2026-01-19 00:13:20+00:00| seen| https://gist.github.com/konard/65ced3fd74042bf5ba0737f60d57d145 2026-01-19 00:16:42+00:00| seen| https://gist.github.com/konard/ed57bdf6f23e9388249c3e81f52a7d40 2026-01-19 00:16:50+00:00| seen|...

CVE-2020-28975

creationtimestamp| type| source ---|---|--- 2026-01-19 00:13:20+00:00| seen| https://gist.github.com/konard/65ced3fd74042bf5ba0737f60d57d145 2026-01-19 00:16:42+00:00| seen| https://gist.github.com/konard/ed57bdf6f23e9388249c3e81f52a7d40 2026-01-19 00:16:50+00:00| seen|...

CVE-2025-15403

creationtimestamp| type| source ---|---|--- 2026-01-17 04:01:15+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mclq36xubl2i 2026-01-17 04:09:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mclqkpjozl2h 2026-04-18 23:00:13+00:00| published-proof-of-concept|...

CVE-2025-69581

creationtimestamp| type| source ---|---|--- 2026-01-16 23:02:15+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mcl7ejtlbs2b 2026-01-16 23:52:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mclc6zk6gh2k...

CVE-2026-20960

creationtimestamp| type| source ---|---|--- 2026-01-16 22:37:11+00:00| seen| https://infosec.exchange/users/vuldb/statuses/115907168270220918 2026-01-16 23:01:13+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mcl7copa4227 2026-01-17 01:26:39+00:00| seen|...

CVE-2025-58888

creationtimestamp| type| source ---|---|--- 2026-01-16 21:11:12+00:00| seen| Telegram/v0bFlPUxaA4daJAECyFAZPTM5zTRL708CBV4pLvIHYbHtU 2026-01-16 21:11:18+00:00| seen| Telegram/6Zw3u2jJ6j-l0MhKMX6M89PILBn7a0n-I1SbjYyIrv-bFo...

CVE-2026-23742

CVE-2026-23742 affects the Skipper HTTP router/proxy. The default -lua-sources=inline in versions before 0.23.0 lets untrusted users inject Lua filters that can read the host filesystem and, via logs, exfiltrate skipper secrets, potentially enabling arbitrary code execution. The issue is resolved...

CVE-2026-23742 Skipper arbitrary code execution through lua filters

Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The...

CVE-2026-23742 Skipper arbitrary code execution through lua filters

Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The...

CVE-2026-23529

Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configurations...

CVE-2026-0915

creationtimestamp| type| source ---|---|--- 2026-01-16 16:24:21+00:00| seen| https://bsky.app/profile/buherator.bsky.social/post/3mckj527au72q 2026-01-16 16:33:26+00:00| seen| https://bsky.app/profile/andersonc0d3.bsky.social/post/3mckjn5hthc2w 2026-01-16 16:33:49+00:00| seen|...

CVE-2026-1003

creationtimestamp| type| source ---|---|--- 2026-01-16 10:19:10+00:00| seen| https://gist.github.com/Darkcrai86/31070bcecaf6d68688cd91fbdac4075b 2026-01-16 11:39:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mcjza4yndf2c 2026-03-31 17:56:04+00:00| seen|...

CVE-2026-1004

creationtimestamp| type| source ---|---|--- 2026-01-16 10:18:23+00:00| seen| https://gist.github.com/Darkcrai86/feae6587990a534b5cc78ae9c3947462 2026-01-16 11:49:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mcjzrzwo6b2x...

CVE-2025-14757

creationtimestamp| type| source ---|---|--- 2026-01-16 10:17:28+00:00| seen| https://gist.github.com/Darkcrai86/b00ea4c9c6b92db6ef9763f8eda8d6eb 2026-01-16 11:35:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mcjyyhftv52c...

CVE-2025-14844

creationtimestamp| type| source ---|---|--- 2026-01-16 09:54:13+00:00| seen| https://gist.github.com/Darkcrai86/6f52ab341fb429621991e742e432ca84 2026-01-16 11:44:28+00:00| seen| https://gist.github.com/Darkcrai86/a487b183a65b626789a86bfa85de1223 2026-01-16 12:05:47+00:00| seen|...

PT-2026-3320

Name of the Vulnerable Software and Affected Versions Skipper versions prior to 0.23.0 Description Skipper is an HTTP router and reverse proxy for service composition. The default configuration before version 0.23.0, specifically -lua-sources=inline,file, allowed untrusted users to create Lua...

MiracleLinux 4 : sudo-1.8.6p3-19.AXS4 (AXSA:2015-227:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2015-227:01 advisory. Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all...