CVE-2026-6951

creationtimestamp| type| source ---|---|--- 2026-04-25 06:00:28+00:00| seen| https://infosec.exchange/users/offseq/statuses/116463817713877211 2026-04-25 06:00:30+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mkcegnv3pf2l 2026-04-25 07:06:02+00:00| seen|...

CVE-2026-41066

creationtimestamp| type| source ---|---|--- 2026-04-24 19:22:45+00:00| seen| Telegram/6Kzjgs5Jm1YsIV5W18stSaCNyR3ZbpfLU45htDdv-YDitI 2026-04-24 19:23:03+00:00| published-proof-of-concept| Telegram/KzwiN8QhKmj3TuqYtGeX9siiyoqjfAY8f7zipbEz0Wiqhk 2026-05-04 03:02:20+00:00| seen|...

CVE-2026-39920

creationtimestamp| type| source ---|---|--- 2026-04-24 17:19:23+00:00| published-proof-of-concept| Telegram/izuLnFsi0kO0A2H5Dx71PRMcc4LiTVfuRwLjXwzmOGc60yQ 2026-04-24 17:19:31+00:00| published-proof-of-concept| Telegram/FPQxil1P7tPI78qOg-WRCqlMyjImNa5-xFn-dcI6eBMsRo 2026-04-25 09:00:28+00:00| see...

CVE-2026-25262

creationtimestamp| type| source ---|---|--- 2026-04-24 14:30:06+00:00| seen| https://t.me/truesecator/8141 2026-04-24 15:35:55+00:00| seen| https://t.me/xakepru/19303 2026-05-06 00:21:12+00:00| seen| https://notnow.dev/objects/cb0f51ab-513a-484f-8edd-624c60fcf616...

CVE-2026-2717

creationtimestamp| type| source ---|---|--- 2026-04-24 02:33:05+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mk7ieue4zx2x 2026-04-24 02:33:08+00:00| seen| https://bsky.app/profile/potato.software/post/3mk7ieuuvli2p...

CVE-2026-29050

melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, an attacker who can influence a melange configuration file — for example through pull-request-driven CI or build-as-a-service scenarios — could set pipeline.uses to a...

CVE-2026-41342

creationtimestamp| type| source ---|---|--- 2026-04-23 23:27:16+00:00| seen| Telegram/IhrbuMncMOQ2aXKn55DBnsRKZnrdzyQXI4i7tcZ3JysOVtE 2026-04-23 23:27:23+00:00| seen| Telegram/OgOvWOsYKDsUPw2Tk2S9qGbonIgzDZlRsoTRSBtlTZ01pNI...

CVE-2026-42605

creationtimestamp| type| source ---|---|--- 2026-04-23 19:32:57+00:00| published-proof-of-concept| https://github.com/AzuraCast/AzuraCast/security/advisories/GHSA-vp2f-cqqp-478j 2026-05-09 21:00:03+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlh5a355gx2c 2026-05-09...

CVE-2026-41197

creationtimestamp| type| source ---|---|--- 2026-04-23 04:30:28+00:00| seen| https://infosec.exchange/users/offseq/statuses/116452139179044261 2026-04-23 04:30:31+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mk56hw5fha26 2026-04-23 05:18:40+00:00| seen|...

CVE-2026-3844

creationtimestamp| type| source ---|---|--- 2026-04-23 03:00:30+00:00| seen| https://infosec.exchange/users/offseq/statuses/116451785443473415 2026-04-23 03:00:32+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mk4zgzcg3k2g 2026-04-23 05:19:00+00:00| seen|...

CVE-2026-42560

creationtimestamp| type| source ---|---|--- 2026-04-22 23:43:57+00:00| published-proof-of-concept| https://github.com/go-pkgz/auth/security/advisories/GHSA-f6qq-3m3h-4g42 2026-05-09 06:00:30+00:00| seen| https://infosec.exchange/users/offseq/statuses/116543090116020818 2026-05-09 06:00:31+00:00|...

CVE-2026-41134 Kiota: Code Generation Literal Injection

Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a code-generation literal injection vulnerability in multiple writer sinks for example: serialization/deserialization keys, path/query parameter mappings, URL template metadata, enum/property metadata,...

CVE-2026-33471

creationtimestamp| type| source ---|---|--- 2026-04-22 20:14:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mk4cqnkb4d2c 2026-04-22 21:00:25+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mk4fd2uyjl26 2026-04-22 21:21:17+00:00| published-proof-of-concept|...

CVE-2026-34413

creationtimestamp| type| source ---|---|--- 2026-04-22 20:02:05+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mk4c2qqza22k 2026-04-22 21:20:52+00:00| seen| Telegram/cbjF4apLmtnn3LGsfm2VGkmWkt4o1cHj2IZCQ7x38CS5FMw 2026-04-22 21:48:07+00:00| seen|...

EUVD-2026-25049

DDEV has ZipSlip path traversal in tar and zip archive extraction...

CVE-2026-32885

DDEV is an open-source tool for running local web development environments for PHP and Node.js. Versions prior to 1.25.2 have unsanitized extraction in both Untar and Unzip functions in pkg/archive/archive.go. Downloads and extracts archives from remote sources without path validation. Version...

CVE-2026-32885 DDEV has ZipSlip path traversal in tar and zip archive extraction

DDEV is an open-source tool for running local web development environments for PHP and Node.js. Versions prior to 1.25.2 have unsanitized extraction in both Untar and Unzip functions in pkg/archive/archive.go. Downloads and extracts archives from remote sources without path validation. Version...

CVE-2026-32885

DDEV is an open-source tool for running local web development environments for PHP and Node.js. Versions prior to 1.25.2 have unsanitized extraction in both Untar and Unzip functions in pkg/archive/archive.go. Downloads and extracts archives from remote sources without path validation. Version...

CVE-2026-32885

CVE-2026-32885 (DDEV ZipSlip) affects the DDEV project prior to v1.25.2. The vulnerability resides in the archive extraction routines (pkg/archive/archive.go) for both Untar() and Unzip(), which unzip/downloaded archives from remote sources without validating the extraction path. This enables pat...

CVE-2026-35373 uutils coreutils ln Local Denial of Service via Improper Handling of Non-UTF-8 Filenames

A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms e.g., ln SOURCE... DIRECTORY. While GNU ln treats filenames as raw bytes and creates the links correctly, the uutils implementation...