12172 matches found
CVE-2025-24249
creationtimestamp| type| source ---|---|--- 2026-04-02 22:15:08+00:00| seen| Telegram/A1zSU9KcM20ZRLemoMFRz3NG5DsD-KNcnO6EGaNoIwAY1a4 2026-04-02 22:15:13+00:00| seen| Telegram/LEjwKyuBTB6b6mFnoSKeIfUM-CoxQ2buHbucYd1vZ1GovQ...
CVE-2025-24238
creationtimestamp| type| source ---|---|--- 2026-04-02 22:14:56+00:00| seen| Telegram/vazepRq8pUVmfE1hnQs7eSzvOH2CwegXcQp6HpwRm-K-I 2026-04-02 22:15:08+00:00| seen| Telegram/A1zSU9KcM20ZRLemoMFRz3NG5DsD-KNcnO6EGaNoIwAY1a4...
CVE-2026-35466
CVE-2026-35466 describes a stored XSS in cveInterface.js caused by unsanitized input from remote CVE API services. Multiple sources (NVD, Red Hat, ENISA, CIRCL, CVE List, ATT&CK references) reiterate the vulnerability, with the NVD metrics showing MEDIUM severity (CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:...
CVE-2026-35386
creationtimestamp| type| source ---|---|--- 2026-04-02 18:18:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mijswfk4sz2q 2026-04-02 18:24:22+00:00| seen| https://infosec.exchange/users/cR0w/statuses/116336509679642725 2026-04-02 18:24:41+00:00| seen|...
CVE-2026-35388
creationtimestamp| type| source ---|---|--- 2026-04-02 18:11:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mijsjwr3wj22 2026-04-02 18:24:22+00:00| seen| https://infosec.exchange/users/cR0w/statuses/116336509679642725 2026-04-02 18:24:42+00:00| seen|...
CVE-2026-35387
creationtimestamp| type| source ---|---|--- 2026-04-02 18:07:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mijscy23hz22 2026-04-02 18:24:22+00:00| seen| https://infosec.exchange/users/cR0w/statuses/116336509679642725 2026-04-02 18:24:41+00:00| seen|...
CVE-2026-23248
creationtimestamp| type| source ---|---|--- 2026-04-02 17:33:59+00:00| seen| Telegram/WyXPwYEob5rwMzrjHEHOmHMfRm-UsFxuyIbkoxluRocgyg 2026-04-02 17:34:19+00:00| seen| Telegram/Eld7J3ikjfnD9ywmRscvQGl2AJKZKJZLAAy1yIRH8SzanLA...
Bentley Systems iTwin Platform exposed access token
RISK EVALUATION Bentley Systems iTwin Platform exposed a Cesium ion access token in the source of some web pages. An unauthenticated attacker could use this token to enumerate or delete certain assets. 2. RECOMMENDED PRACTICES As of 2026-03-27, the token is no longer present in the web pages and...
CVE-2026-33951
Signal K Server (boat hub) exposes an unauthenticated HTTP endpoint PUT /signalk/v1/api/sourcePriorities that directly assigns user input to the server configuration, enabling attackers to modify navigation data source priorities. The issue is triggered by missing authentication/authorization and...
CVE-2026-33951
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers to modify navigation data source priorities. This endpoint, accessible via PUT...
CVE-2026-33951 signalk-server: Unauthenticated Source Priorities Manipulation
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers to modify navigation data source priorities. This endpoint, accessible via PUT...
CVE-2026-5245
creationtimestamp| type| source ---|---|--- 2026-04-02 10:01:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miix6a7d6i2o 2026-04-02 11:51:33+00:00| seen| https://gist.github.com/N3mes1s/5af547237daf3a1f075c27cafd0544d3...
CVE-2026-33614
creationtimestamp| type| source ---|---|--- 2026-04-02 09:04:05+00:00| seen| https://infosec.exchange/users/certvde/statuses/116334306568810530 2026-04-02 09:04:13+00:00| seen| https://bsky.app/profile/certvde.infosec.exchange.ap.brid.gy/post/3miitxsrop2j2 2026-04-02 11:20:58+00:00| seen|...
CVE-2026-33616
creationtimestamp| type| source ---|---|--- 2026-04-02 09:04:05+00:00| seen| https://infosec.exchange/users/certvde/statuses/116334306568810530 2026-04-02 09:04:13+00:00| seen| https://bsky.app/profile/certvde.infosec.exchange.ap.brid.gy/post/3miitxsrop2j2 2026-04-02 10:04:29+00:00| seen|...
CVE-2026-4347
creationtimestamp| type| source ---|---|--- 2026-04-02 06:11:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miikcm5tfo2j 2026-04-02 06:20:58+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3miiku3peog2j 2026-04-02 07:15:36+00:00| seen|...
Grafana 9.3.0 < 11.6.14 / 12.0.0 < 12.1.10 / 12.2.0 < 12.2.8 / 12.3.0 < 12.3.6 / 12.4.0 < 12.4.2 Information Disclosure (CVE-2026-27877)
The version of Grafana installed on the remote host is 9.3.x through 11.6.x prior to 11.6.14, 12.0.x through 12.1.x prior to 12.1.10, 12.2.x prior to 12.2.8, 12.3.x prior to 12.3.6, or 12.4.x prior to 12.4.2. It is, therefore, affected by an information disclosure vulnerability: - When using publ...
PT-2026-29797
Summary The SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers to modify navigation data source priorities. This endpoint, accessible via PUT /signalk/v1/api/sourcePriorities, does not enforce authentication or authorization checks and directly assigns...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the stbttbufget8 function. An attacker can cause a denial of service by supplying a specially crafted TrueType Font file that triggers an out-of-bounds read during processing. Workaround This vulnerability can be...
BIT-GRAFANA-2026-27877 Public dashboards discloses all direct mode datasources
When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...
CVE-2026-4370
creationtimestamp| type| source ---|---|--- 2026-04-01 08:33:22+00:00| published-proof-of-concept| https://github.com/juju/juju/security/advisories/GHSA-gvrj-cjch-728p 2026-04-01 09:00:34+00:00| seen| https://infosec.exchange/users/offseq/statuses/116328630451101827 2026-04-01 09:00:36+00:00| see...