CVE-2026-53705

creationtimestamp| type| source ---|---|--- 2026-06-15 20:23:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moe4gpjlgt2w...

CVE-2026-50887

A Server-Side Request Forgery SSRF in the automatic short URL title resolution component of shlink v5.0.1 allows attackers to scan internal resources via supplying a crafted longUrl...

CVE-2026-50888

An authenticated Server-Side Request Forgery SSRF in the custom scraper subsystem component of Benjamin Jonard Koillection v1.8.0 allows attackers to scan internal resources via supplying a crafted URL...

CVE-2026-52720

creationtimestamp| type| source ---|---|--- 2026-06-15 20:11:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moe3rrgugs2w...

CVE-2026-9258

creationtimestamp| type| source ---|---|--- 2026-06-15 19:00:00+00:00| seen| https://jvn.jp/en/vu/JVNVU98100934 2026-06-16 04:03:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moew5wcalk2n 2026-06-16 04:31:16+00:00| seen|...

CVE-2026-9259

creationtimestamp| type| source ---|---|--- 2026-06-15 19:00:00+00:00| seen| https://jvn.jp/en/vu/JVNVU98100934 2026-06-16 03:57:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moevt6c3uo2i 2026-06-16 04:31:16+00:00| seen|...

GHSA-WQVQ-JVPQ-H66F Nodemailer jsonTransport bypasses disableFileAccess and disableUrlAccess during message normalization

Summary Nodemailer's disableFileAccess and disableUrlAccess options are intended to prevent message content and attachments from reading local files or fetching URLs. The normal MIME streaming path enforces those options in MimeNode.getStream. However, jsonTransport serializes messages by calling...

GHSA-H5X3-XFC9-M39H Symfony: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization

Description Symfony\Component\Routing\Generator\UrlGenerator::doGenerate percent-encodes . and .. path segments so that the generated URL still resolves to the originating route after RFC 3986 §5.2.4 dot-segment removal which strict RFC-3986 consumers — routers, reverse proxies, HTTP clients —...

Symfony: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization

Description Symfony\Component\Routing\Generator\UrlGenerator::doGenerate percent-encodes . and .. path segments so that the generated URL still resolves to the originating route after RFC 3986 §5.2.4 dot-segment removal which strict RFC-3986 consumers — routers, reverse proxies, HTTP clients —...

@babel/core: Arbitrary File Read via sourceMappingURL Comment

Impact Using @babel/core to compile maliciously crafted code can allow ab attacker to read any source map from the system that is running Babel, if these conditions are all true: - the attacker controls the input source code - the attacker can read the output source code - the attacker knows the...

CVE-2018-25437

creationtimestamp| type| source ---|---|--- 2026-06-15 16:52:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3modqnrcxe32b...

Symfony: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes

Description Symfony\Component\HtmlSanitizer\Visitor\AttributeSanitizer\UrlAttributeSanitizer::getSupportedAttributes enumerates the attribute names whose values are scrubbed through UrlSanitizer::sanitize scheme and host allow-lists, javascript: rejection, BiDi check, etc.. The list is 'src',...

CVE-2016-20084

creationtimestamp| type| source ---|---|--- 2026-06-15 16:42:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3modq3ufon32h...

GHSA-XRXM-CP7J-8XF6 @angular/platform-server: URL Parser Differential leading to SSRF Allowlist Bypass

An issue in the @angular/platform-server package allows remote attackers to bypass host allowlist constraints and direct server-side outgoing requests to arbitrary external endpoints. This occurs due to a parser differential between the strict WHATWG URL parser used for allowlist validation and t...

@angular/platform-server: URL Parser Differential leading to SSRF Allowlist Bypass

An issue in the @angular/platform-server package allows remote attackers to bypass host allowlist constraints and direct server-side outgoing requests to arbitrary external endpoints. This occurs due to a parser differential between the strict WHATWG URL parser used for allowlist validation and t...

CVE-2016-20079

creationtimestamp| type| source ---|---|--- 2026-06-15 16:23:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3modozdldff2z...

CVE-2026-12161

creationtimestamp| type| source ---|---|--- 2026-06-15 16:16:22+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-12161 2026-06-16 03:47:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moevbbfxz62m 2026-06-17 06:00:26+00:00| seen|...

CVE-2026-5233

creationtimestamp| type| source ---|---|--- 2026-06-15 16:07:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3modo5vhfge2v...

CVE-2016-20083

creationtimestamp| type| source ---|---|--- 2026-06-15 16:03:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3modnvw3mdy2v...

CVE-2016-20080

creationtimestamp| type| source ---|---|--- 2026-06-15 15:59:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3modnoxg3kl2a...