CVE-2025-11262

creationtimestamp| type| source ---|---|--- 2026-05-29 09:38:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmyagwkhs42k 2026-06-09 19:00:13+00:00| published-proof-of-concept| Telegram/Twzxtbvyqic9grgE7JaZrbs3i9BOrZG8PBBvMyWgrTB7Ya8...

CVE-2026-10078

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...

CVE-2026-10078 Quay/config-tool: quay/config-tool: gitlab oauth client_secret exposed in url querystring

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...

CVE-2025-11993

creationtimestamp| type| source ---|---|--- 2026-05-29 09:13:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmy73gep4d2e 2026-05-29 12:20:32+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mmyjjk3q7n2y 2026-05-31 03:01:34+00:00| seen|...

CVE-2026-10078

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...

CVE-2026-8732

The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmptempaccessajax AJAX action being registered with wpajaxnopriv and protected only by a nonce check using the...

CVE-2026-8732

Summary of CVE-2026-8732 : The WP Maps Pro WordPress plugin (≤ 6.1.0) is vulnerable to unauthenticated privilege escalation via Administrator Account Creation. The root cause is the wpgmp_temp_access_ajax action registered for both authenticated and unauthenticated requests, protected only by a p...

CVE-2026-44848

creationtimestamp| type| source ---|---|--- 2026-05-29 00:28:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmxbqmil4d2e...

CVE-2026-44881

creationtimestamp| type| source ---|---|--- 2026-05-29 00:23:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmxbhnzpaf2w 2026-06-11 19:22:45+00:00| seen| https://bsky.app/profile/securitycyberuk.bsky.social/post/3mnzx6hyanz2x 2026-06-11 19:27:32+00:00| seen|...

SillyTavern 代码问题漏洞

SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.18.0 had code vulnerabilities. This vulnerability stemmed from the corsProxyMiddleware module, which directly forwarded req.params.url to fetchurl, .... This allowed loop request...

SillyTavern 安全漏洞

SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.18.0 contained security vulnerabilities. These vulnerabilities stemmed from the/api/search/searxng endpoint, which accepted a baseUrl controlled by an attacker and used it to...

Spatie Laravel Media Library Pro 代码问题漏洞

Spatie Laravel Media Library Pro is a UI component for Laravel media libraries developed by the Belgian company Spatie. Versions of Spatie Laravel Media Library Pro prior to 11.23.0 had code vulnerabilities. These vulnerabilities stemmed from the addMediaFromUrl method in InteractsWithMedia.php,...

PT-2026-45054

Summary PraisonAI's direct-prompt CLI automatically expands @url: mentions in raw prompt text before agent execution begins. If a prompt contains @url:, the CLI calls MentionsParser.process.... The @url: handler then performs a direct urllib.request.urlopen request to the attacker-controlled URL...

RockyLinux 10 : buildah (RLSA-2026:19032)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19032 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Tenable has extracted the preceding description block directly from the RockyLinux...

PT-2026-44978

Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by passing user-controlled URLs to the addMediaFromUrl method in InteractsWithMedia.php...

Red Hat Quay 安全漏洞

Red Hat Quay is a container image repository platform operated by the American company Red Hat. Red Hat Quay has a security vulnerability; this vulnerability stems from the fact that GitLab’s OAuth verifier transmits sensitive credentials as plain-text parameters in URL queries, which may lead to...

Dokploy 操作系统命令注入漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.29.0 contained a vulnerability related to operating system command injection. This vulnerability arose because the deleteRegistry function executed the docker logout command without proper shell escapin...

SillyTavern 跨站脚本漏洞

SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.18.0 had a cross-site scripting vulnerability. This vulnerability occurred when the fetchurl function was called, causing the code to send error responses containing a URL value...

RockyLinux 10 : golang (RLSA-2026:19022)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19022 advisory. crypto/x509: Incorrect enforcement of email constraints in crypto/x509 CVE-2026-27137 net/url: Incorrect parsing of IPv6 host literals in net/url...

CVE-2026-34311

creationtimestamp| type| source ---|---|--- 2026-05-28 22:30:52+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mmx35x7pml2l 2026-05-29 23:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mmzpdcs3tz2g 2026-06-11 14:20:04+00:00| seen|...