CVE-2026-6937

The CVE covers the WordPress plugin Simply Schedule Appointments (Appointment Booking Calendar) with versions up to 1.6.11.8. Root cause: Missing authorization on the bulk appointments REST API endpoint, allowing unauthenticated attackers to modify arbitrary appointment records (including custome...

CVE-2026-9241

creationtimestamp| type| source ---|---|--- 2026-05-28 07:09:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmvhnw2thj2t...

CVE-2026-9791

creationtimestamp| type| source ---|---|--- 2026-05-28 07:00:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmvh6y3gfb2k...

CVE-2026-32999

creationtimestamp| type| source ---|---|--- 2026-05-28 06:55:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmvgvxmtnm2c...

CVE-2026-5737

creationtimestamp| type| source ---|---|--- 2026-05-28 06:54:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmvgtbfpf62h...

CVE-2026-7770

creationtimestamp| type| source ---|---|--- 2026-05-28 06:47:37+00:00| seen| https://bsky.app/profile/buherator.bsky.social/post/3mmvghcls5a2r 2026-06-01 19:32:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnat3gsyqf27 2026-06-01 21:00:36+00:00| seen|...

CVE-2026-7651 User Registration & Membership <= 5.1.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Media Deletion via 'profile-pic-url' Parameter

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.5. This is due to missing...

Cross-site Scripting (XSS)

Overview org.jenkins-ci.plugins:buildgraph-view is a plugin that computes a graph of related builds starting from the current one, and render it as a graph. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to not escaping the build URL.This results in a stored...

CVE-2026-45108

creationtimestamp| type| source ---|---|--- 2026-05-28 05:00:58+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmvaikrtmk2s...

CVE-2026-5737

The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.14.9. This is due to a public tracking route at /wp-json/iawp/search that accepts attacker-controlled referrerurl values when the signature matches, combined with a...

CVE-2026-5737 Independent Analytics <= 2.14.9 - Unauthenticated Server-Side Request Forgery via Tracking Route

The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.14.9. This is due to a public tracking route at /wp-json/iawp/search that accepts attacker-controlled referrerurl values when the signature matches, combined with a...

CVE-2026-44475

creationtimestamp| type| source ---|---|--- 2026-05-28 03:01:35+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116649970563347942...

pyjwt 安全漏洞

PyJWT is a Python library developed by José Padilla of the United States. It allows for the encoding and decoding of JSON Web Tokens JWTs. There were security vulnerabilities in PyJWT versions 2.8.0 to 2.12.1. These vulnerabilities stemmed from the fact that when verifying separate JWS tokens tha...

MAL-2026-4993 Malicious code in @cloudplatform-single-spa/timescale-db (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Malicious code in @cloudplatform-single-spa/ml-ai-agents-marketplace (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Portainer 安全漏洞

Portainer is a lightweight user management interface developed by Portainer, open source, for managing Docker environments and Docker hosts. There were security vulnerabilities in versions of Portainer from 2.33.0 to 2.33.8, as well as in versions before 2.39.2 and 2.41.0. These vulnerabilities...

Malicious code in @car-loans/general-analytics (npm)

Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...

Malicious code in @cloudplatform-single-spa/vcenter-virtual-machines (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Malicious code in @mlspace/inference-build (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Local Deep Research 代码问题漏洞

Local Deep Research is an AI search assistant developed by LearningCircuit. Versions of Local Deep Research prior to 1.6.10 contained code vulnerabilities. These vulnerabilities stemmed from defects in the URL checking logic, which could be exploited by attackers, leading to SSRF attacks...