PT-2026-49570

Summary QuerystringParser treated ; as a field separator in application/x-www-form-urlencoded bodies, in addition to &. The WHATWG URL standard, modern browsers, and Python's urllib.parse since the CVE-2021-23336 fix treat only & as a separator. This creates a parser differential: the same bytes...

PT-2026-49328

Name of the Vulnerable Software and Affected Versions shlink version 5.0.1 Description A Server-Side Request Forgery SSRF exists in the automatic short URL title resolution component. This allows attackers to scan internal resources by providing a crafted longUrl variable. Recommendations At the...

PT-2026-49596

Name of the Vulnerable Software and Affected Versions starlette versions prior to 1.3.1 Description The HTTP request path is not validated before being used to reconstruct request.url. When a path does not begin with /, such as @google.com, it is concatenated as scheme://hostpath. This shifts the...

GeoVision LPC2011/LPC2211 Web Interface / ssi.cgi reflected cross-site scripting (XSS) vulnerabilities

Summary Multiple exploitable reflected cross-site scripting XSS vulnerabilities exist in the Web Interface / ssi.cgi functionality of LPC2011/LPC2211 versions: 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to...

CVE-2026-12190

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment...

CVE-2026-53470

creationtimestamp| type| source ---|---|--- 2026-06-14 23:16:13+00:00| seen| https://bsky.app/profile/securitycyberuk.bsky.social/post/3mobvmpno5q2m 2026-06-15 16:31:52+00:00| seen| https://bsky.app/profile/securitycyberuk.bsky.social/post/3modpi4b34v2k 2026-06-18 10:07:09+00:00| seen|...

CVE-2026-12190 Genspark AI Workspace App ai.mainfunc.genspark improper authorization in handler for custom url scheme

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment...

CVE-2026-12190

The CVE-2026-12190 entry concerns Genspark AI Workspace App version 2.8.4 on Android, affecting the ai.mainfunc.genspark component. The issue is described as improper authorization in the handler for a custom URL scheme, with exploitation limited to a local environment. The provided documents do ...

CVE-2026-49766

creationtimestamp| type| source ---|---|--- 2026-06-14 13:16:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3moau3nmx7b2y 2026-06-15 21:52:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moebgpamvg2e 2026-06-16 05:01:09+00:00| seen|...

CVE-2026-48748

creationtimestamp| type| source ---|---|--- 2026-06-14 12:04:16+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3moaq36mskk23 2026-06-16 00:56:16+00:00| seen| https://gist.github.com/alon710/bc7929d92c51f42ce9344791ed6ca313...

SUSE SLES12 Security Update : mutt (SUSE-SU-2026:2300-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2300-1 advisory. This update for mutt fixes the following issues - CVE-2026-43859: strfcpy used instead of memcpy for the IMAP authcram MD5 digest bsc1263897. -...

openSUSE 16 Security Update : mariadb (openSUSE-SU-2026:20933-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20933-1 advisory. This update for mariadb fixes the following issues Update to 11.8.8: - CVE-2026-3494: audit plugin comment handling bypass bsc1259176. -...

CVE-2025-55651

creationtimestamp| type| source ---|---|--- 2026-06-13 22:40:12+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mo7d5f3gem2r...

CVE-2025-55647

creationtimestamp| type| source ---|---|--- 2026-06-13 22:24:09+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mo7caoom3u2d...

CVE-2025-55641

creationtimestamp| type| source ---|---|--- 2026-06-13 21:58:05+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mo7ar2vxrw2j...

MAL-2026-5747 Malicious code in @giftyhq/widget-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ad3f12a6a12fbfa60e4a72747df6974f89906200568926b99a8c93c489b5e62 package.json declares "preinstall": "node index.js", which fires automatically on npm install. index.js collects host fingerprinting data —...

CVE-2026-54358

creationtimestamp| type| source ---|---|--- 2026-06-13 20:51:39+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116744774971353040...

Malicious code in environment-gate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48e4ad756dbae70bb38049d363961eb27239c7cf18c6a92612579aeb818da7b1 The package's only export, gate, performs an HTTP GET to a base64-obfuscated URL https://www.jsonkeeper.com/b/VKUNI and passes the response body...

MAL-2026-5743 Malicious code in environment-gate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48e4ad756dbae70bb38049d363961eb27239c7cf18c6a92612579aeb818da7b1 The package's only export, gate, performs an HTTP GET to a base64-obfuscated URL https://www.jsonkeeper.com/b/VKUNI and passes the response body...

GHSA-48C2-RRV3-QJMP

creationtimestamp| type| source ---|---|--- 2026-06-13 19:28:58+00:00| seen| https://gist.github.com/konard/8c3e52dfd7019783fb2c7f9392d36d2c...