CVE-2026-9134

creationtimestamp| type| source ---|---|--- 2026-06-13 09:48:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo5xyvp7al2o 2026-06-14 12:03:34+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116748361037241500...

web-vuln-scanner

Web Vulnerability Scanner Basic web application vulnerability...

MAL-2026-5730 Malicious code in class-synth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1aa63407d7400b4819d0739dedad0a32d9ae29b18509693c2e8763cf30275271 class-synth is advertised as a small class/style/date utility library, but its main entry dist/index.js contains a hidden top-level async IIFE init...

Malicious code in class-synth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1aa63407d7400b4819d0739dedad0a32d9ae29b18509693c2e8763cf30275271 class-synth is advertised as a small class/style/date utility library, but its main entry dist/index.js contains a hidden top-level async IIFE init...

GHSA-PV9G-RRHQ-MPQC

creationtimestamp| type| source ---|---|--- 2026-06-13 05:17:38+00:00| seen| https://mastodon.bsd.cafe/users/grahamperrin/statuses/116741102400640422...

CVE-2026-54228

creationtimestamp| type| source ---|---|--- 2026-06-13 04:04:22+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mo5ekrdf372d 2026-06-13 06:56:18+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mo5ofk7ow52m...

Malicious code in vite-config-optimizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f824c077d7d2705d17dc29eba9a24ea8b51b93785bcf83fdfe639fc8f9bc581f package.json declares a postinstall hook node -e "require'./loader.js'" that auto-executes on every npm install. loader.js spawns a detached child No...

MAL-2026-5727 Malicious code in vite-config-optimizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f824c077d7d2705d17dc29eba9a24ea8b51b93785bcf83fdfe639fc8f9bc581f package.json declares a postinstall hook node -e "require'./loader.js'" that auto-executes on every npm install. loader.js spawns a detached child No...

CVE-2026-12130

creationtimestamp| type| source ---|---|--- 2026-06-12 22:55:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo4tjwiuka2j...

CVE-2026-42851

creationtimestamp| type| source ---|---|--- 2026-06-12 22:20:14+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mo4rkr3aqf2m 2026-06-13 10:04:29+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mo5yph3aqi2y...

CVE-2026-54395

MISP contains a reflected cross-site scripting vulnerability in the UiBeta event index view. The urlparams value is inserted into an inline JavaScript handler using HTML escaping inside a single-quoted JavaScript string. Because browsers HTML-decode attribute values before JavaScript parsing, a...

CVE-2026-53523 Nezha Monitoring: OAuth2 Redirect URL — Host Header Injection

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the getRedirectURL function in oauth2.go:22-29 constructs the OAuth2 callback URL by concatenating the request's Host header with a fixed path, with zero...

EUVD-2026-36567

ApostropheCMS is an open-source Node.js content management system. Version 4.29.0 has a stored cross-site scripting vulnerability in the image widget functionality. A user with the Editor role can configure an image widget link to use a javascript: URL payload. Because editors have permission to...

CVE-2026-45011 Apostrophe has stored XSS via javascript: URL in Image Widget Link

ApostropheCMS is an open-source Node.js content management system. Version 4.29.0 has a stored cross-site scripting vulnerability in the image widget functionality. A user with the Editor role can configure an image widget link to use a javascript: URL payload. Because editors have permission to...

GHSA-GV7W-RQVM-QJHR

creationtimestamp| type| source ---|---|--- 2026-06-12 20:38:57+00:00| seen| https://gist.github.com/konard/f83ae7aaab029a650fe9054d8205dac4 2026-06-13 16:40:27+00:00| seen| https://gist.github.com/konard/10edfaf46f7ba58bdd3e22a15167f9bc 2026-06-13 16:54:05+00:00| seen|...

CVE-2026-54395 MISP UiBeta event index reflected XSS in advanced filter popup

MISP contains a reflected cross-site scripting vulnerability in the UiBeta event index view. The urlparams value is inserted into an inline JavaScript handler using HTML escaping inside a single-quoted JavaScript string. Because browsers HTML-decode attribute values before JavaScript parsing, a...

CVE-2026-54395 MISP UiBeta event index reflected XSS in advanced filter popup

MISP contains a reflected cross-site scripting vulnerability in the UiBeta event index view. The urlparams value is inserted into an inline JavaScript handler using HTML escaping inside a single-quoted JavaScript string. Because browsers HTML-decode attribute values before JavaScript parsing, a...

CVE-2026-50552

Koel is a free, open-source music streaming solution. Prior to version 9.7.1, Koel contains a Server-Side Request Forgery SSRF vulnerability in the radio station creation endpoint POST /api/radio/stations. The url field validation rules are declared without the bail keyword, so the...

GHSA-3P42-W5CH-GG42 TYPO3 CMS has an Open Redirect Vulnerability via Core Utilities

Problem Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attack...

CVE-2026-53407

Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access...