CVE-2026-49824

creationtimestamp| type| source ---|---|--- 2026-06-10 19:07:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnxfttjf2f2q...

CVE-2026-0273

creationtimestamp| type| source ---|---|--- 2026-06-10 19:03:31+00:00| seen| https://bsky.app/profile/ripjyr.bsky.social/post/3mnxfn6ayke2z 2026-06-10 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1917 2026-06-11 03:03:21+00:00| seen|...

CVE-2026-0267

creationtimestamp| type| source ---|---|--- 2026-06-10 19:03:23+00:00| seen| https://bsky.app/profile/ripjyr.bsky.social/post/3mnxfmwtg2m2k 2026-06-10 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1917 2026-06-10 22:58:09+00:00| seen|...

CVE-2026-49821

creationtimestamp| type| source ---|---|--- 2026-06-10 19:02:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnxflcnabj26...

MAL-2026-5526 Malicious code in chai-check-error (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e290b42de2cbd4aa74afa6550fc9a0381dfcb0f6996dcdc22254268b391f9f8 [email protected] impersonates the legitimate chaijs/check-error utility copied README, author metadata, repository URL, and exported API surfac...

CVE-2026-20255

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious classic dashboard that...

CVE-2026-45552

creationtimestamp| type| source ---|---|--- 2026-06-10 18:05:44+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3mnxcftj7pj2b...

EUVD-2026-36073

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, HTTPTriggerSpec.Validate validated Methods, FunctionReference, Host, IngressConfig, and CorsConfig, but silently skipped RelativeU...

CVE-2026-46616

Umbraco is an ASP.NET CMS. Prior to versions 13.14.0 and 17.4.0, some of the Surface Controllers in the CMS provide to support member related operations fail to validate redirect URLs, making Razor templates that derive 'RedirectUrl' from user-controlled query parameters vulnerable to malicious...

CVE-2026-8599

creationtimestamp| type| source ---|---|--- 2026-06-10 17:16:25+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mnx7nnk6lv2a...

CVE-2026-20255 Improper Input Validation through Classic Dashboards in Splunk Enterprise

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious classic dashboard that...

CVE-2026-20255

The CVE-2026-20255 issue affects Splunk Enterprise (versions below 10.2.4, 10.0.7, 9.4.12, 9.3.13) and Splunk Cloud Platform (below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, 9.3.2411.132). A low-privilege user can craft a malicious classic dashboard to exfiltrate sensitive data to an external ser...

EUVD-2026-36083

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious classic dashboard that...

CVE-2026-20256

Splunk Enterprise (versions < 10.2.4, 10.0.7, 9.4.12, 9.3.13) and Splunk Cloud Platform (versions

CVE-2026-11603

creationtimestamp| type| source ---|---|--- 2026-06-10 16:16:17+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mnx4c47w5x22...

CVE-2026-53471

creationtimestamp| type| source ---|---|--- 2026-06-10 16:05:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnx3omauls2q 2026-06-18 10:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mokn2xwxmc2k...

EUVD-2026-36069

Umbraco is an ASP.NET CMS. Prior to versions 13.14.0 and 17.4.0, some of the Surface Controllers in the CMS provide to support member related operations fail to validate redirect URLs, making Razor templates that derive 'RedirectUrl' from user-controlled query parameters vulnerable to malicious...

CVE-2026-46616

Umbraco CMS (ASP.NET) contains an Open Redirect vulnerability in Surface Controllers used for member-related operations. Prior to versions 13.14.0 and 17.4.0, redirect URL validation fails for RedirectUrl supplied via user-controlled query parameters, allowing Razor templates to derive RedirectUr...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

CVE-2026-45567 Roxy-WI: Authentication bypass via 'api' substring in URL + unauthenticated /api/gpt

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, there is an authentication bypass vulnerability via 'api' substring in URL + unauthenticated /api/gpt. At time of publication, there are no publicly available patches...