CVE-2026-9742

creationtimestamp| type| source ---|---|--- 2026-06-10 00:00:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnvfrbwiz42g 2026-06-11 12:45:07+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mnzaxhchwy25...

CVE-2026-9753

creationtimestamp| type| source ---|---|--- 2026-06-10 00:00:14+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnvfqs4fsk2n 2026-06-11 12:45:09+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mnzaxhchwy25...

PT-2026-48495

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious classic dashboard that...

NSA Ghidra 参数注入漏洞

NSA Ghidra is an open-source reverse-engineering tool developed by the National Security Agency National Security Agency of the United States. Prior to version 12.1 of NSA Ghidra, there was a parameter injection vulnerability. This vulnerability stemmed from improper escaping of the ‘cmd.exe’...

PT-2026-48496

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could cause data exfiltration through classic...

Migration assessment 安全漏洞

Migration assessment is an open-source tool developed by KubeV2V for evaluating and providing migration recommendations for VMware environments. There is a security vulnerability in Migration assessment. This vulnerability stems from the /api/v1/sources/id/image-url endpoint, where improper acces...

Roxy-WI 授权问题漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier have a vulnerability related to authorization. This vulnerability arises from using the API substring in the URL and unauthenticated /api/gpt endpoints,...

Fission 输入验证错误漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.25.0 contained a input validation vulnerability. This vulnerability stemmed from the HTTPTriggerSpec.Validate method, which ignored the RelativeURL and Prefix fields during validation. As a...

PT-2026-48411

Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious project file with a ghidra:// URL that, when opened via File → Open Project, deserializes...

Linux Distros Unpatched Vulnerability : CVE-2026-41854

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a...

PT-2026-48514

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, HTTPTriggerSpec.Validate validated Methods, FunctionReference, Host, IngressConfig, and CorsConfig, but silently skipped RelativeU...

PT-2026-48458

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the login flow allow-lists next URLs by rejecting strings containing https:// or http:// substrings, then constructs https://request.hostnext url and the JS client redirects via...

PT-2026-48446

A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser...

PT-2026-48548

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validation before runtime document and media fetching. However, the IPv4 validation logic present starting...

Roxy-WI 输入验证错误漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier contain a vulnerability related to input validation errors. This vulnerability arises from the next URL validation in the login process not considering the...

PT-2026-48444

Name of the Vulnerable Software and Affected Versions migration-planner affected versions not specified Description An improper access control flaw exists in the '/api/v1/sources/id/image-url' endpoint. An authenticated attacker can bypass ownership checks to obtain presigned S3 URLs for Open...

PT-2026-48394

The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gridpropertiesborderColor' and 'gridimagesNattachment url' Parameters in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping. This makes it possible for...

Linux Distros Unpatched Vulnerability : CVE-2026-8833

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an...

EulerOS 2.0 SP13 : golang (EulerOS-SA-2026-2291)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.CVE-2026-25679 Actions which insert URLs into the...

CVE-2026-46546

Summary: CVE-2026-46546 affects Frappe LMS. Before v2.53.0, an authenticated user could insert crafted content in certain user-editable fields, which—when surfaced in page metadata—caused visitors’ browsers to navigate to an attacker-chosen URL. The issue has been patched in v2.53.0. Impact (as s...