CVE-2026-41972

creationtimestamp| type| source ---|---|--- 2026-06-09 11:33:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnu3znjo332e...

CVE-2026-47347

Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attacks. This...

CVE-2026-41983

creationtimestamp| type| source ---|---|--- 2026-06-09 11:02:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnu2bgyoph2e...

CVE-2026-41973

creationtimestamp| type| source ---|---|--- 2026-06-09 10:53:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mntzsnxf5s2u...

CVE-2026-47347 TYPO3 CMS - Open Redirect in Core Utilities

Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attacks. This...

CVE-2026-47347

CVE-2026-47347 affects TYPO3 CMS where GeneralUtility::sanitizeLocalUrl can be bypassed, enabling an open redirect if a URL is used after sanitization. Affected versions are older: 10.4.57, 11.0.0–11.5.50, 12.0.0–12.4.45, 13.0.0–13.4.30, and 14.0.0–14.3.2. The CVE entry notes the impact as open r...

CVE-2026-47347 TYPO3 CMS - Open Redirect in Core Utilities

Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attacks. This...

CVE-2026-41007

creationtimestamp| type| source ---|---|--- 2026-06-09 08:01:23+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mntq6af5ab2n...

CVE-2026-46749

creationtimestamp| type| source ---|---|--- 2026-06-09 07:30:01+00:00| seen| https://www.acn.gov.it/portale/w/aggiornamenti-per-prodotti-siemens-22 2026-06-09 11:00:49+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnu273c2t32n...

CVE-2026-8499

creationtimestamp| type| source ---|---|--- 2026-06-09 07:24:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnto3pp7i72m 2026-06-11 15:16:16+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mnzjfhayk42t...

CVE-2026-8904

creationtimestamp| type| source ---|---|--- 2026-06-09 07:07:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mntn5ysy4q2v 2026-06-11 20:16:08+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mo225w5h2k26...

CVE-2026-9662

creationtimestamp| type| source ---|---|--- 2026-06-09 06:06:24+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mntjfl5xe42o 2026-06-09 07:13:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mntnisftxr2v 2026-06-10 06:16:06+00:00| seen|...

CVE-2026-41854

Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery SSRF attack. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18...

UBUNTU-CVE-2026-41854

Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery SSRF attack. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18...

CVE-2026-41854

The CVE affects Spring Framework 7.0.0–7.0.7 and 6.2.0–6.2.18, where incorrect host parsing in UriComponentsBuilder may allow a server-side request forgery (SSRF) when parsing an externally provided URL string. The vulnerability is described as an SSRF condition resulting from this parsing flaw. ...

CVE-2026-8904 FastPicker, an order picker and order management system (oms) for WooCommerce on steroids <= 1.0.2 - Cross-Site Request Forgery via Settings Save

The FastPicker, an order picker and order management system oms for WooCommerce on steroids plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the settingsPage function. This makes i...

CVE-2026-44746

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...

CVE-2026-44757

CVE-2026-44757 affects SAP Wily Introscope Enterprise Manager. The vulnerability is a Cross-Site Scripting (XSS) issue where an unauthenticated attacker can craft a specially crafted URL. When a victim visits the URL, injected script could execute in the user’s browser within the application cont...

CVE-2026-44757

SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injected script could execute in the user�s browser within the context of the application. This issue has a low impact on the...

CVE-2026-44746 Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS Java (JDBC Test Servlet)

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...