107412 matches found
CVE-2026-48776
LangGraph Python SDK (versions ≤ 0.3.14) has unsafe URL path construction due to unsanitized caller-supplied identifiers in HTTP request paths, which could address the wrong resource or resource type. Impact: potential unintended access, modification, or deletion of resources beyond the caller's ...
Malicious code in uidai_reusable_components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5875a720dc1cfc6e30a67b003fc43975fbef2e11352e715e19e55e54dd84ae67 On npm install, the preinstall lifecycle script in package.json executes an inline Node one-liner that collects the installer's hostname, OS username...
CVE-2026-48780
creationtimestamp| type| source ---|---|--- 2026-06-16 16:00:31+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mog67gafbm25 2026-06-16 18:03:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mogf2rqlzg2c...
CVE-2026-12328
creationtimestamp| type| source ---|---|--- 2026-06-16 14:58:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mog2qgnwtj2x 2026-06-16 17:00:42+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mogbl2aocw2f 2026-06-17 20:00:00+00:00| seen|...
CVE-2026-9507
creationtimestamp| type| source ---|---|--- 2026-06-16 14:53:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mog2hi73xp2v...
CVE-2026-12324
creationtimestamp| type| source ---|---|--- 2026-06-16 14:33:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mofzdog3of2b 2026-06-17 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/mozilla-products-multiple-vulnerabilities20260618...
CVE-2026-12330
creationtimestamp| type| source ---|---|--- 2026-06-16 14:25:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mofyvbjse52g 2026-06-16 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1924 2026-06-17 20:00:00+00:00| seen|...
CVE-2026-12325
creationtimestamp| type| source ---|---|--- 2026-06-16 14:13:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mofyakf6b62i 2026-06-17 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/mozilla-products-multiple-vulnerabilities20260618...
CVE-2026-53900
creationtimestamp| type| source ---|---|--- 2026-06-16 14:05:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mofxrmn5go2g 2026-06-17 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/mozilla-products-multiple-vulnerabilities20260618...
EUVD-2026-36428
Nuxt: Reflected XSS in via unsanitised javascript: or data: URL...
BIT-MARIADB-2026-44170 MariaDB: Argument injection in CONNECT REST Xcurl on Windows via unsanitized URL
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated table HTTP...
CVE-2026-8444
creationtimestamp| type| source ---|---|--- 2026-06-16 09:27:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mofibk2zkh2g 2026-06-16 17:01:13+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mogbll4sir2c...
CVE-2026-6964
creationtimestamp| type| source ---|---|--- 2026-06-16 07:37:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mofc4ombc72m...
Rejetto HTTP File Server - Template injection
This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. id: CVE-2024-23692 info: name: Rejetto HTTP File Server - Template injection author: johnk3r severity: critical description: | This...
[SECURITY] Fedora 44 Update: perl-Mojo-JWT-1.02-1.fc44
JSON Web Token is described in https://tools.ietf.org/html/rfc7519. Mojo::JWT implements that standard with an API that should feel familiar to Mojolicious users though of course it is useful elsewhere. Indeed, JWT is much like Mojolicious::Sessions except that the result is a URL-safe text strin...
CVE-2026-48599
creationtimestamp| type| source ---|---|--- 2026-06-16 00:15:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moejf54fro22...
CVE-2026-52702
creationtimestamp| type| source ---|---|--- 2026-06-15 23:53:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moei6c4drq2j...
CVE-2026-52692
creationtimestamp| type| source ---|---|--- 2026-06-15 23:01:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3moefbee6n22n...
CVE-2026-11832
creationtimestamp| type| source ---|---|--- 2026-06-15 22:14:06+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3moecmi2a4n2q 2026-06-15 23:57:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moeiet2rl42p 2026-06-17 07:00:40+00:00| seen|...
EUVD-2026-36786
An authenticated Server-Side Request Forgery SSRF in the custom scraper subsystem component of Benjamin Jonard Koillection v1.8.0 allows attackers to scan internal resources via supplying a crafted URL...