107425 matches found
CVE-2026-48865
creationtimestamp| type| source ---|---|--- 2026-06-01 16:52:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnak3ugcll2k...
CVE-2026-45278 Nextcloud: Open Redirect in user_oidc login flow via protocol-relative URL bypass
Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2...
CVE-2026-45278 Nextcloud: Open Redirect in user_oidc login flow via protocol-relative URL bypass
Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2...
CVE-2026-42680
creationtimestamp| type| source ---|---|--- 2026-06-01 15:48:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnagkdkjei2n...
CVE-2026-8931
creationtimestamp| type| source ---|---|--- 2026-06-01 15:28:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnafgjihlf2c...
CVE-2026-42674 WordPress Advanced Access Manager plugin <= 7.1.0 - Bypass Vulnerability vulnerability
Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding. This issue affects Advanced Access Manager: from n/a through 7.1.0...
CVE-2026-42674 WordPress Advanced Access Manager plugin <= 7.1.0 - Bypass Vulnerability vulnerability
Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding. This issue affects Advanced Access Manager: from n/a through 7.1.0...
CVE-2026-10244
creationtimestamp| type| source ---|---|--- 2026-06-01 13:30:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mna6tphg5v2t...
CVE-2026-9309
Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in arbitrary JavaScrip...
CVE-2026-9309
Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in arbitrary JavaScrip...
CVE-2026-10229
creationtimestamp| type| source ---|---|--- 2026-06-01 10:29:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mn7uqgbsf52j...
CVE-2026-49328 Apache Fesod (Incubating): Improper validation of user-supplied URLs leading to SSRF
Server-Side Request Forgery SSRF in the UrlImageConverter component of Apache Fesod Incubating fesod-sheet before 2.0.2-incubating allows attackers to cause outbound network requests to internal or otherwise restricted resources via a user-supplied image URL. Users are recommended to upgrade to...
CVE-2026-49328
Server-Side Request Forgery SSRF in the UrlImageConverter component of Apache Fesod Incubating fesod-sheet before 2.0.2-incubating allows attackers to cause outbound network requests to internal or otherwise restricted resources via a user-supplied image URL. Users are recommended to upgrade to...
CVE-2026-10214
creationtimestamp| type| source ---|---|--- 2026-06-01 08:30:18+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mn7o2lz7u52v...
CVE-2026-10240
A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly...
CVE-2026-40961 Apache Airflow: Open Redirect Bypass Vulnerability
A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the issafeurl check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to apache-airflow 3.2.2 or later. As a defense-in-dept...
EUVD-2026-33597
A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the issafeurl check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to apache-airflow 3.2.2 or later. As a defense-in-dept...
CVE-2026-48189
creationtimestamp| type| source ---|---|--- 2026-06-01 07:37:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mn7l4o2yyv2j...
CVE-2026-48187
creationtimestamp| type| source ---|---|--- 2026-06-01 07:18:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mn7k24cjqt2e...
CVE-2026-48209
creationtimestamp| type| source ---|---|--- 2026-06-01 07:14:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mn7jtf3e432e...