CVE-2018-25417

creationtimestamp| type| source ---|---|--- 2026-05-30 17:16:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mn3kkelk352a...

CVE-2018-25420

creationtimestamp| type| source ---|---|--- 2026-05-30 17:14:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mn3kgjmscx2y...

CVE-2018-25424

creationtimestamp| type| source ---|---|--- 2026-05-30 17:09:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mn3k4eztdw2u...

EUVD-2026-33463

A flaw has been found in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formSetUrlFilter of the file /goform/formSetUrlFilter. This manipulation of the argument keywordlist/keyword causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploi...

CVE-2026-JBrowse-Injection

CVE-2026-XXXXX: JBrowse Configuration Injection via URL Parame...

SUSE CVE-2026-40510

OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in pivprocesshistory in src/libopensc/card-piv.c that allows physically present attackers to trigger memory corruption by presenting a crafted PIV smart card or USB device returning a URL field longe...

SUSE CVE-2026-48522

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...

CVE-2026-46820

creationtimestamp| type| source ---|---|--- 2026-05-30 00:37:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mmzsonegrk2z...

A Lightweight Hybrid MLP-Based Framework for Real-Time Phishing URL Detection Using Structural URL Features

Phishing attacks remain a major cybersecurity threat, exploiting deceptive URLs to steal sensitive user information. Traditional blacklist and rule-based detection approaches are reactive and often fail to identify newly emerging phishing URLs. This paper proposes a lightweight hybrid framework f...

PT-2026-45100

A flaw has been found in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formSetUrlFilter of the file /goform/formSetUrlFilter. This manipulation of the argument keyword list/keyword causes stack-based buffer overflow. The attack is possible to be carried out remotely. The explo...

PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context

Summary PraisonAI's direct-prompt CLI automatically expands @url: mentions in raw prompt text before agent execution begins. If a prompt contains @url:, the CLI calls MentionsParser.process.... The @url: handler then performs a direct urllib.request.urlopen request to the attacker-controlled URL...

CVE-2026-10107

creationtimestamp| type| source ---|---|--- 2026-05-29 22:28:33+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mmzlicfzir2o 2026-05-30 20:01:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mn3tqyigao2p...

Server-side Request Forgery (SSRF)

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper URL validation the spidertools component. An attacker can access internal loopback-only HTTP...

PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings

Summary PraisonAI's spidertools URL validation can be bypassed using alternate loopback host encodings. The affected component is: text praisonaiagents/tools/spidertools.py The tool contains a URL validation function intended to block local or unsafe targets before fetching attacker-controlled...

GHSA-5C6W-WWFQ-7QQM PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings

Summary PraisonAI's spidertools URL validation can be bypassed using alternate loopback host encodings. The affected component is: text praisonaiagents/tools/spidertools.py The tool contains a URL validation function intended to block local or unsafe targets before fetching attacker-controlled...

Nezha's authenticated DDNS webhook configuration allows blind SSRF from the dashboard host

Summary An authenticated Nezha dashboard user can create or update a DDNS profile with provider webhook and configure an arbitrary webhookurl, HTTP method, request body, and headers. When DDNS is triggered for a server that uses that profile, the dashboard process sends the configured request wit...

CVE-2026-48555

creationtimestamp| type| source ---|---|--- 2026-05-29 22:00:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmzjx5wbwy2h...

CVE-2026-44422

creationtimestamp| type| source ---|---|--- 2026-05-29 22:00:46+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmzjwzys5f23 2026-05-30 12:02:06+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116663420594857571...

CVE-2026-45628

creationtimestamp| type| source ---|---|--- 2026-05-29 21:03:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmzgr7rw7j2d 2026-05-30 16:02:16+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mn3gevmjrn2w...

CVE-2026-44420

creationtimestamp| type| source ---|---|--- 2026-05-29 21:01:43+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmzgnhigoh2v 2026-05-30 13:56:13+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116663869287019686...