CVE-2026-0251

creationtimestamp| type| source ---|---|--- 2026-05-13 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/palo-alto-products-multiple-vulnerabilities20260514 2026-05-13 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1869 2026-05-14 06:51:24+00:00| seen|...

nautobot-ai-ops (>=1.0.0 <=1.0.4), nautobot-bgp-models (>=0.7.0 <=1.0.0) +31 more potentially affected by CVE-2026-44798 via nautobot (>=1.0.3 <=2.4.22)

nautobot PYPI version =1.0.3, =1.0.0, =0.7.0, =1.1.0, =1.6.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =2.0.2 and more Source cves: CVE-2026-44798 Source advisory: OSV:GHSA-P3HX-PWF3-J8WR...

Malicious Package

Overview load-bufferjs is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

[Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud

TL;DR: Stop chasing thousands of "toast" alerts. Join experts from Wiz to learn how hackers connect tiny flaws to build a "Lethal Chain" to your data—and how to break it. Register for the Strategic Briefing Here. Most security tools work like a smoke alarm that goes off every time you burn a piec...

CVE-2026-44347

creationtimestamp| type| source ---|---|--- 2026-05-13 01:17:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlp4znj3va2h...

CVE-2026-45185

creationtimestamp| type| source ---|---|--- 2026-05-12 14:44:00+00:00| seen| https://thehackernews.com/2026/05/new-exim-bdat-vulnerability-exposes.html 2026-05-12 18:00:04+00:00| seen| https://t.me/GithubRedTeam/83976 2026-05-12 23:00:14+00:00| seen|...

CVE-2026-45211

creationtimestamp| type| source ---|---|--- 2026-05-12 11:58:50+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlnqf2q7ij2w 2026-05-12 11:59:25+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlnqg3vdmc2g...

CVE-2026-6813

creationtimestamp| type| source ---|---|--- 2026-05-12 11:42:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlnpi57c3y2t 2026-05-13 00:33:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mlp2jsnit52s...

CVE-2026-7432

creationtimestamp| type| source ---|---|--- 2026-05-12 08:04:32+00:00| seen| https://www.acn.gov.it/portale/w/ivanti-may-security-update-1 2026-05-12 08:27:11+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/ivanti-security-advisory-av26-450 2026-05-14 02:55:50+00:00| seen|...

CVE-2026-8043

creationtimestamp| type| source ---|---|--- 2026-05-12 08:04:32+00:00| seen| https://www.acn.gov.it/portale/w/ivanti-may-security-update-1 2026-05-12 08:27:11+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/ivanti-security-advisory-av26-450 2026-05-12 16:16:31+00:00| seen|...

Malicious code in @tanstack/arktype-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00740c1707de87fdde677d596049a754c3269e6b54875d76eb4934a1368b7112 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2026-33359

In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...

CVE-2026-33359 Meari unauthenticated alert image access in cloud object storage

In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...

CVE-2026-33359

Meari IoT Cloud uses Alibaba OSS for alert image storage; motion snapshots can be retrieved without authentication, signed URLs, or expiry enforcement. This affects motion alert images exposed as direct object references, with URLs remaining valid beyond expected windows. Root cause is lack of ac...

CVE-2026-33359 Meari unauthenticated alert image access in cloud object storage

In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...

CVE-2025-43992

creationtimestamp| type| source ---|---|--- 2026-05-11 11:23:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mll5wlesuw2r 2026-05-25 14:02:52+00:00| seen| https://bsky.app/profile/getpokemon7.bsky.social/post/3mmonescdwk2f...

CVE-2026-45401

creationtimestamp| type| source ---|---|--- 2026-05-10 19:43:36+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-rh5x-h6pp-cjj6 2026-05-26 08:00:06+00:00| seen| https://t.me/GithubRedTeam/85934 2026-05-27 21:12:27+00:00| seen|...

MAL-2026-3404 Malicious code in @matjp/dvi-decode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 285904d13f5d698c3c33461fe969265ca73c3041db80eabe5637c1ebd3f3ca9b The package @matjp/dvi-decode was found to contain malicious code. Source: ossf-package-analysis...

CVE-2026-8215

creationtimestamp| type| source ---|---|--- 2026-05-09 16:16:08+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-8215 2026-05-10 04:29:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlhwehud7a2c...

CVE-2026-8214

creationtimestamp| type| source ---|---|--- 2026-05-09 16:16:07+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-8214 2026-05-10 04:35:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlhwp7u3q62h...