CVE-2026-30246

creationtimestamp| type| source ---|---|--- 2026-05-05 04:16:28+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-30246...

CVE-2026-27693

creationtimestamp| type| source ---|---|--- 2026-05-05 04:16:28+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-27693...

CVE-2026-27694

creationtimestamp| type| source ---|---|--- 2026-05-05 04:16:28+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-27694...

PT-2026-37254

Summary Mage ProductAlert AddController::stockAction reads the uenc query parameter and passes it directly to $this- redirectUrl$backUrl without calling $this- isUrlInternal When the supplied product id does not match any catalog product, the server issues an unvalidated HTTP 302 redirect to...

CVE-2026-7738

creationtimestamp| type| source ---|---|--- 2026-05-04 11:11:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkzjyicqro2o...

Malicious Package

Overview @m0ntana/app.web is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Astra Linux – Vulnerability in Firefox, Thunderbird

By misusing a race in our notification code, an attacker could have forcibly hide notifications for pages that had received full-screen and pointer-lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

Astra Linux – Vulnerability in Firefox and Thunderbird

Due to a sequence of events controlled by the attacker, a JavaScript alert dialog with arbitrary although unstyled contents could be displayed over an uncontrolled web page of the attacker’s choice. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

ECHO-676A-E38E-E92A

Bulletin has no description...

CVE-2026-36767

creationtimestamp| type| source ---|---|--- 2026-04-30 19:46:48+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mkqewscpgn2w 2026-04-30 19:47:15+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mkqexlowma2q 2026-04-30 20:43:37+00:00| seen|...

CVE-2026-40595

creationtimestamp| type| source ---|---|--- 2026-04-30 19:46:10+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mkqevntsov2r 2026-04-30 21:51:53+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mkqlwhmhop2f...

CVE-2026-40601

creationtimestamp| type| source ---|---|--- 2026-04-30 19:20:09+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mkqdh4eymd2q 2026-04-30 19:49:00+00:00| seen| https://bsky.app/profile/cybercod.bsky.social/post/3mkqf2pttnz2b...

CVE-2025-14576

creationtimestamp| type| source ---|---|--- 2026-04-30 16:46:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkq2tzsw5o2h...

Malicious code in blackbeards-navigator (npm)

Four pirate-themed npm packages blackbeards-navigator, beusy, sirens-lament, gunpowder-ghost were published by the npm account beusy with heavily inflated version numbers 209.0.0–210.0.0, a hallmark of dependency confusion attacks. Each package contains identical malicious lifecycle scripts...

CVE-2026-37567

creationtimestamp| type| source ---|---|--- 2026-04-30 08:49:10+00:00| seen| https://gist.github.com/sgInnora/5aa1682c359a4f4ced53fc2408936e82...

CVE-2026-7489

creationtimestamp| type| source ---|---|--- 2026-04-30 02:20:00+00:00| seen| https://www.twcert.org.tw/en/cp-139-10895-25ca1-2.html...

CVE-2026-0204

creationtimestamp| type| source ---|---|--- 2026-04-29 19:01:34+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mknrwybg7h2w 2026-04-29 19:18:21+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mknsuzqutq2t 2026-04-30 06:01:26+00:00| seen|...

CVE-2026-26204 Wazuh: Heap-based NULL WRITE Buffer Underflow in GetAlertData

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-based out-of-bounds WRITE occurs in GetAlertData, resulting in writing a NULL byte exactly 1 byte before the start of the buffer allocated by strdup. D...

CVE-2026-26204

Wazuh versions 1.0.0–4.14.3 are affected by a heap-based out-of-bounds write in GetAlertData that writes a NULL byte 1 byte before the start of the buffer allocated by strdup, due to an unsigned underflow. This corrupts heap metadata and can allow a compromised agent to cause denial of service or...

CVE-2026-26204

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-based out-of-bounds WRITE occurs in GetAlertData, resulting in writing a NULL byte exactly 1 byte before the start of the buffer allocated by strdup. D...