MAL-2026-3999 Malicious code in @antv/geo-coord (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

CVE-2026-3471

Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which allows a malicious server owner to repeated crash the application via calling window.open'javascript:alert';. Mattermost Advisory ID: MMSA-2026-00...

EUVD-2026-30757

Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which allows a malicious server owner to repeated crash the application via calling window.open'javascript:alert';. Mattermost Advisory ID: MMSA-2026-00...

CVE-2026-3471 Opening a window with {{javascript:alert()}} as URL causes crash in the Mattermost Desktop App

Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which allows a malicious server owner to repeated crash the application via calling window.open'javascript:alert';. Mattermost Advisory ID: MMSA-2026-00...

CVE-2026-8782

creationtimestamp| type| source ---|---|--- 2026-05-18 06:08:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mm47kzzxps2c...

CVE-2018-25328

creationtimestamp| type| source ---|---|--- 2026-05-17 14:56:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mm2mmwodr52k...

CVE-2026-8657

creationtimestamp| type| source ---|---|--- 2026-05-17 01:30:29+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mlz7m3b64q22 2026-05-17 01:30:47+00:00| seen| https://infosec.exchange/users/offseq/statuses/116587326764358912...

CVE-2026-41427

creationtimestamp| type| source ---|---|--- 2026-05-16 16:32:11+00:00| seen| https://gist.github.com/yanchuk/859e9c10826efe814725781953466c18...

CVE-2026-42207

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, MageProductAlertAddController::stockAction reads the uenc query parameter and passes...

brainfart (>=0.1.0 <=0.3.0), calibrate-agent (>=0.0.1 <=0.0.26) +47 more potentially affected by CVE-2026-44716 via pipecat-ai (>=0.0.90 <=1.1.0)

pipecat-ai PYPI version =0.0.90, =0.1.0, =0.0.1, =0.0.8, =0.1.0, =0.0.18, =0.0.2, =0.0.0, =1.0.0b3, =0.1.2, =0.0.1, =0.0.1, =0.0.4 and more Source cves: CVE-2026-44716 Source advisory: SNYK:PYTHON-PIPECATAI-16700145...

CVE-2026-3160

creationtimestamp| type| source ---|---|--- 2026-05-14 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities20260515...

CVE-2025-38708

creationtimestamp| type| source ---|---|--- 2026-05-14 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-134-10...

CVE-2019-13103

creationtimestamp| type| source ---|---|--- 2026-05-14 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-134-16...

CVE-2026-46391

creationtimestamp| type| source ---|---|--- 2026-05-14 09:00:04+00:00| seen| Telegram/Ab4OFqOZ0GdnyIUaC77uZ2CbzoeHzhCrZHfEopJ-gCMQVg 2026-05-19 14:44:46+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-4fg7-f244-3j49...

CVE-2026-0247

creationtimestamp| type| source ---|---|--- 2026-05-14 06:51:24+00:00| seen| https://www.acn.gov.it/portale/w/vulnerabilita-in-prodotti-palo-alto-networks-1...

CVE-2026-0251

creationtimestamp| type| source ---|---|--- 2026-05-13 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/palo-alto-products-multiple-vulnerabilities20260514 2026-05-13 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1869 2026-05-14 06:51:24+00:00| seen|...

nautobot-ai-ops (>=1.0.0 <=1.0.4), nautobot-bgp-models (>=0.7.0 <=1.0.0) +31 more potentially affected by CVE-2026-44798 via nautobot (>=1.0.3 <=2.4.22)

nautobot PYPI version =1.0.3, =1.0.0, =0.7.0, =1.1.0, =1.6.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =2.0.2 and more Source cves: CVE-2026-44798 Source advisory: OSV:GHSA-P3HX-PWF3-J8WR...

Malicious Package

Overview load-bufferjs is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

[Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud

TL;DR: Stop chasing thousands of "toast" alerts. Join experts from Wiz to learn how hackers connect tiny flaws to build a "Lethal Chain" to your data—and how to break it. Register for the Strategic Briefing Here. Most security tools work like a smoke alarm that goes off every time you burn a piec...

CVE-2026-44347

creationtimestamp| type| source ---|---|--- 2026-05-13 01:17:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlp4znj3va2h...