PT-2026-39086

Content removed...

CVE-2026-41202

creationtimestamp| type| source ---|---|--- 2026-05-07 06:17:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlakynbolz2e 2026-05-07 09:00:32+00:00| seen| https://infosec.exchange/users/offseq/statuses/116532473442667986 2026-05-07 09:00:34+00:00| seen|...

CVE-2026-34079

creationtimestamp| type| source ---|---|--- 2026-04-07 23:21:06+00:00| seen| Telegram/WwaVaWmCpWfeYuJ8P8IqcUlHCUAeEgjmrCmKGvAa3A2q2J0 2026-04-08 01:31:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mix5holkl323 2026-04-10 14:32:09+00:00| seen|...

PT-2026-30997

Another CVE CVE-2026-31268 has been assigned and is currently pending publication 🥰 https://t.co/2bfMaVHbE4...

Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library flask-3.1.2 which is vulnerable to CVE-2026-27205

Summary IBM Maximo Application Suite - Predict Component was using vulnerable library flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-27205 DESCRIPTION: Flask is a web server...

CERTFR-2026-ALE-003

creationtimestamp| type| source ---|---|--- 2026-03-20 13:18:20+00:00| seen| https://social.numerique.gouv.fr/users/certfr/statuses/116261696202353385...

CVE-2025-38300

creationtimestamp| type| source ---|---|--- 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/...

CVE-2026-28399

creationtimestamp| type| source ---|---|--- 2026-03-03 19:19:53+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mg6ifbejac2s...

EUVD-2026-4549

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom fields in all versions up to, and including, 20251210 due to insufficient input sanitization and output escaping. This makes it possible for...

EUVD-2026-4569

The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

EUVD-2026-4573

The WP Youtube Video Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce verification on the wpYTVideoGallerySettingSave function. This makes it possible for unauthenticated attackers to modify plugin...

EUVD-2026-4578

The Kalrav AI Agent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the kalravuploadfile AJAX action in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...

EUVD-2026-4586

Not used...

EUVD-2026-4276

MyBB Delete Account Plugin 1.4 contains a cross-site scripting vulnerability in the account deletion reason input field. Attackers can inject malicious scripts that will execute in the admin interface when viewing delete account reasons...

EUVD-2026-4280

In the Linux kernel, the following vulnerability has been resolved: nfsd: check that server is running in unlockfilesystem If we are trying to unlock the filesystem via an administrative interface and nfsd isn't running, it crashes the server. This happens currently because nfsd4revokestates acce...

EUVD-2026-4303

In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: avoid dereferencing ERRPTR in tcfidrinfodestroy syzbot reported a crash in tcactinhw during netns teardown where tcfidrinfodestroy passed an ERRPTR-EBUSY value as a tcaction pointer, leading to an invalid...

EUVD-2026-4318

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: avoid chain re-validation if possible Hamza Mahfooz reports cpu soft lock-ups in nftchainvalidate: watchdog: BUG: soft lockup - CPU1 stuck for 27s! iptables-nft-re:37547 .. RIP: 0010:nftchainvalidate+0xcb/0x1...

EUVD-2026-4316

Missing Authorization vulnerability in Syed Balkhi Sugar Calendar Lite sugar-calendar-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sugar Calendar Lite: from n/a through = 3.10.1...

EUVD-2026-4341

Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Ultimate Reviews ultimate-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Reviews: from n/a through = 3.2.16...

EUVD-2026-4313

Missing Authorization vulnerability in Sergiy Dzysyak Suggestion Toolkit suggestion-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Suggestion Toolkit: from n/a through = 5.0...