CVE-2026-35025

creationtimestamp| type| source ---|---|--- 2026-06-24 17:20:46+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mp2ggd7tze2e 2026-06-24 17:50:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp2i33pblo2p 2026-06-24 19:39:40+00:00| seen|...

CVE-2026-10091

creationtimestamp| type| source ---|---|--- 2026-06-24 11:49:49+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3moztwkagnv2e...

Lotus Domino R5 and R6 WebMail - Information Disclosure

Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled which is by default allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and t...

CVE-2026-12163

creationtimestamp| type| source ---|---|--- 2026-06-24 00:34:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moyo7ncprk2i...

CVE-2026-48493

creationtimestamp| type| source ---|---|--- 2026-06-23 23:55:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moylygqbc626 2026-06-24 05:42:05+00:00| seen| https://gist.github.com/alon710/0deb8ac6eb09e699071fdbd4071e986c...

CVE-2026-53753

creationtimestamp| type| source ---|---|--- 2026-06-23 20:39:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moyb32agwx26 2026-06-24 01:30:29+00:00| seen| https://infosec.exchange/users/offseq/statuses/116802494595378111...

CVE-2026-54322

creationtimestamp| type| source ---|---|--- 2026-06-23 20:20:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moy7xvxbae2l...

CVE-2026-54323

creationtimestamp| type| source ---|---|--- 2026-06-23 20:11:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moy7ixesuo2r...

CVE-2026-54320

creationtimestamp| type| source ---|---|--- 2026-06-23 20:08:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moy7cs26fp2f...

EUVD-2026-38497

yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. At the file downloa...

CVE-2026-50574

CVE-2026-50574 affects yt-dlp when using aria2c as an external downloader for fragmented manifests (e.g., HLS/DASH). Insufficiently sanitized input passed to aria2c allows attacker-controlled options in the aria2c input file, enabling arbitrary file writes. On Windows, this can cause immediate ar...

Malicious code in date-format-helper2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66c1775ce65ad47476ee1a0f1c7c5373e61466ec3eb4543cc658e67d2de22960 Package is advertised as a React date-formatting utility, but its postinstall.js performs targeted credential harvesting on npm install. The script...

CVE-2026-56222

creationtimestamp| type| source ---|---|--- 2026-06-23 14:02:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moxkvowk242n...

CVE-2026-8378

creationtimestamp| type| source ---|---|--- 2026-06-23 08:16:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mowxko6srr2l...

CVE-2026-9733

Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time which is leaked via t...

CVE-2026-9733

creationtimestamp| type| source ---|---|--- 2026-06-23 08:04:32+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mowwurvmxt2r...

CVE-2026-55655

creationtimestamp| type| source ---|---|--- 2026-06-23 08:01:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mowwprsilu2l...

EUVD-2026-38421

Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time which is leaked via t...

CVE-2026-48502

creationtimestamp| type| source ---|---|--- 2026-06-23 00:45:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mow6ee6ob22q...

CVE-2026-44271

creationtimestamp| type| source ---|---|--- 2026-06-22 23:19:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3movzkayykd2f 2026-06-23 14:04:35+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3moxkylwnok27...