GHSA-7HGR-7H44-33W2

creationtimestamp| type| source ---|---|--- 2026-05-19 20:40:52+00:00| seen| https://gist.github.com/alon710/d948bdbe7f1b3b90439141bced4b12bc...

CVE-2026-5511

creationtimestamp| type| source ---|---|--- 2026-05-19 20:12:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mma7a7eyfy2n...

CVE-2026-42526

creationtimestamp| type| source ---|---|--- 2026-05-19 19:29:34+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mma4tie6mk25 2026-05-19 22:36:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmahaomavt2t...

UBUNTU-CVE-2026-41470

LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP...

CVE-2026-8970

creationtimestamp| type| source ---|---|--- 2026-05-19 16:41:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mm7thpa6i32i 2026-05-19 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/mozilla-products-multiple-vulnerabilities20260520 2026-05-20 02:01:27+00:00| seen|...

GHSA-JGGG-4JG4-V7C6

creationtimestamp| type| source ---|---|--- 2026-05-19 16:40:49+00:00| seen| https://gist.github.com/alon710/4e72f2de4fd57f71c04d127b90b84200...

CVE-2026-42539

creationtimestamp| type| source ---|---|--- 2026-05-19 16:05:50+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mm7rh74g2w2u 2026-06-04 23:26:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnirkk6m7z2f...

CVE-2026-42647

creationtimestamp| type| source ---|---|--- 2026-05-19 13:32:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mm7iucobhh2c 2026-06-01 22:00:28+00:00| published-proof-of-concept| https://t.me/realcodeb0ss/455...

CVE-2026-7307

creationtimestamp| type| source ---|---|--- 2026-05-19 13:17:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mm7i2vkom32i...

CVE-2026-37979

creationtimestamp| type| source ---|---|--- 2026-05-19 12:48:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mm7ggubce42e...

GHSA-8JQP-QV73-395R

creationtimestamp| type| source ---|---|--- 2026-05-19 12:39:14+00:00| seen| Telegram/SPO6iT-d8-bIQWZXI60t6OwvPUIqsHGwkcNiX5JYtOrng...

CVE-2026-8726

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

CVE-2026-8726 SQL Injection in extension "News system" (news)

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

EUVD-2026-30861

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

CVE-2026-8726

CVE-2026-8726 describes an SQL injection in the Typo3 extension experience: the extension fails to properly sanitize user input before using it in a database query, enabling an unauthenticated attacker to inject arbitrary SQL via a URL parameter on pages using the “Date Menu of news articles” plu...

CVE-2026-8726

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

CVE-2026-8726 SQL Injection in extension "News system" (news)

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

PT-2026-41866

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

MAL-2026-4137 Malicious code in jest-date-mock (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in jest-date-mock (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...