uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online auctions and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleaning of the filter functions for...

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleaning of the filter functions for t...

PT-2026-39491

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. The date created, date from, date to, and created at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET reques...

PT-2026-39494

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the backend/mailingLog/manage module. The date created, date from, date to, and created at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via...

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleanup of the filter functions for th...

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online auctions and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleanup of the filter functions for t...

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the filter functions for the...

PT-2026-39490

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the posts/manage module. The date created, date from, date to, and created at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET...

CVE-2026-8194

creationtimestamp| type| source ---|---|--- 2026-05-09 22:05:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlhaua5h5m2i...

CVE-2026-42571

creationtimestamp| type| source ---|---|--- 2026-05-09 21:49:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlh7zev7at2t 2026-05-10 00:00:43+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mlhhd4dhnd2p 2026-05-10 00:01:03+00:00| seen|...

CVE-2026-42258

creationtimestamp| type| source ---|---|--- 2026-05-09 21:18:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlh6bqgjhp2c 2026-05-10 12:01:26+00:00| seen| https://bsky.app/profile/lambdawatchdog.bsky.social/post/3mliplvolm72y...

CVE-2026-8186

creationtimestamp| type| source ---|---|--- 2026-05-09 14:55:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlgitldbrp2p...

CVE-2026-32683

creationtimestamp| type| source ---|---|--- 2026-05-09 12:30:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlgaq35vbe2n 2026-05-18 02:00:04+00:00| seen| https://t.me/GithubRedTeam/84618 2026-05-18 03:00:14+00:00| published-proof-of-concept|...

CVE-2026-28390 affecting package edk2 for versions less than 20240524git3e722403cd16-16

CVE-2026-28390 affecting package edk2 for versions less than 20240524git3e722403cd16-16. A patched version of the package is available...

SUSE CVE-2026-39820

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

NPM: Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()

NPM: Hono has improper validation of NumericDate claims exp, nbf, iat in JWT verify vulnerability discovered by ? in WordPress Npm hono versions 4.12.18...

Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()

Summary Improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This issue is not exploitable by an anonymous attacker; it only manifests when a malformed claim value reaches...

GHSA-HM8Q-7F3Q-5F36 Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()

Summary Improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This issue is not exploitable by an anonymous attacker; it only manifests when a malformed claim value reaches...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: glib2 (UTSA-2026-016813)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016813 advisory. A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the gdatetimenewfromiso8601 function...

PT-2026-39329

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.18 Description Improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This occurs because the...