CVE-2026-42091

creationtimestamp| type| source ---|---|--- 2026-05-04 18:26:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml2cdogi7q2k...

CVE-2026-42076

creationtimestamp| type| source ---|---|--- 2026-05-04 18:08:51+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3ml2bdddqo62n...

CVE-2026-41358

creationtimestamp| type| source ---|---|--- 2026-05-04 17:10:29+00:00| seen| https://gist.github.com/alon710/d4f3d9fbcfea6645ceefb383fa46637f...

EUVD-2025-209611

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Tegsoft Management and Information Services Trade Limited Company Online Support Application allows Reflected XSS. This issue affects Online Support Application: from V3 through 31122025...

CVE-2026-7721

creationtimestamp| type| source ---|---|--- 2026-05-04 06:57:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkz3srlohr2e...

CVE-2026-7735

creationtimestamp| type| source ---|---|--- 2026-05-04 06:51:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkz3hedhnt2q...

CVE-2026-7717

creationtimestamp| type| source ---|---|--- 2026-05-04 01:17:58+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mkyitpy4ep2l 2026-05-04 03:06:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkyovthfca2r...

PT-2026-37360

sui-execution-cut included a build script that attempted to exfiltrate data from the build machine. The malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io...

PT-2026-37358

mysten-metrics included a build script that attempted to exfiltrate data from the build machine. The malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io...

Astra Linux - уязвимость в fontforge

Splinefont in FontForge, with a version number of 20230101, allows for command injection via crafted filenames...

Astra Linux - уязвимость в thunderbird, firefox

The date picker may partially obscure security prompts. A malicious site could use this feature to trick users into granting permissions. This vulnerability affects Firefox 129, Firefox ESR 115.14, Firefox ESR 128.1, Thunderbird 128.1, and Thunderbird 115.14...

Astra Linux - уязвимость в thunderbird

The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If this information is present, Thunderbird does not compare the signature creation date with the message date and time, and displays a valid signature even if there is a mismatch...

Astra Linux - уязвимость в thunderbird

An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email’s date will be displayed. If the dates are different, then Thunderbird does not report the email as having an invalid signature. I...

Astra Linux - уязвимость в glib2.0

A flaw was discovered in GLib. Integer overflow and buffer under-read occur when parsing a long, invalid ISO 8601 timestamp using the gdatetimenewfromiso8601 function...

CVE-2022-24424

creationtimestamp| type| source ---|---|--- 2026-05-03 22:00:29+00:00| seen| https://bsky.app/profile/lbtoday1.bsky.social/post/3mky5smwc5s2f...

[SECURITY] Fedora 43 Update: insight-18.0.50.20260306-3.fc43

Insight is a tight graphical user interface to GDB written in Tcl/Tk. It provides a comprehensive interface that enables users to harness most of GDB's power. It's also probably the only up-to-date UI for the latest GDB version...

CVE-2026-0703

The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xlwctycurrentdate' shortcode in all versions up to, and including, 2.23.0 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2026-0703

Affected software: NextMove Lite – Thank You Page for WooCommerce plugin for WordPress. Vulnerability: Stored Cross-Site Scripting via the plugin’s** 'xlwcty_current_date' shortcode. Root cause: insufficient input sanitization and output escaping on user-supplied attributes. Versions impacted: al...

PT-2026-36616

The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xlwcty current date' shortcode in all versions up to, and including, 2.23.0 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2026-44001

creationtimestamp| type| source ---|---|--- 2026-05-01 20:43:31+00:00| published-proof-of-concept| https://github.com/patriksimek/vm2/security/advisories/GHSA-hw58-p9xv-2mjh 2026-05-13 21:45:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlrbn3ni6e2c 2026-05-14 18:37:07+00:00|...