CVE-2026-44214

eventsource-encoder encodes events as well-formed EventSource/Server Sent Event SSE messages. Prior to 1.0.2, eventsource-encoder does not sanitize the event or id fields of an EventSourceMessage before serializing them. An attacker who controls either field can inject arbitrary Server-Sent Event...

CVE-2026-44668

creationtimestamp| type| source ---|---|--- 2026-05-26 19:28:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmrq2hvnlt2p...

CVE-2026-46431

CVE-2026-46431 affects Algernon’s SSE event server prior to version 1.17.7, where Access-Control-Allow-Origin was hardcoded to “*”. This allowed cross-origin EventSource connections to read the live filename stream, compromising confidentiality. The issue is fixed in 1.17.7; upgrading to that ver...

GHSA-HW27-4V2Q-5QFF Algernon: Auto-refresh SSE event server sets Access-Control-Allow-Origin: *

Summary The SSE event server's Access-Control-Allow-Origin response header was hardcoded to the wildcard regardless of the caller's Origin. Because EventSource does not preflight and does not send cookies, the wildcard is sufficient to let any third-party page the developer visits open a...

CVE-2018-25314

creationtimestamp| type| source ---|---|--- 2026-04-29 20:25:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mknwnpzlsb2o 2026-04-29 20:39:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mknxfzyb4u2c...

CVE-2026-40002

creationtimestamp| type| source ---|---|--- 2026-04-17 10:09:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjools7oae2f...

PT-2026-25030

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. Prior to 0.50.1, in a situation where the ring-buffer of a gadget is – incidentally or maliciously – already full, the gadget will silently drop events. Th...

CVE-2026-28486

creationtimestamp| type| source ---|---|--- 2026-03-06 02:04:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mge7w4w5mz2u...

CVE-2025-67850

creationtimestamp| type| source ---|---|--- 2026-02-03 13:16:27+00:00| seen| Telegram/fpMcrY2RALMfsN1onUqQsHu7uTJCJuSmLnazyi9cvEQogc...

CVE-2020-3644

creationtimestamp| type| source ---|---|--- 2026-01-20 08:05:01+00:00| seen| https://infosec.exchange/users/certvde/statuses/115926387351405846...

CVE-2025-13493

creationtimestamp| type| source ---|---|--- 2026-01-07 09:51:32+00:00| seen| https://gist.github.com/Darkcrai86/a7cb2e3df0a8f8a1eed221eaa235d11a 2026-01-07 18:09:18+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbu2sgcer72e...

CVE-2025-49712

creationtimestamp| type| source ---|---|--- 2025-08-12 16:01:32+00:00| seen| https://www.thezdi.com/blog/2025/8/12/the-august-2025-security-update-review 2025-08-13 10:48:37+00:00| seen| https://t.me/truesecator/7322...

CVE-2025-4077

creationtimestamp| type| source ---|---|--- 2025-04-29 18:12:22+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13885 2025-04-29 19:50:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lny2ilcvx62p 2025-04-29 21:01:05+00:00| seen|...

CVE-2025-32445 Users can gain privileged access to the host system and cluster with EventSource and Sensor CR

Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. The EventSource and Sensor...

Privilege Chaining

Overview Affected versions of this package are vulnerable to Privilege Chaining through the spec.template.container configuration in the EventSource and Sensor custom resources. An attacker can gain privileged access to the host system and cluster by injecting commands into a container template...

Privilege Chaining

Overview Affected versions of this package are vulnerable to Privilege Chaining through the spec.template.container configuration in the EventSource and Sensor custom resources. An attacker can gain privileged access to the host system and cluster by injecting commands into a container template...

CVE-2025-31590

creationtimestamp| type| source ---|---|--- 2025-03-31 14:32:17+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9665...

CVE-2025-25036

creationtimestamp| type| source ---|---|--- 2025-03-21 20:24:51+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8428 2025-03-21 22:39:52+00:00| seen| https://t.me/cvedetector/20836 2025-08-11 18:27:48+00:00| seen| MISP/3e4b778d-5810-4171-a915-f1d106684af4...

GHSA-5QPX-23RW-36GG

creationtimestamp| type| source ---|---|--- 2025-01-07 16:07:42+00:00| seen| https://infosec.exchange/users/cve/statuses/113787932641923201 2025-01-07 17:41:49+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/495...

CVE-2024-56607

creationtimestamp| type| source ---|---|--- 2024-12-27 15:18:10+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lecbw22ewn2i 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/...