CVE-2026-46372

creationtimestamp| type| source ---|---|--- 2026-05-20 08:35:00+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-46372.yaml 2026-05-29 23:00:43+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmznc7rrtw23...

GHSA-FMXF-PM6P-7XGM vulnerabilities

Vulnerabilities for packages: druid, apache-pulsar, tez...

GHSA-VRQ8-3X54-8JJ3 vulnerabilities

Vulnerabilities for packages: chromium...

GHSA-V77Q-JQJ8-8VVQ vulnerabilities

Vulnerabilities for packages: chromium...

GHSA-J89Q-H74W-5C2Q vulnerabilities

Vulnerabilities for packages: chromium...

GHSA-VRQ8-3X54-8JJ3 vulnerabilities

Vulnerabilities for packages: chromium...

GHSA-7W4V-J6PR-V8HV vulnerabilities

Vulnerabilities for packages: chromium...

Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes public and private source code along wi...

Malicious code in cloud-pc-templates (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 044178c5b07f16ba0681f534724c7bcac3c8f39832484c7a3ac51d43a69cd803 The ai login CLI subcommands loginMode huggingface, ollamacloud, ollamalocal each download a proxy script from a mutable refs/heads/main branch of a...

MAL-2026-4528 Malicious code in cloud-pc-templates (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 044178c5b07f16ba0681f534724c7bcac3c8f39832484c7a3ac51d43a69cd803 The ai login CLI subcommands loginMode huggingface, ollamacloud, ollamalocal each download a proxy script from a mutable refs/heads/main branch of a...

PT-2026-42366

goshs is Missing Write Protection for Parametric Data Values in github.com/patrickhener/goshs...

PT-2026-42371

NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access in github.com/orneryd/nornicdb...

PT-2026-42369

Nuclei: Local File Read via require Module Loader Bypass in github.com/projectdiscovery/nuclei...

PT-2026-42370

monetr: Server-side request forgery in Lunch Flow link creation and refresh in github.com/monetr/monetr...

UBUNTU-CVE-2026-45793

Github Actions issued GITHUBTOKEN disclosure in GitHub Actions logs...

CVE-2026-45793

Github Actions issued GITHUBTOKEN disclosure in GitHub Actions logs...

PT-2026-42379

free5GC's SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlers in github.com/free5gc/smf...

Malicious code in tubebrain (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4773b7c6b3832dbd9b733f1bbe60d85f6a85a0764ad0c43345962c09add1cca lib/bootstrap.js contains a hardcoded outbound channel to https://transscendsurvival.org alongside calls to https://api.github.com and reads of...

MAL-2026-4694 Malicious code in tubebrain (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4773b7c6b3832dbd9b733f1bbe60d85f6a85a0764ad0c43345962c09add1cca lib/bootstrap.js contains a hardcoded outbound channel to https://transscendsurvival.org alongside calls to https://api.github.com and reads of...

GHSA-HCF7-66RW-9F5R

creationtimestamp| type| source ---|---|--- 2026-05-19 20:10:50+00:00| seen| https://gist.github.com/alon710/e381dedd3ac6c2888e1321e911d4bec9...