CVE-2026-13295

creationtimestamp| type| source ---|---|--- 2026-06-27 09:58:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpb74x3lvn2b 2026-06-27 15:16:09+00:00| seen| https://bsky.app/profile/potato.software/post/3mpbquatp6e2i 2026-06-27 15:16:09+00:00| seen|...

CVE-2021-47987

creationtimestamp| type| source ---|---|--- 2026-06-26 02:47:41+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mp5wkxsk6n2h...

CVE-2026-55962

creationtimestamp| type| source ---|---|--- 2026-06-25 21:50:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp5fy2nkfc2s...

CVE-2026-55967

creationtimestamp| type| source ---|---|--- 2026-06-25 18:45:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp53m7oi7h2a...

CVE-2026-47146

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted...

CVE-2026-8658

creationtimestamp| type| source ---|---|--- 2026-06-25 06:04:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp3r4c3iew2b...

Ruby on Rails - Open Redirect via Host Header Injection

Ruby on Rails action pack before 6.1.2.1, 6.0.3.5 contains an open redirect caused by special crafted Host headers in combination with allowed host formats, letting attackers redirect users to malicious websites, exploit requires attacker to control Host headers. id: CVE-2021-22881 info: name: Ru...

CVE-2026-37106

creationtimestamp| type| source ---|---|--- 2026-06-25 03:16:32+00:00| seen| https://gist.github.com/KyrieKlay/3260f4eeea025f2cd1daa7eb1360c5a1...

GHSA-5GF7-WJFM-VMVM

creationtimestamp| type| source ---|---|--- 2026-06-25 00:01:29+00:00| seen| https://bsky.app/profile/slackers.it/post/3mp34su7fvx26...

Malicious code in rstreams-metrics (npm)

The rstreams-metrics npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

CVE-2026-13164

creationtimestamp| type| source ---|---|--- 2026-06-24 17:45:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp2hs5aelg2p...

CVE-2026-56111

creationtimestamp| type| source ---|---|--- 2026-06-24 17:02:36+00:00| seen| https://bsky.app/profile/securitycyberuk.bsky.social/post/3mp2ffu2mqq2o 2026-06-24 18:00:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp2imyrtgz2d...

CVE-2025-71332

creationtimestamp| type| source ---|---|--- 2026-06-24 13:25:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mozzaue52o2s 2026-06-25 11:39:45+00:00| seen| https://bsky.app/profile/cybersecinsight.bsky.social/post/3mp4dthrnkv2p...

GHSA-WCMJ-X466-56MM

creationtimestamp| type| source ---|---|--- 2026-06-24 03:42:03+00:00| seen| https://gist.github.com/alon710/930931f8715581f8f0d0a4111bb621a6...

CVE-2026-27604 FOSSBilling: Improper API Role Validation (system) Enables Unauthenticated Access to Privileged Admin Functions

FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged /api/system/ endpoints. Because system resolves to the cron admin identity,...

Malicious code in new-ecro-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0826d146dbc513ac14f403eaa9ba65dffbd04da52c55ff1840ad153dab96e87 The package publishes verbatim big.js v7.0.1 source including the upstream copyright header, README, repository URL pointing to MikeMcl/big.js, and t...

Malicious code in vitest-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27abcc7f2373309feb253b0cc48b1a8bae7c54a3c43aed0c57add697f4067aba Package name vitest-cli impersonates the official Vitest project while declaring empty author, homepage, repository, and bugs metadata. The...

CVE-2026-48970

creationtimestamp| type| source ---|---|--- 2026-06-22 15:16:08+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mov6jlwa6l2v...

CVE-2026-56448

creationtimestamp| type| source ---|---|--- 2026-06-22 13:30:30+00:00| seen| https://infosec.exchange/users/offseq/statuses/116794001321530958 2026-06-22 13:30:32+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mouymrppti2j 2026-06-22 15:49:41+00:00| seen|...

CVE-2026-35221

creationtimestamp| type| source ---|---|--- 2026-06-22 05:01:44+00:00| seen| https://bsky.app/profile/securitycyberuk.bsky.social/post/3mou46ywiit2v...