CVE-2026-40092

creationtimestamp| type| source ---|---|--- 2026-05-20 22:44:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmcy7grcig2r...

CVE-2026-9129

creationtimestamp| type| source ---|---|--- 2026-05-20 21:07:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmcsqz245d2p...

CVE-2026-9136

creationtimestamp| type| source ---|---|--- 2026-05-20 20:57:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmcs744lqz2p...

CVE-2026-26028

CryptPad is an end-to-end encrypted collaborative office suite. In versions prior to 2026.2.0, the HTML sanitizer in Diffmarked.js can be bypassed due to incomplete attribute filtering on restricted tags. The sanitizer validates only the src attribute of , , and elements, leaving all other...

EUVD-2026-31176

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into an HTML attribute. Attackers can craft a...

GHSA-GP95-J463-VV28

creationtimestamp| type| source ---|---|--- 2026-05-20 19:10:50+00:00| seen| https://gist.github.com/alon710/ab000f54d49f4216c2a377595eab5831...

GO-2026-4966 monetr: Server-side request forgery in Lunch Flow link creation and refresh in github.com/monetr/monetr

monetr: Server-side request forgery in Lunch Flow link creation and refresh in github.com/monetr/monetr...

CVE-2026-7613

creationtimestamp| type| source ---|---|--- 2026-05-20 19:03:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmcluegihp2r 2026-05-25 02:12:57+00:00| seen| https://bsky.app/profile/donwebmedia.bsky.social/post/3mmnfpf2cmd2i...

CVE-2026-20238

creationtimestamp| type| source ---|---|--- 2026-05-20 18:54:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmcle4nvvp2h...

CVE-2026-26028

CryptPad is an end-to-end encrypted collaborative office suite. In versions prior to 2026.2.0, the HTML sanitizer in Diffmarked.js can be bypassed due to incomplete attribute filtering on restricted tags. The sanitizer validates only the src attribute of , , and elements, leaving all other...

CVE-2026-20171

creationtimestamp| type| source ---|---|--- 2026-05-20 18:47:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmckxnd7wn2h...

CVE-2026-44925

Cross-Site Request Forgery CSRF vulnerability in InfoScale v.9.1.3 Operations Manager VIOM allows an attacker to force the user with an active session into clicking a malicious HTML link, which triggers unintended modifications on VIOM web application without the user's knowledge...

GHSA-CRR4-7RM4-8GPW

creationtimestamp| type| source ---|---|--- 2026-05-20 16:56:46+00:00| seen| https://bsky.app/profile/Whiskeyomega.cupoftea.social.ap.brid.gy/post/3mmceqyeaiq72...

CVE-2026-26028

creationtimestamp| type| source ---|---|--- 2026-05-20 15:52:46+00:00| published-proof-of-concept| https://github.com/cryptpad/cryptpad/security/advisories/GHSA-g2g4-47gv-p72v...

CVE-2026-35671

creationtimestamp| type| source ---|---|--- 2026-05-20 15:46:17+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-xvp4-phqj-cjr3...

GHSA-7VFX-9HWP-C2X4

creationtimestamp| type| source ---|---|--- 2026-05-20 15:46:13+00:00| seen| https://gist.github.com/steig/ddd6193b319e8b70af8f2659034a7922...

CVE-2018-7408

creationtimestamp| type| source ---|---|--- 2026-05-20 15:46:13+00:00| seen| https://gist.github.com/steig/ddd6193b319e8b70af8f2659034a7922...

CVE-2018-1000620

creationtimestamp| type| source ---|---|--- 2026-05-20 15:46:13+00:00| seen| https://gist.github.com/steig/ddd6193b319e8b70af8f2659034a7922...

Interpretation Conflict

Overview symfony/html-sanitizer is a Provides an object-oriented API to sanitize untrusted HTML input for safe insertion into a document's DOM. Affected versions of this package are vulnerable to Interpretation Conflict via URL parsing and policy enforcement in UrlSanitizer/UrlAttributeSanitizer...

Cross-site Scripting (XSS)

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via entity suggestions whilst adding a link to CKEditor5. An attacker can execute arbitrary scripts in...