CVE-2026-47398

creationtimestamp| type| source ---|---|--- 2026-05-19 06:35:03+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-78r8-wwqv-r299...

CVE-2026-47394

creationtimestamp| type| source ---|---|--- 2026-05-19 06:34:57+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-9cr9-25q5-8prj...

CVE-2026-42099

creationtimestamp| type| source ---|---|--- 2026-05-19 02:55:00+00:00| seen| https://cert.pl/en/posts/2026/05/CVE-2026-42096 2026-05-21 01:49:33+00:00| seen| https://ccb.belgium.be/advisories/warning-actively-exploited-critical-and-multiple-high-vulnerabilities-sparx-pro-cloud...

OSV-2026-777 Heap-buffer-overflow in md_is_link_title

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=514122612 Crash type: Heap-buffer-overflow READ 1 Crash state: mdislinktitle mdanalyzeinlines mdprocessnormalblockcontents...

PT-2026-42157

Name of the Vulnerable Software and Affected Versions Microsoft Malware Protection Engine versions 1.1.26030.3008 through 1.1.26040.8 Description An improper link resolution issue before file access, known as link following, exists within the Microsoft Malware Protection Engine component of...

CVE-2026-34883

The CVE-2026-34883 affects the Portrait Dell Color Management application (before version 3.7.0) on Windows systems used with Dell monitors. The root cause is a symbolic link vulnerability in the installer that runs with elevated privileges, allowing a local low-privileged user to escalate to Adm...

Microsoft Azure Portal Windows Admin Center 后置链接漏洞

Microsoft Azure Portal Windows Admin Center is a Windows server and hybrid cloud management platform integrated with the Azure Portal by Microsoft Corporation. There is a postback link vulnerability in Microsoft Azure Portal Windows Admin Center, which stems from improper link resolution before...

terrascan 安全漏洞

Trenescan is an open-source infrastructure code static security analysis tool developed by Tenable. Versions of Trenescan 1.18.3 and earlier contain security vulnerabilities. These vulnerabilities stem from server-side request forgeing vulnerabilities in the external URL parsing of uploaded IaC...

PT-2026-41880

A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the /login-actions/restart endpoint—which...

CVE-2026-34883

An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local low-privileged user to escalate privileges to Administrator. During installation, the software writes the file CCFLFamily07Feb11.edr t...

EUVD-2026-30934

An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local low-privileged user to escalate privileges to Administrator. During installation, the software writes the file CCFLFamily07Feb11.edr t...

CVE-2026-34883

An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local low-privileged user to escalate privileges to Administrator. During installation, the software writes the file CCFLFamily07Feb11.edr t...

CVE-2026-34883

An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local low-privileged user to escalate privileges to Administrator. During installation, the software writes the file CCFLFamily07Feb11.edr t...

PT-2026-41934

Name of the Vulnerable Software and Affected Versions Portrait Dell Color Management versions prior to 3.7.0 Description A symbolic link issue exists in the Portrait Dell Color Management application on Windows. A local low-privileged user can escalate privileges to Administrator because the...

VulnCheck KEV: CVE-2026-41091

Improper link resolution before file access 'link following' in Microsoft Defender allows an authorized attacker to elevate privileges locally...

CVE-2026-40930

creationtimestamp| type| source ---|---|--- 2026-05-18 23:21:06+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116598142822807698...

link-chart (>=0.0.0 <=0.1.12) potentially affected by unknown CVE via @antv/ava-react (=3.3.2)

@antv/ava-react NPM version =3.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/ava-react and may be impacted: - link-chart =0.0.0, =0.1.12 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVAVAREACT-16755055...

link-chart (>=0.0.0 <=0.1.12) potentially affected by unknown CVE via @antv/ava-react (=3.3.2)

@antv/ava-react NPM version =3.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/ava-react and may be impacted: - link-chart =0.0.0, =0.1.12 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVAVAREACT-16754882...

@antv/ava-react (>=3.0.0 <=3.3.2-beta.1), @antv/g2 (>=5.1.5 <=5.1.6-beta.1) +12 more potentially affected by unknown CVE via @antv/ava (>=3.0.0-alpha.0 <=3.4.1)

@antv/ava NPM version =3.0.0-alpha.0, =3.0.0, =5.1.5, =0.1.0, =1.0.0, =0.0.1-lb, =0.0.30, =0.0.0, =0.1.1, =1.1.1, =0.0.4, =0.0.1, =0.0.5 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVAVA-16754363...

CVE-2025-65954

Summary: SimpleSAMLphp casserver versions below 6.3.1 and 7.0.0 are affected by an Open Redirect in the logout endpoint. The logout URL parameter (?url=…) is treated as trusted, causing a redirect to an attacker-controlled site or a logout page linking to that URL, depending on configuration. Aff...