CVE-2026-40135

creationtimestamp| type| source ---|---|--- 2026-05-12 05:31:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mln2r4b5qy2h 2026-05-12 14:20:29+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mlnybnopq22h 2026-05-12 14:25:07+00:00| seen|...

CVE-2026-40137

creationtimestamp| type| source ---|---|--- 2026-05-12 05:26:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mln2i5sblj2i 2026-05-12 14:20:29+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mlnybnopq22h 2026-05-12 14:25:07+00:00| seen|...

GHSA-G7CV-RXG3-HMPX

creationtimestamp| type| source ---|---|--- 2026-05-12 04:52:42+00:00| seen| https://gist.github.com/nrajlekhak/84bda8dc75e9212c7699a79bb34fa4dc 2026-05-12 11:45:22+00:00| seen| https://gist.github.com/maskeynihal/e780ed1e48c56592fc6612591a4bd420 2026-05-12 16:58:08+00:00| seen|...

SUSE CVE-2026-43420

In the Linux kernel, the following vulnerability has been resolved: ceph: fix inlink underrun during async unlink During async unlink, we drop the inlink counter before we receive the completion that will eventually update the inlink because "we assume that the unlink will succeed". That is not a...

CVE-2026-40137

SAP CVE-2026-40137 affects the SAP TAF_APPLAUNCHER component of Business Server Pages. It describes a Cross-Site Scripting (XSS) issue where an unauthenticated attacker can craft malicious links that, when a victim clicks, redirect to attacker‑controlled sites and potentially expose or alter info...

CVE-2026-27682 Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages)

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver Application Server ABAP Applications based on Business Server Pages, an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the...

EUVD-2026-29349

A vulnerability was detected in D-Link DIR-816 1.10CNB05R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ipaddress results in command injection. The attack can be initiated remotely. The exploit is now public and may be used...

Exploit for Race Condition Enabling Link Following in Linuxfoundation Runc

CVE-2025-31133 Compose Build Lab This lab is a small PaaS sim...

CVE-2026-8346

A vulnerability was detected in D-Link DIR-816 1.10CNB05R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ipaddress results in command injection. The attack can be initiated remotely. The exploit is now public and may be used...

NanaZip 代码问题漏洞

NanaZip is a compression software open source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1698.0 had code-related vulnerabilities. These vulnerabilities stemmed from the UFS/UFS2 file system image parser, which unconditionally treated the root inode as a directory without checking...

PT-2026-39918

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP affected versions not specified Description A reflected cross-site scripting XSS issue exists in SAP NetWeaver Application Server ABAP within applications based on Business Server Pages. An unauthenticated...

Siemens多款产品 代码问题漏洞

The Siemens RUGGEDCOM RM1224 is a wireless router produced by the German company Siemens. It provides data communication for roaming locations, with the capability to connect via 4G LTE and automatically fall back to 3G UMTS or EVDO cellular networks. Several Siemens products have code...

HashiCorp Tooling 后置链接漏洞

HashiCorp Tooling is a series of software tools developed by HashiCorp Inc., aimed at infrastructure automation, cloud resource management, and security operations. Versions of HashiCorp Tooling prior to 0.42.0 contained a postback link vulnerability. This vulnerability stemmed from a sandbox pat...

Microsoft Visual Studio Code 后置链接漏洞

Microsoft Visual Studio Code is an open-source code editor developed by the American company Microsoft. Microsoft Visual Studio Code has a postman link vulnerability. Attackers can exploit this vulnerability to bypass certain features...

ip-address 跨站脚本漏洞

ip-address is a JavaScript library developed by Beau Gunderson, designed for verifying and manipulating IPv4 and IPv6 addresses. Versions prior to 10.1.1 of ip-address had a cross-site scripting vulnerability. This vulnerability stemmed from the Address6.group and Address6.link methods not proper...

HashiCorp Nomad和HashiCorp Nomad Enterprise 后置链接漏洞

HashiCorp Nomad and HashiCorp Nomad Enterprise are both products from HashiCorp, a company based in the United States. HashiCorp Nomad is a simple and flexible scheduler and orchestrator. It’s used for managing containers and non-containerized applications on both local and cloud environments...

HashiCorp Nomad 后置链接漏洞

HashiCorp Nomad is a simple and flexible scheduler and orchestrator provided by the American company HashiCorp. It is used for managing containers and non-containerized applications on both local and cloud environments. Versions of HashiCorp Nomad prior to 0.1.2 contained a post-installation...

PT-2026-39958

The Credits Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the 'credits' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2026-40280

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

D-Link DIR-816 注入漏洞

The D-Link DIR-816 is a wireless router produced by D-Link Corporation. The D-Link DIR-816 1.10CNB05R1B011D88210 version has a vulnerability related to command injection, which stems from operations on the ipaddress parameter...