CVE-2026-36983

D-Link DCS-932L v2.18.01 is vulnerable to Command Injection in the function sub42EF14 of the file /bin/alphapd. The manipulation of the argument LightSensorControl leads to command injection...

Open Redirect

Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Open Redirect via the help link generation process...

CVE-2026-33359

creationtimestamp| type| source ---|---|--- 2026-05-11 17:39:26+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mllsx6dccq2t...

CVE-2026-41148

creationtimestamp| type| source ---|---|--- 2026-05-11 17:37:06+00:00| published-proof-of-concept| https://github.com/mermaid-js/mermaid/security/advisories/GHSA-xcj9-5m2h-648r 2026-05-23 03:06:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmihrnd37y2n...

CVE-2026-33357

creationtimestamp| type| source ---|---|--- 2026-05-11 17:28:24+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mllsdgz7da2z...

CVE-2026-44658

Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same restriction. The provider maps each RSS/Atom item link into item.url, filters only for presence and...

CVE-2026-7815

creationtimestamp| type| source ---|---|--- 2026-05-11 16:59:04+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mllqoykwir2z 2026-05-26 15:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mmrd4azuq726...

CVE-2026-34094 Customized help link for page protection indicator is relative to subpage name, because the link target is missing the "/wiki/" prefix

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

CVE-2026-34094

CVE-2026-34094 affects Wikimedia Foundation MediaWiki prior to 1.43.7, 1.44.4, and 1.45.2. The issue is in the Page/Article.Php path where a Customized help link for a page protection indicator is relative to the subpage name because the link target is missing the "/wiki/" prefix. This describes ...

CVE-2026-34094 Customized help link for page protection indicator is relative to subpage name, because the link target is missing the "/wiki/" prefix

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

GHSA-PW8R-6689-XVF4

creationtimestamp| type| source ---|---|--- 2026-05-11 16:40:29+00:00| seen| https://gist.github.com/alon710/8d25a2ec6d3cfd7d6115a0f90a1bb719...

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

CVE-2026-7819

Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. checkaccesspermission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storag...

CVE-2026-43447

creationtimestamp| type| source ---|---|--- 2026-05-11 16:00:43+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mllngjiq2t2z...

CVE-2026-8290

creationtimestamp| type| source ---|---|--- 2026-05-11 14:40:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mllix565o62r...

eldenring-util (>=0.1.1 <=0.11.0), luminol-result (=0.4.0) +3 more potentially affected by unknown CVE via steamworks (>=0.10.0 <=0.12.2)

steamworks CARGO version =0.10.0, =0.1.1, =0.1.0, =0.2.1 Source cves: unknown CVE Source advisory: OSV:GHSA-G588-CJG3-6G78...

CVE-2026-7819 pgAdmin 4: Symbolic-link path traversal in File Manager allows arbitrary file write

Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. checkaccesspermission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storag...

CVE-2026-7819

CVE-2026-7819 describes a symbolic-link path traversal in pgAdmin 4 File Manager. The vulnerability arises because check_access_permission used os.path.abspath (resolving ..) but not symbolic links, allowing an authenticated user to plant a symlink within their storage directory that points elsew...

CVE-2026-43462

creationtimestamp| type| source ---|---|--- 2026-05-11 12:34:09+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mllbvbnynb2z...

EUVD-2026-29048

ATutor is vulnerable to Reflected XSS in /install/upgrade.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...