CVE-2025-66171

creationtimestamp| type| source ---|---|--- 2026-05-09 04:41:05+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mlfgjejuxq2i...

CVE-2026-41705

creationtimestamp| type| source ---|---|--- 2026-05-09 04:30:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlffwxr3u52o 2026-05-09 18:44:17+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlgvnclkqn2g 2026-05-11 09:04:11+00:00| seen|...

CVE-2026-6665

creationtimestamp| type| source ---|---|--- 2026-05-09 04:25:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlffnzarsx2i 2026-05-09 17:46:47+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlgsgh3l6j2n 2026-05-27 00:07:11+00:00| seen|...

CVE-2026-32445

creationtimestamp| type| source ---|---|--- 2026-05-09 03:33:11+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mlfcpyizrh24...

SUSE CVE-2026-24767

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, a blind Server-Side Request Forgery SSRF vulnerability exists in the uploadViaURL functionality due to an unprotected HEAD request. While the subsequent file retrieval logic correctly enforces SSRF protections, t...

Unity Linux 20.1050e / 20.1070e Security Update: kubernetes (UTSA-2026-017342)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017342 advisory. A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows...

GHSA-MGHP-5CQ4-V6MG Snipe-IT has an open redirect vulnerability

Open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. Impact - Phishing: Redirect users to fake login pages to steal credentials - Session Hijacking: Redirect to attacker site that captures...

CVE-2026-42298

creationtimestamp| type| source ---|---|--- 2026-05-08 23:24:54+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mleuu5h24l2e 2026-05-09 01:13:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlf2wfsfch2p 2026-05-09 03:00:31+00:00| seen|...

CVE-2026-42354

creationtimestamp| type| source ---|---|--- 2026-05-08 23:22:20+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mleupkgzli2z 2026-05-09 00:00:40+00:00| seen| https://infosec.exchange/users/offseq/statuses/116541675237436780 2026-05-09 00:00:42+00:00| seen|...

CVE-2026-42556

Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can create a post can store arbitrary HTML in post content by tampering their own save request and send the public preview link /p/?share=true to another user. The preview page...

CVE-2026-43420

A flaw was found in the Linux kernel's Ceph file system client. A race condition during asynchronous file unlink operations can lead to an inlink counter underrun. This vulnerability allows an attacker to trigger a kernel warning, potentially causing system instability and a Denial of Service DoS...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization through the DeleteUpNodeLink process. An attacker can cause the application to crash and alter the in-memory user-plane topology by sending unauthenticated DELETE requests to the affected endpoint. Remediation...

CVE-2026-42212

creationtimestamp| type| source ---|---|--- 2026-05-08 22:45:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mleso66zco2t...

CVE-2026-8009

An inappropriate implementation flaw was found in the Cast component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496555077...

EUVD-2026-28851

Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the sftp:// or file:// protocol handlers, an attacker can execute arbitrary...

CVE-2026-42307

Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the sftp:// or file:// protocol handlers, an attacker can execute arbitrary...

CVE-2026-41517

creationtimestamp| type| source ---|---|--- 2026-05-08 22:35:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mles3jcrwn2c...

CVE-2026-42556 Postiz stored XSS in public preview page

Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can create a post can store arbitrary HTML in post content by tampering their own save request and send the public preview link /p/?share=true to another user. The preview page...

CVE-2015-0273

creationtimestamp| type| source ---|---|--- 2026-05-08 22:10:30+00:00| seen| https://gist.github.com/infernalheaven/1512d272a18678d67abd80c1781537fd...

CVE-2026-42213 SolidCAM-GPPL-IDE: Path traversal in `inc` directive enables file probing and NTLM-hash leak

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, the inc "filename" directive in GPPL postprocessor files is resolved by GpplDocumentLinkHandler into a clickable link VS Code textDocument/documentLin...