61137 matches found
CVE-2026-44601
creationtimestamp| type| source ---|---|--- 2026-05-07 10:02:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlaxktsipu2o...
CVE-2026-42194
creationtimestamp| type| source ---|---|--- 2026-05-07 09:52:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlawyv57id2c...
CVE-2026-6805
CVE-2026-6805 affects Cryptobox’s external sharing feature. An attacker who knows a sharing link URL can retrieve information from the server, enabling an offline brute-force attack against the access code associated with that link. The provided documents do not specify affected versions, mitigat...
CVE-2026-6805
Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link...
CVE-2026-6805 Vulnerability on Cryptobox external sharing feature
Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link...
CVE-2026-6805 Vulnerability on Cryptobox external sharing feature
Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link...
CLSA-2026-1778145319 python2: Fix of 3 CVEs
CVE-2025-8194: validate that tarfile member offsets are non-negative to prevent infinite loop / DoS during parsing of malicious tar archives - CVE-2026-4519: reject URLs with leading dashes in webbrowser.open to prevent injection of command-line options into spawned browser process -...
CVE-2026-40878
creationtimestamp| type| source ---|---|--- 2026-05-07 09:12:24+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-40878.yaml...
CVE-2026-41004
creationtimestamp| type| source ---|---|--- 2026-05-07 06:12:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlakplsqy52v 2026-05-07 07:29:50+00:00| seen| https://www.acn.gov.it/portale/w/rilevate-vulnerabilita-in-spring-cloud-config 2026-05-07 14:40:20+00:00| seen|...
CVE-2026-41673
creationtimestamp| type| source ---|---|--- 2026-05-07 06:03:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlak6w345j2v...
CVE-2026-41142
creationtimestamp| type| source ---|---|--- 2026-05-07 05:56:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlajs6pnt62k 2026-05-11 00:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mljy5j5qef2p...
CVE-2026-30693
creationtimestamp| type| source ---|---|--- 2026-05-07 05:51:21+00:00| seen| https://gist.github.com/GaniiGanesh/82723ef74e1e113debe67fd45738ccd5...
CVE-2026-41203
creationtimestamp| type| source ---|---|--- 2026-05-07 05:45:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlaj6f7qlo2k 2026-05-07 07:30:31+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mlap2odhxt2o 2026-05-07 07:30:41+00:00| seen|...
python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API
A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...
GHSA-CP6G-6699-WX9C vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape
Summary NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because path validation uses path.resolve which does not dereference symlinks but module loading uses Node's...
CVE-2026-41413 Istio Vulnerable to SSRF via RequestAuthentication jwksUri
Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhos...
CVE-2026-41656
Admidio is an open-source user management solution. Prior to version 5.0.9, the add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type HTML encoding, allowing path traversal characters ../ to pass through unfiltered. Combined with the absence of CSRF...
GHSA-Q6V9-R226-V65F
creationtimestamp| type| source ---|---|--- 2026-05-07 04:10:29+00:00| seen| https://gist.github.com/alon710/60dab51279f6b991c4df239e6fd329b2...
CVE-2026-42788
creationtimestamp| type| source ---|---|--- 2026-05-07 04:10:29+00:00| seen| https://gist.github.com/alon710/60dab51279f6b991c4df239e6fd329b2...
GHSA-MMPX-JH39-WRV6
creationtimestamp| type| source ---|---|--- 2026-05-07 03:40:29+00:00| seen| https://gist.github.com/alon710/14822427e82604da5dce18ab5080ddb7...