GHSA-V2V4-37R5-5V8G ip-address has XSS in Address6 HTML-emitting methods

Summary Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6 constructor for invalid input can contain unescaped attacker-controlled content in one branch. An...

CVE-2026-7856

creationtimestamp| type| source ---|---|--- 2026-05-05 21:46:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml55xpmzzk2i...

CVE-2026-33190

creationtimestamp| type| source ---|---|--- 2026-05-05 21:42:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml55pzrfbp2k...

CVE-2026-32934

creationtimestamp| type| source ---|---|--- 2026-05-05 21:38:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml55jcl3da2v...

EUVD-2026-27488

A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the file /usergroup.asp of the component CGI Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and m...

EUVD-2026-27430

A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function urlruleasp of the file /urlrule.asp of the component POST Parameter Handler. Such manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploi...

EUVD-2026-27486

A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an unknown part of the file /urlmember.asp of the component Web Management Interface. Executing a manipulation of the argument Name can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and...

EUVD-2026-27432

A vulnerability was detected in D-Link DI-8100 16.07.26A1. Affected by this issue is the function tgglasp of the file /tggl.asp of the component HTTP Request Handler. Performing a manipulation of the argument Name results in buffer overflow. The attack can be initiated remotely. The exploit is no...

CVE-2026-40331

creationtimestamp| type| source ---|---|--- 2026-05-05 21:18:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml54fnlunr2i...

PocketBase vulnerable to account pre-hijacking via OAuth2 unverfied->verified autolinking upgrade

A pre-hijacking issue was discovered with the OAuth2 autolinking by Alardiians. In some situations, if an attacker knows the email address of the victim they can create and link an unverified PocketBase user in advance by authenticating with one of the OAuth2 app providers, e.g. "A". When the...

CVE-2026-41950

Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit...

GHSA-7JRR-XW9C-MJ39

creationtimestamp| type| source ---|---|--- 2026-05-05 21:10:29+00:00| seen| https://gist.github.com/alon710/26efd138450d4334005446be8418f3bc...

CVE-2026-34458

creationtimestamp| type| source ---|---|--- 2026-05-05 20:57:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml537ce7c32i 2026-05-06 00:00:41+00:00| seen| https://infosec.exchange/users/offseq/statuses/116524688383360552 2026-05-06 00:00:43+00:00| seen|...

CVE-2026-33975

creationtimestamp| type| source ---|---|--- 2026-05-05 20:46:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml52mdhzw52p...

CVE-2026-34596

creationtimestamp| type| source ---|---|--- 2026-05-05 20:40:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml52bjtdqw2n 2026-05-06 05:36:40+00:00| seen| https://www.acn.gov.it/portale/w/rilevate-vulnerabilita-in-sandboxie-per-windows...

GHSA-C2FV-2FMJ-9XRX

creationtimestamp| type| source ---|---|--- 2026-05-05 20:40:29+00:00| seen| https://gist.github.com/alon710/bda89e90af91af7f573f2d831677b6d7...

CVE-2026-41950 Dify < 1.14.0 Authorization Bypass via File UUID

Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit...

CVE-2026-7856

A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an unknown part of the file /urlmember.asp of the component Web Management Interface. Executing a manipulation of the argument Name can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and...

GHSA-8RM2-7QQF-34QM

creationtimestamp| type| source ---|---|--- 2026-05-05 20:10:29+00:00| seen| https://gist.github.com/alon710/a8e4ac23aec9e5a4ede7f32cda789bc3...

CVE-2026-7855

A vulnerability was detected in D-Link DI-8100 16.07.26A1. Affected by this issue is the function tgglasp of the file /tggl.asp of the component HTTP Request Handler. Performing a manipulation of the argument Name results in buffer overflow. The attack can be initiated remotely. The exploit is no...