CVE-2026-29199

phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When forceservervars is disabled, the servers hostname may be extracted from the HTTP Host header which is used to generate the password reset link URL. An attacker who can manipulate the Hos...

CVE-2026-7721

creationtimestamp| type| source ---|---|--- 2026-05-04 06:57:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkz3srlohr2e...

CVE-2026-7732

creationtimestamp| type| source ---|---|--- 2026-05-04 06:54:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkz3msex6f2i...

CVE-2026-7722

creationtimestamp| type| source ---|---|--- 2026-05-04 06:45:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkz35ybzbu2r...

CVE-2026-29199

CVE-2026-29199 affects phpBB prior to 3.3.16. The issue is a Host Header Injection in which, when force_server_vars is disabled, the server hostname is sourced from the HTTP Host header to build the password reset URL. An attacker who can control or influence the Host header can cause password re...

CVE-2026-29199

phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When forceservervars is disabled, the servers hostname may be extracted from the HTTP Host header which is used to generate the password reset link URL. An attacker who can manipulate the Hos...

CVE-2026-29199

phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When forceservervars is disabled, the servers hostname may be extracted from the HTTP Host header which is used to generate the password reset link URL. An attacker who can manipulate the Hos...

vulnerability-research

Vulnerability Research & Responsible Disclosure Shivam Paji...

CVE-2026-7718

creationtimestamp| type| source ---|---|--- 2026-05-04 04:41:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkyu7b3ajc2o...

Malicious Package

Overview @activationcode/activate is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

CVE-2026-42369

creationtimestamp| type| source ---|---|--- 2026-05-04 01:18:13+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mkyiu6f3ct2w 2026-05-04 02:50:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkynz6jpjl2h 2026-05-04 04:53:12+00:00| seen|...

CVE-2026-7717

creationtimestamp| type| source ---|---|--- 2026-05-04 01:17:58+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mkyitpy4ep2l 2026-05-04 03:06:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkyovthfca2r...

CVE-2026-7711

creationtimestamp| type| source ---|---|--- 2026-05-04 00:58:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkyhr4pfcp2c...

EUVD-2026-26863

Multiple reflected cross-site scripting xss vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this...

CVE-2026-7710

creationtimestamp| type| source ---|---|--- 2026-05-04 00:32:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkygbvfube2k...

PT-2026-36770

Name of the Vulnerable Software and Affected Versions phpBB versions prior to 3.3.16 Description Host Header Injection occurs when force server vars is disabled, allowing the server's hostname to be extracted from the HTTP Host header to generate password reset link URLs. An attacker capable of...

D-Link DIR-605L 信任管理问题漏洞

The D-Link DIR-605L is a wireless router produced by D-Link Corporation. The D-Link DIR-605L in the Hardware Revision A1 version has a trust management vulnerability. This vulnerability stems from a hard-coded telnet backdoor, which allows unauthorized attackers on the local network to obtain roo...

D-Link DIR-605L 信任管理问题漏洞

The D-Link DIR-605L is a wireless router produced by D-Link Corporation. The D-Link DIR-605L Hardware Revision B2 version has a vulnerability related to trust management. This vulnerability stems from a hard-coded telnet backdoor, which allows unauthenticated attackers on the local network to...

D-Link DIR-600L 信任管理问题漏洞

The D-Link DIR-600L is an entry-level wireless router from D-Link Corporation. It supports 150Mbps wireless transmission and has 4 Gigabit wired ports. There is a trust management vulnerability in the D-Link DIR-600L Hardware Revision A1. This vulnerability stems from a hard-coded telnet backdoor...

D-Link DIR-600L 信任管理问题漏洞

The D-Link DIR-600L is an entry-level wireless router from D-Link Corporation. It supports 150Mbps wireless transmission and has 4 Gigabit wired ports. The DIR-600L has a trust management vulnerability, which stems from a hard-coded telnet backdoor. This vulnerability could allow unauthenticated...