CVE-2026-6744

Bagisto (up to 2.3.15) contains a vulnerability in the Copy function of the Downloadable Link Handler that enables server-side request forgery (SSRF). The issue is exploitable remotely and has publicly available exploits; vendor notes that issues are addressed via a security advisory and plans fi...

CVE-2026-6744 Bagisto Downloadable Link copy server-side request forgery

A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Downloadable Link Handler. The manipulation results in server-side request forgery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted...

CVE-2026-3298

creationtimestamp| type| source ---|---|--- 2026-04-21 17:18:10+00:00| seen| Telegram/GomAqAKioRw5ORwyc6ugTkWhk08fHowYPUM-Q49l2oeUgi0 2026-04-22 12:50:13+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mk3jwk3cvd2u...

EUVD-2026-24184

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privileged agent can edit a visible customer and add an email address already owned by a hidden customer in another mailbox. The server discloses the hidden customer’s name and profile URL in the success...

CVE-2026-40589

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privileged agent can edit a visible customer and add an email address already owned by a hidden customer in another mailbox. The server discloses the hidden customer’s name and profile URL in the success...

CVE-2026-35451

CVE-2026-35451 affects the Twenty open source CRM, specifically the BlockNote editor. Before version 1.20.6 there is a Stored XSS in the FileBlock component: an attacker can inject a javascript: URI into the url property of a file block due to lack of protocol validation and insufficient server-s...

CVE-2026-35451 Twenty: Stored XSS via BlockNote FileBlock

Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting XSS vulnerability exists in the BlockNote editor component. Due to a lack of protocol validation in the FileBlock component and insufficient server-side inspection of block content, an attacker can inject a javascript: U...

CVE-2025-29635: Mirai Campaign Targets D-Link Devices

...

CVE-2019-25668

creationtimestamp| type| source ---|---|--- 2026-04-21 12:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mjyx2k5z5e2h...

GHSA-4W7W-66W2-5VF9

creationtimestamp| type| source ---|---|--- 2026-04-21 11:56:50+00:00| seen| https://gist.github.com/MindfulLearner/c8453868d5bef6ee64c2f01d7c7f658d 2026-05-30 02:23:48+00:00| seen| https://gist.github.com/konard/ddaf1c7a82581f9e29a8359316e48df3 2026-05-30 12:07:18+00:00| seen|...

GHSA-J3Q9-MXJG-W52F

creationtimestamp| type| source ---|---|--- 2026-04-21 11:56:50+00:00| seen| https://gist.github.com/MindfulLearner/c8453868d5bef6ee64c2f01d7c7f658d...

GHSA-37QJ-FRW5-HHJH

creationtimestamp| type| source ---|---|--- 2026-04-21 11:51:12+00:00| seen| https://gist.github.com/MindfulLearner/6d7eef9c065da267822dabd41aeaec98 2026-04-21 11:56:50+00:00| seen| https://gist.github.com/MindfulLearner/c8453868d5bef6ee64c2f01d7c7f658d...

CVE-2026-31369

creationtimestamp| type| source ---|---|--- 2026-04-21 10:40:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjys76tb3d2r...

CVE-2026-31370

creationtimestamp| type| source ---|---|--- 2026-04-21 10:18:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjyqywa7zl2o...

CVE-2026-25775

creationtimestamp| type| source ---|---|--- 2026-04-21 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-12 2026-04-24 01:17:38+00:00| seen| Telegram/y1cMF7MSs4iKIz6Tjc1sXNbleG9GlRmZjivyp4DyaM6b6bo 2026-04-24 01:30:28+00:00| seen|...

CVE-2026-42239

creationtimestamp| type| source ---|---|--- 2026-04-21 08:38:20+00:00| published-proof-of-concept| https://github.com/Budibase/budibase/security/advisories/GHSA-4f9j-vr4p-642r 2026-05-07 20:21:41+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlc25mkshw2c 2026-05-07...

CVE-2026-6674

creationtimestamp| type| source ---|---|--- 2026-04-21 06:24:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjydw4ylkk2k 2026-04-28 06:01:11+00:00| seen| https://bsky.app/profile/donwebmedia.bsky.social/post/3mkjvtqaiuw2s...

CVE-2026-6058

creationtimestamp| type| source ---|---|--- 2026-04-21 02:17:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjxw4b2jk52h...

CVE-2026-41296

creationtimestamp| type| source ---|---|--- 2026-04-21 01:18:48+00:00| seen| Telegram/wz0kiY1tb5u805P38ZVeawoTKuvhTd24bOWQm-Bt9SZek-4 2026-04-21 01:37:20+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjxtufg45t2n 2026-05-31 04:07:07+00:00| seen|...

CVE-2026-41297

creationtimestamp| type| source ---|---|--- 2026-04-21 01:07:49+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjxs7kpnuw2k 2026-04-21 01:18:48+00:00| seen| Telegram/wz0kiY1tb5u805P38ZVeawoTKuvhTd24bOWQm-Bt9SZek-4...