CVE-2026-4659

CVE-2026-4659 affects the Unlimited Elements for Elementor plugin on WordPress. Versions up to and including 2.0.6 are vulnerable to an Arbitrary File Read via the Repeater JSON/CSV URL parameter. The root cause is insufficient path traversal sanitization in the URLtoRelative() and urlToPath() fu...

CVE-2026-3330

creationtimestamp| type| source ---|---|--- 2026-04-17 06:23:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjobynzvvw2s 2026-04-17 20:32:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mjprfu2tkp2r...

CVE-2026-4853

creationtimestamp| type| source ---|---|--- 2026-04-17 06:20:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjobtc2x6a22 2026-04-17 22:32:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mjpy4gr6wa2r...

CVE-2026-5427

creationtimestamp| type| source ---|---|--- 2026-04-17 06:13:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjobfqtiah2k 2026-04-17 23:32:05+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mjq3hp52oo2l...

CVE-2026-4666

creationtimestamp| type| source ---|---|--- 2026-04-17 06:10:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjobbvvw652f 2026-04-17 21:32:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mjpur5dhl32n...

CVE-2026-5052

creationtimestamp| type| source ---|---|--- 2026-04-17 06:07:04+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjob2xkorz2f...

CVE-2026-22734

creationtimestamp| type| source ---|---|--- 2026-04-17 02:53:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjnwasdz5c26 2026-04-17 03:16:02+00:00| published-proof-of-concept| Telegram/OCRuCpCrMYyNHl7tK2WvZ5-EwER3iqlB4XvdcqwHWSldrs 2026-04-17 16:00:32+00:00| seen|...

CVE-2026-40249

creationtimestamp| type| source ---|---|--- 2026-04-17 00:51:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjnpghu7732f...

CVE-2026-33472

creationtimestamp| type| source ---|---|--- 2026-04-17 00:46:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjnp5jgx372q...

CVE-2026-40322

creationtimestamp| type| source ---|---|--- 2026-04-17 00:14:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjnneetnsb2q 2026-04-17 01:16:10+00:00| published-proof-of-concept| Telegram/L7r3B6HZ1No5mrz6jolg2h46aKqgVbGrSL49d6iAO6fVY 2026-04-17 17:01:39+00:00| seen|...

CVE-2026-34164

creationtimestamp| type| source ---|---|--- 2026-04-17 00:10:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjnn4x2eqj2d...

Mobatek MobaXterm 安全漏洞

Mobatek MobaXterm is a terminal software developed by the French company Mobatek. It integrates an enhanced terminal, X servers, and Unix command sets GNU/Cygwin. The Mobatek MobaXterm Home Edition 26.1 and earlier versions have security vulnerabilities. These vulnerabilities stem from an unknown...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007611)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007611 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix link down processing to address NULL pointer dereference If an FC link down...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007544)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007544 advisory. In the Linux kernel, the following vulnerability has been resolved: net: dlink: handle copythresh allocation failure The driver did not handle failure of...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-007499)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007499 advisory. In the Linux kernel, the following vulnerability has been resolved: ethtool: Fix uninitialized number of lanes It is not possible to set the number of lanes when...

BIT-AUTHENTIK-2025-52553 authentik has Insufficient Session verification for Remote Access Control endpoint access

authentik is an open-source identity provider. After authorizing access to a RAC endpoint, authentik creates a token which is used for a single connection and is sent to the client in the URL. This token is intended to only be valid for the session of the user who authorized the connection, howev...

BIT-AUTHENTIK-2023-26481 Insufficient user check in FlowTokens by Email stage

authentik is an open-source Identity Provider. Due to an insufficient access check, a recovery flow link that is created by an admin or sent via email by an admin can be used to set the password for any arbitrary user. This attack is only possible if a recovery flow exists, which has both an...

SUSE CVE-2026-40947

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

CVE-2026-40900

creationtimestamp| type| source ---|---|--- 2026-04-16 23:18:23+00:00| published-proof-of-concept| Telegram/x6U1CUbtpfWdw00zGhzow4OOkK7AiEHUVbiM6o3SMYH6zs0 2026-04-17 00:21:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjnnruzhip2k 2026-04-20 20:32:29+00:00| seen|...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the MarkdownBody class, where user-supplied markdown content is rendered without proper URL sanitization due to an overridden urlTransform function. An attacker can execute arbitrary JavaScript in the context...