CVE-2026-40745

creationtimestamp| type| source ---|---|--- 2026-04-15 12:26:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjjve4f4gl23 2026-04-15 16:29:51+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjkcwtc4rj27 2026-04-15 17:20:42+00:00| seen|...

CVE-2026-40784

creationtimestamp| type| source ---|---|--- 2026-04-15 12:18:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjjuveihr32o 2026-04-15 16:29:43+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjkcwlaq5m2p 2026-04-15 17:20:42+00:00| seen|...

CVE-2026-3590

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

CVE-2026-40740

creationtimestamp| type| source ---|---|--- 2026-04-15 12:14:02+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjjunf24j22r...

CVE-2026-28741

creationtimestamp| type| source ---|---|--- 2026-04-15 12:08:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjjudayl732o 2026-04-16 11:35:11+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mjmcwqgahd2b...

CVE-2026-3590

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

CVE-2026-3590

Mattermost CVE-2026-3590 describes a race condition in the guest magic link authentication flow that fails to enforce atomic single-use for tokens. A valid magic link can be used to establish multiple independent authenticated sessions via concurrent requests on affected versions: Mattermost 10.1...

CVE-2026-3590 Race Condition in Guest Magic Link Authentication Allows Token Reuse

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

CVE-2026-3590 Race Condition in Guest Magic Link Authentication Allows Token Reuse

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

From fake Proton VPN sites to gaming mods, this Windows infostealer is everywhere

We’ve uncovered multiple campaigns distributing an infostealer we track as NWHStealer , using everything from fake VPN downloads to hardware utilities and gaming mods. What makes this campaign stand out isn’t just the malware, but how widely and convincingly it’s being spread. Once installed, it...

CVE-2026-5160

creationtimestamp| type| source ---|---|--- 2026-04-15 08:22:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjjhpqp6t72m 2026-04-23 14:15:11+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mk675fasgt2h...

CVE-2026-40719

creationtimestamp| type| source ---|---|--- 2026-04-15 08:12:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjjh5tnr3p2w 2026-04-15 17:00:29+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjkenm7rpm2u...

CVE-2026-5160

Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross-site Scripting XSS due to improper ordering of URL validation and normalization. The renderer validates link destinations using a prefix-based check IsDangerousURL before resolving HTML entities...

CVE-2026-5397

It has been identified that a vulnerability CWE-427 exists in the UPS Uninterruptible Power Supply management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges. If a malicious DLL is...

CVE-2026-2834

creationtimestamp| type| source ---|---|--- 2026-04-15 05:04:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjj4n6s5yj2k 2026-04-22 21:20:26+00:00| seen| Telegram/xHZW3dnIVlZ81UM5ayk21xAksqcQlWsb2BCoesl5IB3eE...

CVE-2026-40499

creationtimestamp| type| source ---|---|--- 2026-04-15 04:54:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjj43bso7l2o 2026-04-16 05:17:50+00:00| published-proof-of-concept| Telegram/TCjlHJMv9N6S0B2yz3RFhhjLUk96NJtTkRt7NB8H70qfRI...

CVE-2026-40090

creationtimestamp| type| source ---|---|--- 2026-04-15 04:31:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjj2rvphkr2z 2026-04-17 17:30:37+00:00| published-proof-of-concept| Telegram/99IlCPIS9qBv42yzAhiUHqlKgiNRb4WP8dx5pH1uskzhuw...

CVE-2026-1509

creationtimestamp| type| source ---|---|--- 2026-04-15 04:27:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjj2lwkmci2z...

CVE-2026-39984

creationtimestamp| type| source ---|---|--- 2026-04-15 04:24:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjj2gkkbn72w...

CVE-2026-5397 Vulnerability Related to an Uncontrolled Search Path Element in a UPS Management Application

It has been identified that a vulnerability CWE-427 exists in the UPS Uninterruptible Power Supply management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges. If a malicious DLL is...