CVE-2026-39387

creationtimestamp| type| source ---|---|--- 2026-04-15 01:12:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjipoxlfxi2k 2026-04-15 01:19:29+00:00| seen| Telegram/4QaIVP4Z6j7I04jn6w3qCKrQ76Fz4EXtpUCBPkRfgX1dqr4 2026-05-02 09:00:04+00:00| seen|...

CVE-2026-35031

creationtimestamp| type| source ---|---|--- 2026-04-15 00:57:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjiou4c4hb2r 2026-04-15 01:19:21+00:00| published-proof-of-concept| Telegram/GYbH54sRbOOqgznzSrvNbIPKqa8TpEiUvDUzTYtUUyxy-E 2026-04-15 10:33:26+00:00| seen|...

CVE-2026-35032

creationtimestamp| type| source ---|---|--- 2026-04-15 00:49:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjiofpiwpc2a 2026-04-15 01:19:29+00:00| seen| Telegram/4QaIVP4Z6j7I04jn6w3qCKrQ76Fz4EXtpUCBPkRfgX1dqr4...

CVE-2026-2396

creationtimestamp| type| source ---|---|--- 2026-04-15 00:40:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjinvgwpcl2z...

CVE-2026-40386

creationtimestamp| type| source ---|---|--- 2026-04-15 00:01:48+00:00| seen| https://bsky.app/profile/slackers.it/post/3mjilq2wm3u2n...

Cisco Webex Contact Center 安全漏洞

Cisco Webex Contact Center is a cloud contact center solution for customer service and call center management. A cross-site scripting vulnerability exists in Cisco Webex Contact Center. The vulnerability stems from a failure of the Desktop Agent feature to properly handle HTML and scripted conten...

PT-2026-33090

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are on the local file syst...

Lenovo Service Bridge 安全漏洞

Lenovo Service Bridge is an application based on the Windows platform developed by Lenovo Corporation. This program can automatically detect the serial number, device type, and model of devices in order to provide corresponding services. Lenovo Service Bridge has a security vulnerability, which...

PT-2026-33091

A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed this vulnerability in the Cisco Webex Contact Center service, and no customer action is needed. This...

PT-2026-33005

It has been identified that a vulnerability CWE-427 exists in the UPS Uninterruptible Power Supply management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges. If a malicious DLL is...

PT-2026-33242

Name of the Vulnerable Software and Affected Versions Drupal core versions 11.3.0 through 11.3.6 Description Drupal core contains an issue where entity suggestions provided during the process of adding a link to CKEditor 5 are not sufficiently sanitized. This allows a malicious user to trigger a...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in Mattermost versions 10.11.12 and earlier of the 10.11.x series, as well as versions 11.5.0 and earlier of the 11.5.x series, 11.4.2 and earlier of the 11.4.x series, and 11.3...

PT-2026-33081

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate...

PT-2026-33054

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.0 through 10.11.12 Mattermost version 11.5.0 Mattermost versions 11.4.0 through 11.4.2 Mattermost versions 11.3.0 through 11.3.2 Description Failure to enforce atomic single-use consumption of guest magic link tokens...

GHSA-M7R8-6Q9J-M2HC WWBN AVideo has an incomplete fix for CVE-2026-33500: XSS

Summary The incomplete XSS fix in AVideo's ParsedownSafeWithLinks class overrides inlineMarkup for raw HTML but does not override inlineLink or inlineUrlTag, allowing javascript: URLs in markdown link syntax to bypass sanitization. Affected Package - Ecosystem: Other - Package: AVideo - Affected...

WWBN AVideo has an Incomplete fix: Directory traversal bypass via query string in ReceiveImage downloadURL parameters

Summary The directory traversal fix introduced in commit 2375eb5e0 for objects/aVideoEncoderReceiveImage.json.php only checks the URL path component via parseurl$url, PHPURLPATH for .. sequences. However, the downstream function trygetcontentsfromlocal in objects/functionsFile.php uses...

CVE-2026-34160

creationtimestamp| type| source ---|---|--- 2026-04-14 23:21:52+00:00| seen| Telegram/jHpVmdM968c9lFQ4KStSRALTqvtLmQ8NC1zLLnKyLbbys0E 2026-04-15 14:09:42+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjk347by7p2w 2026-04-29 22:02:37+00:00| seen|...

CVE-2026-40683

creationtimestamp| type| source ---|---|--- 2026-04-14 20:19:08+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mji7bvc7ln27 2026-04-14 21:25:42+00:00| published-proof-of-concept| Telegram/YBv3RW-vRVGMDDlTI6JsAJBRTWorFJbZdjQQujfRdi3MBhU...

CVE-2026-35594

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's link share authentication GetLinkShareFromClaims in pkg/models/linksharing.go constructs authorization objects entirely from JWT claims without any server-side database validation. When a project owner delet...

CVE-2026-5983

A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation of the argument curTime can lead to buffer overflow. The attack can be executed remotely. The...