CVE-2026-6183

creationtimestamp| type| source ---|---|--- 2026-04-13 18:01:43+00:00| seen| Telegram/mgx4OESgILIX0WlIlJJnUrKrutJBiy7rqG6NL0bWgANWmeU 2026-04-13 19:02:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjfkkoi5yq2a...

CVE-2026-39940

ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, when visited by an authenticated user, would redirect them to any URL chosen by an attacker if they clicked 'Cancel' button on the page. For...

CVE-2026-39940

ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, when visited by an authenticated user, would redirect them to any URL chosen by an attacker if they clicked 'Cancel' button on the page. For...

CVE-2026-6186

creationtimestamp| type| source ---|---|--- 2026-04-13 16:32:21+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjfc5ggvja25 2026-04-13 18:01:48+00:00| seen| Telegram/xbHjqaTQcr8Rt4XSFJk3i5MS3FsWolyHvBAsREEApmBgOgk 2026-04-13 18:01:52+00:00| seen|...

Malicious Package

Overview upstart.previewcss is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview paysafe-venmo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2026-36923

creationtimestamp| type| source ---|---|--- 2026-04-13 15:00:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjf4ztv33x2a...

CVE-2026-36920

creationtimestamp| type| source ---|---|--- 2026-04-13 14:57:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjf4t2z2zw23...

CVE-2026-36919

creationtimestamp| type| source ---|---|--- 2026-04-13 14:47:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjf4cspvlu23...

CVE-2026-40931

creationtimestamp| type| source ---|---|--- 2026-04-13 14:02:27+00:00| published-proof-of-concept| https://github.com/node-modules/compressing/security/advisories/GHSA-4c3q-x735-j3r5 2026-04-21 22:37:34+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mk22btobow2e 2026-04-21...

CVE-2026-40911

creationtimestamp| type| source ---|---|--- 2026-04-13 12:21:35+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-gph2-j4c9-vhhr 2026-04-21 22:00:45+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjzy7zu4dk2z 2026-04-21 22:17:26+00:0...

CVE-2026-4810

creationtimestamp| type| source ---|---|--- 2026-04-13 11:12:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjeqcapg6m2r 2026-04-13 11:15:29+00:00| published-proof-of-concept| Telegram/fSDxF1W-oA5l6tgQa9ar4bEO6UgKzKht9blWdgmI3wf0 2026-04-14 17:25:07+00:00| seen|...

EUVD-2026-21887

An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate requests to arbitrary destinations. This behavior may be exploited to probe internal network services, access otherwise unreachable endpoints e.g., cloud metadata services, or bypass...

WordPress UsersWP plugin <= 1.2.60 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User Badge Link Substitution vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via User Badge Link Substitution vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin UsersWP versions = 1.2.60...

JanelaRAT: a financial threat targeting users in Latin America

Background JanelaRAT is a malware family that takes its name from the Portuguese word "janela" which means "window". JanelaRAT looks for financial and cryptocurrency data from specific banks and financial institutions in the Latin America region. JanelaRAT is a modified variant of BX RAT that has...

CVE-2026-6162

creationtimestamp| type| source ---|---|--- 2026-04-13 08:02:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjefn4arq32o...

CVE-2026-6160

creationtimestamp| type| source ---|---|--- 2026-04-13 07:41:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjeeizl3ad2z...

CVE-2026-34858

creationtimestamp| type| source ---|---|--- 2026-04-13 07:19:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjedbbnspl2m...

CVE-2026-6158

creationtimestamp| type| source ---|---|--- 2026-04-13 07:18:01+00:00| published-proof-of-concept| Telegram/WZFVHGgaKyJ7TxaSM0HnzDZsEpM2ufMQ-E7g3YgMqDv7PE 2026-04-13 07:47:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjees36aws2w...

CVE-2026-6161

creationtimestamp| type| source ---|---|--- 2026-04-13 07:18:01+00:00| published-proof-of-concept| Telegram/WZFVHGgaKyJ7TxaSM0HnzDZsEpM2ufMQ-E7g3YgMqDv7PE 2026-04-13 07:52:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjef32y5xp2r...