CVE-2026-39912

The CVE-2026-39912 entry describes a token exposure in the loginWithMailLink flow affecting V2Board (1.6.1–1.7.4) and Xboard (up to 0.1.9). When login_with_mail_link_enable is active, the HTTP response body reveals the full authentication URL, allowing an unauthenticated attacker to POST to login...

Exploit for CVE-2026-39912

CVE-2026-39912 - Xboard / V2Board Unauth Account Takeover M...

EUVD-2026-20932

A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable...

CVE-2026-30478

A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows attackers to escalate privileges via a crafted executable...

CVE-2026-40071

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the /json/packageorder, /json/linkorder, and /json/abortlink WebUI JSON endpoints enforce weaker permissions than the core API methods they invoke. This allows authenticated low-privileged users to execut...

UBUNTU-CVE-2026-30479

A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable...

CVE-2026-5440

creationtimestamp| type| source ---|---|--- 2026-04-09 17:14:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj3cmqgvs622 2026-04-14 20:03:14+00:00| published-proof-of-concept| Telegram/P20Htht508gPcGtfhYsw3BkHMYZAVXCzBRlMvbh3o3mGtY...

CVE-2026-5439

creationtimestamp| type| source ---|---|--- 2026-04-09 16:46:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj3b2jklkn25 2026-04-14 20:03:14+00:00| published-proof-of-concept| Telegram/P20Htht508gPcGtfhYsw3BkHMYZAVXCzBRlMvbh3o3mGtY...

CVE-2026-5442

creationtimestamp| type| source ---|---|--- 2026-04-09 16:30:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj3a5t24yy2j 2026-04-14 20:03:31+00:00| seen| Telegram/BoOqWaO3KXSkNoeZKG9-5DucbPr6wdRjfTcRW39IR2MuNQ...

CVE-2026-39843

Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0, the remediation of GHSA-jcc6-f9v6-f7jw is incomplete which could lead to the same full read Server-Side Request Forgery when a normal html page contains a link tag with an href that redirects to a private IP address ...

CVE-2026-33266

creationtimestamp| type| source ---|---|--- 2026-04-09 15:03:13+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mj33cf7s6b2p 2026-04-10 21:23:28+00:00| seen| Telegram/OQKBgo-nZL6sXwBX9bmjZlSNqFSsDAVUFOIG0ZNThQ0ug 2026-04-12 11:59:55+00:00| seen|...

CLSA-2026-1775722568 binutils: Fix of 4 CVEs

CVE-2025-5244: fix NULL pointer dereference in elfgcsweep for empty section groups - CVE-2025-5245: fix memory corruption in debugtypesamep incorrect NULL check - CVE-2026-3441: fix out-of-bounds read in xcofflinkaddsymbols xscnlen bounds check - CVE-2026-3442: fix out-of-bounds read in...

CVE-2026-4660

HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...

CVE-2026-33459

creationtimestamp| type| source ---|---|--- 2026-04-09 12:45:15+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mj2tlogbtp2z...

CVE-2025-66038

creationtimestamp| type| source ---|---|--- 2026-04-09 12:45:08+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mj2tlhrxnc2b...

CVE-2025-66215

creationtimestamp| type| source ---|---|--- 2026-04-09 12:45:08+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mj2tlhrxnc2b...

CVE-2026-25430

creationtimestamp| type| source ---|---|--- 2026-04-09 11:30:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mj2pfe25hm2c...

CVE-2026-25013

creationtimestamp| type| source ---|---|--- 2026-04-09 10:30:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mj2lzzujah2u...

CVE-2026-40151

creationtimestamp| type| source ---|---|--- 2026-04-09 10:01:48+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-pm96-6xpr-978x 2026-04-09 22:22:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj3tuejt7f23...

CVE-2026-40111

creationtimestamp| type| source ---|---|--- 2026-04-09 10:01:19+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-v7px-3835-7gjx 2026-04-09 23:30:34+00:00| seen| Telegram/G3Fi-nNLRGY8ZLcJORLcPgOLisPY2kSgZDawKJf-COsCMo 2026-04-09 23:30:43+00:00|...