61286 matches found
PT-2026-31385
CVE-2025-50662 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url group.asp endpoint. https://t.co/VWwBu5XwYc...
PT-2026-31376
CVE-2025-50650 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate validation of input size in the routes static parameter in the /router.asp endpo… https://t.co/EkZCsFcpeA...
PT-2026-31114
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Broken Link Checker broken-link-checker allows Blind SQL Injection.This issue affects Broken Link Checker: from n/a through = 2.4.7...
D-Link DI-8300 安全漏洞
The D-Link DI-8300 is a wireless broadband router designed for small and medium-sized network environments by D-Link Corporation. The D-Link DI-8300 version 16.07.26A1 contains a security vulnerability. This vulnerability stems from a buffer overflow in the fn parameter of the tgfilehtm function,...
CVE-2026-28388
creationtimestamp| type| source ---|---|--- 2026-04-07 23:31:27+00:00| seen| https://bsky.app/profile/omo.bsky.social/post/3miwwr7vxwk2o 2026-04-08 12:10:24+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3miyb6guojc23 2026-04-09 00:01:12+00:00| seen|...
CVE-2026-34045
creationtimestamp| type| source ---|---|--- 2026-04-07 23:21:06+00:00| seen| Telegram/WwaVaWmCpWfeYuJ8P8IqcUlHCUAeEgjmrCmKGvAa3A2q2J0 2026-04-08 01:51:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mix6m73q3h2o 2026-04-08 05:04:39+00:00| seen|...
CVE-2026-35020
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launcher that allows local attackers to execute arbitrary commands by manipulating the TERMINAL environment variable. Attackers can inject shell...
vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin
A flaw was found in Vim, an open-source command-line text editor. Specifically, an operating system OS command injection vulnerability exists in the netrw standard plugin. A remote attacker could exploit this by tricking a user into opening a specially crafted URL, such as one using the scp://...
WordPress Link Whisper Free plugin < 0.9.1 - Unauthenticated Settings and User Meta Update vulnerability
Unauthenticated Settings and User Meta Update vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin Link Whisper Free versions 0.9.1...
CVE-2026-39382
creationtimestamp| type| source ---|---|--- 2026-04-07 21:22:30+00:00| published-proof-of-concept| Telegram/PsCoAl2rNCHfpa-IE94yjZNK4tjM6zifbqO0UkQOdEj8yI 2026-04-07 23:03:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miwv6zz67y2n...
CVE-2026-32862
creationtimestamp| type| source ---|---|--- 2026-04-07 21:22:14+00:00| seen| Telegram/jEWDvJlPAzzCg6Ap5VgqQ5eCzhkM-91ZtlQ3ivnX7ilAAw 2026-04-07 22:41:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miwtyri4a422 2026-04-08 07:04:03+00:00| seen|...
CVE-2026-32861
creationtimestamp| type| source ---|---|--- 2026-04-07 21:22:07+00:00| seen| Telegram/G7jwG369FM-EA8JMh95pmFocIEiy10HcnXiWAHgS3Vj404 2026-04-07 23:13:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miwvqwvxp22s 2026-04-08 07:00:42+00:00| seen|...
CVE-2026-39351
creationtimestamp| type| source ---|---|--- 2026-04-07 20:57:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miwo5aqakn2n 2026-04-09 19:22:33+00:00| seen| Telegram/HFSRmPQIuJm0mhlgKTjgnUZc9IKWtHrGIbUWbiDZawdQwcQ...
CVE-2026-39888
creationtimestamp| type| source ---|---|--- 2026-04-07 20:48:08+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-qf73-2hrx-xprp 2026-04-07 20:48:08+00:00| published-proof-of-concept|...
CVE-2026-39349
creationtimestamp| type| source ---|---|--- 2026-04-07 20:35:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miwmvw65jy27...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering of Mustache navigation templates when user-controlled values are interpolated into the href attribute without proper URL scheme validation. An attacker can execute arbitrary JavaScript in the...
Emissary has Stored XSS via Navigation Template Link Injection
Summary Mustache navigation templates interpolated configuration-controlled link values directly into href attributes without URL scheme validation. An administrator who could modify the navItems configuration could inject javascript: URIs, enabling stored cross-site scripting XSS against other...
CVE-2026-39392
creationtimestamp| type| source ---|---|--- 2026-04-07 20:07:13+00:00| published-proof-of-concept| https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-fjpj-6qcq-6pw2 2026-04-08 18:16:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miyvnxbmju27...
CVE-2026-39393
creationtimestamp| type| source ---|---|--- 2026-04-07 20:07:03+00:00| published-proof-of-concept| https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-8rh5-4mvx-xj7j 2026-04-08 17:17:30+00:00| seen| Telegram/V1TSqfmZJdfaKpoymM9Em6O2uNbTcVHb7f-sjGIlQ-q3Tg 2026-04-08 18:32:42+00:00| seen|...
CVE-2026-39394
creationtimestamp| type| source ---|---|--- 2026-04-07 20:06:52+00:00| published-proof-of-concept| https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-vfhx-5459-qhqh 2026-04-08 17:17:30+00:00| seen| Telegram/V1TSqfmZJdfaKpoymM9Em6O2uNbTcVHb7f-sjGIlQ-q3Tg 2026-04-08 18:11:58+00:00| seen|...