CVE-2026-25339

creationtimestamp| type| source ---|---|--- 2026-04-07 14:30:08+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mivyjf3rl22j...

CVE-2026-3466

Insufficient sanitization of dashboard dashlet title links in Checkmk 2.2.0 EOL, Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 beta before 2.5.0 allows an attacker with dashboard creation privileges to perform stored cross-site scripting XSS attacks by tricking a...

CVE-2026-3466

Insufficient sanitization of dashboard dashlet title links in Checkmk 2.2.0 EOL, Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 beta before 2.5.0b3 allows an attacker with dashboard creation privileges to perform stored cross-site scripting XSS attacks by tricking...

CVE-2020-35881

creationtimestamp| type| source ---|---|--- 2026-04-07 11:43:13+00:00| seen| https://gist.github.com/soul2zimate/a5296bc917881b1c43c396b5caf75393...

CVE-2026-25376

creationtimestamp| type| source ---|---|--- 2026-04-07 10:30:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mivl47q4yp2j...

CVE-2026-28810

creationtimestamp| type| source ---|---|--- 2026-04-07 10:11:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mivk27bqdq2t...

CVE-2026-33227

creationtimestamp| type| source ---|---|--- 2026-04-07 10:07:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mivjticz7b2g...

EUVD-2026-19576

The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates...

CVE-2026-1900

The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates...

CVE-2026-5719

creationtimestamp| type| source ---|---|--- 2026-04-07 06:30:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miv5paef3u2i...

CVE-2026-20446

creationtimestamp| type| source ---|---|--- 2026-04-07 06:15:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miv4uexhyw2t 2026-04-08 01:50:50+00:00| seen| https://www.acn.gov.it/portale/w/rilevate-vulnerabilita-in-prodotti-mediatek-7...

CVE-2026-1839

creationtimestamp| type| source ---|---|--- 2026-04-07 06:05:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miv4dqxdnj2i...

CVE-2025-57834

creationtimestamp| type| source ---|---|--- 2026-04-07 06:02:43+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3miv462gvya2s 2026-04-08 03:00:14+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mixcgodylv2q 2026-05-10 20:00:00+00:00| seen|...

CVE-2026-20432

creationtimestamp| type| source ---|---|--- 2026-04-07 06:02:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miv44zzap62i 2026-04-07 14:52:48+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mivzrg66ve2j 2026-04-07 15:20:46+00:00| seen|...

CVE-2026-1900 Link Whisper Free < 0.9.1 - Unauthenticated Settings and User Meta Update

The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates...

CVE-2026-1900

The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates...

CVE-2026-1900 Link Whisper Free < 0.9.1 - Unauthenticated Settings and User Meta Update

The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates...

CVE-2026-1900

The CVE-2026-1900 entry relates to the WordPress plugin Link Whisper Free (versions prior to 0.9.1). A publicly accessible REST endpoint allows unauthenticated users to update settings, which is the root cause of the vulnerability. Impact is described as unauthenticated settings updates; practica...

CVE-2025-61166

An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect users to a malicious site via a crafted URL...

PT-2026-30864

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read responses from internal services AWS IMDSv1, cloud metadata, internal APIs by creating a link with a publ...