CVE-2026-20432

creationtimestamp| type| source ---|---|--- 2026-04-07 06:02:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miv44zzap62i 2026-04-07 14:52:48+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mivzrg66ve2j 2026-04-07 15:20:46+00:00| seen|...

CVE-2026-1900 Link Whisper Free < 0.9.1 - Unauthenticated Settings and User Meta Update

The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates...

CVE-2026-1900

The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates...

CVE-2026-1900 Link Whisper Free < 0.9.1 - Unauthenticated Settings and User Meta Update

The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates...

CVE-2026-1900

The CVE-2026-1900 entry relates to the WordPress plugin Link Whisper Free (versions prior to 0.9.1). A publicly accessible REST endpoint allows unauthenticated users to update settings, which is the root cause of the vulnerability. Impact is described as unauthenticated settings updates; practica...

CVE-2025-61166

An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect users to a malicious site via a crafted URL...

PT-2026-30864

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read responses from internal services AWS IMDSv1, cloud metadata, internal APIs by creating a link with a publ...

Security Advisory 0135

Security Advisory 0135 PDF Date: April 7, 2026 Revision | Date | Changes ---|---|--- 1.0 | April 7th, 2026 | Initial release 1.1 | April 28th, 2026 | Correction to fixed releases fixed in 4.32.10, not 4.32.9 The CVE-ID tracking this issue: CVE-2025-31133 CVSSv3.1 Base Score: 7.8/10...

LinkAce 代码问题漏洞

LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce prior to 2.5.4 had code vulnerabilities. These vulnerabilities stemmed from insufficient checks on private IP addresses, allowing authenticated users to read...

PT-2026-30797

Name of the Vulnerable Software and Affected Versions Link Whisper Free WordPress plugin versions prior to 0.9.1 Description The Link Whisper Free WordPress plugin has a publicly accessible REST endpoint that allows unauthenticated users to update settings. Recommendations Update to version 0.9.1...

Cisco Nexus Dashboard Server-Side Request Forgery (cisco-sa-nd-ssrf-NAen4O7r)

According to its self-reported version, Cisco Nexus Dashboard is affected by a vulnerability. - A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to...

PT-2026-30891

ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, when visited by an authenticated user, would redirect them to any URL chosen by an attacker if they clicked 'Cancel' button on the page. For...

WWBN AVideo 代码问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained code vulnerabilities. These vulnerabilities stemmed from incomplete verification of server-side requests for the downloadURL value, allowing authenticated uploader...

WordPress plugin Link Whisper Free 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

ROS-20260407-73-0015

A vulnerability in the nfconntracknetlink.c component of the Linux operating system kernel is related to errors in updating the link counter. Exploitation of the vulnerability allows an attacker to cause a denial of service...

SUSE CVE-2026-31408

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix use-after-free in scorecvframe due to missing sockhold scorecvframe reads conn-sk under scoconnlock but immediately releases the lock without holding a reference to the socket. A concurrent close can free the...

CVE-2026-5686

creationtimestamp| type| source ---|---|--- 2026-04-06 23:22:29+00:00| seen| Telegram/dGmhhMfdsalqLxLHWWo3a-Yu-qP75XdMdTLlCh9YxDeGRw 2026-04-06 23:42:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miugvbhty22i 2026-05-29 06:07:29+00:00| seen|...

CVE-2026-35444

creationtimestamp| type| source ---|---|--- 2026-04-06 23:22:19+00:00| seen| Telegram/F-tbnQCu7KGoJ0u4OEM4TknejxA1jNnRqA-1uSHs9aPRtPw 2026-04-16 10:07:15+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mjm5zedicc2d 2026-06-21 13:44:52+00:00| seen|...

CVE-2026-35391

creationtimestamp| type| source ---|---|--- 2026-04-06 23:22:01+00:00| seen| Telegram/baQtFgKM2b993Xinx1K-rl9rafgMn1ApK9JhHyMaH5eo0M 2026-04-06 23:26:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miug2g7egb2o...

CVE-2026-35213

creationtimestamp| type| source ---|---|--- 2026-04-06 23:10:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miuf54aevj27 2026-04-06 23:22:01+00:00| seen| Telegram/baQtFgKM2b993Xinx1K-rl9rafgMn1ApK9JhHyMaH5eo0M...