CVE-2017-20229

creationtimestamp| type| source ---|---|--- 2026-03-28 14:59:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mi4vioav7b2q 2026-04-14 04:42:21+00:00| seen| https://bsky.app/profile/breachandbuild.bsky.social/post/3mjgkws62rt2y...

CVE-2016-20045

creationtimestamp| type| source ---|---|--- 2026-03-28 14:43:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mi4ule4jn72j 2026-04-09 00:20:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mizjxe2zol2d...

CVE-2017-20227

creationtimestamp| type| source ---|---|--- 2026-03-28 14:12:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mi4suzrw6o27 2026-03-30 17:44:47+00:00| seen| https://bsky.app/profile/yazoul-alerts.bsky.social/post/3mic7o3blts2j 2026-03-31 17:49:33+00:00| seen|...

CVE-2026-4996

creationtimestamp| type| source ---|---|--- 2026-03-28 13:15:28+00:00| published-proof-of-concept| Telegram/br59VXTdsrXIjQrxmwmULmHR5vTzBCK926-05m5zFA5U4A 2026-03-28 15:19:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mi4wmiajg725...

CVE-2026-33030

creationtimestamp| type| source ---|---|--- 2026-03-28 03:20:53+00:00| published-proof-of-concept| https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-5hf2-vhj6-gj9m 2026-03-30 18:17:52+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3micbj7kshn25 2026-03-30...

CVE-2026-4992

creationtimestamp| type| source ---|---|--- 2026-03-28 02:44:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mi3mh42nis2g...

SUSE CVE-2026-33680

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.2, the LinkSharing.ReadAll method allows link share authenticated users to list all link shares for a project, including their secret hashes. While LinkSharing.CanRead correctly blocks link share users from readi...

SUSE CVE-2026-33700

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the DELETE /api/v1/projects/:project/shares/:share endpoint does not verify that the link share belongs to the project specified in the URL. An attacker with admin access to any project can delete link shares...

CVE-2026-34472

creationtimestamp| type| source ---|---|--- 2026-03-27 23:26:51+00:00| seen| https://gist.github.com/minanagehsalalma/7a8516b9b00d0008f2f25750320560c9 2026-04-08 17:40:10+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3miytm3nifb2a 2026-05-20 14:34:56+00:00| seen|...

CVE-2019-25652

creationtimestamp| type| source ---|---|--- 2026-03-27 22:30:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mi367qfys22s 2026-03-28 01:29:28+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mi3iaamanj2k...

CVE-2026-33907

creationtimestamp| type| source ---|---|--- 2026-03-27 22:22:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mi35sa7cyt2n...

CVE-2026-33992 pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata Exfiltration

pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, PyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request Forgery SSRF attacks. An authenticated attacker can exploit this to access internal network service...

CVE-2026-33874

creationtimestamp| type| source ---|---|--- 2026-03-27 21:44:07+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mi33nanktw2x 2026-03-27 23:27:39+00:00| seen| Telegram/rLqHCNltFCNj1PrF3FJbrFEjnsSClo3JgFDbDQ7L99dJsxY 2026-04-01 15:20:09+00:00| seen|...

EUVD-2026-16870

LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...

CVE-2026-33954 LinkAce discloses private notesto unauthorized authenticated users via the web link detail page

LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...

CVE-2026-33954 LinkAce discloses private notesto unauthorized authenticated users via the web link detail page

LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...

CVE-2026-33954 LinkAce discloses private notesto unauthorized authenticated users via the web link detail page

LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...

CVE-2026-33875

Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update...

CVE-2026-34205

creationtimestamp| type| source ---|---|--- 2026-03-27 21:01:23+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mi2zau2fcs2x 2026-03-27 21:23:14+00:00| published-proof-of-concept| Telegram/B1-lnNSHplGL4tzlck3EB0WXwjfJllp4cXItiyc0oKB0vU 2026-03-28 03:00:13+00:00| seen|...

CVE-2026-33885

Statamic Open Redirect (CVE-2026-33885): Affected versions before 5.73.16 and before 6.7.2 have an issue where external URL detection for redirect validation on unauthenticated endpoints could be bypassed via URL parsing differentials. Impact is redirects to external URLs after actions like form ...