CVE-2026-4898

creationtimestamp| type| source ---|---|--- 2026-03-27 00:41:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhyv2xgn222g...

CVE-2026-4899

creationtimestamp| type| source ---|---|--- 2026-03-27 00:31:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhyuj2iphe2z...

CVE-2026-30570

CVE-2026-30570 affects SourceCodester Sales and Inventory System 1.0. The vulnerability is a Reflected Cross-Site Scripting (XSS) in view_sales.php via the limit parameter, where input is not sanitized, allowing remote attackers to inject arbitrary web scripts or HTML through a crafted URL. Conne...

LinkAce 授权问题漏洞

LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce prior to 2.5.3 had an authorization vulnerability. This vulnerability stemmed from the lack of equivalent visibility filtering when rendering notes on the web...

CVE-2026-30567

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the viewproduct.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL...

PT-2026-28738

Name of the Vulnerable Software and Affected Versions D-Link DIR-513 version 1.10 Description A flaw exists in the formSetEmail function within the /goform/formSetEmail file of the D-Link DIR-513. Manipulating the curTime argument can lead to a stack-based buffer overflow. This issue is remotely...

BuildKit 后置链接漏洞

BuildKit is a concurrent, cache-efficient build tool package developed by Moby. Versions of BuildKit prior to 0.28.1 contained a post-link vulnerability. This vulnerability stemmed from insufficient validation of Git URL fragment sub-directory components, which could allow access to files outside...

globaleaks-whistleblowing-software 输入验证错误漏洞

globaleaks-whistleblowing-software is an open-source anonymous whistleblowing platform developed by GLOBALEAKS. Versions of globaleaks-whistleblowing-software prior to version 5.0.89 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient validation of...

CVE-2026-34352

creationtimestamp| type| source ---|---|--- 2026-03-26 23:18:23+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhyqgw7v2y2h 2026-03-27 00:21:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhytyc2um322 2026-03-27 01:18:44+00:00| published-proof-of-concept|...

CVE-2026-33711

creationtimestamp| type| source ---|---|--- 2026-03-26 22:08:26+00:00| published-proof-of-concept| https://github.com/lxc/incus/security/advisories/GHSA-q9vp-3wcg-8p4x 2026-03-27 00:26:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhyu7xmsjz2d 2026-03-30 19:00:23+00:00| seen|...

CVE-2026-33743

creationtimestamp| type| source ---|---|--- 2026-03-26 22:08:22+00:00| published-proof-of-concept| https://github.com/lxc/incus/security/advisories/GHSA-vg76-xmhg-j5x3 2026-03-27 00:11:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhytg7w7d32z...

CVE-2026-33896

creationtimestamp| type| source ---|---|--- 2026-03-26 22:05:43+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-2328-f5f3-gj25 2026-03-27 23:27:55+00:00| seen| Telegram/9UoOcMml4hO1LPqEQWig8KjS1ZNRBXJeCq-u3-UaU0LNh0 2026-04-14 10:07:07+00:00| seen|...

UNIX Symbolic Link (Symlink) Following

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the agents.create and agents.update processes. An attacker can append arbitrary content to files outside the intended workspace by planting a...

CVE-2026-32516

creationtimestamp| type| source ---|---|--- 2026-03-26 21:36:23+00:00| seen| Telegram/qpJXIfLucPvhQtEDSHE7IdszXR3MHRZbZWkV9-ESfqWxnI 2026-04-08 08:30:08+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mixuul2dxp2e...

CVE-2026-32485

creationtimestamp| type| source ---|---|--- 2026-03-26 21:35:36+00:00| seen| Telegram/jNlDBTackbRa-OzLBD4eltRa4dE7lS0-uVg4cHfoz-Hg 2026-04-07 05:30:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3miv2dr5xbv2w...

CVE-2026-24993

creationtimestamp| type| source ---|---|--- 2026-03-26 21:34:32+00:00| seen| Telegram/jvhOKmzqiPeYBdBxVFESt3SUAdqySxNGUXLiFxkgoqjLWk 2026-04-09 03:30:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mizukzu6di2t...

CVE-2026-3622

The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition. This...

CVE-2026-33537

Lychee is a free, open-source photo-management tool. The patch introduced for GHSA-cpgw-wgf3-xc6v SSRF via Photo::fromUrl contains an incomplete IP validation check that fails to block loopback addresses and link-local addresses. Prior to version 7.5.1, an authenticated user can still reach...

GHSA-CPGW-WGF3-XC6V

creationtimestamp| type| source ---|---|--- 2026-03-26 21:03:16+00:00| seen| https://bsky.app/profile/euvd-bot.bsky.social/post/3mhyivdkgzk2t...

CVE-2026-33153

creationtimestamp| type| source ---|---|--- 2026-03-26 20:39:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhyhkiv4tf23 2026-03-26 21:36:40+00:00| seen| Telegram/gdbQBvnuOgX0zlyJL9kfjxoCoTp9WBTGn5-zeTA4spKkwcA...