CVE-2026-3841

CVE-2026-3841 describes a command-injection vulnerability in the Telnet CLI of TP-Link TL-MR6400 (v5.3). The issue arises from insufficient sanitization of data during specific CLI operations. An authenticated attacker with elevated privileges can execute arbitrary system commands, potentially co...

CVE-2019-25524

creationtimestamp| type| source ---|---|--- 2026-03-12 17:24:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mguw5qjbgv2e 2026-03-23 16:40:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mhqis2y5ag2s...

CVE-2019-25532

creationtimestamp| type| source ---|---|--- 2026-03-12 17:20:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mguvwqr3kc2u...

CVE-2026-30958

creationtimestamp| type| source ---|---|--- 2026-03-12 17:20:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mguvvhi2ok2r...

CVE-2019-25441

creationtimestamp| type| source ---|---|--- 2026-03-12 17:00:15+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mguurupnqv2e...

EUVD-2026-11669

ZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlink...

Authorization Bypass Through User-Controlled Key

Overview @withstudiocms/effect is an Effect-TS Utilities for Astro Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the create-reset-link process. An attacker can gain unauthorized access to higher-privileged accounts by generating a password...

Authorization Bypass Through User-Controlled Key

Overview @studiocms/s3-storage is an Add S3 Storage Support into your StudioCMS project. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the create-reset-link process. An attacker can gain unauthorized access to higher-privileged accounts by...

Authorization Bypass Through User-Controlled Key

Overview @withstudiocms/api-spec is an API Specification for StudioCMS Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the create-reset-link process. An attacker can gain unauthorized access to higher-privileged accounts by generating a...

Authorization Bypass Through User-Controlled Key

Overview studiocms is an A Community-Driven Astro native CMS. Built from the ground up by the Astro community. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the create-reset-link process. An attacker can gain unauthorized access to...

GHSA-H7VR-CG25-JF8C StudioCMS: IDOR — Admin-to-Owner Account Takeover via Password Reset Link Generation

Summary The POST /studiocmsapi/dashboard/create-reset-link endpoint allows any authenticated user with admin privileges to generate a password reset token for any other user, including the owner account. The handler verifies that the caller is an admin but does not enforce role hierarchy, nor doe...

Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html`

If an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note that it is intended behavior that the JavaScript would...

GHSA-RCP6-88MM-9VGF Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html`

If an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note that it is intended behavior that the JavaScript would...

CVE-2026-1732

creationtimestamp| type| source ---|---|--- 2026-03-12 14:15:25+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mgull4qogo2n 2026-03-12 16:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities20260313...

CVE-2025-12576

creationtimestamp| type| source ---|---|--- 2026-03-12 14:15:24+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mgull4qogo2n 2026-03-12 16:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities20260313...

CVE-2026-21666

creationtimestamp| type| source ---|---|--- 2026-03-12 14:10:21+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mgulc3hpkk2q 2026-03-12 15:57:02+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mguratg65t24 2026-03-12 15:57:05+00:00| seen|...

CVE-2026-21672

creationtimestamp| type| source ---|---|--- 2026-03-12 14:10:21+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mgulc3hpkk2q 2026-03-12 17:18:01+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mguvrnojls2h 2026-03-13 10:26:51+00:00| seen|...

CVE-2026-2513

A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session...

CVE-2026-2513 Possibility of unintended actions when an administrator clicks a malicious link in the Progress Flowmon ADS web application

A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session...

CVE-2026-2513 Possibility of unintended actions when an administrator clicks a malicious link in the Progress Flowmon ADS web application

A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session...