CVE-2026-47114

creationtimestamp| type| source ---|---|--- 2026-05-21 21:00:53+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmfculcztd2l 2026-06-05 11:01:43+00:00| seen| https://bsky.app/profile/keiwork35.bsky.social/post/3mnjyezeuae22...

FlaskBB: SSRF in get_image_info() via unrestricted avatar URL

Summary A Server-Side Request Forgery SSRF vulnerability in getimageinfo allows any authenticated user to force the server to send HTTP requests to arbitrary internal endpoints, including cloud metadata services e.g., AWS 169.254.169.254. This is a blind SSRF with confirmed internal port scanning...

USN-8294-1: PostgreSQL vulnerabilities

It was discovered that PostgreSQL did not correctly enforce authorization for CREATE TYPE. An attacker could possibly use this issue to execute arbitrary SQL functions. CVE-2026-6472 It was discovered that PostgreSQL incorrectly handled large user input in multiple server features. An attacker...

CVE-2026-48527

creationtimestamp| type| source ---|---|--- 2026-05-21 20:37:15+00:00| published-proof-of-concept| https://github.com/haxtheweb/issues/security/advisories/GHSA-g2g8-95qg-v35h 2026-05-29 15:37:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmyuju2ije22 2026-05-30 23:01:15+00:00|...

Missing Authorization

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Missing Authorization via the AclMiddleware in the request authorization path. An attacker can invite users or enumerate base members by sending userInvite or baseUserList requests from a shared-base session. This...

NPM: NocoDB: Shared-base link access can invite arbitrary users as persistent base members

NPM: NocoDB: Shared-base link access can invite arbitrary users as persistent base members vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...

Allocation of Resources Without Limits or Throttling

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AttachmentsService upload-by-URL path in the attachment handling code. An attacker can exhaust storage or processing resources by providing a remote fil...

CVE-2026-48213

creationtimestamp| type| source ---|---|--- 2026-05-21 19:22:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmf5ebuiop2c...

Exploit for Link Following in Microsoft

🛡️ CVE-2026-41091 - RedSun Microsoft Defender Elevation...

CVE-2026-48235

creationtimestamp| type| source ---|---|--- 2026-05-21 19:00:31+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmf45erzqv2g...

CVE-2026-48243

creationtimestamp| type| source ---|---|--- 2026-05-21 18:55:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmf3u2gu672i...

EUVD-2026-31307

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id and ticketid GET parameters directly into an HTML form action URL. Attackers can...

CVE-2026-9089

creationtimestamp| type| source ---|---|--- 2026-05-21 17:00:47+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmevhbebbr2e...

CVE-2025-13479

creationtimestamp| type| source ---|---|--- 2026-05-21 16:43:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmeuib5uav2n...

CVE-2026-43499

creationtimestamp| type| source ---|---|--- 2026-05-21 15:55:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmerscvff72i...

MAL-2026-4704 Malicious code in veteran-proxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2528c02db9bcb4016a3347fdfae55c037c0462d6c0d29adb4245605424ad31f On npm install, the postinstall hook node install.js downloads a platform-specific binary archive from a hardcoded...

Malicious code in veteran-proxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2528c02db9bcb4016a3347fdfae55c037c0462d6c0d29adb4245605424ad31f On npm install, the postinstall hook node install.js downloads a platform-specific binary archive from a hardcoded...

CVE-2025-71212

A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

CVE-2026-45251

creationtimestamp| type| source ---|---|--- 2026-05-21 13:38:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmek56jpnp2t 2026-06-01 06:06:18+00:00| seen| https://bsky.app/profile/buherator.bsky.social/post/3mn7fz2lxnx2q 2026-06-01 14:11:09+00:00| seen|...

CVE-2026-9157

creationtimestamp| type| source ---|---|--- 2026-05-21 13:33:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmeju7x43d2o...