63178 matches found
CVE-2026-45533
creationtimestamp| type| source ---|---|--- 2026-07-16 00:48:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqpzaxejrl2h...
CVE-2026-50289
creationtimestamp| type| source ---|---|--- 2026-07-16 00:10:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqpx3jzg5o2p 2026-07-16 00:35:08+00:00| published-proof-of-concept| https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-5xpp-75jx-m839...
CVE-2026-54466
creationtimestamp| type| source ---|---|--- 2026-07-16 00:08:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqpwxxsieh2w 2026-07-17 23:45:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mquwndmen52g...
PT-2026-60569
WireGuard Easy through 15.3.0, fixed in commit 66b292b, contains a cryptographically weak one-time link token generation vulnerability that allows unauthenticated network attackers to recover WireGuard peer credentials by brute-forcing a keyspace of at most 1000 candidate tokens per client ID, as...
Linux Distros Unpatched Vulnerability : CVE-2026-50526
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper link resolution before file access 'link following' in .NET allows an authorized attacker to perform tampering locally. CVE-2026-50526 Note that Nessus...
Python Library yt-dlp < 2026.7.4 Command Injection
The detected version of the yt-dlp Python package is prior to 2026.7.4. It is, therefore, affected by a command injection vulnerability. yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-link, --write-url-link, and --write-desktop-link options can writ...
CVE-2026-40954
creationtimestamp| type| source ---|---|--- 2026-07-15 22:00:34+00:00| seen| https://bsky.app/profile/euvd-bot.bsky.social/post/3mqpptyijcs2m...
CVE-2026-33443
creationtimestamp| type| source ---|---|--- 2026-07-15 22:00:27+00:00| seen| https://bsky.app/profile/euvd-bot.bsky.social/post/3mqpptrjhnh2e...
CVE-2026-33445
creationtimestamp| type| source ---|---|--- 2026-07-15 22:00:24+00:00| seen| https://bsky.app/profile/euvd-bot.bsky.social/post/3mqpptodexj2v 2026-07-16 00:08:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqpwzgq2ev2u 2026-07-17 09:37:07+00:00| seen|...
CVE-2026-52870
creationtimestamp| type| source ---|---|--- 2026-07-15 21:00:25+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mqpmifoxio25...
CVE-2026-40952
creationtimestamp| type| source ---|---|--- 2026-07-15 21:00:14+00:00| seen| https://bsky.app/profile/euvd-bot.bsky.social/post/3mqpmi4bypn2i...
CVE-2026-12997
creationtimestamp| type| source ---|---|--- 2026-07-15 20:57:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqpmceqwmg2m 2026-07-16 06:01:01+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mqqkp3t52c2u...
CVE-2026-46684
creationtimestamp| type| source ---|---|--- 2026-07-15 20:48:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqplsfbiqb2l 2026-07-16 00:24:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqpxv6enic2a 2026-07-18 04:16:04+00:00| seen|...
CVE-2026-62350
creationtimestamp| type| source ---|---|--- 2026-07-15 20:40:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqplfhvrnj2i...
CVE-2026-45738 Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege escalation
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to 3.2.12, 3.3.10, and 3.4.2, Argo CD users with application write access can set link.argocd.argoproj.io/ annotations whose pipe-separated values are rendered by...
CVE-2026-45738
CVE-2026-45738 : Argo CD contains a Stored XSS in link.argocd.argoproj.io/* annotations that can be rendered as anchor href values in the Summary tab, enabling javascript: execution for a higher-privileged user in the origin session when there is application write access. This is fixed in Argo CD...
CVE-2026-45738 Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege escalation
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to 3.2.12, 3.3.10, and 3.4.2, Argo CD users with application write access can set link.argocd.argoproj.io/ annotations whose pipe-separated values are rendered by...
CVE-2026-50552
creationtimestamp| type| source ---|---|--- 2026-07-15 19:31:25+00:00| seen| https://gist.github.com/alon710/0bc2e259381309bd98ca630012fce3cb 2026-07-15 20:35:05+00:00| published-proof-of-concept| https://github.com/koel/koel/security/advisories/GHSA-jr4p-4xjh-fwvw...
CVE-2026-12997
Summary of CVE-2026-12997 : The Gravity Forms plugin for WordPress is vulnerable to a Directory Traversal flaw in all versions up to and including 2.10.4, exploitable via the gform_uploaded_files parameter. An unauthenticated attacker can read arbitrary server files containing sensitive informati...
EUVD-2026-44760
Dashy is a self-hostable personal dashboard. From 1.9.4 until 3.2.0, the Dashy RSS Widget in src/components/Widgets/RssFeed.vue does not sanitize RSS item link values before rendering feed item titles and Read More links as anchor href attributes, allowing an attacker-controlled feed to provide a...