22209 matches found
CVE-2026-15628
creationtimestamp| type| source ---|---|--- 2026-07-14 05:52:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqljbsldb52l...
CVE-2026-61500
Rejetto HFS 3.0.0 through 3.2.0 derives its session-cookie signing key from the non-cryptographic Math.random generator and discloses outputs of the same generator to unauthenticated clients during login. A remote attacker can collect a small number of login responses, reconstruct the generator's...
CVE-2026-12275
creationtimestamp| type| source ---|---|--- 2026-07-13 07:43:13+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqj6z3gyqz22 2026-07-14 00:00:15+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mqkvm5egav2z 2026-07-14 03:16:08+00:00| seen|...
EUVD-2026-43238
A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function rewardPurchase of the file /ipn.php of the component PayPal IPN Payment Handler. The manipulation of the argument itemnumber results in sql injection. The attack may be performed from remote. The vendor was contacte...
CVE-2026-15502 AojiaoZero Antaris PayPal IPN Payment ipn.php _rewardPurchase sql injection
A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function rewardPurchase of the file /ipn.php of the component PayPal IPN Payment Handler. The manipulation of the argument itemnumber results in sql injection. The attack may be performed from remote. The vendor was contacte...
CVE-2026-9017
creationtimestamp| type| source ---|---|--- 2026-07-11 07:32:53+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqe5ir7roy2w 2026-07-11 07:47:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqe6cypq4a2t...
CVE-2026-53653
creationtimestamp| type| source ---|---|--- 2026-07-10 18:20:38+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mqcra4ilol2c 2026-07-10 22:51:15+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdadyx4fk27 2026-07-10 23:35:17+00:00| seen|...
Malicious code in stella-ai-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936d3c8bc6611b58f5321ba5aab651bb3d2db821d172816283ca04633be00863 The stella CLI shipped in bin/stella.js prompts users for their phone number and the WhatsApp verification code and POSTs both to a hardcoded bare-IP...
MAL-2026-10133 Malicious code in stella-ai-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936d3c8bc6611b58f5321ba5aab651bb3d2db821d172816283ca04633be00863 The stella CLI shipped in bin/stella.js prompts users for their phone number and the WhatsApp verification code and POSTs both to a hardcoded bare-IP...
CVE-2026-38059
The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID DID, Terminal Private Key identifier TPK, MAC address, and exact firmwa...
EUVD-2026-42908
The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID DID, Terminal Private Key identifier TPK, MAC address, and exact firmwa...
CVE-2026-38059
The CVE-2026-38059 entry concerns iDirect iQ200 devices where the /api/identity and /api/ REST endpoints are exposed without authentication. An unauthenticated attacker with network access can retrieve sensitive device data including serial number, Device ID (DID), Terminal Private Key (TPK) iden...
CVE-2026-13347
creationtimestamp| type| source ---|---|--- 2026-07-10 11:16:00+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqbzis5yut2y 2026-07-10 12:15:24+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-13347 2026-07-12 18:01:08+00:00| seen|...
CVE-2026-28564
creationtimestamp| type| source ---|---|--- 2026-07-10 10:58:20+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqbyj7nlat2y 2026-07-10 12:15:27+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-28564 2026-07-10 13:10:06+00:00| seen|...
CVE-2026-15300
creationtimestamp| type| source ---|---|--- 2026-07-10 05:18:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqbfirxvof2v 2026-07-10 06:00:26+00:00| seen| https://infosec.exchange/users/offseq/statuses/116894153133982870 2026-07-10 06:00:28+00:00| seen|...
CVE-2026-9028
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-14245
creationtimestamp| type| source ---|---|--- 2026-07-09 09:00:27+00:00| seen| https://infosec.exchange/users/offseq/statuses/116889198686002131 2026-07-09 09:00:30+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mq7bhkabxp24 2026-07-09 22:30:57+00:00| seen|...
EUVD-2026-42509
The WP DSGVO Tools GDPR WordPress plugin before 3.1.40 does not perform an authorization check on the immediate-processing path of its data subject access request feature, allowing unauthenticated attackers to generate and download the full personal-data export including name, postal address, pho...
CVE-2026-11903
creationtimestamp| type| source ---|---|--- 2026-07-08 17:37:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq5nvsx5n62g 2026-07-08 20:15:14+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/progress-security-advisory-av26-678 2026-07-09 11:30:31+00:00| seen|...
CVE-2026-13020
creationtimestamp| type| source ---|---|--- 2026-07-07 19:25:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq3dhu46ku2f 2026-07-09 15:02:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mq7vo4wlz32b...