CVE-2026-50083

creationtimestamp| type| source ---|---|--- 2026-06-12 18:07:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo4dg3cyib2f...

CVE-2026-4549

creationtimestamp| type| source ---|---|--- 2026-06-05 05:59:14+00:00| seen| https://bsky.app/profile/blackhatnews.tokyo/post/3mnjhi4skj32s...

EUVD-2026-34265

A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was accepted from user-controlled named request parameters. This allowed an authenticated user to override the server-defined ordering of over-correlating values. Depending on how the value wa...

CVE-2026-10863

CVE-2026-10863 affects the correlations over-correlation endpoint in the application, specifically the overCorrelations() function in app/Controller/CorrelationsController.php. The vulnerability arises from accepting an order parameter from user-controlled named request parameters, which could al...

CVE-2026-4125

creationtimestamp| type| source ---|---|--- 2026-04-25 22:33:05+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mke3vkobu22i...

Cross-site Scripting (XSS)

Overview @holoviz/panel is a The powerful data exploration & web app framework for Python. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the formatError function in panel/models/util.ts due to using String.replace without the global flag when escaping HTML...

CVE-2026-33492

creationtimestamp| type| source ---|---|--- 2026-03-23 16:47:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhqj6vlq2q2p 2026-03-25 04:00:14+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mhu7b2y2nh27...

CVE-2026-32232

creationtimestamp| type| source ---|---|--- 2026-03-11 17:24:36+00:00| published-proof-of-concept| https://github.com/qhkm/zeptoclaw/security/advisories/GHSA-2m67-cxxq-c3h8 2026-03-12 21:35:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgve5dqzr72u...

CVE-2026-25924

creationtimestamp| type| source ---|---|--- 2026-02-12 07:17:12+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3menh5jled224...

CVE-2025-67125

A signed integer overflow in docopt.cpp v0.6.2 LeafPattern::match in docoptprivate.h when merging occurrence counters e.g., default LONGMAX + first user "-v/--verbose" can cause counter wrap negative/unbounded semantics and lead to logic/policy bypass in applications that rely on occurrence-based...

UBUNTU-CVE-2025-67125

A signed integer overflow in docopt.cpp v0.6.2 LeafPattern::match in docoptprivate.h when merging occurrence counters e.g., default LONGMAX + first user "-v/--verbose" can cause counter wrap negative/unbounded semantics and lead to logic/policy bypass in applications that rely on occurrence-based...

CVE-2025-67125

A signed integer overflow in docopt.cpp v0.6.2 LeafPattern::match in docoptprivate.h when merging occurrence counters e.g., default LONGMAX + first user "-v/--verbose" can cause counter wrap negative/unbounded semantics and lead to logic/policy bypass in applications that rely on occurrence-based...

CVE-2025-67125

A signed integer overflow in docopt.cpp v0.6.2 LeafPattern::match in docoptprivate.h when merging occurrence counters e.g., default LONGMAX + first user "-v/--verbose" can cause counter wrap negative/unbounded semantics and lead to logic/policy bypass in applications that rely on occurrence-based...

EUVD-2026-4094

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Depot depot allows PHP Local File Inclusion.This issue affects Depot: from n/a through = 1.16...

CVE-2026-23724 WeGIA Stored Cross-Site Scripting (XSS) – atendido_idatendido Parameter on Occurrence Registration Page

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting XSS vulnerability was identified in the html/atendido/cadastroocorrencia.php endpoint of the WeGIA application. The application does not sanitize user-controlled data before rendering it inside the...

CVE-2026-23724

CVE-2026-23724 affects the WeGIA web manager. A Stored Cross‑Site Scripting (XSS) vulnerability exists in the html/atendido/cadastro_ocorrencia.php endpoint where user-controlled data is rendered in the “Atendido” dropdown without sanitization. This could allow injection in Attendido_idatendido f...

CVE-2026-23724 WeGIA Stored Cross-Site Scripting (XSS) – atendido_idatendido Parameter on Occurrence Registration Page

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting XSS vulnerability was identified in the html/atendido/cadastroocorrencia.php endpoint of the WeGIA application. The application does not sanitize user-controlled data before rendering it inside the...

EUVD-2026-2960

The Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clearOrderLogs function in all versions up to, and including, 5.1.2. This makes it possible for unauthenticated...

CVE-2021-47798

creationtimestamp| type| source ---|---|--- 2026-01-16 02:27:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mcj2fdpcvf2r...

GHSA-H4WG-473G-P5WC

creationtimestamp| type| source ---|---|--- 2026-01-07 19:09:24+00:00| seen| Telegram/og43KH01Plc8Iyz0Ogz7cm1eiVq8-Qgmh5W6-3KZk71D79o...