6094 matches found
CVE-2026-42180
Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy allows an authenticated low-privileged user to create a link post through POST /api/v3/post. When a post is created in a public community, the backend asynchronously sends a Webmention to the attacker-controll...
CVE-2026-41584
creationtimestamp| type| source ---|---|--- 2026-05-08 18:50:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlefivlihl2r 2026-05-08 19:04:00+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlegbnfjvt26...
CVE-2026-41583
creationtimestamp| type| source ---|---|--- 2026-05-08 18:30:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mleef5vlvz2h 2026-05-08 19:00:28+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mleg3c5no72q...
CVE-2026-6213
creationtimestamp| type| source ---|---|--- 2026-05-08 10:30:30+00:00| seen| https://infosec.exchange/users/offseq/statuses/116538489534406589 2026-05-08 10:30:32+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mldjlhz44r2o 2026-05-08 10:55:38+00:00| seen|...
CVE-2025-0305
creationtimestamp| type| source ---|---|--- 2026-05-08 07:32:00+00:00| seen| https://bsky.app/profile/dusk-services.bsky.social/post/3mld7mb7uwa2u 2026-05-08 07:32:00+00:00| seen| https://bsky.app/profile/dusk-services.bsky.social/post/3mld7madfxm2a 2026-05-08 07:32:01+00:00| seen|...
Lemmy 代码问题漏洞
Lemmy is open-source software developed by Lemmy, used for building social news aggregators and web forums. Versions of Lemmy prior to 0.19.18 had code vulnerabilities. These vulnerabilities stemmed from the lack of mechanisms to reject loops, private links, or link-local targets when creating li...
PT-2026-39216
Name of the Vulnerable Software and Affected Versions Postiz versions 2.21.6 through 2.21.6 Description Authenticated users with post creation privileges can store arbitrary HTML within post content by tampering with their save request. This content is then rendered on the main application origin...
CVE-2026-33823
creationtimestamp| type| source ---|---|--- 2026-05-07 23:06:26+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlcdea5keo2z 2026-05-07 23:06:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlcdej3df22k 2026-05-08 22:37:07+00:00| seen|...
CVE-2026-42826
creationtimestamp| type| source ---|---|--- 2026-05-07 23:00:33+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlcczpg3qd2g 2026-05-07 23:45:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlcfks2gmw2k 2026-05-08 03:00:28+00:00| seen|...
CVE-2026-37709
creationtimestamp| type| source ---|---|--- 2026-05-07 18:21:01+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlbtfu4yqo2f 2026-05-07 19:48:26+00:00| seen| https://bsky.app/profile/cybercod.bsky.social/post/3mlbyc6onl724 2026-05-07 23:14:42+00:00| seen|...
CVE-2026-41505
creationtimestamp| type| source ---|---|--- 2026-05-07 17:06:31+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlbpamyqrv2t 2026-05-07 17:42:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlbrbkzfot2h...
Massive AI investment scam network spans 15,500 domains
Researchers tracked a large AI‑themed investment scam campaign involving more than 15,000 domains. It uses cloaking and deepfakes to hide from security tools while targeting ordinary users. Criminals abused the Keitaro ad-tracking platform as part of a cloaking system so real victims see scam...
CVE-2024-43384
creationtimestamp| type| source ---|---|--- 2026-05-07 11:08:54+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mlb3b6c5zk2f 2026-05-07 11:20:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlb3vemulc2e...
CVE-2026-41139
creationtimestamp| type| source ---|---|--- 2026-05-07 08:24:42+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mlas3kpzvu2w 2026-05-07 09:57:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlaxbusqcm2q 2026-05-08 00:00:06+00:00| seen|...
CVE-2026-5786
creationtimestamp| type| source ---|---|--- 2026-05-07 07:54:45+00:00| seen| https://ccb.belgium.be/advisories/warning-authenticated-remote-code-execution-vulnerability-ivanti-epmm-exploited-patch 2026-05-07 08:14:00+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus-2026-12...
SUSE-SU-2026:1740-1 Security update for python-Django
This update for python-Django fixes the following issues - CVE-2026-3902: headers spoofing by exploiting an ambiguous mapping of two header variants in ASGIRequest requests bsc1261729. - CVE-2026-4277: permissions on inline model instances were not validated on submission of forged POST data in...
Lemmy may expose private community data through community, saved, liked, and modlog API views
NOTE: Only affects development version. Summary Lemmy applies private-community checks in PostView and CommentView, but several adjacent API views skip the accepted-follower filter. Bob, a registered user who is not an accepted follower, can read private community sidebar and summary fields. Alic...
GHSA-95Q8-X6R6-672M Lemmy may expose private community data through community, saved, liked, and modlog API views
NOTE: Only affects development version. Summary Lemmy applies private-community checks in PostView and CommentView, but several adjacent API views skip the accepted-follower filter. Bob, a registered user who is not an accepted follower, can read private community sidebar and summary fields. Alic...
CVE-2026-43581
creationtimestamp| type| source ---|---|--- 2026-05-06 20:45:42+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3ml7kzncyfq2z 2026-05-06 21:34:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml7nqjn5bp2t 2026-05-07 16:07:09+00:00| seen|...
CVE-2026-43580
creationtimestamp| type| source ---|---|--- 2026-05-06 20:45:27+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3ml7kz6t5qe2n 2026-05-06 21:38:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml7nx6b5ai2n...