PT-2026-49614

CVE ID :CVE-2026-54292 Published : June 15, 2026, 6:33 p.m. | 1 hour, 17 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2026-49616

CVE ID :CVE-2026-54295 Published : June 15, 2026, 6:32 p.m. | 1 hour, 18 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2026-49617

CVE ID :CVE-2026-54296 Published : June 15, 2026, 6:31 p.m. | 1 hour, 19 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE-2026-34692

creationtimestamp| type| source ---|---|--- 2026-06-12 00:03:29+00:00| seen| https://bsky.app/profile/experiencedigest.bsky.social/post/3mo2guhgkry2y...

PT-2026-48486

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS affected versions not specified Description A memory corruption issue occurs during the processing of tunnel traffic. An authenticated user can trigger system reboots by sending a maliciously crafted packet. If these...

EUVD-2026-35309

The ePaperFlip Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'publicationid' attribute of the epaperflipembed shortcode in all versions up to, and including, 1. This is due to insufficient input sanitization and output escaping on the shortcode attribute whic...

JLSEC-2026-608

SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18...

MAL-2026-5278 Malicious code in spateo-release (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 21400e8510d0663de6c3a4454fe99d9200cb83ae8d1ecdc137c99f3668da4293 Versions 1.1.2 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...

CVE-2026-6638

SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18...

CVE-2026-35400

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, an endpoint in the publication module was incorrectly trusting the baseURL submitted by a user's PO...

CVE-2026-48866

creationtimestamp| type| source ---|---|--- 2026-06-05 14:00:07+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/87442...

CVE-2026-35906

creationtimestamp| type| source ---|---|--- 2026-06-03 17:00:04+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/87170 2026-06-03 21:00:04+00:00| seen| Telegram/kE9cLUPBGVlQM0eKet2aE5O-03aGK7deKtr42pLnxraAufk...

CVE-2025-15656

creationtimestamp| type| source ---|---|--- 2026-06-03 11:24:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mneyq3vs6v2v 2026-06-04 02:00:39+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mngjolkpeg25...

PT-2026-48942

A method within the exploration crate attempted to download and execute a payload from a remote site. The malicious crate had 1 version published on 2026-06-02, approximately 1 hour before removal, and had no evidence of actual usage. This crate had no dependencies on crates.io. Thanks to Kirill...

Malicious Package

Overview nottuff24 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

Malicious Package

Overview imillegal1 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisi...

CVE-2026-20982

creationtimestamp| type| source ---|---|--- 2026-06-01 18:00:04+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/86872...

CVE-2026-10249

creationtimestamp| type| source ---|---|--- 2026-06-01 13:25:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mna6kqr6zb2p...

Advisory ROSA-SA-2026-3311

Component: avahi 0.8 OS: ROSA-CHROME Unaffected versions: = avahi-0.8-12.git35bb1b.11 Affected versions: avahi-0.8-12.git35bb1b.11 CVE-ID: CVE-2026-34933 BDU-ID: None CVE-Crit: Medium CVE-DESC.: The vulnerability in Avahi allows an unprivileged local user to cause an emergency termination of...

CodexBar 安全漏洞

CodexBar is an AI programming service usage monitoring tool developed by Peter Steinberger. Versions of CodexBar prior to 0.32.0 contained security vulnerabilities. These vulnerabilities stemmed from the handling of insecure temporary files during the publication of workflows, which could allow...