Bad Bot Report 2026: The Internet Is No Longer Human and It’s Changing How Business Works

For decades, companies have operated on a simple assumption that most internet traffic came from people. That assumption no longer holds. The latest 2026 Bad Bot Report: Bad Bots in the Agentic Age reinforces a shift that is now impossible to ignore. Automated traffic continues to outpace human...

CVE-2026-42249

creationtimestamp| type| source ---|---|--- 2026-04-29 03:55:00+00:00| seen| https://cert.pl/en/posts/2026/04/CVE-2026-42248 2026-04-29 15:16:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mknfdxk62b2n 2026-05-10 11:02:26+00:00| seen|...

GHSA-75XC-FV5M-PPRR vulnerabilities

Vulnerabilities for packages: firefox-esr...

OSV-2026-646 Heap-buffer-overflow in sentencepiece::unigram::Model::EncodeOptimized

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=507169860 Crash type: Heap-buffer-overflow READ 8 Crash state: sentencepiece::unigram::Model::EncodeOptimized sentencepiece::unigram::Model::Encode sentencepiece::SentencePieceProcessor::Encode...

PT-2026-36019

Name of the Vulnerable Software and Affected Versions Algovate xhs-mcp version 0.8.11 Description An issue exists in the MCP Interface component within the xhs publish content function of the src/server/mcp.server.ts file. A remote attacker can perform server-side request forgery SSRF—a flaw that...

FreeBSD : Mozilla -- Invalid pointer (671af4b2-4305-11f1-a627-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 671af4b2-4305-11f1-a627-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=2013588 reports: Invalid pointer in the JavaScript:...

Fedora 44 : emacs (2026-ea9adf4496)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-ea9adf4496 advisory. Recent KDEs default to Wayland, so Suggest PGTK build there. ---- libpixbufloader-xpm.so no-longer required with recent Glycin. Tenable has extracted the...

PT-2026-36023

A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzz domain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launche...

PT-2026-36005

A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function list rules/fetch rule of the file src/gel mcp/server.py. The manipulation of the argument rule name results in path traversal. The attack may be performed from remote. The exploit has been released to the publ...

CVE-2026-7318

A vulnerability was detected in elie mcp-project 0.1.0. The affected element is the function searchpapers of the file researchserver.py. The manipulation of the argument topic results in path traversal. Attacking locally is a requirement. The exploit is now public and may be used. The project was...

Malicious Package

Overview terminal-prettier is a malicious package. This package contains malicious code, and its content was not yet removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

CVE-2026-7318

A vulnerability was detected in elie mcp-project 0.1.0. The affected element is the function searchpapers of the file researchserver.py. The manipulation of the argument topic results in path traversal. Attacking locally is a requirement. The exploit is now public and may be used. The project was...

CVE-2026-7339

creationtimestamp| type| source ---|---|--- 2026-04-28 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260429 2026-05-03 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/microsoft-edge-multiple-vulnerabilities20260504 2026-05-08...

CVE-2026-7314

The CVE-2026-7314 vulnerability affects eiceblue spire-doc-mcp-server 1.0.0. It targets the function get_doc_path in src/spire_doc_mcp/api/base.py, where manipulating the document_name argument enables path traversal. The issue can be exploited remotely; the public exploit is available, and the p...

CVE-2026-7292

A security vulnerability has been detected in o2oa up to 10.0. This impacts the function syncFile of the file NodeAgent.java of the component NodeAgent. The manipulation leads to improper authorization. The attack can be initiated remotely. The complexity of an attack is rather high. The...

CVE-2026-7291 o2oa URL Fetching FileAction.java FileAction server-side request forgery

A weakness has been identified in o2oa up to 10.0. This affects the function FileAction of the file FileAction.java of the component URL Fetching. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

CVE-2026-42167

creationtimestamp| type| source ---|---|--- 2026-04-28 15:00:17+00:00| seen| Telegram/H01iEvXyQvFt3BKrUWEkrM93zs5xMaOZIzFsw2eb4Vo29b0 2026-04-28 21:00:04+00:00| published-proof-of-concept| Telegram/eS6PVxYAnM0JrA3WVLfUd-acXUZbhqPWuOh5cENwecmTOw 2026-04-29 00:02:19+00:00| seen|...

CVE-2026-7272

A flaw has been found in WilliamCloudQi matlab-mcp-server up to ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca. The affected element is the function generatematlabcode/executematlabcode of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument scriptPath can lead...

EUVD-2026-26050

A flaw has been found in WilliamCloudQi matlab-mcp-server up to ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca. The affected element is the function generatematlabcode/executematlabcode of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument scriptPath can lead...

CVE-2024-54013

Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the...