1360 matches found
CVE-2026-34413
creationtimestamp| type| source ---|---|--- 2026-04-22 20:02:05+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mk4c2qqza22k 2026-04-22 21:20:52+00:00| seen| Telegram/cbjF4apLmtnn3LGsfm2VGkmWkt4o1cHj2IZCQ7x38CS5FMw 2026-04-22 21:48:07+00:00| seen|...
EUVD-2026-25058
Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, network-libp2p discovery uses a libp2p ConnectionHandler state machine. the handler assumes there is at most one inbound and one outbound discovery substream per connection. if a remote peer...
CVE-2026-40871
mailcow: dockerized is an open source groupware/email suite based on docker. Versions prior to 2026-03b have a second-order SQL injection vulnerability in the quarantinecategory field via the Mailcow API. The /api/v1/add/mailbox endpoint stores quarantinecategory without validation or sanitizatio...
CVE-2026-40871 mailcow: dockerized vulnerable to Second Order SQL Injection in quarantine category via API
mailcow: dockerized is an open source groupware/email suite based on docker. Versions prior to 2026-03b have a second-order SQL injection vulnerability in the quarantinecategory field via the Mailcow API. The /api/v1/add/mailbox endpoint stores quarantinecategory without validation or sanitizatio...
CVE-2026-40871 mailcow: dockerized vulnerable to Second Order SQL Injection in quarantine category via API
mailcow: dockerized is an open source groupware/email suite based on docker. Versions prior to 2026-03b have a second-order SQL injection vulnerability in the quarantinecategory field via the Mailcow API. The /api/v1/add/mailbox endpoint stores quarantinecategory without validation or sanitizatio...
CVE-2026-40871
CVE-2026-40871 affects the mailcow: dockerized project. Versions prior to 2026-03b are vulnerable to a second-order SQL injection in the quarantine_category field exposed via the Mailcow API, specifically at the /api/v1/add/mailbox endpoint. The input is stored without validation and later used b...
EUVD-2026-24253
mailcow: dockerized is an open source groupware/email suite based on docker. Versions prior to 2026-03b have a second-order SQL injection vulnerability in the quarantinecategory field via the Mailcow API. The /api/v1/add/mailbox endpoint stores quarantinecategory without validation or sanitizatio...
SQLi
SQL Injection: An Elite Bug Bounty Hunter's Field Manual SQL...
mailcow: dockerized 安全漏洞
mailcow: dockerized is a Dockerized version of the mailcow open-source application. Versions before 2026-03b of mailcow have security vulnerabilities; these vulnerabilities stem from a second-level SQL injection in the quarantinecategory field, which may allow arbitrary SQL executions and the...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011239)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011239 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix potential panic dues to unprotected smcllcsrvaddlink There is a certain chance to...
Exploit for CVE-2025-68999
CVE-2025-68999 Happy Addons for Elementor = 3.20.4 —...
OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets
Summary CDP /json/version WebSocket URL could pivot to untrusted second-hop targets. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.5 Impact A browser profile could trust a CDP /json/version response whose webSocketDebuggerUrl pointed at a differen...
GHSA-F7FH-QG34-X2XH OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets
Summary CDP /json/version WebSocket URL could pivot to untrusted second-hop targets. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.5 Impact A browser profile could trust a CDP /json/version response whose webSocketDebuggerUrl pointed at a differen...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007407)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007407 advisory. In the Linux kernel, the following vulnerability has been resolved: media: imon: fix access to invalid resource for the second interface imon driver probes two USB...
13.5M Device Botnet Drives 2 Tbps DDoS Attacks on FinTech, Qrator Finds
A new Qrator Labs report reveals that the largest DDoS botnet has grown to 13.5 million devices, and…...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication in the OIDC login process when the EmailFallback mechanism is enabled. An attacker can gain unauthorized access to accounts protected by TOTP by authenticating to the OIDC provider with a matching email address,...
PT-2026-31950
Summary The addRepeatIntervalToTime function uses an On loop that advances a date by the task's RepeatAfter duration until it exceeds the current time. By creating a repeating task with a 1-second interval and a due date far in the past, an attacker triggers billions of loop iterations, consuming...
CVE-2026-33266
creationtimestamp| type| source ---|---|--- 2026-04-09 15:03:13+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mj33cf7s6b2p 2026-04-10 21:23:28+00:00| seen| Telegram/OQKBgo-nZL6sXwBX9bmjZlSNqFSsDAVUFOIG0ZNThQ0ug 2026-04-12 11:59:55+00:00| seen|...
EUVD-2025-209287
The Semtech LR11xx LoRa transceivers implement secure boot functionality using digital signatures to authenticate firmware. However, the implementation uses a non-standard cryptographic hashing algorithm that is vulnerable to second preimage attacks. An attacker with physical access to the device...
CVE-2025-14859
The Semtech LR11xx LoRa transceivers implement secure boot functionality using digital signatures to authenticate firmware. However, the implementation uses a non-standard cryptographic hashing algorithm that is vulnerable to second preimage attacks. An attacker with physical access to the device...