CVE-2026-12784

creationtimestamp| type| source ---|---|--- 2026-06-21 07:30:27+00:00| seen| https://infosec.exchange/users/offseq/statuses/116786923158989964 2026-06-21 07:30:28+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mortzyyqfs2t 2026-06-21 08:07:01+00:00| seen|...

Ruby on Rails - Open Redirect via Host Header Injection

Ruby on Rails action pack before 6.1.2.1, 6.0.3.5 contains an open redirect caused by special crafted Host headers in combination with allowed host formats, letting attackers redirect users to malicious websites, exploit requires attacker to control Host headers. id: CVE-2021-22881 info: name: Ru...

Security Bulletin: Aspera Applications are affected by an OpenSSL vulnerability (CVE-2016-8610)

Question Security Bulletin: Aspera Applications are affected by an OpenSSL vulnerability CVE-2016-8610 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"Al...

CVE-2024-35648

creationtimestamp| type| source ---|---|--- 2026-06-17 15:02:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moilgnykmn2b...

MAL-2026-5949 Malicious code in @mastra/fastify (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e3fd453d8d4b3cf403d6d1445b295c8de0462a463c857388fb6c800c7c897cd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2026-53776

creationtimestamp| type| source ---|---|--- 2026-06-16 17:21:17+00:00| seen| https://bsky.app/profile/securitycyberuk.bsky.social/post/3mogcpum37t2k 2026-06-16 17:58:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mogert55pv2f 2026-06-16 18:00:45+00:00| seen|...

CVE-2026-48114

creationtimestamp| type| source ---|---|--- 2026-06-15 20:08:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moe3lahrka2v...

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage , OptinMonster , and TrustPulse , turning those files into a way to break into the sites. When a site administrator was logged in as the file loaded, the code created an admin account under the attacker'...

CVE-2026-50889

creationtimestamp| type| source ---|---|--- 2026-06-13 12:46:02+00:00| seen| https://gist.github.com/pyuysig/41937c47514ff63d66a3be98ab8e8a7d...

CVE-2026-50869

creationtimestamp| type| source ---|---|--- 2026-06-13 12:45:34+00:00| seen| https://gist.github.com/pyuysig/95931ed2140f3bd85dc67057dd23a47f...

CVE-2026-9638

creationtimestamp| type| source ---|---|--- 2026-06-12 15:58:30+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mo44a67sb42j 2026-06-12 18:29:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo4enoz4jo22...

CVE-2026-49261

creationtimestamp| type| source ---|---|--- 2026-06-11 19:00:37+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnzvwulfix24 2026-06-17 16:07:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3moip27mboh2e 2026-06-17 21:02:33+00:00| seen|...

CVE-2026-9648

creationtimestamp| type| source ---|---|--- 2026-06-11 16:53:27+00:00| seen| https://bsky.app/profile/drweb2.bsky.social/post/3mnzotj3lap23 2026-06-11 17:44:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnzro3zxu52w...

EUVD-2026-36251

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...

CVE-2026-11859

creationtimestamp| type| source ---|---|--- 2026-06-11 11:39:39+00:00| seen| https://bsky.app/profile/cybersecinsight.bsky.social/post/3mnz5ceuvon23...

Malicious code in sass-formats (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ccda832d10cb642350129278ae1fc341d3be8b8302ddbf9bdcfc15eeeb6eae8 The package name sass-formats is one character-edit away from the popular sass-formatter package and reuses its original author field "author": "Syle...

CVE-2026-53742

creationtimestamp| type| source ---|---|--- 2026-06-10 23:22:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnxu3uqusn2d...

CVE-2026-53475

creationtimestamp| type| source ---|---|--- 2026-06-10 16:33:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnx5aw3rxy2p 2026-06-14 23:16:35+00:00| seen| https://bsky.app/profile/securitycyberuk.bsky.social/post/3mobvneo55v2k 2026-06-16 17:07:36+00:00| seen|...

ServiceNow Discloses Security Incident Exposing Customer Data

ServiceNow applied a security update after an API access issue exposed customer data, with affected firms notified through direct support cases...

CVE-2026-52884

creationtimestamp| type| source ---|---|--- 2026-06-10 11:18:20+00:00| seen| https://bsky.app/profile/hn100.bsky.social/post/3mnwlmv624n2n 2026-06-10 11:19:33+00:00| seen| https://bsky.app/profile/hnws.bsky.social/post/3mnwlpjjr3e22 2026-06-10 11:20:05+00:00| seen|...