CVE-2026-56111

creationtimestamp| type| source ---|---|--- 2026-06-24 17:02:36+00:00| seen| https://bsky.app/profile/securitycyberuk.bsky.social/post/3mp2ffu2mqq2o 2026-06-24 18:00:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp2imyrtgz2d...

Ruby on Rails - Open Redirect via Host Header Injection

Ruby on Rails action pack before 6.1.2.1, 6.0.3.5 contains an open redirect caused by special crafted Host headers in combination with allowed host formats, letting attackers redirect users to malicious websites, exploit requires attacker to control Host headers. id: CVE-2021-22881 info: name: Ru...

CVE-2026-27604 FOSSBilling: Improper API Role Validation (system) Enables Unauthenticated Access to Privileged Admin Functions

FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged /api/system/ endpoints. Because system resolves to the cron admin identity,...

Malicious code in new-ecro-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0826d146dbc513ac14f403eaa9ba65dffbd04da52c55ff1840ad153dab96e87 The package publishes verbatim big.js v7.0.1 source including the upstream copyright header, README, repository URL pointing to MikeMcl/big.js, and t...

Malicious code in vitest-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27abcc7f2373309feb253b0cc48b1a8bae7c54a3c43aed0c57add697f4067aba Package name vitest-cli impersonates the official Vitest project while declaring empty author, homepage, repository, and bugs metadata. The...

CVE-2026-6645

creationtimestamp| type| source ---|---|--- 2026-06-22 04:30:29+00:00| seen| https://infosec.exchange/users/offseq/statuses/116791877623901189 2026-06-22 04:30:31+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mou2gzwtck2t 2026-06-22 04:37:44+00:00| seen|...

CVE-2026-12784

creationtimestamp| type| source ---|---|--- 2026-06-21 07:30:27+00:00| seen| https://infosec.exchange/users/offseq/statuses/116786923158989964 2026-06-21 07:30:28+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mortzyyqfs2t 2026-06-21 08:07:01+00:00| seen|...

CVE-2019-25762

creationtimestamp| type| source ---|---|--- 2026-06-19 19:54:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moo4oi4v5b2i...

Security Bulletin: Aspera Applications are affected by an OpenSSL vulnerability (CVE-2016-8610)

Question Security Bulletin: Aspera Applications are affected by an OpenSSL vulnerability CVE-2016-8610 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"Al...

CVE-2024-35648

creationtimestamp| type| source ---|---|--- 2026-06-17 15:02:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moilgnykmn2b...

MAL-2026-5949 Malicious code in @mastra/fastify (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e3fd453d8d4b3cf403d6d1445b295c8de0462a463c857388fb6c800c7c897cd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2026-53776

creationtimestamp| type| source ---|---|--- 2026-06-16 17:21:17+00:00| seen| https://bsky.app/profile/securitycyberuk.bsky.social/post/3mogcpum37t2k 2026-06-16 17:58:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mogert55pv2f 2026-06-16 18:00:45+00:00| seen|...

CVE-2026-48114

creationtimestamp| type| source ---|---|--- 2026-06-15 20:08:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moe3lahrka2v...

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage , OptinMonster , and TrustPulse , turning those files into a way to break into the sites. When a site administrator was logged in as the file loaded, the code created an admin account under the attacker'...

CVE-2026-50889

creationtimestamp| type| source ---|---|--- 2026-06-13 12:46:02+00:00| seen| https://gist.github.com/pyuysig/41937c47514ff63d66a3be98ab8e8a7d...

CVE-2026-50869

creationtimestamp| type| source ---|---|--- 2026-06-13 12:45:34+00:00| seen| https://gist.github.com/pyuysig/95931ed2140f3bd85dc67057dd23a47f...

CVE-2026-9638

creationtimestamp| type| source ---|---|--- 2026-06-12 15:58:30+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mo44a67sb42j 2026-06-12 18:29:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo4enoz4jo22...

CVE-2026-49261

creationtimestamp| type| source ---|---|--- 2026-06-11 19:00:37+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnzvwulfix24 2026-06-17 16:07:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3moip27mboh2e 2026-06-17 21:02:33+00:00| seen|...

CVE-2026-9648

creationtimestamp| type| source ---|---|--- 2026-06-11 16:53:27+00:00| seen| https://bsky.app/profile/drweb2.bsky.social/post/3mnzotj3lap23 2026-06-11 17:44:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnzro3zxu52w...

EUVD-2026-36251

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...