CVE-2026-5309

creationtimestamp| type| source ---|---|--- 2026-06-25 05:45:15+00:00| seen| https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities20260625 2026-06-25 06:30:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp3sky7vtu2t 2026-06-25 12:00:27+00:00| seen|...

CVE-2026-3176

creationtimestamp| type| source ---|---|--- 2026-06-25 05:45:12+00:00| seen| https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities20260625 2026-06-25 05:55:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp3qkyscss2i 2026-06-25 12:00:27+00:00| seen|...

CVE-2026-2238

creationtimestamp| type| source ---|---|--- 2026-06-25 05:45:10+00:00| seen| https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities20260625 2026-06-25 06:50:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp3toslmhm2b 2026-06-25 12:00:27+00:00| seen|...

CVE-2026-1606

creationtimestamp| type| source ---|---|--- 2026-06-25 05:45:07+00:00| seen| https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities20260625 2026-06-25 06:55:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp3txr4app24 2026-06-25 12:00:27+00:00| seen|...

CVE-2026-0934

creationtimestamp| type| source ---|---|--- 2026-06-25 05:45:05+00:00| seen| https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities20260625 2026-06-25 06:35:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp3stwxgka2z 2026-06-25 12:00:27+00:00| seen|...

McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting

McAfee Network Data Loss Prevention User-Agent 9.3.x contains a cross-site scripting vulnerability which allows remote attackers to get session/cookie information via modification of the HTTP request. id: CVE-2017-4011 info: name: McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting...

Jenkins Git <=4.11.3 - Missing Authorization

Jenkins Git plugin through 4.11.3 contains a missing authorization check. An attacker can trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. This can make it possible to obtain sensitive information, modify...

Payment Gateway for Telcell < 2.0.4 - Open Redirect

The plugin does not validate the apiurl parameter before redirecting the user to its value, leading to an Open Redirect issue id: CVE-2023-6786 info: name: Payment Gateway for Telcell 2.0.4 - Open Redirect author: s4e-io severity: medium description: | The plugin does not validate the apiurl...

Vitest Browser Mode - Local File Read

Vitest is a testing framework powered by Vite. The screenshot-error handler on the browser mode HTTP server that responds any file on the file system. Especially if the server is exposed on the network by browser.api.host- true, an attacker can send a request to that handler from remote to get th...

WSO2 User Registration - Arbitrary Account Creation

The SOAP admin service in WSO2 products has a security vulnerability that allows the creation of new user accounts regardless of the self-registration configuration settings. id: CVE-2024-7097 info: name: WSO2 User Registration - Arbitrary Account Creation author: iamnoooob,rootxharsh,pdresearch...

Fortinet FortiOS < 5.6.0 - Cross-Site Scripting

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. id: CVE-2017-3133 info: name: Fortinet FortiOS 5.6.0 - Cross-Site Scripting author: ritikchaddha severity:...

Fortinet FortiOS < 5.6.0 - Cross-Site Scripting

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken. id: CVE-2017-3132 info: name: Fortinet FortiOS 5.6.0 - Cross-Site Scripting author: ritikchaddh...

Owncast - Server Side Request Forgery

Server-Side Request Forgery SSRF in GitHub repository owncast/owncast prior to 0.1.0. id: CVE-2023-3188 info: name: Owncast - Server Side Request Forgery author: DhiyaneshDk severity: medium description: | Server-Side Request Forgery SSRF in GitHub repository owncast/owncast prior to 0.1.0. impac...

File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated Arbitrary File Read

The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers, leveraging the use of a reversible weak algorithm, to read...

Mage AI - Insecure Default Authentication Setup

A vulnerability was found in Mage AI 0.9.75. It has been classified as problematic. This affects an unknown part. The manipulation leads to insecure default initialization of resource. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability i...

OneDev.io < 11.0.9 - Arbitrary File Read

Files on the host computer can be accessed by directory traversal. id: CVE-2024-45309 info: name: OneDev.io 11.0.9 - Arbitrary File Read author: isacaya severity: high description: | Files on the host computer can be accessed by directory traversal. impact: | An attacker would be able to view the...

PHPJabbers Food Delivery Script - SQL Injection

PHPJabbers Food Delivery Script 3.0 has a SQL injection SQLi vulnerability in the "q" parameter of index.php. id: CVE-2023-40748 info: name: PHPJabbers Food Delivery Script - SQL Injection author: ritikchaddha severity: critical description: | PHPJabbers Food Delivery Script 3.0 has a SQL injecti...

Grafana Post-Auth DuckDB - SQL Injection To File Read

The SQL Expressions experimental feature of Grafana allows for the evaluation of duckdb queries containing user input. These queries are insufficiently sanitized before being passed to duckdb, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or highe...

Keycloak < 24.0.5 - Broken Access Control

A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise. id: CVE-2024-3656 info...

Zitadel - User Registration Bypass

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the...