CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

Command injection via malicious Perforce source reference/url

Impact The Perforce::syncCodeBase method appended the $sourceReference parameter to a shell command without proper escaping, allowing an attacker to inject arbitrary commands through a crafted source reference containing shell metacharacters. Further as in GHSA-wg36-wvj6-r67p / CVE-2026-40176 the...

CVE-2026-5832

creationtimestamp| type| source ---|---|--- 2026-04-09 03:18:04+00:00| published-proof-of-concept| Telegram/k6H1jBRyYuwqPn43znhK7mg4465TougGvrd7kOsXjIgmqE 2026-04-09 04:44:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mizypx5iqv2j...

CVE-2026-35169

creationtimestamp| type| source ---|---|--- 2026-04-08 21:53:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mizbr4qwcu2i 2026-04-09 01:26:43+00:00| published-proof-of-concept| Telegram/LyxiOFuM6k6JRrVhGkcWrU8R1Vj8dluNTy4xGDA54CBUTMw 2026-04-09 07:15:44+00:00| seen|...

CVE-2026-34079

creationtimestamp| type| source ---|---|--- 2026-04-07 23:21:06+00:00| seen| Telegram/WwaVaWmCpWfeYuJ8P8IqcUlHCUAeEgjmrCmKGvAa3A2q2J0 2026-04-08 01:31:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mix5holkl323 2026-04-10 14:32:09+00:00| seen|...

CVE-2026-39334

creationtimestamp| type| source ---|---|--- 2026-04-07 19:35:33+00:00| seen| Telegram/MwNatB1kDaoxbSrZihFWwC12FE1HreAtxbr2hmQcZTjcFY 2026-04-07 19:41:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miwjwwb6ct2q 2026-04-08 07:59:58+00:00| seen|...

CVE-2026-35413

creationtimestamp| type| source ---|---|--- 2026-04-06 22:36:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miud7skcjm2i...

CVE-2026-5104

creationtimestamp| type| source ---|---|--- 2026-03-30 05:35:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miawwhwma224...

CVE-2026-34247

creationtimestamp| type| source ---|---|--- 2026-03-27 19:09:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mi2sz4mh672g 2026-03-29 15:41:44+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-g3hj-mf85-679g 2026-03-30 00:00:35+00:00| seen|...

CVE-2026-4754

creationtimestamp| type| source ---|---|--- 2026-03-24 10:05:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhsd6nyubb2g...

CVE-2026-27093

creationtimestamp| type| source ---|---|--- 2026-03-19 07:18:09+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhfhjfw5ku2s 2026-03-19 08:19:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhfkwo5lbg2n 2026-03-19 09:37:36+00:00| seen|...

CVE-2026-23145

creationtimestamp| type| source ---|---|--- 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/ 2026-04-07 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/ubuntu-linux-kernel-multiple-vulnerabilities20260408 2026-05-10 18:00:00+00:00| seen|...

GHSA-9Q2P-VC84-2RWM

creationtimestamp| type| source ---|---|--- 2026-03-09 22:10:06+00:00| seen| https://gist.github.com/alon710/c9b7b8cb1e830c7075cb4162b8d49b80...

CVE-2026-30850

creationtimestamp| type| source ---|---|--- 2026-03-07 19:29:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgikrgnjue2o 2026-03-09 19:10:06+00:00| seen| https://gist.github.com/alon710/3fd4142edf95384fd65face73227a201...

GHSA-XF68-8HJW-7MPM

creationtimestamp| type| source ---|---|--- 2026-02-27 06:40:19+00:00| seen| https://gist.github.com/alon710/77f29ca3c69eb8ef713507cb5ca27a63...

CVE-2026-22878

creationtimestamp| type| source ---|---|--- 2026-02-26 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-08 2026-02-27 02:28:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfsnyrkham2u...

@akash-aw/aw-wizard-forms (=4.14.0), @alfresco/aca-generators (>=1.0.0 <=1.0.1) +134 more potentially affected by CVE-2026-27959 via koa (>=3.0.0 <=3.1.1)

koa NPM version =3.0.0, =1.0.0, =1.0.0, =0.44.0, =0.0.0-nightly-20260213031600, =0.0.0-nightly-20260317031259, =0.0.0-nightly-20260317031259, =0.0.0-nightly-20260213031600, =2025.12.1, =2.23.0, =0.0.1, =0.20.0, =0.0.5, =2026.1.2, =2.0.0, =2.0.1 and more Source cves: CVE-2026-27959 Source advisory...

GHSA-WXHW-J4HC-FMQ6

creationtimestamp| type| source ---|---|--- 2026-01-27 23:43:08+00:00| seen| https://bsky.app/profile/azu.bsky.social/post/3mdgwro56ha2c...

CVE-2026-24117

creationtimestamp| type| source ---|---|--- 2026-01-22 23:29:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3md2dolf7po2t 2026-01-24 21:22:48+00:00| seen| https://gist.github.com/alon710/6cf2739a7a074bb376a843fb01c0c990 2026-01-24 22:18:26+00:00| seen|...

External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function

Summary The getSecretKey template function, while introduced for senhasegura Devops Secrets Management DSM provider, has the ability to fetch secrets cross-namespaces with the roleBinding of the external-secrets controller, bypassing our security mechanisms. This function was completely removed, ...