CVE-2024-13915

creationtimestamp| type| source ---|---|--- 2025-05-30 16:29:10+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqfnoti27oe2 2025-05-30 20:06:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqfzsqmajr2q 2025-06-02...

ZITADEL 输入验证错误漏洞

ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the container and serverless era from the Swiss ZITADEL open source. An input validation error vulnerability exists in ZITADEL versions prior to 3.2.2, which stems from a possible manipulation...

CVE-2024-37167

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version 15.9.99.97...

CVE-2024-55885

beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with SHA256...

CVE-2022-41532

Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /saccoshield/ajax.php?action=deleteplan...

CVE-2025-48373

Schule has a client-side RBAC bypass prior to version 1.0.1: the app trusts data.role in the browser to redirect users to panels, allowing an attacker to set data.role to values like “admin” and access restricted areas. The root cause is insecure client-side role handling. Affected: Schule open-s...

MAL-2025-3865 Malicious code in mfe-react-bridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4f7835d0f6b232544302030371ac74d4c595860a04736a2ef54259a32993f9c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-47279

creationtimestamp| type| source ---|---|--- 2025-05-15 17:34:33+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/16542 2025-05-15 19:02:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lpa7b7wpv52p...

Malicious code in iconnect (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e53aae69656f138607d0de8abe11d4b48ed6156875f07ec0da7485dd776f7158 Packages that seem to be created by a legit bug bounty hunter. Designed to look like created by different organisations, they contain a couple of data...

Malicious code in @ai-document-translation/ui-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8c94ea05205ad6ac8c809be2fa22e18fae368f27f1f8bd34048528dc25daa90 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-32389

creationtimestamp| type| source ---|---|--- 2025-04-18 16:58:59+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12489 2025-04-18 17:28:24+00:00| seen| https://bsky.app/profile/Minecraft.activitypub.awakari.com.ap.brid.gy/post/3ln45dxk5npy2 2025-04-18 18:31:46+00:00|...

CVE-2025-3692

creationtimestamp| type| source ---|---|--- 2025-04-16 13:55:53+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12040 2025-04-16 14:43:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmwtcbq4xi2h...

CVE-2025-26902

creationtimestamp| type| source ---|---|--- 2025-04-09 19:48:20+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11145 2025-04-09 23:38:03+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmg5uwdtkp2v...

CVE-2024-36246

creationtimestamp| type| source ---|---|--- 2025-04-08 04:46:30+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/10842 2025-04-08 05:40:20+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lmbr6vzdhz2c...

CVE-2024-11071

creationtimestamp| type| source ---|---|--- 2025-04-07 07:17:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lm7g64cshh2z 2025-04-07 07:48:48+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114295578822521194 2025-04-07 11:12:44+00:00| seen|...

CVE-2025-30155 Tuleap does not enforce read permissions on parent trackers in the REST API

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap does not enforce read permissions on parent trackers in the REST API. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742392651 and Tuleap Enterprise Edition 16.5-5 and 16.4-8...

Unspecified vulnerability in Lunary (CNVD-2025-06936)

Lunary is Lunary open source a production toolkit for LLM . Lunary afc5df4 version of a security vulnerability , the vulnerability stems from a flaw in the permission checking mechanism , an attacker can use this vulnerability to cause unauthorized access to sensitive endpoints...

Malicious code in cryptomus-aurora-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db5768718bc2c708ec27865d8e381f97ca5fb81b191a946bc786bb0350aaec26 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-24987

creationtimestamp| type| source ---|---|--- 2025-03-11 16:39:36+00:00| seen| https://www.thezdi.com/blog/2025/3/11/the-march-2025-security-update-review 2025-03-11 18:42:29+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7214 2025-03-11 20:06:15+00:00| seen|...

CVE-2021-37787

creationtimestamp| type| source ---|---|--- 2025-03-08 04:00:07+00:00| published-proof-of-concept| Telegram/WK-d7rHew0RoUjunO6vRsF762k6XwiwPjLRMSoANXZ7zahs 2025-03-11 17:39:43+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7183 2025-03-20 21:02:03+00:00| seen|...