CVE-2026-42926

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...

CVE-2026-45745

creationtimestamp| type| source ---|---|--- 2026-06-05 19:29:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnkuqtqm6p2p 2026-06-05 22:00:52+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnl57o6vuw2r 2026-06-09 03:07:08+00:00| seen|...

CVE-2026-4852

The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image Source' attachment field in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. This makes it possible...

CVE-2025-5088

creationtimestamp| type| source ---|---|--- 2026-06-05 19:26:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnkume56ia2u 2026-06-05 19:50:03+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mnkvvrkemq23 2026-06-06 01:01:18+00:00| seen|...

CVE-2026-40446

Access of resource using incompatible type 'type confusion' vulnerability in Samsung Open Source Escargot allows Pointer Manipulation.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...

CVE-2026-39421

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute raw system calls, an authenticated attacker with workspace privileges can bypass the LDPRELOAD-based...

CVE-2026-44352

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Broken Access Control allows reading of sketch logs from any user. This vulnerability is fixed in 1.2.3...

CVE-2026-45743

creationtimestamp| type| source ---|---|--- 2026-06-05 19:24:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnkui7pzna2l 2026-06-05 23:01:03+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnlalbga3t2r...

CVE-2026-8802

A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument picfilename results in path traversal. The attack may be launched remotely. The patch is...

CVE-2026-43873

WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/CloneSite/cloneClient.json.php echoes the local CloneSite shared secret $objClone-myKey, a constant md5$global'systemRootPath' . $global'salt' into the HTTP response body on every unauthenticated request. T...

CVE-2026-45327

creationtimestamp| type| source ---|---|--- 2026-06-05 19:22:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnkueer6lc27 2026-06-05 23:01:11+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnlalinpd32r 2026-06-08 05:14:26+00:00| seen|...

CVE-2026-34358

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...

CVE-2026-47310

Use after free vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3...

CVE-2026-41309

Open Source Social Network OSSN is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted image with extreme pixel dimensions e.g., $10000 \times 10000$ pixels. While the compressed file size...

CVE-2026-45744

creationtimestamp| type| source ---|---|--- 2026-06-05 19:20:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnkuarxzqd2g 2026-06-05 23:00:55+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnlakzkxz22k 2026-06-08 16:07:08+00:00| seen|...

CVE-2026-41669

Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature method at both call sites handleSSORequest line 418 and handleSLORequest line 613. The method returns error strings on...

CVE-2026-32311

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are comprised of nodes and...

CVE-2026-49448

authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an empty POST. This issue has been patched in versions 2025.12.6, 2026.2.4, and 2026.5.1...

CVE-2026-49443

authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured sources can log into any account. This issue has been patched in versions 2025.12.6, 2026.2.4, an...

CVE-2026-47774

creationtimestamp| type| source ---|---|--- 2026-06-05 19:18:47+00:00| seen| https://bsky.app/profile/feed.igeek.gamer-geek-news.com.ap.brid.gy/post/3mnku5k7vfvy2 2026-06-09 02:27:39+00:00| seen| https://gist.github.com/lyuyun/60b1d6a8ad599cf3430761a4b380b17e 2026-06-09 08:13:12+00:00| seen|...