CVE-2026-44831

creationtimestamp| type| source ---|---|--- 2026-05-26 22:38:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mms2nvekgm2n...

CVE-2026-25444

creationtimestamp| type| source ---|---|--- 2026-05-26 22:32:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mms2cbsmp42t...

CVE-2025-68709

creationtimestamp| type| source ---|---|--- 2026-05-26 22:28:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mms23qt5qx2k...

CVE-2026-8453

creationtimestamp| type| source ---|---|--- 2026-05-26 22:26:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmrzyr4tzc2e...

CVE-2026-25426

creationtimestamp| type| source ---|---|--- 2026-05-26 22:25:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmrzvwhgpz2i...

CVE-2025-68710

creationtimestamp| type| source ---|---|--- 2026-05-26 22:23:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmrztac7fc2r...

CVE-2026-8834

creationtimestamp| type| source ---|---|--- 2026-05-26 22:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mmryvo4x4r2s...

EUVD-2026-32005

Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the ASN.1/OER parsing pipeline of Vanetza. When processing malformed network packets containing corrupted ASN.1/OER structures e.g., invalid length...

CVE-2026-44847

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's webhook trigger endpoint /api/trigger/v1/webhook/triggerid is accessible without authentication. The WebhookAuth class unconditionally returns None, , which Django REST Framework interprets as successful authentication...

CVE-2026-9582 SourceCodester CET Automated Grading System with AI Predictive Analytics cross-site request forgery

A security flaw has been discovered in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This affects an unknown function. Performing a manipulation results in cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been released ...

CVE-2026-42336

MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a server-side request forgery SSRF bypass in the OSS file service URL fetch functionality due to inconsistent DNS resolution between validation and actual request execution, allowing attackers to access...

CVE-2026-42337

CVE-2026-42337 : MaxKB (open-source AI assistant) versions 2.8.0 and earlier are affected by a broken access control in the OSS file service URL fetch API (chat/api/oss/get_url). The endpoint uses the application_id from the URL path without validating ownership, allowing operations under other a...

CVE-2026-42337 MaxKB: Broken Access Control in MaxKB OSS URL Fetch API

MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a broken access control vulnerability in the OSS file service URL fetch API chat/api/oss/geturl. The endpoint uses applicationid from the URL path without validating ownership, allowing attackers to perfo...

CVE-2026-44214

eventsource-encoder encodes events as well-formed EventSource/Server Sent Event SSE messages. Prior to 1.0.2, eventsource-encoder does not sanitize the event or id fields of an EventSourceMessage before serializing them. An attacker who controls either field can inject arbitrary Server-Sent Event...

EUVD-2026-31984

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...

CVE-2026-42335 MaxKB: SSRF Bypass in MaxKB OSS URL Fetch due to URL Parsing Discrepancy

MaxKB is an open-source AI assistant for enterprise. Prior to 2.8.1, MaxKB v2.8.0 and prior are vulnerable to a server-side request forgery SSRF bypass in the OSS file service URL fetch chat/api/oss/geturl endpoint. The vulnerability exists due to inconsistent URL parsing between the urlparse...

CVE-2026-42335 MaxKB: SSRF Bypass in MaxKB OSS URL Fetch due to URL Parsing Discrepancy

MaxKB is an open-source AI assistant for enterprise. Prior to 2.8.1, MaxKB v2.8.0 and prior are vulnerable to a server-side request forgery SSRF bypass in the OSS file service URL fetch chat/api/oss/geturl endpoint. The vulnerability exists due to inconsistent URL parsing between the urlparse...

CVE-2026-42266

creationtimestamp| type| source ---|---|--- 2026-05-26 20:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mmrs73bm4k2u 2026-06-15 17:02:33+00:00| seen| MISP/d511a704-eba2-411a-9543-41e0e130f522...

CVE-2026-47202

creationtimestamp| type| source ---|---|--- 2026-05-26 19:58:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmrrozbwsk2h...

CVE-2026-9560

creationtimestamp| type| source ---|---|--- 2026-05-26 19:48:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmrr54g2os2h 2026-05-29 05:56:50+00:00| seen| https://bsky.app/profile/undercodenews.bsky.social/post/3mmxu32cz2u2i 2026-05-29 15:06:54+00:00| seen|...