GHSA-GV7W-RQVM-QJHR

creationtimestamp| type| source ---|---|--- 2026-06-12 20:38:57+00:00| seen| https://gist.github.com/konard/f83ae7aaab029a650fe9054d8205dac4 2026-06-13 16:40:27+00:00| seen| https://gist.github.com/konard/10edfaf46f7ba58bdd3e22a15167f9bc 2026-06-13 16:54:05+00:00| seen|...

EUVD-2026-36565

ApostropheCMS is an open-source Node.js content management system. Versions of the @apostrophecms/cli package up to and including 3.6.0 contain a command injection vulnerability in the apos create command. User-supplied input from the password prompt is embedded directly into a shell command...

CVE-2026-54393 MISP Overmind theme stored XSS via unvalidated homepage setting

A stored cross-site scripting vulnerability exists in MISP when the Overmind theme is used. The setHomePage endpoint previously saved the user-controlled path value through setSettingInternal, bypassing the normal setSetting validation logic, including validatehomepage, which requires homepage...

kernel: macvlan: fix possible UAF in macvlan_forward_source()

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlanforwardsource Add RCU protection on struct macvlansourceentry-vlan. Whenever macvlanhashdelsource is called, we must clear entry-vlan pointer before RCU grace period starts. This allows...

GHSA-QCMW-6RM2-5X78 TYPO3 CMS has Broken Access Control in its DataHandler

Problem Backend users were able to move records to a different page without having edit permissions on the source page. Solution Update to TYPO3 versions 13.4.31 LTS, 14.3.3 LTS that fix the problem described. Credits TYPO3 CMS thanks Hyunseo Shin for reporting this issue, and TYPO3 security team...

TYPO3 CMS has Broken Access Control in its DataHandler

Problem Backend users were able to move records to a different page without having edit permissions on the source page. Solution Update to TYPO3 versions 13.4.31 LTS, 14.3.3 LTS that fix the problem described. Credits TYPO3 CMS thanks Hyunseo Shin for reporting this issue, and TYPO3 security team...

CVE-2026-43872

CVE-2026-43872 affects the open-source personal finance app Actual prior to version 26.5.0 , where several endpoints are vulnerable to a path traversal flaw. The root cause is not explicitly detailed in the provided documents beyond the vulnerability class; the issue is resolved by upgrading to 2...

EUVD-2026-36548

Actual is an open-source personal finance application. Prior to version 26.5.0, several endpoints are affected by a path traversal vulnerability. Version 26.5.0 fixes the issue...

EUVD-2026-36547

Actual is an open-source personal finance application. In the macOS desktop application version 25.x built on Electron 39.2.7, the ELECTRONRUNASNODE fuse is not disabled, allowing an attacker who can place a file on disk or control command-line arguments to invoke the signed Actual.app binary wit...

CVE-2026-47224

creationtimestamp| type| source ---|---|--- 2026-06-12 18:49:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo4frj5cbt22...

EUVD-2026-32588

Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL...

GHSA-3GP5-Q4JW-3V94 Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL

Summary Budibase stores external REST datasource credentials server-side and documents that database credentials are applied server-side and are not exposed in the UI. The REST datasource implementation redacts stored Basic/Bearer/OAuth2 auth secrets before returning datasource data to clients...

GHSA-45QJ-4XQ3-3C45

creationtimestamp| type| source ---|---|--- 2026-06-12 18:22:18+00:00| seen| https://gist.github.com/sandh0t/45fdee24a7907e0cd836aed26f2d5a7a...

CVE-2026-48059

creationtimestamp| type| source ---|---|--- 2026-06-12 18:19:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo4e52jd2l23 2026-06-15 02:00:33+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3moc6sjgcn32d...

CVE-2026-45832

creationtimestamp| type| source ---|---|--- 2026-06-12 18:16:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo4dwdinmm2f...

CVE-2026-48006

creationtimestamp| type| source ---|---|--- 2026-06-12 18:09:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo4dkybdiu2q 2026-06-15 02:00:25+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3moc6sby6di2n...

CVE-2026-50083

creationtimestamp| type| source ---|---|--- 2026-06-12 18:07:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo4dg3cyib2f...

CVE-2026-45833

creationtimestamp| type| source ---|---|--- 2026-06-12 18:04:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo4dbluklu2x...

CVE-2026-50091

creationtimestamp| type| source ---|---|--- 2026-06-12 18:02:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo4d5hgzj62p...

CVE-2026-53806

creationtimestamp| type| source ---|---|--- 2026-06-12 18:01:30+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3mo4d43ws2e2n 2026-06-14 17:00:22+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mobamlxetc2l...