110873 matches found
CVE-2026-7561
creationtimestamp| type| source ---|---|--- 2026-05-12 09:33:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mlniahwve42x...
CVE-2026-38568
creationtimestamp| type| source ---|---|--- 2026-05-12 09:25:01+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlnhrjjywa2e...
CVE-2026-2993
creationtimestamp| type| source ---|---|--- 2026-05-12 09:22:49+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlnho3aw7b2g...
Exposed Dangerous Method or Function
Overview webpack-dev-server is an Uses webpack with a development server that provides live reloading. It should be used for development only. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function in Server.js, when handling non-HTTPS responses. An attacker can...
Exposed Dangerous Method or Function
Overview org.webjars.npm:webpack-dev-server is an Uses webpack with a development server that provides live reloading. It should be used for development only. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function in Server.js, when handling non-HTTPS responses. ...
CVE-2026-2300
The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterimages function in all versions up to, and including, 1.0.9. This is due to the use of regex-based HTML processing pregreplace that does not properly handle HTML attribute boundaries when replacing sr...
CVE-2026-0804
creationtimestamp| type| source ---|---|--- 2026-05-12 09:14:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlnh7jt6s22e 2026-05-12 14:16:20+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mlnxzftvs62e...
CVE-2026-1681
creationtimestamp| type| source ---|---|--- 2026-05-12 09:09:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlngwl2gxq2o...
CVE-2026-1185
creationtimestamp| type| source ---|---|--- 2026-05-12 09:04:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlngnmd4mh2o 2026-05-12 14:16:20+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mlnxzftvs62e...
CVE-2026-0802
creationtimestamp| type| source ---|---|--- 2026-05-12 08:55:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlng4y57hj2e 2026-05-12 14:16:20+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mlnxzftvs62e...
CVE-2026-7050
creationtimestamp| type| source ---|---|--- 2026-05-12 08:33:15+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mlnevhmsnt2c 2026-05-13 01:32:24+00:00| seen| https://bsky.app/profile/donwebmedia.bsky.social/post/3mlp5ttfegh2s...
CVE-2026-6402
creationtimestamp| type| source ---|---|--- 2026-05-12 07:53:37+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3mlncojczic27 2026-05-18 14:40:50+00:00| seen| https://gist.github.com/alon710/6c307c7259353f2c5a97793055cbda6e...
CVE-2026-2300 BJ Lazy Load <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom HTML Block
The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterimages function in all versions up to, and including, 1.0.9. This is due to the use of regex-based HTML processing pregreplace that does not properly handle HTML attribute boundaries when replacing sr...
CVE-2026-2300 BJ Lazy Load <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom HTML Block
The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterimages function in all versions up to, and including, 1.0.9. This is due to the use of regex-based HTML processing pregreplace that does not properly handle HTML attribute boundaries when replacing sr...
GHSA-389R-GV7P-R3RP vulnerabilities
Vulnerabilities for packages: grype, zarf, kubescape, grafana, kyverno, src-fingerprint, trivy, goreleaser, pulumi-kubernetes-operator, nfpm, flux-source-controller, cerbos, teleport, pulumi-language-yaml, wolfictl, pulumi, argo-cd, flux-image-automation-controller, snyk-cli, flux, xeol,...
CVE-2026-6402 webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins
webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. The previous fix relied on the Sec-Fetch-Mode and Sec-Fetch-Site request headers, which browsers omit for...
CVE-2026-45022 vulnerabilities
Vulnerabilities for packages: chainloop-cli, coder, argo-workflows-fips, upwind-agent, trivy, argo-events-fips, steampipe, trivy-operator-fips, gitlab-rails-ce, kargo, grype, amazon-ssm-agent-fips, kubevela-fips, scorecard, src-fingerprint-fips, teleport, pulumi-kubernetes-operator,...
CVE-2026-2614
creationtimestamp| type| source ---|---|--- 2026-05-12 06:06:51+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mln4pnz4sy2t...
CVE-2026-7287
creationtimestamp| type| source ---|---|--- 2026-05-12 05:41:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mln3czbvcb2q...
CVE-2026-41489
creationtimestamp| type| source ---|---|--- 2026-05-12 05:38:42+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mln357zkq62n...