130 matches found
CVE-2026-48027
creationtimestamp| type| source ---|---|--- 2026-05-27 18:00:02+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/23d94b6e-e10b-4ed3-9304-fbf1858a9ac5 2026-05-27 18:10:41+00:00| seen| https://bsky.app/profile/cvesentinel.bsky.social/post/3mmu45p54pa2c...
Cyber Insurance Requirements for Cybersecurity
Cyber Insurance Requirements for Cybersecurity Cyber insurance requirements cybersecurity teams face today are stricter than they were even a few years ago. Underwriters no longer accept a simple security questionnaire and a list of tools. They want evidence that your organization can identify...
Astra Linux - уязвимость в firefox, thunderbird
An attacker was able to execute code in the content process by exploiting a use-after-free in Animation timelines. There have been reports of this vulnerability being exploited in real-world scenarios. This vulnerability affects Firefox 131.0.2, Firefox ESR 128.3.1, Firefox ESR 115.16.1,...
Autonomous Endpoint Management Isn’t Just Efficiency, It’s a Security Imperative
Autonomous Endpoint Management cuts exposure time by matching patch speed to attacker breakout timelines, reducing risk, workload delays, and breach costs...
CVE-2026-1228 Timeline Block <= 1.3.3 - Insecure Direct Object Reference to Authenticated (Author+) Private Timeline Exposure via Shortcode Attribute
The Timeline Block – Beautiful Timeline Builder for WordPress Vertical & Horizontal Timelines plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.3 via the tlgbshortcode function due to missing validation on a user controlled key. This...
WordPress Timeline Block plugin <= 1.3.3 - Insecure Direct Object Reference to Authenticated (Author+) Private Timeline Exposure via Shortcode Attribute vulnerability
Insecure Direct Object Reference to Authenticated Author+ Private Timeline Exposure via Shortcode Attribute vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Timeline Block versions = 1.3.3...
PT-2026-6339
Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows server administrators to suspend remote users to prevent interactions. However, some logic errors allow already-known posts from such suspended users to appear in timelines if boosted. Furthermore, under...
CVE-2026-23961
Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows server administrators to suspend remote users to prevent interactions. However, some logic errors allow already-known posts from such suspended users to appear in timelines if boosted. Furthermore, under...
CVE-2026-23961 Mastodon may allow a remote suspension bypass
Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows server administrators to suspend remote users to prevent interactions. However, some logic errors allow already-known posts from such suspended users to appear in timelines if boosted. Furthermore, under...
Mastodon security vulnerabilities
Mastodon is an open-source social networking server based on ActivityPub. Mastodon has a security vulnerability, which stems from a logical error that allows old posts of suspended users to appear on the timeline. In certain versions, this suspension mechanism may be partially bypassed...
PT-2026-3898
Name of the Vulnerable Software and Affected Versions Mastodon versions 4.2.26 through 4.2.29 Mastodon versions 4.3.13 through 4.3.17 Mastodon versions 4.4.5 through 4.4.11 Mastodon versions 4.5.0 through 4.5.4 Description Mastodon is a social network server that allows administrators to suspend...
CVE Breadcrumbs: Tracking Vulnerabilities through Versioned Apache Libraries
The Apache Software Foundation ASF ecosystem underpins a vast portion of modern software infrastructure, powering widely used components such as Log4j, Tomcat, and Struts. However, the ubiquity of these libraries has made them prime targets for high-impact security vulnerabilities, as illustrated...
PT-2025-43503
Name of the Vulnerable Software and Affected Versions SkiaRenderEngine affected versions not specified Description A flaw exists in the drawLayersInternal function within SkiaRenderEngine.cpp that may allow access to the GPU cache, potentially revealing side channel information. This could lead t...
CVE-2025-62176
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...
CVE-2025-62176
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...
EUVD-2025-34111
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...
CVE-2025-62176
Summary : The Mastodon streaming server vulnerability CVE-2025-62176 allows OAuth clients lacking the read:statuses scope to subscribe to public timelines by using any valid authentication token. Affected versions : prior to 4.4.6, 4.3.14, and 4.2.27. Root cause : streaming server accepts events ...
CVE-2025-62176 Mastadon streaming server allows OAuth clients without the `read` scope to subscribe to public channels
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...
CVE-2025-62176 Mastadon streaming server allows OAuth clients without the `read` scope to subscribe to public channels
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...
CVE-2025-62176 Mastadon streaming server allows OAuth clients without the `read` scope to subscribe to public channels
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...