109236 matches found
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
CVE-2026-20158
creationtimestamp| type| source ---|---|--- 2026-07-16 13:00:30+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mqrc566sg32e 2026-07-16 16:45:04+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-in-prodotti-cisco-28...
CVE-2026-20157
creationtimestamp| type| source ---|---|--- 2026-07-16 13:00:30+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mqrc566sg32e 2026-07-16 16:45:09+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-in-prodotti-cisco-28...
CVE-2026-20187
creationtimestamp| type| source ---|---|--- 2026-07-16 13:00:30+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mqrc566sg32e 2026-07-16 16:45:11+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-in-prodotti-cisco-28...
CVE-2016-1453
creationtimestamp| type| source ---|---|--- 2026-07-16 13:00:05+00:00| seen| https://t.me/KaitNews/224 2026-07-17 00:00:51+00:00| seen| https://t.me/KaitNews/224...
CVE-2016-5182
creationtimestamp| type| source ---|---|--- 2026-07-16 13:00:04+00:00| seen| https://t.me/KaitNews/312 2026-07-17 00:00:51+00:00| seen| https://t.me/KaitNews/312...
CVE-2016-5193
creationtimestamp| type| source ---|---|--- 2026-07-16 13:00:04+00:00| seen| https://t.me/KaitNews/312 2026-07-17 00:00:51+00:00| seen| https://t.me/KaitNews/312...
Malicious code in @hibachi-xyz/types (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 214e1b690352ce0af70ce6a37d3b7ac4d8dec4269dc7606b7a65fbb6d4406e8b The package presents itself as 'Type definitions' for the @hibachi-xyz scope at version 99.0.0, but index.js exports an empty object and its only...
Malicious code in @hibachi-xyz/config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2012c3b3a43f28209edf1c4b6fdbb0477c7c31f7574e37293cf7dd324f7f1e2f On require of the package's main entry, top-level code enumerates process.env and collects values whose keys match a credential-shaped regex KEY,...
WordPress AI Engine Plugin - Token Exposure
Unauthenticated sensitive information exposure in AI Engine WordPress plugin = 3.1.3 exposes bearer tokens via REST API endpoints when No-Auth URL is enabled. id: CVE-2025-11749 info: name: WordPress AI Engine Plugin - Token Exposure author: 4m3rr0r severity: critical description: | Unauthenticat...
Ivanti Connect Secure - XXE
Ivanti Connect Secure is vulnerable to XXE XML External Entity injection. id: CVE-2024-22024 info: name: Ivanti Connect Secure - XXE author: watchTowr severity: high description: | Ivanti Connect Secure is vulnerable to XXE XML External Entity injection. impact: | Successful exploitation of this...
WordPress Redux Framework <=4.2.11 - Information Disclosure
WordPress Redux Framework plugin through 4.2.11 is susceptible to information disclosure. The plugin registers several unique AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-core.php. These are predictable, given that they are based on an md5 has...
CVE-2026-15099
The Delicious Recipes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'steps' block attribute in versions up to, and including, 1.10.2. This is due to insufficient input sanitization and output escaping in the wrapdirectiontext function, which interpolates the...
CVE-2026-15458
creationtimestamp| type| source ---|---|--- 2026-07-16 08:29:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqqszdqisv2m...
CVE-2026-12492
creationtimestamp| type| source ---|---|--- 2026-07-16 07:47:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqqqobblln2c 2026-07-16 16:40:30+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqrofv6bjr2j...
CVE-2026-15652
creationtimestamp| type| source ---|---|--- 2026-07-16 04:29:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqqfljtpno2w...
CVE-2026-3842
creationtimestamp| type| source ---|---|--- 2026-07-16 04:24:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqqfcl5gj42h...
CVE-2026-12434
creationtimestamp| type| source ---|---|--- 2026-07-16 04:00:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqqdx2slhz2m...
CVE-2026-47085
CVE-2026-47085 affects Cyrus IMAPD (up to 3.12.2). The flaw: URLAUTH token forgery via a missing mboxkey, allowing an attacker who knows a folder name the user never authorized to forge a valid URLAUTH by computing an HMAC-SHA1 with a predictable key, granting read access to the mailbox. Impact i...
CVE-2026-47086
CYRUS IMAPD has a vulnerability CVE-2026-47086 affecting Cyrus IMAP up to version 3.12.2. The GENURLAUTH feature allows issuance of URLAUTH tokens by any authenticated user for named mailboxes, bypassing ACLs and enabling reading mail from those mailboxes without granted permissions. The issue is...