2853432 matches found
CVE-2026-57167 PeerTube: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping less-than, greater-than, or slash characters, allowing a value containing the byte sequence...
CVE-2026-61456
creationtimestamp| type| source ---|---|--- 2026-07-10 16:37:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqclhnwrcu2e 2026-07-10 20:20:27+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcxwefthh2a 2026-07-10 22:19:19+00:00| seen|...
EUVD-2026-42951
Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash Grav or fill the disk by uploading a specially crafted ZIP archive through the Direct Install tool because Installer::unZip calls ZipArchive::extractTo without limits on uncompressed size, entry count, ...
CVE-2026-59193
Grav CMS is a file-based web platform. Before version 2.0.0, an authenticated admin.super user could trigger a denial of service by uploading a specially crafted ZIP via the Direct Install tool, because Installer::unZip uses ZipArchive::extractTo without limits on uncompressed size, entry count, ...
CVE-2026-61441
creationtimestamp| type| source ---|---|--- 2026-07-10 16:32:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqcl6piort2i 2026-07-10 22:21:24+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqd6omq2ei26 2026-07-10 23:26:14+00:00| seen|...
CVE-2026-60086
creationtimestamp| type| source ---|---|--- 2026-07-10 16:24:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqckqcwydo2z 2026-07-10 20:23:11+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcy3aa7mh22...
CVE-2026-61492
creationtimestamp| type| source ---|---|--- 2026-07-10 16:18:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqckeuxhu526 2026-07-10 20:21:02+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcxxf2ixm2d 2026-07-10 22:29:17+00:00| seen|...
CVE-2026-55890
Grav CVE-2026-55890 concerns stored CSS injection via Markdown image style parameters that reach MediaObjectTrait::style(). The incomplete patch from GHSA-r7fx-8g49-7hhr fixed attribute() (denying dangerous attribute names) but leaves the sibling style() sink unmitigated, allowing editor-supplied...
CVE-2026-54149
MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chatpipeline/step/chatstep/impl/basechatstep.py do not consistently validate MCP transport type, allowing an...
CVE-2026-61444
creationtimestamp| type| source ---|---|--- 2026-07-10 16:15:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqck7yabkh27 2026-07-10 16:46:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqclwzjjnb2f 2026-07-10 20:16:31+00:00| seen|...
CVE-2026-15377 Eleveo Call Recording Software sendlogfile improper authorization
A vulnerability was determined in Eleveo Call Recording Software 9.7.0. Affected by this vulnerability is an unknown functionality of the file /callrec/sendlogfile. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been publicly disclosed and m...
CVE-2026-55885
CVE-2026-55885 (Grav) : An authenticated admin with backup permissions can download a ZIP of the Grav installation via the backup/download endpoint, exposing sensitive data: admin.yaml with the administrator password hash and site configuration under user/config. The vulnerability stems from (1) ...
CVE-2026-59796
creationtimestamp| type| source ---|---|--- 2026-07-10 16:12:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqck3iudxm2x 2026-07-10 20:22:50+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcy2mf6472z...
CVE-2026-61434
creationtimestamp| type| source ---|---|--- 2026-07-10 16:10:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqcjxeiech2k 2026-07-10 20:19:37+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcxuudb3h2a 2026-07-10 23:30:34+00:00| seen|...
CVE-2026-59795
creationtimestamp| type| source ---|---|--- 2026-07-10 16:08:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqcjtjjswp2i 2026-07-10 20:18:19+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcxsjs6fe2e...
CVE-2026-60091
creationtimestamp| type| source ---|---|--- 2026-07-10 16:06:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqcjpwr6kh2q 2026-07-10 20:15:05+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcxmqnilo2c...
CVE-2026-61455
creationtimestamp| type| source ---|---|--- 2026-07-10 16:04:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqcjml5p5g2q 2026-07-10 20:20:02+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcxvm3lsn26 2026-07-10 20:20:06+00:00| seen|...
CVE-2026-59180
Apprise before v1.11.0 vulnerable: HTTP-based notification plugins and HTTP loaders (apprise/attachment/http.py, apprise/config/http.py) follow redirects and resend configured auth headers and query parameters. This can leak secrets (Authorization headers, bearer tokens, service keys) to a compro...
GHSA-HJR6-G723-HMFM
creationtimestamp| type| source ---|---|--- 2026-07-10 16:01:02+00:00| seen| https://thehackernews.com/2026/07/researcher-details-whatsapp-to-host.html 2026-07-10 20:00:23+00:00| seen| https://bsky.app/profile/iberianm.bsky.social/post/3mqcwsfxjof2i 2026-07-11 01:00:51+00:00| seen|...
CVE-2026-15143
creationtimestamp| type| source ---|---|--- 2026-07-10 16:01:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqcjgg6g4b26 2026-07-10 16:46:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqclx3547y2b 2026-07-10 22:19:41+00:00| seen|...