CVE ID :CVE-2026-48557 Published : May 29, 2026, 8:16 p.m. | 2 hours, 56 minutes ago Description :Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer(). The sanitizer…
CVE-2026-47266 – Formie: Unauthenticated front-end submission editing can overwrite existing submissions
CVE ID :CVE-2026-47266 Published : May 29, 2026, 8:16 p.m. | 2 hours, 56 minutes ago Description :Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could…
CVE-2026-46527 – cpp-httplib: Malicious `X-Forwarded-For` Under Trusted-Proxy Configuration Triggers Empty `vector::front()`, Leading to Undefined Behavior and Server Crash
CVE ID :CVE-2026-46527 Published : May 29, 2026, 8:16 p.m. | 2 hours, 56 minutes ago Description :cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has…
CVE-2026-46385 – iskorotkov/avro: CPU Exhaustion in Avro Decoder
CVE ID :CVE-2026-46385 Published : May 29, 2026, 8:16 p.m. | 2 hours, 56 minutes ago Description :iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped…
CVE-2026-46384 – iskorotkov/avro: Integer Overflow in Avro Decoder
CVE ID :CVE-2026-46384 Published : May 29, 2026, 8:16 p.m. | 2 hours, 56 minutes ago Description :iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit…
CVE-2026-8809 – Advanced Custom Fields: Extended <= 0.9.2.5 – Unauthenticated Privilege Escalation via Validation Bypass to '_acf_post_id' Parameter
CVE ID :CVE-2026-8809 Published : May 28, 2026, 11:16 p.m. | 1 hour, 53 minutes ago Description :The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation via Validation Bypass in…
CVE-2026-45344 – LinkAce: Setup database password newline injection enables pre-auth RCE on uninitialized instances
CVE ID :CVE-2026-45344 Published : May 28, 2026, 10:17 p.m. | 2 hours, 53 minutes ago Description :LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow…
CVE-2026-45343 – LinkAce – Stored XSS via Unsanitized SSO User’s Name Rendered in Admin Audit Log Allows Session Hijacking
CVE ID :CVE-2026-45343 Published : May 28, 2026, 10:17 p.m. | 2 hours, 53 minutes ago Description :LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains a stored cross-site…
CVE-2026-44973 – Billy: Path traversal vulnerabilities
CVE ID :CVE-2026-44973 Published : May 28, 2026, 10:16 p.m. | 2 hours, 53 minutes ago Description :Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, multiple path traversal issues exist across…
CVE-2026-44882 – Portainer: Kubernetes middleware continues after token validation failure, bypassing endpoint authorization
CVE ID :CVE-2026-44882 Published : May 28, 2026, 10:16 p.m. | 2 hours, 53 minutes ago Description :Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to…