CVE ID :CVE-2026-46385 Published : May 29, 2026, 8:16 p.m. | 2 hours, 56 minutes ago Description :iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped…
CVE-2026-46384 – iskorotkov/avro: Integer Overflow in Avro Decoder
CVE ID :CVE-2026-46384 Published : May 29, 2026, 8:16 p.m. | 2 hours, 56 minutes ago Description :iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit…
CVE-2026-8809 – Advanced Custom Fields: Extended <= 0.9.2.5 – Unauthenticated Privilege Escalation via Validation Bypass to '_acf_post_id' Parameter
CVE ID :CVE-2026-8809 Published : May 28, 2026, 11:16 p.m. | 1 hour, 53 minutes ago Description :The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation via Validation Bypass in…
CVE-2026-45344 – LinkAce: Setup database password newline injection enables pre-auth RCE on uninitialized instances
CVE ID :CVE-2026-45344 Published : May 28, 2026, 10:17 p.m. | 2 hours, 53 minutes ago Description :LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow…
CVE-2026-45343 – LinkAce – Stored XSS via Unsanitized SSO User’s Name Rendered in Admin Audit Log Allows Session Hijacking
CVE ID :CVE-2026-45343 Published : May 28, 2026, 10:17 p.m. | 2 hours, 53 minutes ago Description :LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains a stored cross-site…
CVE-2026-44973 – Billy: Path traversal vulnerabilities
CVE ID :CVE-2026-44973 Published : May 28, 2026, 10:16 p.m. | 2 hours, 53 minutes ago Description :Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, multiple path traversal issues exist across…
CVE-2026-44882 – Portainer: Kubernetes middleware continues after token validation failure, bypassing endpoint authorization
CVE ID :CVE-2026-44882 Published : May 28, 2026, 10:16 p.m. | 2 hours, 53 minutes ago Description :Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to…
CVE-2026-8915 – Samsung Escargot Out-of-Bounds Write Buffer Overflow
CVE ID :CVE-2026-8915 Published : May 28, 2026, 12:16 a.m. | 53 minutes ago Description :Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 36f5fb58366a67b713c02f6fd985e924fcc09e31. Severity: 8.8…
CVE-2026-9739 – Google Chrome SSE DNS Rebinding
CVE ID :CVE-2026-9739 Published : May 27, 2026, 11:16 p.m. | 1 hour, 53 minutes ago Description :Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790). During the beta phase, we implemented `allowed-origins` and…
CVE-2026-46414 – Microsoft UFO WebSocket role spoofing allows authenticated peer task hijacking
CVE ID :CVE-2026-46414 Published : May 27, 2026, 11:16 p.m. | 1 hour, 53 minutes ago Description :Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO’s WebSocket control…