{"metadata":{"generatedAt":"2026-04-22T15:00:21.902Z","reportDate":"2026-04-22","totalItems":1383,"sourceBreakdown":{"cisa-kev":7,"cisa-advisories":18,"vendor-blogs":81,"nvd":1129,"malware-bazaar":17,"abuse-ipdb":20,"threatfox":2,"otx":30,"general-news":94},"categoryBreakdown":{"vulnerability":1136,"advisory":84,"malware":17,"ip-reputation":20,"threat-intel":32,"news":94},"fetchErrors":[]},"highlights":[{"id":"cisa-adv-hardy-barth-salia-ev-charge-controller","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"critical","title":"Hardy Barth Salia EV Charge Controller","description":"View CSAF\nSummary\nSuccessful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution.\nThe following versions of Hardy Barth Salia EV Charge Controller are affected:\nSalia Board Firmware <=2.3.81 (CVE-2025-5873, CVE-2025…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics","rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:00:00.000Z","fetchedAt":"2026-04-22T15:00:00.177Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-05","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-delta-electronics-asda-soft","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"critical","title":"Delta Electronics ASDA-Soft","description":"View CSAF\nSummary\nSuccessful exploitation of this vulnerability could allow an attacker to execute arbitrary code.\nThe following versions of Delta Electronics ASDA-Soft are affected:\nASDA-Soft <=V7.2.2.0\nCVSS\nVendor\nEquipment\nVulnerabilities\n\n\n\n\nv3 7.8\nDelta Electronics\nDelta Electronics ASDA-Soft\nS…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["zeroday","phishing","ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T12:00:00.000Z","fetchedAt":"2026-04-22T15:00:00.177Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-01","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-anviz-multiple-products","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"critical","title":"Anviz Multiple Products","description":"View CSAF\nSummary\nSuccessful exploitation of these vulnerabilities could allow attackers to conduct reconnaissance, capture or decrypt sensitive data, alter device configurations, gain unauthorized administrative or root‑level access, execute arbitrary code, compromise credentials or communications,…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics","rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T12:00:00.000Z","fetchedAt":"2026-04-22T15:00:00.177Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-1555","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-1555 — The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type va…","description":"The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the io_img_upload() function in all versions up to, and including, 1.2024. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server whic…","indicators":{"cves":["CVE-2026-1555"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T04:17:33.600Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/owen0o0/WebStack/blob/master/inc/ajax.php#L5","label":"security@wordfence.com","domainType":"primary"},{"url":"https://github.com/owen0o0/WebStack/tree/master","label":"security@wordfence.com","domainType":"primary"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b97805de-1b47-4c9f-baae-2e37c1b78570?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-39842","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-39842 — OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expres…","description":"OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server. The JavaScript rules engine executes user-supplied scripts via Nashorn's ScriptEngine.eval() witho…","indicators":{"cves":["CVE-2026-39842"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T04:17:36.903Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/openremote/openremote/releases/tag/1.22.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/openremote/openremote/security/advisories/GHSA-7mqr-33rv-p3mp","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-3461","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-3461 — The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all ver…","description":"The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to the `express_pay_product_page_pay_for_order()` function logging users in based solely on a user-supplied billing email address during guest checkout f…","indicators":{"cves":["CVE-2026-3461"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T09:16:31.383Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/visa-acceptance-solutions/tags/2.1.0/public/class-visa-acceptance-payment-gateway-expresspay-public.php#L777","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/visa-acceptance-solutions/tags/2.1.0/public/class-visa-acceptance-payment-gateway-expresspay-public.php#L790","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/visa-acceptance-solutions/trunk/public/class-visa-acceptance-payment-gateway-expresspay-public.php#L777","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/visa-acceptance-solutions/trunk/public/class-visa-acceptance-payment-gateway-expresspay-public.php#L790","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8d3aea10-d7a0-44bd-94dc-3bad0d27dbd8?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33807","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-33807 — @fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that cau…","description":"@fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix that matches a middleware path, the middleware path is prefixed a second time, causi…","indicators":{"cves":["CVE-2026-33807"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T10:16:48.310Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://cna.openjsf.org/security-advisories.html","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"other"},{"url":"https://github.com/fastify/fastify-express/security/advisories/GHSA-hrwm-hgmj-7p9c","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"primary"},{"url":"https://github.com/fastify/fastify-express/security/advisories/GHSA-hrwm-hgmj-7p9c","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-4682","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-4682 — Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer…","description":"Certain HP DeskJet All in One devices\nmay be vulnerable to remote code execution caused by a buffer overflow when\nspecially crafted Web Services for Devices (WSD) scan requests are improperly\nvalidated and handled by the MFP.\n\n\n\nWSD\nScan is a Microsoft Windows–based network scanning protocol that al…","indicators":{"cves":["CVE-2026-4682"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T15:16:42.800Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://support.hp.com/us-en/document/ish_14744451-14744475-16","label":"hp-security-alert@hp.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-30625","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-30625 — Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functi…","description":"Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands (npm, npx) accept argument flags that enable ex…","indicators":{"cves":["CVE-2026-30625"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T16:16:36.787Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/Upsonic/Upsonic/commit/855053fce0662227d9246268ff4a0844b481a305","label":"cve@mitre.org","domainType":"primary"},{"url":"https://www.ox.security/blog/mcp-supply-chain-advisory-rce-vulnerabilities-across-the-ai-ecosystem/","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-20147","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-20147 — A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to exec…","description":"A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to…","indicators":{"cves":["CVE-2026-20147"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T17:17:02.410Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ","label":"psirt@cisco.com","domainType":"primary"}],"feedLabel":null}],"items":[{"id":"cisa-adv-hardy-barth-salia-ev-charge-controller","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"critical","title":"Hardy Barth Salia EV Charge Controller","description":"View CSAF\nSummary\nSuccessful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution.\nThe following versions of Hardy Barth Salia EV Charge Controller are affected:\nSalia Board Firmware <=2.3.81 (CVE-2025-5873, CVE-2025…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics","rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:00:00.000Z","fetchedAt":"2026-04-22T15:00:00.177Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-05","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-delta-electronics-asda-soft","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"critical","title":"Delta Electronics ASDA-Soft","description":"View CSAF\nSummary\nSuccessful exploitation of this vulnerability could allow an attacker to execute arbitrary code.\nThe following versions of Delta Electronics ASDA-Soft are affected:\nASDA-Soft <=V7.2.2.0\nCVSS\nVendor\nEquipment\nVulnerabilities\n\n\n\n\nv3 7.8\nDelta Electronics\nDelta Electronics ASDA-Soft\nS…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["zeroday","phishing","ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T12:00:00.000Z","fetchedAt":"2026-04-22T15:00:00.177Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-01","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-anviz-multiple-products","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"critical","title":"Anviz Multiple Products","description":"View CSAF\nSummary\nSuccessful exploitation of these vulnerabilities could allow attackers to conduct reconnaissance, capture or decrypt sensitive data, alter device configurations, gain unauthorized administrative or root‑level access, execute arbitrary code, compromise credentials or communications,…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics","rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T12:00:00.000Z","fetchedAt":"2026-04-22T15:00:00.177Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-1555","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-1555 — The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type va…","description":"The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the io_img_upload() function in all versions up to, and including, 1.2024. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server whic…","indicators":{"cves":["CVE-2026-1555"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T04:17:33.600Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/owen0o0/WebStack/blob/master/inc/ajax.php#L5","label":"security@wordfence.com","domainType":"primary"},{"url":"https://github.com/owen0o0/WebStack/tree/master","label":"security@wordfence.com","domainType":"primary"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b97805de-1b47-4c9f-baae-2e37c1b78570?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-39842","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-39842 — OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expres…","description":"OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server. The JavaScript rules engine executes user-supplied scripts via Nashorn's ScriptEngine.eval() witho…","indicators":{"cves":["CVE-2026-39842"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T04:17:36.903Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/openremote/openremote/releases/tag/1.22.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/openremote/openremote/security/advisories/GHSA-7mqr-33rv-p3mp","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-3461","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-3461 — The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all ver…","description":"The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to the `express_pay_product_page_pay_for_order()` function logging users in based solely on a user-supplied billing email address during guest checkout f…","indicators":{"cves":["CVE-2026-3461"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T09:16:31.383Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/visa-acceptance-solutions/tags/2.1.0/public/class-visa-acceptance-payment-gateway-expresspay-public.php#L777","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/visa-acceptance-solutions/tags/2.1.0/public/class-visa-acceptance-payment-gateway-expresspay-public.php#L790","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/visa-acceptance-solutions/trunk/public/class-visa-acceptance-payment-gateway-expresspay-public.php#L777","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/visa-acceptance-solutions/trunk/public/class-visa-acceptance-payment-gateway-expresspay-public.php#L790","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8d3aea10-d7a0-44bd-94dc-3bad0d27dbd8?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33807","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-33807 — @fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that cau…","description":"@fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix that matches a middleware path, the middleware path is prefixed a second time, causi…","indicators":{"cves":["CVE-2026-33807"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T10:16:48.310Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://cna.openjsf.org/security-advisories.html","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"other"},{"url":"https://github.com/fastify/fastify-express/security/advisories/GHSA-hrwm-hgmj-7p9c","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"primary"},{"url":"https://github.com/fastify/fastify-express/security/advisories/GHSA-hrwm-hgmj-7p9c","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-4682","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-4682 — Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer…","description":"Certain HP DeskJet All in One devices\nmay be vulnerable to remote code execution caused by a buffer overflow when\nspecially crafted Web Services for Devices (WSD) scan requests are improperly\nvalidated and handled by the MFP.\n\n\n\nWSD\nScan is a Microsoft Windows–based network scanning protocol that al…","indicators":{"cves":["CVE-2026-4682"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T15:16:42.800Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://support.hp.com/us-en/document/ish_14744451-14744475-16","label":"hp-security-alert@hp.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-30625","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-30625 — Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functi…","description":"Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands (npm, npx) accept argument flags that enable ex…","indicators":{"cves":["CVE-2026-30625"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T16:16:36.787Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/Upsonic/Upsonic/commit/855053fce0662227d9246268ff4a0844b481a305","label":"cve@mitre.org","domainType":"primary"},{"url":"https://www.ox.security/blog/mcp-supply-chain-advisory-rce-vulnerabilities-across-the-ai-ecosystem/","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-20147","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-20147 — A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to exec…","description":"A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to…","indicators":{"cves":["CVE-2026-20147"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T17:17:02.410Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ","label":"psirt@cisco.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-20180","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-20180 — A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacke…","description":"A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials.\r\n\r\nThis vulnerabil…","indicators":{"cves":["CVE-2026-20180","CVE-2026-20186"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T17:17:03.460Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv","label":"psirt@cisco.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-20184","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-20184 — A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services…","description":"A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service.\r\n\r\nThis vulnerability existed because of improper certificate validation. Prior to this vulnerability…","indicators":{"cves":["CVE-2026-20184"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T17:17:03.677Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL","label":"psirt@cisco.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-30993","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-30993 — Slah CMS v1.5.0 and below was discovered to contain a remote code execution (RCE) vulnerability in t…","description":"Slah CMS v1.5.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the session() function at config.php. This vulnerability is exploitable via a crafted input.","indicators":{"cves":["CVE-2026-30993"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T18:16:59.913Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://cve.joaopaulodeoliveira.dev/cve.php/published/CVE-2026-30993","label":"cve@mitre.org","domainType":"other"},{"url":"https://cve.joaopaulodeoliveira.dev/cve.php/reserved/slah-informatica-eval-injection-rce","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-41118","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2025-41118 — Pyroscope is an open-source continuous profiling database. The database supports various storage bac…","description":"Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage (COS).\n\nIf the database is configured to use Tencent COS as the storage backend, an attacker could extract the secret_key configuration value from the Pyr…","indicators":{"cves":["CVE-2025-41118"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:32.933Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://grafana.com/security/security-advisories/cve-2025-41118","label":"security@grafana.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6296","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6296 — Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to…","description":"Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)","indicators":{"cves":["CVE-2026-6296"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:38.353Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/490170083","label":"chrome-cve-admin@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40173","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40173 — Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthen…","description":"Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on the default mux and reachable without authentication, exposing the full process command line includ…","indicators":{"cves":["CVE-2026-40173"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T21:17:27.197Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/dgraph-io/dgraph/releases/tag/v25.3.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/dgraph-io/dgraph/security/advisories/GHSA-95mq-xwj4-r47p","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/dgraph-io/dgraph/security/advisories/GHSA-95mq-xwj4-r47p","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6388","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6388 — A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to…","description":"A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates on…","indicators":{"cves":["CVE-2026-6388"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T22:17:22.583Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6388","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458766","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4880","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-4880 — The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale)…","description":"The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication in all versions up to, and including, 1.11.0. This is due to the plugin trusting a user-supplied Bas…","indicators":{"cves":["CVE-2026-4880"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T00:16:29.393Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/trunk/src/Core.php?rev=3391688#L498","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3506824/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders#file30","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a213e844-a0d3-4123-9f72-caef7702804c?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40959","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40959 — Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.","description":"Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.","indicators":{"cves":["CVE-2026-40959"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T01:16:11.617Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/luanti-org/luanti/commit/53cef183e2a85a4daff84ac1a9a7946f940da8f8","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/luanti-org/luanti/commit/8a929dfb97aa08337f49ba1bb96a56d6557dc896","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/luanti-org/luanti/security/advisories/GHSA-g596-mf82-w8c3","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40504","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40504 — Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec f…","description":"Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravity_fiber_reassign(…","indicators":{"cves":["CVE-2026-40504"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T02:16:11.693Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/marcobambini/gravity/commit/18b9195598d9b944376754c6d1ad76e38a4adca1","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/marcobambini/gravity/issues/437","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/marcobambini/gravity/releases/tag/0.9.6","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/creolabs-gravity-heap-buffer-overflow-via-gravity-vm-exec","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6350","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6350 — MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing…","description":"MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.","indicators":{"cves":["CVE-2026-6350"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T03:16:30.847Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://www.twcert.org.tw/en/cp-139-10843-9ff91-2.html","label":"twcert@cert.org.tw","domainType":"other"},{"url":"https://www.twcert.org.tw/tw/cp-132-10844-1405d-1.html","label":"twcert@cert.org.tw","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3596","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-3596 — The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versi…","description":"The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.2. The plugin registers an unauthenticated AJAX action ('wp_ajax_nopriv_install-imprint') that maps to the ink_pd_add_option() function. This function reads 'option' and…","indicators":{"cves":["CVE-2026-3596"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T06:16:15.667Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L183","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L5045","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L5046","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L5047","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L5058","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L183","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L5045","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L5046","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L5047","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L5058","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/271a35fb-56b7-4d6b-bccc-fea1227d0913?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31843","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-31843 — The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/a…","description":"The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment hook files. The endpoint is exposed via Route::any() without authentication middleware, enabling rem…","indicators":{"cves":["CVE-2026-31843"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T13:16:48.473Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/goodoneuz/pay-uz/blob/master/src/Http/Controllers/ApiController.php","label":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","domainType":"primary"},{"url":"https://github.com/goodoneuz/pay-uz/blob/master/src/routes/web.php","label":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","domainType":"primary"},{"url":"https://github.com/shaxzodbek-uzb/pay-uz","label":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","domainType":"primary"},{"url":"https://packagist.org/packages/goodoneuz/pay-uz","label":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6270","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6270 — @fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child pl…","description":"@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent scope and then registers child plugins with @fastify/middie, the child scope does not inherit the pare…","indicators":{"cves":["CVE-2026-6270"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T14:16:19.433Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://cna.openjsf.org/security-advisories.html","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"other"},{"url":"https://github.com/fastify/fastify-express/security/advisories/GHSA-hrwm-hgmj-7p9c","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"primary"},{"url":"https://github.com/fastify/middie/security/advisories/GHSA-72c6-fx6q-fr5w","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-37336","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-37336 — SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /…","description":"SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_music.php.","indicators":{"cves":["CVE-2026-37336","CVE-2026-37337","CVE-2026-37338","CVE-2026-37339","CVE-2026-37340"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T15:17:36.460Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/mt-0505/cve-report/blob/main/sourcecodester/simple-music-cloud-community-system/SQL-1.md","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/mt-0505/cve-report/blob/main/sourcecodester/simple-music-cloud-community-system/SQL-2.md","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/mt-0505/cve-report/blob/main/sourcecodester/simple-music-cloud-community-system/SQL-4.md","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/mt-0505/cve-report/blob/main/sourcecodester/simple-music-cloud-community-system/SQL-3.md","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/mt-0505/cve-report/blob/main/sourcecodester/simple-music-cloud-community-system/SQL-5.md","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-37341","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-37341 — SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the fil…","description":"SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_category.php.","indicators":{"cves":["CVE-2026-37341","CVE-2026-37342","CVE-2026-37343","CVE-2026-37344","CVE-2026-37345"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T15:17:37.007Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/mt-0505/cve-report/blob/main/sourcecodester/vehicle-parking-area-management-system/SQL-1.md","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/mt-0505/cve-report/blob/main/sourcecodester/vehicle-parking-area-management-system/SQL-2.md","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/mt-0505/cve-report/blob/main/sourcecodester/vehicle-parking-area-management-system/SQL-4.md","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/mt-0505/cve-report/blob/main/sourcecodester/vehicle-parking-area-management-system/SQL-3.md","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/mt-0505/cve-report/blob/main/sourcecodester/vehicle-parking-area-management-system/SQL-5.md","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-37346","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-37346 — SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the…","description":"SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_account.php?emp_id=.","indicators":{"cves":["CVE-2026-37346","CVE-2026-37347"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T15:17:37.560Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/mt-0505/cve-report/blob/main/sourcecodester/payroll-management-and-information-system/SQL-1.md","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/mt-0505/cve-report/blob/main/sourcecodester/payroll-management-and-information-system/SQL-2.md","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33082","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-33082 — DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQ…","description":"DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and passed to WhereTree2St…","indicators":{"cves":["CVE-2026-33082"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T18:16:45.283Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/dataease/dataease/releases/tag/v2.10.21","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-xxpw-2c8q-g693","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33083","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-33083 — DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below con…","description":"DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLObj c…","indicators":{"cves":["CVE-2026-33083","CVE-2026-33084","CVE-2026-33121","CVE-2026-33122","CVE-2026-33207","CVE-2026-40899","CVE-2026-40900"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T18:16:45.433Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/dataease/dataease/releases/tag/v2.10.21","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-f443-95cf-m837","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-r897-r9q8-3p2x","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-fg4m-q7ch-jqv5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-28vg-3hv7-w92f","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-pgh3-rgw3-xjmm","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-944x-93jf-h3rx","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-vqxf-84ph-j3vx","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40322","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40322 — SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid…","description":"SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered with securityLevel set to \"loose\", and the resulting SVG is injected into the DOM via innerHTML. This allows attacker-controlled javascript: URLs in Mermaid code blocks to surviv…","indicators":{"cves":["CVE-2026-40322"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T23:16:33.733Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/siyuan-note/siyuan/releases/tag/v3.6.4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-x63q-3rcj-hhp5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-x63q-3rcj-hhp5","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-34018","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-34018 — An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to exe…","description":"An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product.","indicators":{"cves":["CVE-2026-34018"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T06:16:29.733Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://community.cubecart.com/t/cubecart-6-6-0-released-the-biggest-update-in-years/62405","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://jvn.jp/en/jp/JVN78422311/","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6443","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6443 — All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versi…","description":"All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a persisten…","indicators":{"cves":["CVE-2026-6443"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T07:16:03.160Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://anchor.host/someone-bought-30-wordpress-plugins-and-planted-a-backdoor-in-all-of-them/","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2597724a-9a39-4e46-b153-f42366f833ba?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-37749","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-37749 — A SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows remote un…","description":"A SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows remote unauthenticated attackers to bypass authentication via the username parameter in index.php.","indicators":{"cves":["CVE-2026-37749"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T15:16:51.763Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://codeastro.com/simple-attendance-management-system-in-php-with-source-code/","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/menevarad007/CVE-2026-37749","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6284","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6284 — An attacker with network access to the PLC is able to brute force discover passwords to gain unautho…","description":"An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.","indicators":{"cves":["CVE-2026-6284"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T16:17:07.620Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-02.json","label":"ics-cert@hq.dhs.gov","domainType":"primary"},{"url":"https://hornerautomation.com/cscape-software-free/cscape-software/","label":"ics-cert@hq.dhs.gov","domainType":"other"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-02","label":"ics-cert@hq.dhs.gov","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-27890","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-27890 — Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7…","description":"Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow()…","indicators":{"cves":["CVE-2026-27890","CVE-2026-28214","CVE-2026-28224","CVE-2026-33337","CVE-2026-34232","CVE-2026-35215","CVE-2026-40342"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T19:16:34.993Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6crx-4g37-7j49","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7cq5-994r-jhrf","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-xrcw-wpjx-pr95","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-89mq-229g-x47p","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7jq3-6j3c-5cm2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-g99w-prq5-29c6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7pxc-h3rv-r257","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40525","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40525 — OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot O…","description":"OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the api_key configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke privi…","indicators":{"cves":["CVE-2026-40525"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T19:16:39.017Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/volcengine/OpenViking/commit/c7bb1676f4d037609f041bf39e4e2bd52e8f9820","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/volcengine/OpenViking/pull/1447","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/volcengine/OpenViking/releases/tag/v0.3.9","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openviking-authentication-bypass-via-vikingbot-openapi","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-32623","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-32623 — xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vuln…","description":"xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled fragmented virtual channel data against its a…","indicators":{"cves":["CVE-2026-32623","CVE-2026-32624"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:33.953Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-phw3-qp59-x2v4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7q2g-6fjr-h6pp","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35546","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-35546 — Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archi…","description":"Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted \narchives to be accepted, enabling attackers to plant and execute code \nand obtain a reverse shell.","indicators":{"cves":["CVE-2026-35546"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:35.380Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json","label":"ics-cert@hq.dhs.gov","domainType":"primary"},{"url":"https://www.anviz.com/contact-us.html","label":"ics-cert@hq.dhs.gov","domainType":"other"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03","label":"ics-cert@hq.dhs.gov","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-23500","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-23500 — Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) softwar…","description":"Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates the MAIN_ODT_AS_PDF configuration constant directly into a shell command passed to exec() without san…","indicators":{"cves":["CVE-2026-23500"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:31.890Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/Dolibarr/dolibarr/releases/tag/23.0.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-w5j3-8fcr-h87w","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35512","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-35512 — xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the…","description":"xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX (graphics dynamic virtual channel) implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication exploit…","indicators":{"cves":["CVE-2026-35512"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:33.297Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-jg6p-7fg8-9hh6","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40258","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40258 — The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.…","description":"The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability (Zip Slip) in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with directory-tra…","indicators":{"cves":["CVE-2026-40258"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T22:16:32.067Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/gramps-project/gramps-web-api/commit/3ed4342711e3ec849552df09b1fe2fbf2ca5c29a","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gramps-project/gramps-web-api/releases/tag/v3.11.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gramps-project/gramps-web-api/security/advisories/GHSA-m5gr-86j6-99jp","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40351","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40351 — FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login en…","description":"FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attacker to pass a MongoDB query operator object (e.g., {\"$ne\": \"\"}) as the password field. This NoSQL inj…","indicators":{"cves":["CVE-2026-40351"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T22:16:32.793Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/labring/FastGPT/commit/bd966d479fbe414d02679cf79f9eaaab3d100a2d","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/labring/FastGPT/releases/tag/v4.14.9.5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/labring/FastGPT/security/advisories/GHSA-x8mx-2mr7-h9xg","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40477","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40477 — Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.…","description":"Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it fails to properly restric…","indicators":{"cves":["CVE-2026-40477","CVE-2026-40478"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T22:16:33.500Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/thymeleaf/thymeleaf/security/advisories/GHSA-r4v4-5mwr-2fwr","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/thymeleaf/thymeleaf/security/advisories/GHSA-xjw8-8c5c-9r79","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40324","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40324 — Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1…","description":"Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser `Utf8GraphQLParser` has no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types…","indicators":{"cves":["CVE-2026-40324"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:36.920Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/ChilliCream/graphql-platform/commit/08c0caa42ca33c121bbed49d2db892e5bf6fb541","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChilliCream/graphql-platform/commit/4cbaf67d366f800fc1e484bc5c06dfcf27b45023","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChilliCream/graphql-platform/commit/b185eb276c9ee227bd44616ff113be7f01a66c69","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChilliCream/graphql-platform/commit/b9271e6a500484c002fd528dcd34d1a9b445480f","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChilliCream/graphql-platform/pull/9528","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChilliCream/graphql-platform/pull/9530","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChilliCream/graphql-platform/pull/9531","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChilliCream/graphql-platform/releases/tag/12.22.7","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChilliCream/graphql-platform/releases/tag/13.9.16","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChilliCream/graphql-platform/releases/tag/14.3.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChilliCream/graphql-platform/releases/tag/15.1.14","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChilliCream/graphql-platform/security/advisories/GHSA-qr3m-xw4c-jqw3","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40484","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40484 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backu…","description":"ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts uploaded archive contents and copies files from the Images/ directory into the web-accessible document root using recursiveCopyDirectory(), which performs no file exte…","indicators":{"cves":["CVE-2026-40484"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:39.387Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/ChurchCRM/CRM/commit/68be1d12bc4cc1429575ae797ef05efe47030d39","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/pull/8610","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/security/advisories/GHSA-2932-77f9-62fx","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40317","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40317 — NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.…","description":"NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 12 (JumpToUser) accepts an arbitrary entry point address from user-space registers without validation, allowing any Ring 3 user-mode process to jump to kernel addresses and execute arbitra…","indicators":{"cves":["CVE-2026-40317","CVE-2026-40572"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T01:16:19.380Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/MinecAnton209/NovumOS/releases/tag/v0.24","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/MinecAnton209/NovumOS/security/advisories/GHSA-xjx3-gjh9-45fm","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/MinecAnton209/NovumOS/security/advisories/GHSA-rg7m-6vh7-f4v2","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40492","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40492 — SAIL is a cross-platform library for loading and saving images with support for animation, metadata,…","description":"SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on `pixmap_depth` but the byte-swap code uses `bits_per_pixel` independently. Whe…","indicators":{"cves":["CVE-2026-40492","CVE-2026-40493","CVE-2026-40494"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T03:16:13.300Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/HappySeaFox/sail/commit/36aa5c7ec8a2bb35f6fb867a1177a6f141156b02","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/HappySeaFox/sail/security/advisories/GHSA-526v-vm72-4v64","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/HappySeaFox/sail/commit/c930284445ea3ff94451ccd7a57c999eca3bc979","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/HappySeaFox/sail/security/advisories/GHSA-rcqx-gc76-r9mv","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/HappySeaFox/sail/commit/45d48d1f2e8e0d73e80bc1fd5310cb57f4547302","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/HappySeaFox/sail/security/advisories/GHSA-cp2j-rwh4-r46f","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-32956","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-32956 — SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vul…","description":"SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device.","indicators":{"cves":["CVE-2026-32956","CVE-2026-32961"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T04:16:34.810Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://jvn.jp/en/vu/JVNVU94271449/","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/en/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6643","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6643 — A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems…","description":"A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to ex…","indicators":{"cves":["CVE-2026-6643"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T07:16:16.543Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://www.asustor.com/security/security_advisory_detail?id=54","label":"security@asustor.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6644","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6644 — A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability al…","description":"A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted web environment and execute arbitrary code on the underlying operating system. This occurs due to insufficient validation of user-supplied in…","indicators":{"cves":["CVE-2026-6644"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T07:16:16.693Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://https://www.asustor.com/security/security_advisory_detail?id=55","label":"security@asustor.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5963","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-5963 — EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remot…","description":"EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.","indicators":{"cves":["CVE-2026-5963","CVE-2026-5964"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T08:16:10.653Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://www.twcert.org.tw/en/cp-139-10832-05f3a-2.html","label":"twcert@cert.org.tw","domainType":"other"},{"url":"https://www.twcert.org.tw/tw/cp-132-10831-a734d-1.html","label":"twcert@cert.org.tw","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33557","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-33557 — A possible security vulnerability has been identified in Apache Kafka. By default, the broker proper…","description":"A possible security vulnerability has been identified in Apache Kafka.\n\nBy default, the broker property `sasl.oauthbearer.jwt.validator.class` is set to `org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator`. It accepts any JWT token without validating its signature, issuer, or audience.…","indicators":{"cves":["CVE-2026-33557"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T14:16:18.780Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://kafka.apache.org/cve-list","label":"security@apache.org","domainType":"other"},{"url":"https://lists.apache.org/thread/v57o00hm6yszdpdnvqx2ss4561yh953h","label":"security@apache.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/17/2","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5760","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-5760 — SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file cont…","description":"SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment().","indicators":{"cves":["CVE-2026-5760"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T14:16:21.680Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/Stuub/SGLang-0.5.9-RCE","label":"cret@cert.org","domainType":"primary"},{"url":"https://www.kb.cert.org/vuls/id/915947","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-24467","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-24467 — OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber advers…","description":"OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's password reset implementation contains multiple security weaknesses that together allow reliable acc…","indicators":{"cves":["CVE-2026-24467","CVE-2026-24468"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:16:41.447Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/OpenAEV-Platform/openaev/blob/82fa7d0009017110c9b509d0dc1b3a78164259dd/openaev-api/src/main/java/io/openaev/rest/user/UserApi.java#L120","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/OpenAEV-Platform/openaev/commit/c09a4e71ea76d26fc28c9b51c76bca89a902df4f","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/OpenAEV-Platform/openaev/releases/tag/2.0.13","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/OpenAEV-Platform/openaev/security/advisories/GHSA-vcjx-vw28-25p2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/OpenAEV-Platform/openaev/commit/3430fe23a9244030d06fdf8e6771592e1f12ad52","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/OpenAEV-Platform/openaev/security/advisories/GHSA-v6rg-hf9w-f8ph","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-39918","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-39918 — Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where th…","description":"Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration file without escaping or validation. Attackers can inject arbitrary PHP code by breaking out of the string context in the…","indicators":{"cves":["CVE-2026-39918"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:16:45.243Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/givanz/Vvveb/commit/5162c1639130bd080ab63c7d856788cd59d6b3b7","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/givanz/Vvveb/releases/tag/1.0.8.1","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/vvveb-code-injection-via-installation-endpoint","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-30269","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-30269 — Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their o…","description":"Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/{username}. The `role` field is accepted by the update model without a manage_users permission check for self-updates, enabling privil…","indicators":{"cves":["CVE-2026-30269"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T17:16:33.483Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://blog.orxiain.life/archives/cve-2026-30269---improper-access-control-in-doorman-allows-privilege-escalation","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/apidoorman/doorman","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-39109","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-39109 — SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management Sy…","description":"SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the username parameter of the login page (index.php). This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve sensitive database c…","indicators":{"cves":["CVE-2026-39109","CVE-2026-39110","CVE-2026-39111"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T18:16:27.043Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/efekaanakkar/Apartment-Visitors-Management-System-CVEs/","label":"cve@mitre.org","domainType":"primary"},{"url":"https://phpgurukul.com/?sdm_process_download=1&download_id=21524","label":"cve@mitre.org","domainType":"other"},{"url":"https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-29649","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-29649 — NEMU contains an implementation flaw in its RISC-V Hypervisor CSR handling where henvcfg[7:4] (CBIE/…","description":"NEMU contains an implementation flaw in its RISC-V Hypervisor CSR handling where henvcfg[7:4] (CBIE/CBCFE/CBZE-related fields) is incorrectly masked/updated based on menvcfg[7:4], so a machine-mode write to menvcfg can implicitly modify the hypervisor's environment configuration. This can lead to in…","indicators":{"cves":["CVE-2026-29649"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T20:16:48.410Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://docs.riscv.org/reference/isa/priv/hypervisor.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://docs.riscv.org/reference/isa/priv/machine.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/OpenXiangShan/NEMU/issues/681","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/OpenXiangShan/NEMU/pull/689","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6257","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6257 — Vvveb CMS v1.0.8 contains a remote code execution vulnerability in its media management functionalit…","description":"Vvveb CMS v1.0.8 contains a remote code execution vulnerability in its media management functionality where a missing return statement in the file rename handler allows authenticated attackers to rename files to blocked extensions .php or .htaccess. Attackers can exploit this logic flaw by first upl…","indicators":{"cves":["CVE-2026-6257"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T20:16:49.107Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/givanz/Vvveb/commit/6fb8eaa998265e33e8802cbc220d8859dbc144f2","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/vvveb-cms-remote-code-execution-via-media-management","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-29646","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-29646 — In OpenXiangShan NEMU prior to 55295c4, when running with RVH (Hypervisor extension) enabled, a VS-m…","description":"In OpenXiangShan NEMU prior to 55295c4, when running with RVH (Hypervisor extension) enabled, a VS-mode guest write to the supervisor interrupt-enable CSR (sie) may be handled incorrectly and can influence machine-level interrupt enable state (mie). This breaks privilege/virtualization isolation and…","indicators":{"cves":["CVE-2026-29646"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:19.503Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://docs.riscv.org/reference/isa/priv/hypervisor.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://docs.riscv.org/reference/isa/priv/machine.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://docs.riscv.org/reference/isa/priv/supervisor.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://docs.riscv.org/reference/isa/unpriv/zicsr.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/OpenXiangShan/NEMU/issues/951","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/OpenXiangShan/NEMU/pull/938","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/OpenXiangShan/NEMU/pull/938/commits/55295c46580456d8d5a9d5736e1fda924b8825ab","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-32604","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-32604 — Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0…","description":"Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, remove files, or inject resources easily. Versions 2026…","indicators":{"cves":["CVE-2026-32604"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:32.457Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/spinnaker/spinnaker/releases/tag/spinnaker-release-2025.3.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/spinnaker/spinnaker/releases/tag/spinnaker-release-2025.4.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/spinnaker/spinnaker/releases/tag/spinnaker-release-2026.0.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/spinnaker/spinnaker/security/advisories/GHSA-x3j7-7pgj-h87r","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-32613","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-32613 — Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services…","description":"Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL (Spring Expression Language) to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike orca, it was NOT restr…","indicators":{"cves":["CVE-2026-32613"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:32.623Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/spinnaker/spinnaker/releases/tag/spinnaker-release-2025.3.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/spinnaker/spinnaker/releases/tag/spinnaker-release-2025.4.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/spinnaker/spinnaker/releases/tag/spinnaker-release-2026.0.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/spinnaker/spinnaker/security/advisories/GHSA-69rw-45wj-g4v6","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5450","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-5450 — Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library ver…","description":"Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.","indicators":{"cves":["CVE-2026-5450"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:36.850Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u","label":"3ff69d7a-14f2-4f67-a097-88dee7810d18","domainType":"other"},{"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450","label":"3ff69d7a-14f2-4f67-a097-88dee7810d18","domainType":"other"},{"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41329","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-41329 — OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate pri…","description":"OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and senderIsOwner parameter manipulation. Attackers can exploit improper context validation to bypass sandbox restrictions and achieve unauthorized privilege…","indicators":{"cves":["CVE-2026-41329"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:31.390Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/openclaw/openclaw/commit/a30214a624946fc5c85c9558a27c1580172374fd","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-g5cg-8x5w-7jpm","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-sandbox-bypass-via-heartbeat-context-inheritance-and-senderisowner-escalation","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5965","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-5965 — NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated l…","description":"NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.","indicators":{"cves":["CVE-2026-5965"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T04:16:13.443Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://www.twcert.org.tw/en/cp-139-10857-c46f7-2.html","label":"twcert@cert.org.tw","domainType":"other"},{"url":"https://www.twcert.org.tw/tw/cp-132-10856-4979f-1.html","label":"twcert@cert.org.tw","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41036","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-41036 — This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied…","description":"This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary OS commands on the targeted device.\n\nSuccessful exploitation of this vu…","indicators":{"cves":["CVE-2026-41036"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T10:16:30.800Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0200","label":"vdisclose@cert-in.org.in","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6748","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6748 — Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firef…","description":"Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6748","CVE-2026-6751"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:20.910Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022604","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2025883","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6760","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6760 — Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150…","description":"Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.","indicators":{"cves":["CVE-2026-6760","CVE-2026-6768"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:21.950Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016923","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023615","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6771","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6771 — Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firef…","description":"Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6771"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:22.927Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2025067","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-15638","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2025-15638 — Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net::Dropb…","description":"Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt.\n\nNet::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include versions of libtomcrypt v1.18.1 or earlier, which is affected by CVE-2016-6129 and CVE-2018-12437.","indicators":{"cves":["CVE-2025-15638"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T16:16:19.030Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://metacpan.org/release/ATRODO/Net-Dropbear-0.14/source/dropbear/libtomcrypt/changes","label":"9b29abf9-4ab0-4765-b253-1875cd9b441e","domainType":"other"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-6129","label":"9b29abf9-4ab0-4765-b253-1875cd9b441e","domainType":"other"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-12437","label":"9b29abf9-4ab0-4765-b253-1875cd9b441e","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-21571","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-21571 — This Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0.0,…","description":"This Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0,\r\n11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center.\r\n \r\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 9.4 and a CVSS Vector of\r\nCVSS:4.0/AV:N/AC:L/AT:N/PR…","indicators":{"cves":["CVE-2026-21571"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:22.950Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://confluence.atlassian.com/pages/viewpage.action?pageId=1770913890","label":"security@atlassian.com","domainType":"other"},{"url":"https://jira.atlassian.com/browse/BAM-26364","label":"security@atlassian.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40050","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40050 — CrowdStrike has released security updates to address a critical unauthenticated path traversal vulne…","description":"CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability e…","indicators":{"cves":["CVE-2026-40050"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:53.610Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://www.crowdstrike.com/en-us/security-advisories/cve-2026-40050/","label":"13ddcd98-6f4a-40a8-8e24-29ca0aee4661","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40569","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40569 — FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection settings endpoints of FreeScout (`connectionIncomingSave()` at `app/Http/Controllers/MailboxesController.php:468` and `connectionOutgoingSave()` at l…","indicators":{"cves":["CVE-2026-40569"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware","phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:55.450Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/f45b9105d43b0352c08fcca154e8ae6177c3d860","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.213","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-hmqm-33wp-858j","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-hmqm-33wp-858j","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40576","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40576 — excel-mcp-server is a Model Context Protocol server for Excel file manipulation. A path traversal vu…","description":"excel-mcp-server is a Model Context Protocol server for Excel file manipulation. A path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or Streamable-HTTP transport mode (the documented way to use this server remotely), an unauthenticated at…","indicators":{"cves":["CVE-2026-40576"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:55.870Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/haris-musa/excel-mcp-server/security/advisories/GHSA-j98m-w3xp-9f56","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/haris-musa/excel-mcp-server/security/advisories/GHSA-j98m-w3xp-9f56","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40584","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40584 — RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.…","description":"RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.9.0, the API in the affected application improperly filters private location entries in website/web/api/genericapi.py. Because the code removes elements from a list while iterating over it, entries ma…","indicators":{"cves":["CVE-2026-40584"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:56.240Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/RansomLook/RansomLook/security/advisories/GHSA-hv66-vcqc-v87c","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://vulnerability.circl.lu/vuln/gcve-1-2026-0025","label":"security-advisories@github.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5652","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-5652 — An insecure direct object reference vulnerability in the Users API component of Crafty Controller al…","description":"An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation.","indicators":{"cves":["CVE-2026-5652"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:57.793Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://gitlab.com/crafty-controller/crafty-4/-/work_items/705","label":"cve@gitlab.com","domainType":"other"},{"url":"https://gitlab.com/crafty-controller/crafty-4/-/work_items/705","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41193","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-41193 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating file paths, allowing an authenticated admin to write files arbitrarily on the server filesystem via a specially crafted ZIP. Versio…","indicators":{"cves":["CVE-2026-41193"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:16:53.253Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/14f17a5cd22d217103a72b431b47b1f06996227b","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.215","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-r85m-5mc9-cc9w","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-r85m-5mc9-cc9w","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40372","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40372 — Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to…","description":"Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.","indicators":{"cves":["CVE-2026-40372"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:16:59.133Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40372","label":"secure@microsoft.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40884","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40884 — goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP authenticat…","description":"goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP authentication bypass when the documented empty-username basic-auth syntax is used. If the server is started with -b ':pass' together with -sftp, goshs accepts that configuration but does not install any SFTP pa…","indicators":{"cves":["CVE-2026-40884"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:02.107Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/patrickhener/goshs/security/advisories/GHSA-c29w-qq4m-2gcv","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/patrickhener/goshs/security/advisories/GHSA-c29w-qq4m-2gcv","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40885","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40885 — goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs leaks file-based…","description":"goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs leaks file-based ACL credentials through its public collaborator feed when the server is deployed without global basic auth. Requests to .goshs-protected folders are logged before authorization is enforced, and the c…","indicators":{"cves":["CVE-2026-40885"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:02.257Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/patrickhener/goshs/security/advisories/GHSA-7h3j-592v-jcrp","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/patrickhener/goshs/security/advisories/GHSA-7h3j-592v-jcrp","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40887","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40887 — Vendure is an open-source headless commerce platform. Starting in version 1.7.4 and prior to version…","description":"Vendure is an open-source headless commerce platform. Starting in version 1.7.4 and prior to versions 2.3.4, 3.5.7, and 3.6.2, an unauthenticated SQL injection vulnerability exists in the Vendure Shop API. A user-controlled query string parameter is interpolated directly into a raw SQL expression wi…","indicators":{"cves":["CVE-2026-40887"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:02.397Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/vendurehq/vendure/security/advisories/GHSA-9pp3-53p2-ww9v","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40903","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40903 — goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerabil…","description":"goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUB_TOKEN through workflow artifacts, even though the token is not present in the repository source code. This vulnerability is fixed in 2.0.0-beta.6.","indicators":{"cves":["CVE-2026-40903"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:02.947Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/patrickhener/goshs/security/advisories/GHSA-hpxj-9fgp-fhhf","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33518","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-33518 — An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and…","description":"An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected.","indicators":{"cves":["CVE-2026-33518"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:29.490Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/april2026_security_bulletin","label":"psirt@esri.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33519","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-33519 — An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Win…","description":"An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.","indicators":{"cves":["CVE-2026-33519"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:29.673Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/april2026_security_bulletin","label":"psirt@esri.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34275","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-34275 — Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component…","description":"Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component: Setup and Administration).  Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl…","indicators":{"cves":["CVE-2026-34275"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:31.550Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34279","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-34279 — Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (c…","description":"Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management).  Supported versions that are affected are 13.5 and  24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracl…","indicators":{"cves":["CVE-2026-34279"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:32.180Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34285","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-34285 — Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (componen…","description":"Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core).   The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager C…","indicators":{"cves":["CVE-2026-34285","CVE-2026-34286","CVE-2026-34287","CVE-2026-34288","CVE-2026-34289","CVE-2026-34290","CVE-2026-34294"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:33.130Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40906","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40906 — Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the order_by parameter in the Elect…","description":"Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the order_by parameter in the ElectricSQL /v1/shape API is vulnerable to error-based SQL injection, allowing any authenticated user to read, write, and destroy the full contents of the underlying PostgreSQL database through crafted ORD…","indicators":{"cves":["CVE-2026-40906"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:44.697Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/electric-sql/electric/pull/4081","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/electric-sql/electric/security/advisories/GHSA-h5rg-pxx7-r2hj","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/electric-sql/electric/security/advisories/GHSA-h5rg-pxx7-r2hj","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40911","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40911 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YPTSocket plugin's Web…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YPTSocket plugin's WebSocket server relays attacker-supplied JSON message bodies to every connected client without sanitizing the `msg` or `callback` fields. On the client side, `plugin/YPTSocket/script.js` contains two `e…","indicators":{"cves":["CVE-2026-40911"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:45.350Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/c08694bf6264eb4decceb78c711baee2609b4efd","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-gph2-j4c9-vhhr","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-gph2-j4c9-vhhr","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40933","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40933 — Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.…","description":"Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can add an MCP stdio server with an arbitrary command, achieving command execution. The vulnerability l…","indicators":{"cves":["CVE-2026-40933"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T22:16:19.383Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-c9gw-hvqq-f33r","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://www.ox.security/blog/mcp-supply-chain-advisory-rce-vulnerabilities-across-the-ai-ecosystem","label":"security-advisories@github.com","domainType":"other"},{"url":"https://www.ox.security/blog/the-mother-of-all-ai-supply-chains-critical-systemic-vulnerability-at-the-core-of-the-mcp","label":"security-advisories@github.com","domainType":"other"},{"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-c9gw-hvqq-f33r","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40575","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40575 — OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0…","description":"OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied `X-Forwarded-Uri` header when `--reverse-proxy` is enabled and `--skip-auth-regex` or `--skip-auth-route` is configured. An attacker can spoof this header so…","indicators":{"cves":["CVE-2026-40575","CVE-2026-41059"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T00:16:27.817Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-7x63-xv5r-3p2x","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-pxq7-h93f-9jrg","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41064","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-41064 — WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fi…","description":"WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fix for AVideo's `test.php` adds `escapeshellarg` for wget but leaves the `file_get_contents` and `curl` code paths unsanitized, and the URL validation regex `/^http/` accepts strings like `httpevil[.]c…","indicators":{"cves":["CVE-2026-41064"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T00:16:28.187Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/1e6cf03e93b5a5318204b010ea28440b0d9a5ab3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/commit/78bccae74634ead68aa6528d631c9ec4fd7aa536","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-3fpm-8rjr-v5mc","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-pq8p-wc4f-vg7j","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41304","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-41304 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the `cloneServer.json.php`…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and below, the `cloneServer.json.php` endpoint in the CloneSite plugin constructs shell commands using user-controlled input (`url` parameter) without proper sanitization. The input is directly concatenated into a `wget` command executed…","indicators":{"cves":["CVE-2026-41304"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet","rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T00:16:29.697Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/473c609fc2defdea8b937b00e86ce88eba1f15bb","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-xr6f-h4x7-r6qp","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-4119","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-4119 — The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up t…","description":"The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers admin_post action hooks for creating tables (admin_post_add_table) and deleting tables (admin_post_delete_db_table) without implementing any capability chec…","indicators":{"cves":["CVE-2026-4119"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:23.330Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/tags/1.2.1/create-db-tables.php#L370","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/tags/1.2.1/create-db-tables.php#L376","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/tags/1.2.1/create-db-tables.php#L405","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/tags/1.2.1/create-db-tables.php#L408","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/tags/1.2.1/create-new-table.php#L14","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/tags/1.2.1/create-new-table.php#L69","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/trunk/create-db-tables.php#L370","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/trunk/create-db-tables.php#L376","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/trunk/create-db-tables.php#L405","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/trunk/create-db-tables.php#L408","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/trunk/create-new-table.php#L14","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/trunk/create-new-table.php#L69","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d1a3bc4b-cc17-4728-b242-13841b5f7660?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6235","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6235 — The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'ma…","description":"The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manage_admin_requests' function in all versions up to, and including, 1.0.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for…","indicators":{"cves":["CVE-2026-6235"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:26.263Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/sendmachine/tags/1.0.20/includes/sendmachine_email_manager.php#L39","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sendmachine/tags/1.0.20/sendmachine_wp_admin.php#L174","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sendmachine/tags/1.0.20/sendmachine_wp_admin.php#L183","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7889e071-84a8-46ec-abe5-5c98980ce275?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31460","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-31460 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check if ext_ca…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: check if ext_caps is valid in BL setup\n\nLVDS connectors don't have extended backlight caps so check\nif the pointer is valid before accessing it.\n\n(cherry picked from commit 3f797396d7f4eb9bb6eded184bbc6f033628a6f6)","indicators":{"cves":["CVE-2026-31460"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:41.550Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/60b0524bfb7d691ab378cdc788209f11cd34da89","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9da4f9964abcaeb6e19797d5e3b10faad338a786","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31461","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-31461 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix drm_edid le…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix drm_edid leak in amdgpu_dm\n\n[WHAT]\nWhen a sink is connected, aconnector->drm_edid was overwritten without\nfreeing the previous allocation, causing a memory leak on resume.\n\n[HOW]\nFree the previous drm_edid befo…","indicators":{"cves":["CVE-2026-31461"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:41.670Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/37c2caa167b0b8aca4f74c32404c5288b876a2a3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/52db857e94b9be4e6315586602b0257d1d2b165a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/eb95595194e4755b62360aa821f40a79b0953105","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31488","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-31488 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not skip unr…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Do not skip unrelated mode changes in DSC validation\n\nStarting with commit 17ce8a6907f7 (\"drm/amd/display: Add dsc pre-validation in\natomic check\"), amdgpu resets the CRTC state mode_changed flag to false when\nreco…","indicators":{"cves":["CVE-2026-31488"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:46.453Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/10862e344b4d6434642a48c87d765813fc0b0ba7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/111208b5b7ebcdadb3f922cc52d8425f0fa91b33","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8a5edc97fd9c6415ff2eff872748439a97e3c3d8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/aed3d041ab061ec8a64f50a3edda0f4db7280025","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"vendor-cve-2026-21523-github-copilot-and-visual-studio-code-remote-code-execution-vulne","source":"vendor-blogs","category":"advisory","severity":"critical","title":"CVE-2026-21523 GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability","description":"Added acknowledgements. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T14:00:00.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21523","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-vect-formalizes-breachforums-and-teampcp-alliance-to-push-model-for-industrializ","source":"vendor-blogs","category":"advisory","severity":"critical","title":"Vect formalizes BreachForums and TeamPCP alliance to push model for industrialized ransomware, scale RaaS operations","description":"New data from Dataminr identified that ransomware group Vect operationalized a formal partnership with BreachForums cybercrime marketplace and...\nThe post Vect formalizes BreachForums and TeamPCP alliance to push model for industrialized ransomware, scale RaaS operations appeared first on Industrial…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T10:18:47.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://industrialcyber.co/ransomware/vect-formalizes-breachforums-and-teampcp-alliance-to-push-model-for-industrialized-ransomware-scale-raas-operations/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"abuseip-88.151.32.168","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 88.151.32.168","description":"Country: NL | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["88.151.32.168"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-22T14:17:01.000Z","fetchedAt":"2026-04-22T15:00:00.182Z","references":[{"url":"https://www.abuseipdb.com/check/88.151.32.168","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-2.57.122.191","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 2.57.122.191","description":"Country: RO | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["2.57.122.191"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-22T14:17:01.000Z","fetchedAt":"2026-04-22T15:00:00.182Z","references":[{"url":"https://www.abuseipdb.com/check/2.57.122.191","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-92.118.39.196","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 92.118.39.196","description":"Country: RO | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["92.118.39.196"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-22T14:17:01.000Z","fetchedAt":"2026-04-22T15:00:00.182Z","references":[{"url":"https://www.abuseipdb.com/check/92.118.39.196","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-211.223.107.86","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 211.223.107.86","description":"Country: KR | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["211.223.107.86"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-22T14:17:01.000Z","fetchedAt":"2026-04-22T15:00:00.182Z","references":[{"url":"https://www.abuseipdb.com/check/211.223.107.86","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-106.12.18.199","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 106.12.18.199","description":"Country: CN | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["106.12.18.199"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-22T14:17:01.000Z","fetchedAt":"2026-04-22T15:00:00.182Z","references":[{"url":"https://www.abuseipdb.com/check/106.12.18.199","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-196.189.155.89","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 196.189.155.89","description":"Country: ET | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["196.189.155.89"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-22T14:17:01.000Z","fetchedAt":"2026-04-22T15:00:00.182Z","references":[{"url":"https://www.abuseipdb.com/check/196.189.155.89","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-102.219.126.124","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 102.219.126.124","description":"Country: AO | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["102.219.126.124"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-22T14:17:01.000Z","fetchedAt":"2026-04-22T15:00:00.182Z","references":[{"url":"https://www.abuseipdb.com/check/102.219.126.124","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-107.170.38.20","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 107.170.38.20","description":"Country: US | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["107.170.38.20"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-22T14:17:01.000Z","fetchedAt":"2026-04-22T15:00:00.182Z","references":[{"url":"https://www.abuseipdb.com/check/107.170.38.20","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-85.29.197.188","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 85.29.197.188","description":"Country: EE | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["85.29.197.188"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-22T14:17:01.000Z","fetchedAt":"2026-04-22T15:00:00.182Z","references":[{"url":"https://www.abuseipdb.com/check/85.29.197.188","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-2.57.122.177","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 2.57.122.177","description":"Country: RO | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["2.57.122.177"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-22T14:17:01.000Z","fetchedAt":"2026-04-22T15:00:00.182Z","references":[{"url":"https://www.abuseipdb.com/check/2.57.122.177","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-152.32.213.68","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 152.32.213.68","description":"Country: HK | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["152.32.213.68"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-22T14:17:00.000Z","fetchedAt":"2026-04-22T15:00:00.182Z","references":[{"url":"https://www.abuseipdb.com/check/152.32.213.68","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-92.118.39.195","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 92.118.39.195","description":"Country: RO | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["92.118.39.195"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-22T14:17:00.000Z","fetchedAt":"2026-04-22T15:00:00.182Z","references":[{"url":"https://www.abuseipdb.com/check/92.118.39.195","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-103.39.225.73","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 103.39.225.73","description":"Country: CN | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["103.39.225.73"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-22T14:17:00.000Z","fetchedAt":"2026-04-22T15:00:00.182Z","references":[{"url":"https://www.abuseipdb.com/check/103.39.225.73","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-64.62.197.91","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 64.62.197.91","description":"Country: US | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["64.62.197.91"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-22T14:16:59.000Z","fetchedAt":"2026-04-22T15:00:00.182Z","references":[{"url":"https://www.abuseipdb.com/check/64.62.197.91","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-188.127.237.85","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 188.127.237.85","description":"Country: RU | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["188.127.237.85"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-22T14:16:59.000Z","fetchedAt":"2026-04-22T15:00:00.182Z","references":[{"url":"https://www.abuseipdb.com/check/188.127.237.85","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-87.249.18.170","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 87.249.18.170","description":"Country: RU | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["87.249.18.170"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-22T14:16:59.000Z","fetchedAt":"2026-04-22T15:00:00.182Z","references":[{"url":"https://www.abuseipdb.com/check/87.249.18.170","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-85.217.149.35","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 85.217.149.35","description":"Country: CA | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["85.217.149.35"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-22T14:16:58.000Z","fetchedAt":"2026-04-22T15:00:00.182Z","references":[{"url":"https://www.abuseipdb.com/check/85.217.149.35","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-103.143.207.15","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 103.143.207.15","description":"Country: VN | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["103.143.207.15"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-22T14:16:58.000Z","fetchedAt":"2026-04-22T15:00:00.182Z","references":[{"url":"https://www.abuseipdb.com/check/103.143.207.15","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-195.178.110.30","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 195.178.110.30","description":"Country: NL | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["195.178.110.30"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-22T14:16:58.000Z","fetchedAt":"2026-04-22T15:00:00.182Z","references":[{"url":"https://www.abuseipdb.com/check/195.178.110.30","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-2.57.122.195","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 2.57.122.195","description":"Country: RO | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["2.57.122.195"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-22T14:16:58.000Z","fetchedAt":"2026-04-22T15:00:00.182Z","references":[{"url":"https://www.abuseipdb.com/check/2.57.122.195","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"threatfox-1796142","source":"threatfox","category":"threat-intel","severity":"critical","title":"payload_delivery: undefined","description":"https://tracker.viriback.com/index.php?q=mail.treysbeatend.com","indicators":{"cves":[],"ips":[""],"domains":[""],"urls":[""],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ClearFake","22April2026","Commandline","Windows","DarkCloud","ViriBack","CobaltStrike","drb-ra","RAT","ValleyRAT","RedLineStealer","Agentemis","Beacon","Cobalt Strike","cobeacon","Kongtuke","c2","RapidStealer","StrelaStealer","ClickFix","compromised","etherhiding","Polygon","Vidar","WordPress","remcos","Gafgyt","ConnectBack","glassworm","Wave3","wallet-trojan","calendar-c2","infostealer stealer","opiusra","EnmityStealer","1xxbot","ArechClient","SectopRAT","Stealc","CinaRAT","Quasar RAT","QuasarRAT","Yggdrasil","BotManager","Mirai","MaskGramStealer","21April2026","conhost-headless","finger-tcp79","fingerfix","win.fingerfix","finger-delivery","AS15169","hak5","AS14618","AS14061","AS9123","SocGholish","cs-watermark-987654321","cs-watermark-100000","Fake Zoom","ScreenConnect","VBScript","Fake Microsoft Teams","Fake Adobe","SSA","ErrTraffic","Lumma","r88vry","XWorm","GDrive","grpc","msi","NodeJS","TOR","darkcomet","NanoCore","dcrat","Steal","RemcosRAT","ExtRat","Xtreme RAT","AS24940","CHAOS","Hetzner Online GmbH","kimwolf","Discord","cs-watermark-666666","macOS","stealer","FrostStealer","etherhide","polygon-contract-stored-c2","20April2026","Fake-Claude","Nancrat","NanoCore RAT","PureHVNC","PureRAT","AS202412","jarm-cluster","Omegatech","cluster25","sliver","clickfix-cluster","phishing","AS8075","Microsoft Corporation","Supershell","Mozi","EXT","Fake Claude","ACRStealer","OffLoader","AISURU","exe","DGA","valleyrat_s2","REMPROXY","CrystalX","DeepLoad","AS205775","NEON CORE NETWORK LLC","Bot Manager","pw-ryos","DDNS","Fake Adobe Reader","Fake DocuSign","payload","Fake Google Meet","cs-watermark-305419896","cs-watermark-666666666","cs-watermark-391144938","DarkCrystal RAT","18April2026","AS216084","itystealer","Kerem Uluboy","Access2.IT Network","AS208258","zabbix","AS64439","borz","RocketCloud.ru","honeypot","WebDav","botnet","controller","ssh","Amnesia Panel","Web Panel","NetSupport","asyncrat","garble","go","midie","sideload-asus","AS56971","AS56971 Cloud","UNAM","Amos","asar","atomic","wallet-injection","applescript","keystone-persistence","Loader","Vjw0rm","PhantomGate","SantaStealer","rmm","simplehelp","deerstealer","njrat","a10fsw","SHubStealer","Farfli","APT","kimsuky","DPRK","Lazarus","ESP","geo","GCleaner","SilentNet","17April2026","KermitRAT","Breut","Fynloski","klovbot","Remvio","Socmer","tofsee","IClickFix","NetSupport RAT","ZigClipper","domain","Lumma Stealer","Mirax","16April2026","infostealer","AS328543","Sun Network Company Limited","RedTigerStealer","WeedHack","Havoc","d0b0p","Loki","Lorikazz","AS932","XNNET LLC","SmartApeSG","AgingFly","UKR","odiznrio","Patchwork","cs-watermark-1234567890","quasar","dropped-by-vidar","exfil","FlagStealer","SmartLoader","15April2026","Metateam1337x-afk","apt"],"malwareFamily":"ClearFake","confidence":100,"publishedAt":"2026-04-22T14:59:51Z","fetchedAt":"2026-04-22T15:00:06.465Z","references":[{"url":"https://tracker.viriback.com/index.php?q=mail.treysbeatend.com","label":"ThreatFox","domainType":"other"},{"url":"https://infosec.exchange/@monitorsg/116448535265098838","label":"ThreatFox","domainType":"other"},{"url":"https://app.any.run/tasks/35c37d6a-75d7-49b0-b74a-b08decf37ad9","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/ce1285f6f87bfc3c2a7f51f1f9f4829d94fed5504f9b892f7e2a62b6b4acf4bc/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/0f70443956f8340ec3a31ca44c34619a2ea1db1b07b68c06c5f4e72ae8581df8/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/7e8535101461b828c2d12888ab01fe2ead504d19c2e14c141ef029346bfe86d5/","label":"ThreatFox","domainType":"primary"},{"url":"https://codeberg.org/tip-o-deincognito/glassworm-writeup","label":"ThreatFox","domainType":"other"},{"url":"https://tria.ge/260422-mm74asc19k/behavioral1","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/217db70a30b60d6f855d9347251889c5c18ef895057619fb8480a31882c53ebe/","label":"ThreatFox","domainType":"primary"},{"url":"https://x.com/suyog41/status/2046592187606220864","label":"ThreatFox","domainType":"other"},{"url":"https://app.any.run/tasks/e3d0fd2c-5aa2-462e-a704-bfb99c24dbf1","label":"ThreatFox","domainType":"other"},{"url":"https://app.any.run/tasks/f2bfdd8e-687b-4dc7-96e1-3d37846c6710","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/778ca9816558ae85045ad676fd016bb7e0d586ff4b05a80472006c81180b0d4d/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/34b7d8e96a8156c53299589e69aa8b4e353ac9554f7ea109b3c652e805f74f97/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116444745795503961","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/amanullahstorellc.com","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/673d15c65f3c65d8bf7518d2a47907a59c5f26a8dd08fb954107d162c1b3721f","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116446151590680751","label":"ThreatFox","domainType":"other"},{"url":"https://x.com/solostalking/status/2046806549813989463?s=20","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/4804a8800007a70241a5e5b2e9f548d2cf56aa64800324a16818616950880945/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/c23f8dd49136a471a5d6632272ecc09041efec0503716f8a3e513a4e8e9eee26/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/4db60c88de6ae375433dc71b8fde1ff323ff5bc5425903a77324a321ac85029c/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/0ac8ef75974a1e69c74855aea131206598a060feab1790282b8ca1c431058fe0/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/bfaf3900078db99c433f5d6e1d58989ae2c7c5a81aabeebc4668a87a89790466/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116443576096335383","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/981083069928ba9c9ab6f5c00e08e39bce07449ef7415f58e962939edabdecd7/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/0a326c130fb55d6f158b793d4c1373aac4c5280bcd9d57f97d10ff7c4d2bd3c7/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/abee9e2c579bed2a9169e1c0b0cfcf910a941ba7a3e556a7cbb9716a90616cbd/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/543379e43bf62ccb4e702b46a5d37edc93ffe7fbc3c9a01efeb7ceee0ac96127/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/15887b4ba9168d51b22e75cf00a801787578e9d3d62064bd19bb8aed0afa3b90/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@netresec/116441345775251709","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/346627d7d58703c3da5b604372778175219e5f7f8c0998f742ebede838fa79e4/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/cfa65056a9accc2678480771e25891733787cf1f0ac46727e2663ca8383e3795/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116438604768924087","label":"ThreatFox","domainType":"other"},{"url":"https://app.any.run/tasks/17149906-1e74-4cdb-a523-8de8790384c2","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/07f008e9ebfb33b2ef8a7f9dcf1f27bed1687359eb321044db47f9ebf70ed129/","label":"ThreatFox","domainType":"primary"},{"url":"https://www.virustotal.com/gui/domain/frostapiv2.com/relations","label":"ThreatFox","domainType":"other"},{"url":"https://x.com/motuariki_/status/2046158360928768268","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/a1a15f6d3c172e29e991bcb274f6c47a2ee45614224ffbccfcec39113a3bd078/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/346edde3c594d4af0f607951ae38f21c8e5ad611419cc7c9e7a2e0c913896581/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/e41f1af836b7573725758186407dbc21293186683e75582563f6760f8aac1a46/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/be94ed15a50a3386f6ab466401d68faf13ead40a05f50c37f410414b57512d3c/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/a4b590be9e9c39b328b69285182e9b0c1dc742d8df854a147bf709a2b74b15c6/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/3cdb760342bc041252efe74188ba8b106b10484a3638b0a2d33830016611a2c8/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/4013853381bb2c28ddff061b1a208e886f2b52a31073cea40e4cdb5ec431d58b/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/d4fd4b65aea6fdd1968fd59046265a5d636f58309c28e12044a3abf145014f78/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/c61c5222e298bf632c0f701da32d74c1e2830a56e1baef37cfb8d212540c516b/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/c086065da56bda3b3654003d541b44f9721baec9894066768447d6c3841504ab/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/c03060e63d3a3a16312ea4d15393c38901ec7239d7290bd30f6b266316bc0b1e/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/9b434276b0af0ea43fdf71a09ca7687c0a45254ba1a0955a1cf04372d69de36d/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/b8342acd2dde4b63d58b11bb83626aa61cd4a7ed33ba42df5eec4b3ad3e934df/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/269ef9fd26667dfcae57ae29f559a327de0327e37c2dd5887ed7a453f7a04a07/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/14871ed0de7fb24775a7c51fb6c88c68a02d31a07050612e457b7f2b66a06285/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/0ef84c28fef31e4457241009cada38ee3ba37d7827b6755d046586d4e49159f4/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/28b74e0919f0e8f08ca698f7d4c897ce345f0ad1f2752e29450d0ef4fe1eaeff/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116437427332348292","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/a63a4bef804fd6e29dfb03780c4b68d353b848d952573465d4a019b452c56e51/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116437337022892373","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/9a824eccc370507893eb49881bc5222b0e76a439b78afabea228a08fb686e6aa/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/a111e77f244f7ced8fea48db8d7ea4648e0a12715b16de0e1473965084d65465/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/6993b775414c63276857ea4ebb6798d8609724ebe9e661ad47d7adb7f554b0de/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/53ce6a4f580b7b9d572bb0cc6c1b9814c2538aabf58429e3f258548a54f0514a/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/3884ca8ff0e82370fc831f4b38c4e7004f474ae1a0087ff58b160d5082f031c2/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/56316afa7cc9642c064f64f1572f8e0c6a70f207f31229609670a6c4515624ca/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/673d15c65f3c65d8bf7518d2a47907a59c5f26a8dd08fb954107d162c1b3721f/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/12eeb42b6c685304e9619f3988146b5a68db3fbe7f0ac28b1c5fda9481315c46/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/1b53dd85b7392738c1810b950552fda5c6b274c7dd2e5b731a1eb101e3946b78/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/858787b627c6e7dec417e1082c6776f0f028930a5482e35fd7f2e3fd6ae9cc5a/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/f37e60e60a3e504f555444ced745e7224cc83625a29582d29217b8a4ab7341a4/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/7fed823191f3c1381f63d43e74dee66f451c6cc6bcb1cf753996e13aaec7921d/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/edd7e88acbf5e866bf68fdb45d2dcb3fe19bb8c5014a4ddc65ff59703abd42da/","label":"ThreatFox","domainType":"primary"},{"url":"https://greedybear.honeynet.org","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/8d8b467cc8473f5a02df308943a7e87927d5e3c1b6f52f1916226a1687697c64/","label":"ThreatFox","domainType":"primary"},{"url":"https://urlhaus.abuse.ch/host/176.65.134.19/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/51a5a9e0f2f500a5f296cf3cfa45576bca995f0eeb5d4d263630902cd1c2fd73/","label":"ThreatFox","domainType":"primary"},{"url":"https://x.com/BreakGlassIntel/status/2045300165330837575","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/a8f92e521b958cc8c702ee5eddfeb77b571de2b4c23f88de69949a419956432d/","label":"ThreatFox","domainType":"primary"},{"url":"https://x.com/JAMESWT_WT/status/2045449296871321937","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/267b0b1dc0a99f9f3918f24f626518d23dde5e0caf1128f128f7857906e3ebf5/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/e9564236bdaac13cb38601b461a76c1b497ae21c85f524cd6f623587101b20e9/","label":"ThreatFox","domainType":"primary"},{"url":"https://tria.ge/260418-glp87shv3s","label":"ThreatFox","domainType":"other"},{"url":"https://infosec.exchange/@monitorsg/116422799712820736","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/2762f3e0a56d62e70157c398626856befead49f0926ba921f478bb599f10e2f6/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/c6e203c681d5ba9786a870a67b11dd784468a640816844c197a4b5a14a9bcf81/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/706bd2e1aac21fadfbcfe1e6639a6488c574f00b007e087718282c597bebf1c1/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/4828d141d7c6b23d0e150aa5e88b812edfaa80ed31fea8f7b6e960144e96f58f/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/bde2db917c40dba4f7d17cb508a3fe9d84e7b00453402c99db7929df7fa50e23/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/2907d74d4bb3ce573ed471b7ddd96f2c49c9dc2b7c7485940651cd9fc1542080/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/9ffadd20c3946d7a635f48a91ab2ca00e6374ff05bf3ac9344e5d2758d3302ba/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/971fa32e2c385f679da4df0b303d2fc484b68d1a1131d77cd4815fc2285249ba/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/4686b6e4902d8a89e97eaa78b4513344537e8031da2fa2b31dad8df30496a3fd/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/753e3923f63b122a65c886aac5932670d0dcd5c46a4cc4f5292da5c0dbea73ce/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/7d4fa8546533a2bc077b20560cd7c32bc240c456c9606478f6253372e48c07fc/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/f6ac3f6683fce33f2f376745b3f9dfe5e86d5d661c36c2ed8ae5a5f153f72c99/","label":"ThreatFox","domainType":"primary"},{"url":"https://x.com/suyog41/status/2045093863812112734","label":"ThreatFox","domainType":"other"},{"url":"https://x.com/K_N1kolenko/status/2045099146856599584","label":"ThreatFox","domainType":"other"},{"url":"https://x.com/K_N1kolenko/status/2045094677435584919","label":"ThreatFox","domainType":"other"},{"url":"https://x.com/skocherhan/status/2044874869871906854","label":"ThreatFox","domainType":"other"},{"url":"https://x.com/cyberwar_15/status/2044964550173409631","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/faaa4d005314440dfd7ed5fa2f522e1a2642f08ec3bf0c1e2779a39bf4268349/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/bf11196247528173195420fcac7cb78e58bec0af501e400f5830d82b9d031b67/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/6250f329e5f6311b857a7d6813269fb0f56d5916870dd0095cb7b87452f5592f/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/679ce9eb3e1bdba8ed58fa53690ae879ce50679be97fbc41e85cbb6a88bbeb0a/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/f9d4d9d8ba78742c1dfcc2d3ff38b13cdc2cba40843564b5919100601f23bad1/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/0c31586cd59ccfaf7fb8da14ae4aa28bd7300443b4e17a86aa59cfc921ecd62e/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/fe93882d49c90278bd15c2b5f02a3d278e41b6c98604210cea167042cec509ea/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/3e5d00fd22666970d708c6a0f8813f81689f21eb6e6d3ffbe01e19023562b630/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/eabd970c01299dc18e66e65a921b4d9045afd362771baeb0fa89e43257c4e4dd/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/82f28b2ecc7158d827089712f84c664c124aa94fde9ea353608b22ee110d73d7/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/73f5db0b04dfff8274ecb96dc3c10c8d4819627a20110dc763123d6ed3421fa9/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116418783762985803","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/454850749d874755a8e1e43e5a128a9fa39ffe49f5ffdbe9f264b5997ccb039c/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/153a90a38f3fe20786de448bce120bcc89c0a00761a55b01783e9b8345b5cb78/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/3442ef237e4be9b964e7922253482cdbe557d9c8c44c519ea6fecf1725cdeead/","label":"ThreatFox","domainType":"primary"},{"url":"https://urlhaus.abuse.ch/url/3823884/","label":"ThreatFox","domainType":"primary"},{"url":"https://www.cleafy.com/cleafy-labs/mirax-a-new-android-rat-turning-infected-devices-into-potential-residential-proxy-nodes","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/9d176e2a1d21e4b368cd06adfb0f38629781d4b7ca6ed7b738efb0745e77fa22/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/c132d2a4a97ba28b95d212d9b4dba6b375fc73a3b52f0a5b72703ee380e29cc8/","label":"ThreatFox","domainType":"primary"},{"url":"https://x.com/skocherhan/status/2044843064745681374","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/108bb28df7f64b83f8fda981664c6209a50cab9bb0eb13888410be30d2006bd6/","label":"ThreatFox","domainType":"primary"},{"url":"https://www.virustotal.com/gui/domain/friendlydomain.ru/relations","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/dd426a8f168871393bec760724228c0584e80519c5069b4969a663846afdb88e/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/aa589ef7e0ea27bed4ee87929117cfc5b28b68c343b3991209514db311c1a3ec/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/500f2453771722611010edab168211ad9eca0c0bf97936453855e8638e6d73fd/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/8e02b5ba983587779b3aeeaa2d50d9b2a965c578ec0a1242c58af34322d97e9f/","label":"ThreatFox","domainType":"primary"},{"url":"https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2026-04-13-LORIKAZZ-ANDROID-IOT.txt","label":"ThreatFox","domainType":"primary"},{"url":"https://x.com/500mk500/status/2044765712481239082","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/6ad0f9685ddaf9f39d9543f83be82874e050455e0fc6f3d20481cf595e23f02d/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116414303892382227","label":"ThreatFox","domainType":"other"},{"url":"https://cert.gov.ua/article/6288271","label":"ThreatFox","domainType":"other"},{"url":"https://therecord.media/aging-fly-espionage-campaign-targets-ukraine-emergency-services","label":"ThreatFox","domainType":"media"},{"url":"https://app.any.run/tasks/a365d025-2c6f-4ead-b419-e1285fcfcaae","label":"ThreatFox","domainType":"other"},{"url":"https://app.any.run/tasks/3d1280a9-8ba1-4f2e-aab9-213bb9639197","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/4bfd0b95c3baf8b621e009aec5b92344e4e236ebc12b34fad891d0a1996668c6/","label":"ThreatFox","domainType":"primary"},{"url":"https://x.com/500mk500/status/2044440829859643849","label":"ThreatFox","domainType":"other"},{"url":"https://x.com/salmanvsf/status/2044635908981604371","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/e9bf8b0cc4f99ab868fbdbf3e90a6adcb867a7041f6201007a7844414ba0cc55/","label":"ThreatFox","domainType":"primary"},{"url":"https://urlhaus.abuse.ch/url/3823147/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/b830f043076a12748b6a2dc0810ece85439ee77434d991ae7d84201b09ead756/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/ade9874ddc5fb64c27f3eecddeeabdddb4b62e341e1ec06f09fea29ac9e6baa5/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/9f9c4d0f6644abe7500325d2e387ff606a1d72f8d033bc164f984deee92d7d65/","label":"ThreatFox","domainType":"primary"},{"url":"https://clickfix.carsonww.com/domains/www.zeitdanach.ch","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/www.aircliniq.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/www.omnicoresolutions.net","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/d0545dc9e3fd3fbb17c6945c4b8bdbb339a78b7af99d3ada96b2620d171f4518/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/37fb059d66f036d9fcbde38eae1f577e5c214713ed0f2c2ff42f893c3b16e035/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/5646873f89e3468c306385ef3d65b7daf63aeee4128553c3224c75cb0e6902ca/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/14118a6070f89baafd5f2aeaf2df7535a8053f99944453584f0d1efeb6501ac3/","label":"ThreatFox","domainType":"primary"},{"url":"https://clickfix.carsonww.com/domains/www.freejunkcarhauling.com","label":"ThreatFox","domainType":"other"},{"url":"https://infosec.exchange/@monitorsg/116410056030488409","label":"ThreatFox","domainType":"other"}],"feedLabel":null},{"id":"otx-69e2824daddc65cc4bab207d","source":"otx","category":"threat-intel","severity":"critical","title":"Using KATA and KEDR to detect the AdaptixC2 agent","description":"AdaptixC2 is an emerging open-source post-exploitation framework rapidly adopted by threat actors in APT attacks and ransomware campaigns. Written in Go and C++, it supports Windows, macOS, and Linux with extensive modularity through Beacon Object Files (BOFs). The framework enables diverse command-…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"f212fd00d9ffc0f3d868845f7f4215cb","sha1":null,"sha256":null}},"tags":["mgbot","lateral movement","network detection","post-exploitation framework","coolclient","command-and-control","toneshell","vbcloud","cloudatlas","process injection","edr","powershower","credential harvesting","adaptixc2","vbshower","ransomware","apt","phishing","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T18:56:13.085Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69e2824daddc65cc4bab207d","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e2bfe152d44136b3c83ec3","source":"otx","category":"threat-intel","severity":"critical","title":"Uptick in Bomgar RMM Exploitation","description":"Since early April 2026, security researchers have observed a significant increase in attacks targeting Bomgar remote monitoring and management instances, exploiting CVE-2026-1731, a critical vulnerability disclosed in February. Threat actors have compromised Bomgar RMM to target downstream customers…","indicators":{"cves":["CVE-2026-1731","CVE-2024-3400","CVE-2023-33538","CVE-2025-59287","CVE-2025-21042","CVE-2025-55182","CVE-2025-66478","CVE-2025-14847","CVE-2026-1281","CVE-2026-1340","CVE-2025-0921","CVE-2025-23304","CVE-2026-22584"],"ips":[],"domains":["bot.ddosvps.cc","cnc.vietdediserver.shop","reminders.trahum.org","screenai.online","stratioai.org","bootcamptg.org","promoverse.org","miniquest.org","codefusiontech.org","maxisteq.org"],"urls":[],"hashes":{"md5":"e7efe76a253a37e0f92ff1dbe3caf3e7","sha1":"c2cc464588846692f67bb9abdde5fedb88d0cb21","sha256":"bc9635dcc3444c18b447883c6bc1931e5373e48c7dbfaa607285a9fb668b03ea"}},"tags":["lockbit","simplehelp","remote access tools","ransomware","byovd","screenconnect","atera","bomgar","rmm exploitation","anydesk","cve-2026-1731","poisonkiller","msp targeting","cve-2023-33538","tp-link routers","iot exploitation","firmware analysis","condi botnet","command injection","wifi routers","mirai","condi","mirai botnet","maritime","nuso","lamporat","ai-enhanced malware","trusted relationship compromise","energy","iranian","cyberespionage","udpgangster","critical infrastructure","blackbeard","phoenix","ghostbackdoor","social engineering","phishing","botnet","rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T23:18:57.685Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69e2bfe152d44136b3c83ec3","label":"OTX Pulse","domainType":"primary"},{"url":"https://otx.alienvault.com/pulse/69e1f0ddb1aa33b71576ca92","label":"OTX Pulse","domainType":"primary"},{"url":"https://otx.alienvault.com/pulse/69b91b4202446dd5143da7c3","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"news-over-1-300-microsoft-sharepoint-servers-vulnerable-to-spoofing-attacks","source":"general-news","category":"news","severity":"critical","title":"Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks","description":"Over 1,300 Microsoft SharePoint servers exposed online remain unpatched against a spoofing vulnerability that was exploited as a zero-day and is still being abused in ongoing attacks. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["zeroday"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T06:53:02.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/over-1-300-microsoft-sharepoint-servers-vulnerable-to-ongoing-attacks/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-former-ransomware-negotiator-pleads-guilty-to-blackcat-attacks","source":"general-news","category":"news","severity":"critical","title":"Former ransomware negotiator pleads guilty to BlackCat attacks","description":"41-year-old Angelo Martino, a former employee of cybersecurity incident response company DigitalMint, has pleaded guilty to targeting U.S. companies in BlackCat (ALPHV) ransomware attacks in 2023. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T10:12:21.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/former-ransomware-negotiator-pleads-guilty-to-blackcat-attacks/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-mustang-panda-s-new-lotuslite-variant-targets-india-banks-south-korea-policy-cir","source":"general-news","category":"news","severity":"critical","title":"Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles","description":"Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that's distributed via a theme related to India's banking sector.\n\"The backdoor communicates with a dynamic DNS-based command-and-control server over HTTPS and supports remote shell access, file operations, a…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["apt","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:58:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://thehackernews.com/2026/04/mustang-pandas-new-lotuslite-variant.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-systembc-c2-server-reveals-1-570-victims-in-the-gentlemen-ransomware-operation","source":"general-news","category":"news","severity":"critical","title":"SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation","description":"Threat actors associated with The Gentlemen ransomware‑as‑a‑service (RaaS) operation have been observed attempting to deploy a known proxy malware called SystemBC.\nAccording to new research published by Check Point, the command-and-control (C2 or C&C) server linked to SystemBC has led to the discove…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:18:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://thehackernews.com/2026/04/systembc-c2-server-reveals-1570-victims.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-ransomware-negotiator-pleads-guilty-to-aiding-blackcat-attacks-in-2023","source":"general-news","category":"news","severity":"critical","title":"Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023","description":"A third individual who was employed as a ransomware negotiator has pleaded guilty to conducting ransomware attacks against U.S. companies in 2023.\nAngelo Martino, 41, of Land O'Lakes, Florida, teamed up with the operators of the BlackCat ransomware starting in April 2023 to assist the e-crime gang i…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T14:31:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://thehackernews.com/2026/04/ransomware-negotiator-pleads-guilty-to.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-no-exploit-needed-how-attackers-walk-through-the-front-door-via-identity-based-a","source":"general-news","category":"news","severity":"critical","title":"No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks","description":"The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry point for attackers still hasn't changed: stolen credentials.\nIdentity-based attacks remain a dominant initi…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["zeroday","supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T11:30:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://thehackernews.com/2026/04/no-exploit-needed-how-attackers-walk.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-sglang-cve-2026-5760-cvss-9-8-enables-rce-via-malicious-gguf-model-files","source":"general-news","category":"news","severity":"critical","title":"SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files","description":"A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems.\nThe vulnerability, tracked as CVE-2026-5760, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of command injection lea…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T17:14:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://thehackernews.com/2026/04/sglang-cve-2026-5760-cvss-98-enables.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-anthropic-mcp-design-vulnerability-enables-rce-threatening-ai-supply-chain","source":"general-news","category":"news","severity":"critical","title":"Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain","description":"Cybersecurity researchers have discovered a critical \"by design\" weakness in the Model Context Protocol's (MCP) architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence (AI) supply chain.\n\"This flaw enables Arbitrary Command Execution…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce","supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T10:42:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://thehackernews.com/2026/04/anthropic-mcp-design-vulnerability.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-three-microsoft-defender-zero-days-actively-exploited-two-still-unpatched","source":"general-news","category":"news","severity":"critical","title":"Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched","description":"Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems.\nThe activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun, and…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["zeroday"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T13:21:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://thehackernews.com/2026/04/three-microsoft-defender-zero-days.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-google-blocks-8-3b-policy-violating-ads-in-2025-launches-android-17-privacy-over","source":"general-news","category":"news","severity":"critical","title":"Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul","description":"Google this week announced a new set of Play policy updates to strengthen user privacy and protect businesses against fraud, even as it revealed it blocked or removed over 8.3 billion ads globally and suspended 24.9 million accounts in 2025.\nThe new policy updates relate to contact and location perm…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T10:47:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://thehackernews.com/2026/04/google-blocks-83b-policy-violating-ads.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-threatsday-bulletin-defender-0-day-sonicwall-brute-force-17-year-old-excel-rce-a","source":"general-news","category":"news","severity":"critical","title":"ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories","description":"You know that feeling when you open your feed on a Thursday morning and it's just... a lot? Yeah. This week delivered. We've got hackers getting creative in ways that are almost impressive if you ignore the whole \"crime\" part, ancient vulnerabilities somehow still ruining people's days, and enough s…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["zeroday","rce","supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T13:05:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://thehackernews.com/2026/04/threatsday-bulletin-17-year-old-excel.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-ransomware-negotiator-pleads-guilty-to-blackcat-scheme","source":"general-news","category":"news","severity":"critical","title":"Ransomware Negotiator Pleads Guilty to BlackCat Scheme","description":"A cautionary tale illustrates why the person negotiating should never be involved with any part of the ransom payment process.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:12:43.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.darkreading.com/insider-threats/ransomware-negotiator-pleads-guilty-blackcat-scheme","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-surge-in-bomgar-rmm-exploitation-demonstrates-supply-chain-risk","source":"general-news","category":"news","severity":"critical","title":"Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk","description":"The critical remote code execution flaw (CVE-2026-1731) in the remote monitoring and management tool can be exploited to spread ransomware and compromise supply chains.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware","rce","supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:29:17.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.darkreading.com/cyberattacks-data-breaches/surge-bomgar-rmm-exploitation-demonstrates-supply-chain-risk","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-google-fixes-critical-rce-flaw-in-ai-based-antigravity-tool","source":"general-news","category":"news","severity":"critical","title":"Google Fixes Critical RCE Flaw in AI-Based 'Antigravity' Tool","description":"The prompt-injection vulnerability in the agentic AI product for filesystem operations was a sanitization issue that allowed for sandbox escape and arbitrary code execution.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:00:50.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.darkreading.com/vulnerabilities-threats/google-fixes-critical-rce-flaw-ai-based-antigravity-tool","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-chinese-apt-targets-indian-banks-korean-policy-circles","source":"general-news","category":"news","severity":"critical","title":"Chinese APT Targets Indian Banks, Korean Policy Circles","description":"China is spying on India's financial sector, for some reason, and it's not putting much effort into it, judging by some stale TTPs.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["apt"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:00:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.darkreading.com/cyberattacks-data-breaches/chinese-apt-indian-banks-korean-policy","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-6-year-ransomware-campaign-targets-turkish-homes-amp-smbs","source":"general-news","category":"news","severity":"critical","title":"6-Year Ransomware Campaign Targets Turkish Homes &amp; SMBs","description":"While enterprises breaches make more headlines, smaller incidents tend to be under-reported, if at all, allowing campaigns to last longer with less disruption.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T06:00:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.darkreading.com/cyberattacks-data-breaches/6-year-ransomware-campaign-turkish-homes-smbs","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-google-antigravity-in-crosshairs-of-security-researchers-cybercriminals","source":"general-news","category":"news","severity":"critical","title":"Google Antigravity in Crosshairs of Security Researchers, Cybercriminals","description":"Researchers discovered a remote code execution vulnerability and cybercriminals are using its reputation to deliver malware.\nThe post Google Antigravity in Crosshairs of Security Researchers, Cybercriminals appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:53:05.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.securityweek.com/google-antigravity-in-crosshairs-of-security-researchers-cybercriminals/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-third-us-security-expert-admits-helping-ransomware-gang","source":"general-news","category":"news","severity":"critical","title":"Third US Security Expert Admits Helping Ransomware Gang","description":"Angelo Martino of Florida has pleaded guilty to collaborating with the BlackCat cybercrime group while working as a ransomware negotiator.\nThe post Third US Security Expert Admits Helping Ransomware Gang appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T14:44:24.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.securityweek.com/third-us-security-expert-admits-helping-ransomware-gang/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-former-ransomware-negotiator-pleads-guilty-to-working-for-blackcat-cyber-gang","source":"general-news","category":"news","severity":"critical","title":"Former Ransomware Negotiator Pleads Guilty to Working For BlackCat Cyber Gang","description":"A former ransomware negotiator has pleaded guilty to abusing his position by working with noted cybercrime group BlackCat","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T11:00:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.infosecurity-magazine.com/news/former-ransomware-negotiator/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-the-gentlemen-ransomware-expands-with-rapid-affiliate-growth","source":"general-news","category":"news","severity":"critical","title":"The Gentlemen Ransomware Expands With Rapid Affiliate Growth","description":"Gentlemen RaaS expands quickly with multi-platform attacks and SystemBC-linked infections","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T14:00:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.infosecurity-magazine.com/news/gentlemen-ransomware-rapid/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-cookeville-medical-center-notifies-patients-after-july-2025-ransomware-attack","source":"general-news","category":"news","severity":"critical","title":"Cookeville Medical Center Notifies Patients After July 2025 Ransomware Attack","description":"Tennessee's CRMC notifies over 337,000 patients of Rhysida ransomware breach exposing sensitive data","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T15:01:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.infosecurity-magazine.com/news/cookeville-medical-center-data/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-automotive-ransomware-attacks-double-in-a-year","source":"general-news","category":"news","severity":"critical","title":"Automotive Ransomware Attacks Double in a Year","description":"Halcyon says ransomware now accounts for more than two-fifths of cyber-attacks targeting carmakers","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T08:35:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.infosecurity-magazine.com/news/automotive-ransomware-attacks/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-former-digitalmint-ransomware-negotiator-pleads-guilty-to-extortion-scheme","source":"general-news","category":"news","severity":"critical","title":"Former DigitalMint ransomware negotiator pleads guilty to extortion scheme","description":"Angelo Martino helped accomplices extort a combined $75.3 million in ransom payments from five victim companies.\nThe post Former DigitalMint ransomware negotiator pleads guilty to extortion scheme appeared first on CyberScoop.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:03:58.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://cyberscoop.com/digitalmint-ransomware-negotiator-angelo-martino-guilty-plea/","label":"CyberScoop","domainType":"media"}],"feedLabel":null},{"id":"news-lawmakers-ponder-terrorism-designations-homicide-charges-over-hospital-ransomwar","source":"general-news","category":"news","severity":"critical","title":"Lawmakers ponder terrorism designations, homicide charges over hospital ransomware attacks","description":"The ideas came up at a House Homeland Security Committee hearing, as health care ransomware attacks are on the rise.\nThe post Lawmakers ponder terrorism designations, homicide charges over hospital ransomware attacks appeared first on CyberScoop.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:49:46.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://cyberscoop.com/lawmakers-ponder-terrorism-designations-homicide-charges-over-hospital-ransomware-attacks/","label":"CyberScoop","domainType":"media"}],"feedLabel":null},{"id":"news-vuln-in-google-s-antigravity-ai-agent-manager-could-escape-sandbox-give-attacker","source":"general-news","category":"news","severity":"critical","title":"Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution","description":"Google’s highest security setting for its agents runs command operations through a sandbox and throttles network access, but is still vulnerable to prompt injection.\nThe post Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution appeared first on Cy…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:17:31.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://cyberscoop.com/google-antigravity-pillar-security-agent-sandbox-escape-remote-code-execution/","label":"CyberScoop","domainType":"media"}],"feedLabel":null},{"id":"cisa-kev-CVE-2026-20122","source":"cisa-kev","category":"vulnerability","severity":"high","title":"CVE-2026-20122 — Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability","description":"Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the…","indicators":{"cves":["CVE-2026-20122"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T00:00:00.000Z","fetchedAt":"2026-04-22T15:00:00.187Z","references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-20122","label":"NVD","domainType":"primary"}],"feedLabel":null},{"id":"cisa-kev-CVE-2026-20133","source":"cisa-kev","category":"vulnerability","severity":"high","title":"CVE-2026-20133 — Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability","description":"Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability that could allow remote attackers to view sensitive information on affected systems.","indicators":{"cves":["CVE-2026-20133"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T00:00:00.000Z","fetchedAt":"2026-04-22T15:00:00.187Z","references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-20133","label":"NVD","domainType":"primary"}],"feedLabel":null},{"id":"cisa-kev-CVE-2025-2749","source":"cisa-kev","category":"vulnerability","severity":"high","title":"CVE-2025-2749 — Kentico Xperience Path Traversal Vulnerability","description":"Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations.","indicators":{"cves":["CVE-2025-2749"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T00:00:00.000Z","fetchedAt":"2026-04-22T15:00:00.187Z","references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2749","label":"NVD","domainType":"primary"}],"feedLabel":null},{"id":"cisa-kev-CVE-2025-48700","source":"cisa-kev","category":"vulnerability","severity":"high","title":"CVE-2025-48700 — Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability","description":"Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that could allow attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information.","indicators":{"cves":["CVE-2025-48700"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T00:00:00.000Z","fetchedAt":"2026-04-22T15:00:00.187Z","references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48700","label":"NVD","domainType":"primary"}],"feedLabel":null},{"id":"cisa-kev-CVE-2026-20128","source":"cisa-kev","category":"vulnerability","severity":"high","title":"CVE-2026-20128 — Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability","description":"Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesystem as a low-privileged user.","indicators":{"cves":["CVE-2026-20128"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T00:00:00.000Z","fetchedAt":"2026-04-22T15:00:00.187Z","references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-20128","label":"NVD","domainType":"primary"}],"feedLabel":null},{"id":"cisa-kev-CVE-2025-32975","source":"cisa-kev","category":"vulnerability","severity":"high","title":"CVE-2025-32975 — Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability","description":"Quest KACE Systems Management Appliance (SMA) contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users without valid credentials.","indicators":{"cves":["CVE-2025-32975"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T00:00:00.000Z","fetchedAt":"2026-04-22T15:00:00.187Z","references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32975","label":"NVD","domainType":"primary"}],"feedLabel":null},{"id":"cisa-kev-CVE-2026-34197","source":"cisa-kev","category":"vulnerability","severity":"high","title":"CVE-2026-34197 — Apache ActiveMQ Improper Input Validation Vulnerability","description":"Apache ActiveMQ contains an improper input validation vulnerability that allows for code injection.","indicators":{"cves":["CVE-2026-34197"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T00:00:00.000Z","fetchedAt":"2026-04-22T15:00:00.187Z","references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34197","label":"NVD","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-silex-technology-sd-330ac-and-amc-manager","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Silex Technology SD-330AC and AMC Manager","description":"View CSAF\nSummary\nSuccessful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, cause a denial-of-service, or configuration information may be altered without authentication.\nThe following versions of Silex Technology SD-330AC and AMC Manager are affected:\nSD-33…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing","ics","transport"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:00:00.000Z","fetchedAt":"2026-04-22T15:00:00.177Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-10","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-siemens-ruggedcom-crossbow-secure-access-manager-primary","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary","description":"View CSAF\nSummary\nRUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) contains a vulnerability that could allow an attacker to escalate their own privileges. Siemens has released a new version for RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) and recommends to update to the latest ve…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:00:00.000Z","fetchedAt":"2026-04-22T15:00:00.177Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-02","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-siemens-tpm-2-0","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Siemens TPM 2.0","description":"View CSAF\nSummary\nThe products listed below contain a vulnerability that could allow an attacker to perform an out-of-bound read, potentially leading to information disclosure or denial of service of the TPM. Siemens has released new versions for several affected products and recommends to update to…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet","ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:00:00.000Z","fetchedAt":"2026-04-22T15:00:00.177Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-01","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-senselive-x3050","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"SenseLive X3050","description":"View CSAF\nSummary\nSuccessful exploitation of these vulnerabilities could allow an attacker to take complete control of the device.\nThe following versions of SenseLive X3050 are affected:\nX3050 V1.523 (CVE-2026-40630, CVE-2026-25720, CVE-2026-35503, CVE-2026-39462, CVE-2026-27843, CVE-2026-40431, CVE…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing","ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:00:00.000Z","fetchedAt":"2026-04-22T15:00:00.177Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-12","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-siemens-analytics-toolkit","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Siemens Analytics Toolkit","description":"View CSAF\nSummary\nMultiple Siemens applications are affected by improper certificate validation in Siemens Analytics Toolkit. This could allow an unauthenticated remote attacker to perform man in the middle attacks. Siemens has released new versions for the affected products and recommends to update…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:00:00.000Z","fetchedAt":"2026-04-22T15:00:00.177Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-04","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-siemens-scalance","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Siemens SCALANCE","description":"View CSAF\nSummary\nSCALANCE W-700 IEEE 802.11n family before V6.6.0 are affected by multiple vulnerabilities. Siemens has released a new version for SCALANCE W-700 IEEE 802.11n family and recommends to update to the latest version.\nThe following versions of Siemens SCALANCE are affected:\nSCALANCE W72…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:00:00.000Z","fetchedAt":"2026-04-22T15:00:00.177Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-07","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-siemens-sinec-nms","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Siemens SINEC NMS","description":"View CSAF\nSummary\nSiemens SINEC NMS when used with User Management Component (UMC) contains an authentication bypass vulnerability due to insufficient validation of user identity. This could allow an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the applica…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:00:00.000Z","fetchedAt":"2026-04-22T15:00:00.177Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-03","label":"CISA Advisory","domainType":"primary"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-09","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-zero-motorcycles-firmware","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Zero Motorcycles Firmware","description":"View CSAF\nSummary\nSuccessful exploitation of this vulnerability could allow an attacker to pair via Bluetooth with a motorcycle, gaining unauthorized access to all Bluetooth functions, including changing the firmware.\nThe following versions of Zero Motorcycles Firmware are affected:\nZero Motorcycles…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:00:00.000Z","fetchedAt":"2026-04-22T15:00:00.177Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-06","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-siemens-industrial-edge-management","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Siemens Industrial Edge Management","description":"View CSAF\nSummary\nIndustrial Edge Management contains an authorization bypass vulnerability that could be exploited by an unauthenticated remote attacker to circumvent authentication and to access connected Industrial Edge Devices through the remote connection feature. Siemens has released new versi…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:00:00.000Z","fetchedAt":"2026-04-22T15:00:00.177Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-11","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-siemens-ruggedcom-crossbow-station-access-controller-sac","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Siemens RUGGEDCOM CROSSBOW Station Access Controller (SAC)","description":"View CSAF\nSummary\nRUGGEDCOM CROSSBOW Station Access Controller (SAC) contains a vulnerability that could allow an attacker to achieve arbitrary code execution and to create a denial of service condition. Siemens has released a new version for RUGGEDCOM CROSSBOW Station Access Controller (SAC) and re…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:00:00.000Z","fetchedAt":"2026-04-22T15:00:00.177Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-08","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-supply-chain-compromise-impacts-axios-node-package-manager","source":"cisa-advisories","category":"advisory","severity":"high","title":"​​Supply Chain Compromise Impacts Axios Node Package Manager​ ","description":"The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this alert to provide guidance in response to the software supply chain compromise of the Axios node package manager (npm).1 Axios is an HTTP client for JavaScript that developers commonly use in Node.js and browser environment…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing","botnet","supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T12:00:00.000Z","fetchedAt":"2026-04-22T15:00:00.177Z","references":[{"url":"https://www.cisa.gov/news-events/alerts/2026/04/20/supply-chain-compromise-impacts-axios-node-package-manager","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-aveva-pipeline-simulation","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"AVEVA Pipeline Simulation","description":"View CSAF\nSummary\nSuccessful exploitation of this vulnerability could allow an unauthenticated attacker to modify simulation parameters, training configuration and training records.\nThe following versions of AVEVA Pipeline Simulation are affected:\nPipeline Simulation <=2025_SP1_build_7.1.9497.6351\nC…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T12:00:00.000Z","fetchedAt":"2026-04-22T15:00:00.177Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-04","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-horner-automation-cscape-and-xl4-xl7-plc","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Horner Automation Cscape and XL4, XL7 PLC","description":"View CSAF\nSummary\nSuccessful exploitation of this vulnerability could allow an attacker to gain unauthorized access to systems and services.\nThe following versions of Horner Automation Cscape and XL4, XL7 PLC are affected:\nCscape v10.0\nXL7 PLC v15.60\nXL4 PLC v16.32.0\nCVSS\nVendor\nEquipment\nVulnerabil…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T12:00:00.000Z","fetchedAt":"2026-04-22T15:00:00.177Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-02","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2025-54550","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2025-54550 — The example example_xcom that was included in airflow documentation implemented unsafe pattern of re…","description":"The example example_xcom that was included in airflow documentation implemented unsafe pattern of reading value\nfrom xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary\nexecution of code on the worker. Since the UI users are already highly tru…","indicators":{"cves":["CVE-2025-54550"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T04:17:32.670Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/apache/airflow/pull/63200","label":"security@apache.org","domainType":"primary"},{"url":"https://lists.apache.org/thread/3mf4cfx070ofsnf9qy0s2v5gqb5sc2g1","label":"security@apache.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/15/1","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-2834","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-2834 — The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to…","description":"The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ parameter in all versions up to, and including, 3.32.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthe…","indicators":{"cves":["CVE-2026-2834"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T04:17:36.113Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/token-of-trust/tags/3.31.4/admin/error-log.php#L4","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/token-of-trust/tags/3.31.4/admin/settings-page/view-logs.php#L13","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2d8e037e-c446-44ae-a5ee-bbba938e5edf?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33806","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-33806 — Impact: Fastify applications using schema.body.content for per-content-type body validation can have…","description":"Impact:\n\nFastify applications using schema.body.content for per-content-type body validation can have validation bypassed entirely by prepending a space to the Content-Type header. The body is still parsed correctly but schema validation is skipped.\n\nThis is a regression introduced in fastify >= 5.3…","indicators":{"cves":["CVE-2026-33806"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T04:17:36.650Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://cna.openjsf.org/security-advisories.html","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"other"},{"url":"https://github.com/fastify/fastify/security/advisories/GHSA-mg2h-6x62-wpwc","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-39884","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-39884 — mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions…","description":"mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the port_forward tool in src/tools/port_forward.ts, where a kubectl command is constructed via string concatenation with user-controlled…","indicators":{"cves":["CVE-2026-39884"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T04:17:37.097Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/Flux159/mcp-server-kubernetes/releases/tag/v3.5.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-4xqg-gf5c-ghwq","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-4xqg-gf5c-ghwq","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-39971","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-39971 — Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the email sending funct…","description":"Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the email sending functionality in include/functions.inc.php inserts $_SERVER['HTTP_HOST'] directly into the Message-ID SMTP header without validation, and the existing sanitization function serendipity_isResponseClean() is…","indicators":{"cves":["CVE-2026-39971"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T04:17:39.763Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/s9y/Serendipity/releases/tag/2.6.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/s9y/Serendipity/security/advisories/GHSA-458g-q4fh-mj6r","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40090","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40090 — Zarf is an Airgap Native Packager Manager for Kubernetes. Versions 0.23.0 through 0.74.1 contain an…","description":"Zarf is an Airgap Native Packager Manager for Kubernetes. Versions 0.23.0 through 0.74.1 contain an arbitrary file write vulnerability in the zarf package inspect sbom and zarf package inspect documentation subcommands. These subcommands output file paths are constructed by joining a user-controlled…","indicators":{"cves":["CVE-2026-40090"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T04:17:43.310Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/zarf-dev/zarf/pull/4793","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/zarf-dev/zarf/security/advisories/GHSA-pj97-4p9w-gx3q","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40104","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40104 — XWiki Platform is a generic wiki platform offering runtime services for applications built on top of…","description":"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and 17.5.0-rc-1 and prior include a resource exhaustion vulnerability in REST API endpoints such as /xwiki/rest/wikis/xwiki/spaces/AnnotationCode/pages/AnnotationCo…","indicators":{"cves":["CVE-2026-40104","CVE-2026-40105"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T04:17:47.953Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/xwiki/xwiki-platform/commit/47b568c4753a6e682b14be1ca581bdd3b25d45a7","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mrqg-xmgm-rc5g","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://jira.xwiki.org/browse/XWIKI-23550","label":"security-advisories@github.com","domainType":"other"},{"url":"https://github.com/xwiki/xwiki-platform/commit/3c8a2ec985641367015c2db937574fcd360c788c","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-w4fj-87j5-f25c","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://jira.xwiki.org/browse/XWIKI-23472","label":"security-advisories@github.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5397","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5397 — It has been identified that a vulnerability (CWE-427) exists in the UPS (Uninterruptible Power Suppl…","description":"It has been identified that a vulnerability (CWE-427) exists in the UPS (Uninterruptible Power Supply) management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges.\n\nIf a malicious DLL is…","indicators":{"cves":["CVE-2026-5397"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T05:16:45.740Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://www.omron.com/global/en/inquiry/data/OMSR-2026-001_en.pdf","label":"bba440f9-ef23-4224-aa62-7ac0935d18d1","domainType":"other"},{"url":"https://www.omron.com/jp/ja/inquiry/data/OMSR-2026-001_ja.pdf","label":"bba440f9-ef23-4224-aa62-7ac0935d18d1","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40719","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40719 — Deadwood in MaraDNS 3.5.0036 allows attackers to exhaust connection slots via a zone whose authorita…","description":"Deadwood in MaraDNS 3.5.0036 allows attackers to exhaust connection slots via a zone whose authoritative nameserver address cannot be resolved.","indicators":{"cves":["CVE-2026-40719"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T07:16:11.193Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/samboy/MaraDNS/security/advisories/GHSA-cfc6-vhrv-62cj","label":"cve@mitre.org","domainType":"primary"},{"url":"https://maradns.samiam.org/changelog.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/samboy/MaraDNS/security/advisories/GHSA-cfc6-vhrv-62cj","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5088","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5088 — Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts…","description":"Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts.\n\nThe _make_salt and _make_salt_bcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt.  If those modules are unavailable, it will simp…","indicators":{"cves":["CVE-2026-5088"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T08:16:16.790Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://metacpan.org/pod/Crypt::URandom","label":"9b29abf9-4ab0-4765-b253-1875cd9b441e","domainType":"other"},{"url":"https://metacpan.org/release/JDEGUEST/Apache2-API-v0.5.2/view/lib/Apache2/API/Password.pod","label":"9b29abf9-4ab0-4765-b253-1875cd9b441e","domainType":"other"},{"url":"https://metacpan.org/release/JDEGUEST/Apache2-API-v0.5.3/changes","label":"9b29abf9-4ab0-4765-b253-1875cd9b441e","domainType":"other"},{"url":"https://security.metacpan.org/docs/guides/random-data-for-security.html","label":"9b29abf9-4ab0-4765-b253-1875cd9b441e","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/15/4","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/15/5","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-40897","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2025-40897 — An access control vulnerability was discovered in the Threat Intelligence functionality due to a spe…","description":"An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform administ…","indicators":{"cves":["CVE-2025-40897"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T09:16:29.777Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://security.nozominetworks.com/NN-2026:1-01","label":"prodsec@nozominetworks.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-40899","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2025-40899 — A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due…","description":"A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges can define a malicious custom field containing a JavaScript payload. When the victim views the Assets…","indicators":{"cves":["CVE-2025-40899"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T09:16:30.837Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://security.nozominetworks.com/NN-2026:2-01","label":"prodsec@nozominetworks.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3643","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-3643 — The Accessibly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in…","description":"The Accessibly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in all versions up to, and including, 3.0.3. The plugin registers REST API endpoints at `/otm-ac/v1/update-widget-options` and `/otm-ac/v1/update-app-config` with the `permission_callback` set to `__ret…","indicators":{"cves":["CVE-2026-3643"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T09:16:31.720Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/otm-accessibly/tags/3.0.3/public/Api/BaseApiController.php#L22","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/otm-accessibly/tags/3.0.3/public/AssetsManager.php#L63","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/otm-accessibly/tags/3.0.3/public/Data/AccessiblyOptions.php#L69","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/otm-accessibly/tags/3.0.3/public/admin/AdminApi.php#L65","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/otm-accessibly/trunk/public/Api/BaseApiController.php#L22","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/otm-accessibly/trunk/public/AssetsManager.php#L63","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/otm-accessibly/trunk/public/Data/AccessiblyOptions.php#L69","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/otm-accessibly/trunk/public/admin/AdminApi.php#L65","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f8234ea2-ff80-425f-b83d-29c422b40c6a?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5617","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5617 — The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to,…","description":"The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the handle_return_to_admin() function trusting a client-controlled cookie (oclaup_original_admin) to determine which user to authenticate as, without any server-si…","indicators":{"cves":["CVE-2026-5617"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T09:16:33.210Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/one-click-login-as-user/tags/1.0.3/includes/class-login-handler.php#L45","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/one-click-login-as-user/tags/1.0.3/includes/class-login-handler.php#L50","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/one-click-login-as-user/trunk/includes/class-login-handler.php#L45","label":"security@wordfence.com","domainType":"other"},{"url":"https://wordpress.org/plugins/one-click-login-as-user/","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c0c74d48-6cfc-4899-bd2c-4a80b1f6e05f?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5694","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5694 — The Quick Interest Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the…","description":"The Quick Interest Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'loan-amount' and 'loan-period' parameters in all versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers…","indicators":{"cves":["CVE-2026-5694"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T09:16:33.370Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"http://plugins.trac.wordpress.org/browser/quick-interest-slider/tags/3.1.5/quick-interest-slider.php#L1335","label":"security@wordfence.com","domainType":"other"},{"url":"http://plugins.trac.wordpress.org/browser/quick-interest-slider/tags/3.1.5/quick-interest-slider.php#L1338","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e3ce37e7-1dca-4f74-86ce-65bf29ef091e?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-30778","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-30778 — The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of M…","description":"The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL.\n\nThis issue affects Apache SkyWalking: from 9.7.0 through 10.3.0.\n\nUsers are recommended to upgrade to version 10.4.0, which fixes the issue.","indicators":{"cves":["CVE-2026-30778"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T11:16:33.603Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://lists.apache.org/thread/pvf35o3tp1rqhmrhzj6fg31gvqrqcvn3","label":"security@apache.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/15/2","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40744","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40744 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i…","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue affects Beaver Builder: from n/a through <= 2.10.1.2.","indicators":{"cves":["CVE-2026-40744","CVE-2026-40745","CVE-2025-63029"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T11:16:36.413Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/beaver-builder-lite-version/vulnerability/wordpress-beaver-builder-plugin-2-10-1-2-sql-injection-vulnerability?_s_id=cve","label":"audit@patchstack.com","domainType":"other"},{"url":"https://patchstack.com/database/Wordpress/Plugin/bdthemes-element-pack-lite/vulnerability/wordpress-element-pack-elementor-addons-plugin-8-4-2-sql-injection-vulnerability?_s_id=cve","label":"audit@patchstack.com","domainType":"other"},{"url":"https://patchstack.com/database/wordpress/plugin/wc-multivendor-marketplace/vulnerability/wordpress-wcfm-marketplace-plugin-3-7-1-sql-injection-vulnerability?_s_id=cve","label":"audit@patchstack.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40764","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40764 — Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite…","description":"Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Cross Site Request Forgery.This issue affects Contact Form by WPForms: from n/a through <= 1.10.0.2.","indicators":{"cves":["CVE-2026-40764"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T11:16:36.773Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/wpforms-lite/vulnerability/wordpress-contact-form-by-wpforms-plugin-1-10-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve","label":"audit@patchstack.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40784","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40784 — Authorization Bypass Through User-Controlled Key vulnerability in Mahmudul Hasan Arif FluentBoards f…","description":"Authorization Bypass Through User-Controlled Key vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentBoards: from n/a through <= 1.91.2.","indicators":{"cves":["CVE-2026-40784"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T11:16:37.030Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/fluent-boards/vulnerability/wordpress-fluentboards-plugin-1-91-2-insecure-direct-object-references-idor-vulnerability?_s_id=cve","label":"audit@patchstack.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-0827","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-0827 — During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnosti…","description":"During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated privi…","indicators":{"cves":["CVE-2026-0827"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T13:16:23.097Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://support.lenovo.com/us/en/product_security/LEN-210693","label":"psirt@lenovo.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4134","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-4134 — During an internal security assessment, a potential vulnerability was discovered in Lenovo Software…","description":"During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to execute code with elevated privileges.","indicators":{"cves":["CVE-2026-4134","CVE-2026-4135","CVE-2026-4145"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T13:16:24.480Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://support.lenovo.com/us/en/product_security/LEN-213829","label":"psirt@lenovo.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-30364","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-30364 — CentSDR commit e40795 was discovered to contain a stack overflow in the \"Thread1\" function.","description":"CentSDR commit e40795 was discovered to contain a stack overflow in the \"Thread1\" function.","indicators":{"cves":["CVE-2026-30364"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T15:16:41.427Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://gist.github.com/k6dpvrmm8z-glitch/1687ad1d9fc1af696efa9f603c1006be","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/ttrftech/CentSDR/issues/15","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2025-67841","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2025-67841 — Nordic Semiconductor IronSide SE for nRF54H20 before 23.0.2+17 has an Algorithmic complexity issue.","description":"Nordic Semiconductor IronSide SE for nRF54H20 before 23.0.2+17 has an Algorithmic complexity issue.","indicators":{"cves":["CVE-2025-67841"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T16:16:33.997Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://docs.nordicsemi.com/bundle/SA/resource/SA-2025-447-v1.1.pdf","label":"cve@mitre.org","domainType":"other"},{"url":"https://nordicsemi.no","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-20204","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-20204 — In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform ve…","description":"In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.5, 10.2.2510.9, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the `admin` or `power` Splunk roles could potentially perform…","indicators":{"cves":["CVE-2026-20204"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T16:16:34.490Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://advisory.splunk.com/advisories/SVD-2026-0403","label":"psirt@cisco.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-20205","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-20205 — In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk `_…","description":"In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk `_internal` index or possesses the high-privilege capability `mcp_tool_admin` could view users session and authorization tokens in clear text.<br><br>The vulnerability would require either local access…","indicators":{"cves":["CVE-2026-20205"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T16:16:34.653Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://advisory.splunk.com/advisories/SVD-2026-0407","label":"psirt@cisco.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-30461","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-30461 — Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE…","description":"Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /controllers/Installer.php and the function add_git_submodule.","indicators":{"cves":["CVE-2026-30461"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T16:16:36.050Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"http://daylight.com","label":"cve@mitre.org","domainType":"other"},{"url":"http://fuelcms.com","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/daylightstudio/FUEL-CMS/blob/master/fuel/modules/fuel/controllers/Installer.php","label":"cve@mitre.org","domainType":"primary"},{"url":"https://pentest-tools.com/PTT-2025-028-Authenticated-RCE-via-Git-Submodules.pdf","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-30615","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-30615 — A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary…","description":"A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic registrat…","indicators":{"cves":["CVE-2026-30615"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T16:16:36.177Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://www.ox.security/blog/mcp-supply-chain-advisory-rce-vulnerabilities-across-the-ai-ecosystem/","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-30616","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-30616 — Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handli…","description":"Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can send crafted network requests to the network-accessible Jaaz application, causing attacker-controlled commands to be executed on the server. Successful exploitation results i…","indicators":{"cves":["CVE-2026-30616"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T16:16:36.293Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://www.ox.security/blog/mcp-supply-chain-advisory-rce-vulnerabilities-across-the-ai-ecosystem/","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-30617","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-30617 — LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server conf…","description":"LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and arguments. When the…","indicators":{"cves":["CVE-2026-30617"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T16:16:36.453Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://www.ox.security/blog/mcp-supply-chain-advisory-rce-vulnerabilities-across-the-ai-ecosystem/","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-30624","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-30624 — Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configur…","description":"Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the configu…","indicators":{"cves":["CVE-2026-30624"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T16:16:36.677Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://www.ox.security/blog/mcp-supply-chain-advisory-rce-vulnerabilities-across-the-ai-ecosystem/","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-30994","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-30994 — Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated…","description":"Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials.","indicators":{"cves":["CVE-2026-30994"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T17:17:04.220Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://cve.joaopaulodeoliveira.dev/cve.php/published/CVE-2026-30994","label":"cve@mitre.org","domainType":"other"},{"url":"https://cve.joaopaulodeoliveira.dev/cve.php/reserved/slah-informatica-sensitive-data-exposure","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-30995","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-30995 — Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id paramet…","description":"Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereador_ver.php endpoint.","indicators":{"cves":["CVE-2026-30995"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T17:17:04.337Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://cve.joaopaulodeoliveira.dev/cve.php/published/CVE-2026-30995","label":"cve@mitre.org","domainType":"other"},{"url":"https://cve.joaopaulodeoliveira.dev/cve.php/reserved/slah-informatica-sql-injection","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-30996","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-30996 — An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attacker…","description":"An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system via a crafted GET request.","indicators":{"cves":["CVE-2026-30996"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T17:17:04.443Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://cve.joaopaulodeoliveira.dev/cve.php/published/CVE-2026-30996","label":"cve@mitre.org","domainType":"other"},{"url":"https://cve.joaopaulodeoliveira.dev/cve.php/reserved/softsul-path-transversal","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6372","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6372 — Missing Authorization vulnerability in Plisio Accept Cryptocurrencies with Plisio allows Exploiting…","description":"Missing Authorization vulnerability in Plisio Accept Cryptocurrencies with Plisio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accept Cryptocurrencies with Plisio: from n/a through 2.0.5.","indicators":{"cves":["CVE-2026-6372"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T17:17:06.547Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://patchstack.com/database/wordpress/plugin/plisio-payment-gateway-for-woocommerce/vulnerability/wordpress-accept-cryptocurrencies-with-plisio-plugin-2-0-5-payment-bypass-vulnerability?_s_id=cve","label":"audit@patchstack.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-32631","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-32631 — Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protectio…","description":"Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses an a…","indicators":{"cves":["CVE-2026-32631"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T18:17:17.437Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/git-for-windows/git/releases/tag/v2.53.0.windows.3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/git-for-windows/git/security/advisories/GHSA-9j5h-h4m7-85hx","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://learn.microsoft.com/en-au/windows/whats-new/deprecated-features#:~:text=NTLM","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://support.microsoft.com/en-us/topic/upcoming-changes-to-ntlmv1-in-windows-11-version-24h2-and-windows-server-2025-c0554217-cdbc-420f-b47c-e02b2db49b2e","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://techcommunity.microsoft.com/blog/windows-itpro-blog/the-evolution-of-windows-authentication/3926848","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6290","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6290 — Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows acc…","description":"Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org, to use the query() plugin, in a notebook cell, to run VQL queries on other orgs which t…","indicators":{"cves":["CVE-2026-6290"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T18:17:25.030Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://docs.velociraptor.app/announcements/advisories/cve-2026-6290/","label":"cve@rapid7.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33435","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-33435 — Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filte…","description":"Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update immediately…","indicators":{"cves":["CVE-2026-33435"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T19:16:35.277Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/WeblateOrg/weblate/pull/18549","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-558g-h753-6m33","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33667","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-33667 — OpenProject is an open-source project management application. In versions prior to 17.3.0, 2FA OTP v…","description":"OpenProject is an open-source project management application. In versions prior to 17.3.0, 2FA OTP verification in the confirm_otp action of the two_factor_authentication module has no rate limiting, lockout mechanism, or failed-attempt tracking. The existing brute_force_block_after_failed_logins se…","indicators":{"cves":["CVE-2026-33667"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T19:16:35.603Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/opf/openproject/security/advisories/GHSA-234r-45m2-w6cv","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-34242","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-34242 — Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't…","description":"Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded files, potentially  following symlinks outside the repository. This issue has been fixed in version 5.17.","indicators":{"cves":["CVE-2026-34242"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T19:16:35.753Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/WeblateOrg/weblate/commit/5db3a2a2e047ecaab627a8731cd744a30b2f51d3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-hv99-mxm5-q397","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-34393","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-34393 — Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint…","description":"Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limit the scope of edits. This issue has been fixed in version 5.17.","indicators":{"cves":["CVE-2026-34393"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T19:16:36.070Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/WeblateOrg/weblate/pull/18687","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-3382-gw9x-477v","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-34632","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-34632 — Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that cou…","description":"Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged local attacker could have exploited this vulnerability by manipulating the search path used by the app…","indicators":{"cves":["CVE-2026-34632"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T19:16:36.223Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://cwe.mitre.org/data/definitions/427.html","label":"psirt@adobe.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4857","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-4857 — IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8…","description":"IdentityIQ 8.5, all\nIdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ\n8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug\nPages Read Only capability or any custom capability with the ViewAccessDebugPage\nSPRight to incorrectly create new IdentityI…","indicators":{"cves":["CVE-2026-4857"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T19:16:37.730Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://www.sailpoint.com/security-advisories/sailpoint-identityiq-debug-ui-incorrect-authorization-vulnerability-cve-2026-4857","label":"psirt@sailpoint.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33877","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-33877 — ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain…","description":"ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a timing side-channel vulnerability in the password reset endpoint (/api/v1/@apostrophecms/login/reset-request) that allows unauthenticated username and email enumeration. When a user is not found, t…","indicators":{"cves":["CVE-2026-33877","CVE-2026-33888","CVE-2026-33889","CVE-2026-35569","CVE-2026-39857"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:35.517Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/apostrophecms/apostrophe/commit/e266cffd8c0d331a9b05c92bf11616556efcdc77","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-mj7r-x3h3-7rmr","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/apostrophecms/apostrophe/commit/00d472804bb622df36a761b6f2cf2b33b2d4ce80","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/apostrophecms/apostrophe/commit/6c2b548dec2e3f7a82e8e16736603f4cd17525aa","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-xhq9-58fw-859p","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/apostrophecms/apostrophe/commit/6a89bdb7acdb2e1e9bf1429961a6ba7f99410481","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-97v6-998m-fp4g","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/apostrophecms/apostrophe/commit/0e57dd07a56ae1ba1e3af646ba026db4d0ab5bb3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-855c-r2vq-c292","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-c276-fj82-f2pq","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6297","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6297 — Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged…","description":"Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)","indicators":{"cves":["CVE-2026-6297"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:38.470Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/493628982","label":"chrome-cve-admin@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6299","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6299 — Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to ex…","description":"Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)","indicators":{"cves":["CVE-2026-6299"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:38.790Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/497053588","label":"chrome-cve-admin@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6300","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6300 — Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute…","description":"Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","indicators":{"cves":["CVE-2026-6300"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:38.987Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/491994185","label":"chrome-cve-admin@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6301","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6301 — Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to exe…","description":"Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","indicators":{"cves":["CVE-2026-6301","CVE-2026-6307"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:39.153Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/495273999","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/497404188","label":"chrome-cve-admin@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6302","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6302 — Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execut…","description":"Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","indicators":{"cves":["CVE-2026-6302"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:39.320Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/495477995","label":"chrome-cve-admin@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6303","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6303 — Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execu…","description":"Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","indicators":{"cves":["CVE-2026-6303","CVE-2026-6318"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:39.483Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/496282147","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/495996858","label":"chrome-cve-admin@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6304","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6304 — Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who ha…","description":"Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","indicators":{"cves":["CVE-2026-6304"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:39.593Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/496393742","label":"chrome-cve-admin@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6305","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6305 — Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to…","description":"Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)","indicators":{"cves":["CVE-2026-6305","CVE-2026-6306"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:39.773Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/496618639","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/496907110","label":"chrome-cve-admin@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6308","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6308 — Out of bounds read in Media in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who c…","description":"Out of bounds read in Media in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)","indicators":{"cves":["CVE-2026-6308"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:40.153Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/497412658","label":"chrome-cve-admin@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6309","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6309 — Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had com…","description":"Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","indicators":{"cves":["CVE-2026-6309"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:40.267Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/497846428","label":"chrome-cve-admin@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6310","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6310 — Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had co…","description":"Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","indicators":{"cves":["CVE-2026-6310"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:40.530Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/497969820","label":"chrome-cve-admin@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6311","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6311 — Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a rem…","description":"Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","indicators":{"cves":["CVE-2026-6311"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:40.767Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/498201025","label":"chrome-cve-admin@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6314","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6314 — Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who ha…","description":"Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","indicators":{"cves":["CVE-2026-6314"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:41.257Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/498782145","label":"chrome-cve-admin@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6315","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6315 — Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote a…","description":"Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)","indicators":{"cves":["CVE-2026-6315"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:41.417Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/499247910","label":"chrome-cve-admin@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6316","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6316 — Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execut…","description":"Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","indicators":{"cves":["CVE-2026-6316"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:41.580Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/499384399","label":"chrome-cve-admin@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6317","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6317 — Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute…","description":"Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)","indicators":{"cves":["CVE-2026-6317"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:41.743Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/500091052","label":"chrome-cve-admin@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6319","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6319 — Use after free in Payments in Google Chrome on Android prior to 147.0.7727.101 allowed a remote atta…","description":"Use after free in Payments in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)","indicators":{"cves":["CVE-2026-6319"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:42.203Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/499018889","label":"chrome-cve-admin@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6358","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6358 — Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker t…","description":"Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Critical)","indicators":{"cves":["CVE-2026-6358"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:42.363Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/497724498","label":"chrome-cve-admin@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6359","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6359 — Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacke…","description":"Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","indicators":{"cves":["CVE-2026-6359"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:42.597Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/490251701","label":"chrome-cve-admin@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6360","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6360 — Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to p…","description":"Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)","indicators":{"cves":["CVE-2026-6360"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:42.830Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/497880137","label":"chrome-cve-admin@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6361","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6361 — Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote…","description":"Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)","indicators":{"cves":["CVE-2026-6361"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:43.267Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/500036290","label":"chrome-cve-admin@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6363","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6363 — Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potential…","description":"Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)","indicators":{"cves":["CVE-2026-6363"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:43.690Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/495751197","label":"chrome-cve-admin@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6384","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6384 — A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's `R…","description":"A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's `ReadJeffsImage` function allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file. This can lead to a denial of service or potentially arbitrary code execution.","indicators":{"cves":["CVE-2026-6384"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:44.033Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6384","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458749","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22676","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-22676 — Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows lo…","description":"Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows local attackers to gain SYSTEM-level privileges by exploiting overly permissive filesystem ACLs on the C:\\Windows\\Automation directory. Attackers can modify existing automation content or place attacker…","indicators":{"cves":["CVE-2026-22676"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T21:17:04.447Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://download.mw-rmm.barracudamsp.com/PDF/2025.2.2/RN_BRMM_2025.2.2_EN.pdf","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://www.vulncheck.com/advisories/barracuda-rmm-privilege-escalation-via-insecure-directory-permissions","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40176","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40176 — Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain…","description":"Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command() method, which constructs shell commands by interpolating user-supplied Perforce connection parameters (port, user, client) withou…","indicators":{"cves":["CVE-2026-40176","CVE-2026-40261"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T21:17:27.357Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/composer/composer/releases/tag/2.9.6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/composer/composer/security/advisories/GHSA-wg36-wvj6-r67p","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/composer/composer/security/advisories/GHSA-gqw4-4w2p-838q","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40316","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40316 — OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git…","description":"OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. The workflow uses the pull_request_target trigger to run with…","indicators":{"cves":["CVE-2026-40316"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce","supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T23:16:10.220Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/OWASP-BLT/BLT/security/advisories/GHSA-wxm3-64fx-cmx9","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40193","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40193 — maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vul…","description":"maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search filters and DN strings via strings.ReplaceAll() without any LDAP filter escaping, despite the go-ldap…","indicators":{"cves":["CVE-2026-40193"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T00:16:28.163Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/foxcpp/maddy/commit/6a06337eb41fa87a35697366bcb71c3c962c44ba","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/foxcpp/maddy/releases/tag/v0.9.3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/foxcpp/maddy/security/advisories/GHSA-5835-4gvc-32pc","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40245","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40245 — Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Ver…","description":"Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions 4.2.1 and below contain an information disclosure vulnerability in the UDR (Unified Data Repository) service. The handler for GET /nudr-dr/v2/application-data/influenceData/subs-to-notify sends…","indicators":{"cves":["CVE-2026-40245"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T00:16:29.060Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-wrwh-rpq4-87hf","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-wrwh-rpq4-87hf","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40502","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40502 — OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote ga…","description":"OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can execut…","indicators":{"cves":["CVE-2026-40502"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T01:16:11.250Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/HKUDS/OpenHarness/commit/dd1d235450dd987b20bff01b7bfb02fe8620a0af","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/HKUDS/OpenHarness/pull/127","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openharness-remote-administrative-command-injection-via-gateway-handler","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40960","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40960 — Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least on…","description":"Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trusted_mods or secure.http_mods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it.","indicators":{"cves":["CVE-2026-40960"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T01:16:11.770Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/luanti-org/luanti/commit/0faf529bc4b89e70a275ed1162047815118f2413","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/luanti-org/luanti/commit/827fd4cf7f989482b2dad381fa4afd642ea73e8c","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/luanti-org/luanti/security/advisories/GHSA-22c4-238c-m5j4","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41015","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41015 — radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name…","description":"radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git (not a release), the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1.…","indicators":{"cves":["CVE-2026-41015"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T03:16:27.440Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/radareorg/radare2/blob/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2/SECURITY.md?plain=1#L3-L5","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/radareorg/radare2/commit/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/radareorg/radare2/issues/25650","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/radareorg/radare2/pull/25651","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/radareorg/radare2/issues/25650","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6348","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6348 — WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing…","description":"WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine as well as on all hosts within the environment where the agent is installed.","indicators":{"cves":["CVE-2026-6348"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T03:16:30.383Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://www.twcert.org.tw/en/cp-139-10840-ba9b9-2.html","label":"twcert@cert.org.tw","domainType":"other"},{"url":"https://www.twcert.org.tw/tw/cp-132-10839-2d9a7-1.html","label":"twcert@cert.org.tw","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6351","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6351 — MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticat…","description":"MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files.","indicators":{"cves":["CVE-2026-6351"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T03:16:31.053Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://www.twcert.org.tw/en/cp-139-10843-9ff91-2.html","label":"twcert@cert.org.tw","domainType":"other"},{"url":"https://www.twcert.org.tw/tw/cp-132-10844-1405d-1.html","label":"twcert@cert.org.tw","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22619","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-22619 — Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, w…","description":"Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software which is available on the…","indicators":{"cves":["CVE-2026-22619"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T06:16:10.413Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf","label":"CybersecurityCOE@eaton.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3599","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-3599 — The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' p…","description":"The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter keys within 'product_data' of the /wp-json/InkXEProductDesignerLite/add-item-to-cart REST API endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on the…","indicators":{"cves":["CVE-2026-3599"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T06:16:17.063Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L3576","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L6808","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L6876","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L3576","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L6808","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L6876","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a36c9a7e-830d-4a92-a330-29279387b3be?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3614","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-3614 — The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.…","description":"The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and including, 10.8.1 due to a missing capability check on the `wp_ajax_acymailing_router` AJAX handler. This makes it possible for authenticated attackers, with Subscriber-level access and a…","indicators":{"cves":["CVE-2026-3614"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T06:16:18.167Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/acymailing/tags/10.7.1/WpInit/Router.php#L11","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/acymailing/tags/10.7.1/WpInit/Router.php#L122","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/acymailing/tags/10.7.1/WpInit/Router.php#L230","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/acymailing/tags/10.7.1/back/Core/AcymController.php#L92","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/acymailing/tags/10.8.1/back/Core/AcymController.php#L99","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/acymailing/trunk/WpInit/Router.php#L11","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a895e2cf-9eba-4c46-b19f-d008e1058f64?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5050","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5050 — The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Ver…","description":"The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 7.0.0 due to successful_request() handlers calculating a local signature but not validating Ds_Signature from the request before…","indicators":{"cves":["CVE-2026-5050"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T06:16:20.587Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3501998/woo-redsys-gateway-light","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/80544889-8efc-4aa0-a690-774b1ee6a1a0?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1620","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-1620 — The Livemesh Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all…","description":"The Livemesh Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.0. This is due to insufficient sanitization of the template name parameter in the `lae_get_template_part()` function, which uses an inadequate `str_replace()` approach…","indicators":{"cves":["CVE-2026-1620"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T07:16:29.787Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/9.0/includes/helper-functions.php#L669","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/9.0/includes/helper-functions.php#L671","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/includes/helper-functions.php#L669","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/includes/helper-functions.php#L671","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2483875a-84de-4a40-a69e-aee68da1ce3b?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3876","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-3876 — The Prismatic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prismatic_e…","description":"The Prismatic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prismatic_encoded' pseudo-shortcode in all versions up to, and including, 3.7.3. This is due to insufficient input sanitization and output escaping on user-supplied attributes within the 'prismatic_decode' funct…","indicators":{"cves":["CVE-2026-3876"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T07:16:30.350Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset?old_path=/prismatic/tags/3.7.3/inc/prismatic-core.php&new_path=/prismatic/tags/3.7.4/inc/prismatic-core.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/aa4e18b0-f871-4476-af92-42e55aabdf93?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41035","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41035 — In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call,…","description":"In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerab…","indicators":{"cves":["CVE-2026-41035"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T07:16:31.003Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/RsyncProject/rsync/issues/871","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/RsyncProject/rsync/releases","label":"cve@mitre.org","domainType":"primary"},{"url":"https://www.openwall.com/lists/oss-security/2026/04/16/2","label":"cve@mitre.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/16/9","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/22/3","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-14868","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2025-14868 — The Career Section plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Path…","description":"The Career Section plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Path Traversal and Arbitrary File Deletion in all versions up to, and including, 1.6. This is due to missing nonce validation and insufficient file path validation on the delete action in the 'appform_opti…","indicators":{"cves":["CVE-2025-14868"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T08:16:26.773Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3474216/career-section","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/84936b68-923a-4da1-ae67-1d63d025342e?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-23772","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-23772 — Dell Storage Manager - Replay Manager for Microsoft Servers, version(s) 8.0, contain(s) an Improper…","description":"Dell Storage Manager - Replay Manager for Microsoft Servers, version(s) 8.0, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.","indicators":{"cves":["CVE-2026-23772"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T09:16:35.280Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000453020/dsa-2026-058-security-update-for-dell-storage-manager-replay-manager-for-microsoft-servers-vulnerabilities","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3489","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-3489 — The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable…","description":"The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection via the 'packages' parameter in versions up to, and including, 3.6.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S…","indicators":{"cves":["CVE-2026-3489"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T12:16:08.373Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3474986/directorypress","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2e602223-8571-42e1-9b3f-e7cc51f8fa58?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31987","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-31987 — JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. User…","description":"JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. \nUsers are advised to upgrade to Airflow version that contains fix.\n\nUsers are recommended to upgrade to version 3.2.0, which fixes this issue.","indicators":{"cves":["CVE-2026-31987"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T14:16:13.490Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/apache/airflow/issues/62428","label":"security@apache.org","domainType":"primary"},{"url":"https://github.com/apache/airflow/issues/62773","label":"security@apache.org","domainType":"primary"},{"url":"https://github.com/apache/airflow/pull/62964","label":"security@apache.org","domainType":"primary"},{"url":"https://lists.apache.org/thread/pvsrtxzwo9xy6xgknmwslv4zrw70kt6g","label":"security@apache.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/16/7","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5785","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5785 — Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions fro…","description":"Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module.","indicators":{"cves":["CVE-2026-5785"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T14:16:18.430Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2026-5785.html","label":"0fc0942c-577d-436f-ae8e-945763c79b02","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-30459","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-30459 — An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated att…","description":"An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message.","indicators":{"cves":["CVE-2026-30459"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T15:17:17.370Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"http://daylight.com","label":"cve@mitre.org","domainType":"other"},{"url":"http://fuelcms.com","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/daylightstudio/FUEL-CMS/blob/master/fuel/modules/fuel/controllers/Login.php","label":"cve@mitre.org","domainType":"primary"},{"url":"https://pentest-tools.com/PTT-2025-029-Password-Reset-Poisoning-via-Host-Header.pdf","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-30656","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-30656 — A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job…","description":"A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job files containing the fdp_pli option. The callback function str_fdp_pli_cb() does not validate the input pointer and calls strdup() on a NULL value when the option is specified without an argument. Thi…","indicators":{"cves":["CVE-2026-30656"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T15:17:17.873Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://gist.github.com/Criticayon/eb5e69163bfa4ce684e62ed5c939b76e","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/axboe/fio/issues/2055","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33804","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-33804 — @fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated F…","description":"@fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated Fastify ignoreDuplicateSlashes option is enabled. The middleware path matching logic does not account for duplicate slash normalization performed by Fastify's router, allowing requests with duplicate s…","indicators":{"cves":["CVE-2026-33804"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T15:17:34.633Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://cna.openjsf.org/security-advisories.html","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"other"},{"url":"https://github.com/fastify/middie/security/advisories/GHSA-v9ww-2j6r-98q6","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-3324","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-3324 — Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to authentication bypass on…","description":"Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to authentication bypass on certain actions due to improper filter configuration.","indicators":{"cves":["CVE-2026-3324"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T15:17:38.010Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://www.manageengine.com/log-management/advisory/CVE-2026-3324.html","label":"0fc0942c-577d-436f-ae8e-945763c79b02","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5426","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5426 — Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to F…","description":"Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks","indicators":{"cves":["CVE-2026-5426"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T16:16:17.693Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0009.md","label":"mandiant-cve@google.com","domainType":"primary"},{"url":"https://www.digital-knowledge.co.jp/product/kd/","label":"mandiant-cve@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41082","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41082 — In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach…","description":"In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.","indicators":{"cves":["CVE-2026-41082"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T18:16:45.980Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/ocaml/opam/pull/6897","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/ocaml/opam/releases/tag/2.5.1","label":"cve@mitre.org","domainType":"primary"},{"url":"https://lists.debian.org/debian-lts-announce/2026/04/msg00021.html","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6442","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6442 — Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed s…","description":"Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding specially crafted commands in untrusted content, such as a malicious repository, causing the CLI agent to…","indicators":{"cves":["CVE-2026-6442"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T19:16:35.560Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://community.snowflake.com/s/article/PromptArmor-Report---Snowflake-Response","label":"412d305a-227d-44f9-a262-a31ba44f2aea","domainType":"other"},{"url":"https://www.promptarmor.com/","label":"412d305a-227d-44f9-a262-a31ba44f2aea","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40901","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40901 — DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below shi…","description":"DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar, which pulls in commons-collections-3.2.1.jar containing the InvokerTransformer deserialization gadget chain. Quartz 2.3.2, also bundled in the application, deserializes…","indicators":{"cves":["CVE-2026-40901"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T21:16:24.270Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/dataease/dataease/releases/tag/v2.10.21","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-gm5q-g72w-c466","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40170","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40170 — ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_par…","description":"ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transpo…","indicators":{"cves":["CVE-2026-40170"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T22:16:38.220Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/ngtcp2/ngtcp2/commit/708a7640c1f48fb8ffb540c4b8ea5b4c1dfb8ee5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ngtcp2/ngtcp2/security/advisories/GHSA-f523-465f-8c8f","label":"security-advisories@github.com","domainType":"primary"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/17/12","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"},{"url":"https://github.com/ngtcp2/ngtcp2/security/advisories/GHSA-f523-465f-8c8f","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40246","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40246 — free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the…","description":"free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when va…","indicators":{"cves":["CVE-2026-40246"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T22:16:38.370Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-g9cw-qwhf-24jp","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40247","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40247 — free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the…","description":"free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when val…","indicators":{"cves":["CVE-2026-40247","CVE-2026-40248","CVE-2026-40249"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T22:16:38.510Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-x5r2-r74c-3w28","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-jgq2-qv8v-5cmj","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-gx38-8h33-pmxr","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41113","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41113 — sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts…","description":"sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remote.c.","indicators":{"cves":["CVE-2026-41113"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T22:16:39.103Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://blog.calif.io/p/we-asked-claude-to-audit-sagredos","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/califio/publications/tree/main/MADBugs/qmail","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/sagredo-dev/qmail/commit/749f607f6885e3d01b36f2647d7a1db88f1ef741","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/sagredo-dev/qmail/pull/42","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/sagredo-dev/qmail/releases/tag/v2026.04.07","label":"cve@mitre.org","domainType":"primary"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/18/5","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40259","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40259 — SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api…","description":"SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttributeView endpoint is protected only by generic authentication that accepts publish-service RoleReader tokens. The handler passes a caller-controlled id directly to a model functio…","indicators":{"cves":["CVE-2026-40259"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T23:16:33.430Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/siyuan-note/siyuan/releases/tag/v3.6.4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-7m5h-w69j-qggg","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-7m5h-w69j-qggg","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40318","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40318 — SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api…","description":"SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttributeView endpoint constructs a filesystem path using the user-controlled id parameter without validation or path boundary enforcement. An attacker can inject path traversal sequen…","indicators":{"cves":["CVE-2026-40318"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T23:16:33.590Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/siyuan-note/siyuan/releases/tag/v3.6.4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-vw86-c94w-v3x4","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-22734","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-22734 — Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user a…","description":"Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that are neither signed nor e…","indicators":{"cves":["CVE-2026-22734"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T01:17:37.107Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://www.cloudfoundry.org/blog/cve-2026-22734-uaa-saml-2-0-signature-bypass/","label":"security@vmware.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40262","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40262 — Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset deliver…","description":"Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset delivery handler serves uploaded files inline and relies on magic-byte detection for content type, which does not identify text-based formats such as HTML, SVG, or XHTML. These files are served with an empty…","indicators":{"cves":["CVE-2026-40262"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T01:17:39.950Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/enchant97/note-mark/commit/6bb62842ccb956870b9bf183629eba95e326e5e3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/enchant97/note-mark/releases/tag/v0.19.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/enchant97/note-mark/security/advisories/GHSA-9pr4-rf97-79qh","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5231","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5231 — The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utm_sou…","description":"The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utm_source' parameter in all versions up to, and including, 14.16.4. This is due to insufficient input sanitization and output escaping. The plugin's referral parser copies the raw utm_source value into the…","indicators":{"cves":["CVE-2026-5231"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T02:16:06.227Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-statistics/tags/14.16.4/assets/dev/javascript/chart.js#L498","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-statistics/tags/14.16.4/src/Service/Analytics/Referrals/ReferralsParser.php#L62","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-statistics/trunk/assets/dev/javascript/chart.js#L498","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-statistics/trunk/src/Service/Analytics/Referrals/ReferralsParser.php#L62","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3503795%40wp-statistics%2Ftrunk&old=3483860%40wp-statistics%2Ftrunk&sfp_email=&sfph_mail=","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9b350b48-05ba-4054-895f-36d7ad71459d?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3605","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-3605 — An authenticated user with access to a kvv2 path through a policy containing a glob may be able to d…","description":"An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any secret data…","indicators":{"cves":["CVE-2026-3605"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T04:16:03.263Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://discuss.hashicorp.com/t/hcsec-2026-05-vault-kvv2-metadata-and-secret-deletion-policy-bypass-denial-of-service/77342","label":"security@hashicorp.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4525","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-4525 — If a Vault auth mount is configured to pass through the \"Authorization\" header, and the \"Authorizati…","description":"If a Vault auth mount is configured to pass through the \"Authorization\" header, and the \"Authorization\" header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin backend. Fixed in 2.0.0, 1.21.5, 1.20.10, and 1.19.16.","indicators":{"cves":["CVE-2026-4525"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T04:16:09.997Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://discuss.hashicorp.com/t/hcsec-2026-07-vault-may-expose-tokens-to-auth-plugins-due-to-incorrect-header-sanitization/77344","label":"security@hashicorp.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5807","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5807 — Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedl…","description":"Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This vulnerability,…","indicators":{"cves":["CVE-2026-5807"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T05:16:19.303Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://discuss.hashicorp.com/t/hcsec-2026-08-vault-vulnerable-to-denial-of-service-via-unauthenticated-root-token-generation-rekey-operations/77345","label":"security@hashicorp.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6421","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6421 — A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown…","description":"A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown part in the library msimg32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The attack is considered to have high complexity. It is indicated that the…","indicators":{"cves":["CVE-2026-6421"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T06:16:30.367Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://download.mobatek.net/2622026032581854/MobaXterm_Installer_v26.2.zip","label":"cna@vuldb.com","domainType":"other"},{"url":"https://drive.google.com/file/d/17bbNDzfoD3NNPlUMkSYs8bVzVbbwddnU/view","label":"cna@vuldb.com","domainType":"other"},{"url":"https://mobaxterm.mobatek.net/download-home-edition.html","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/778851","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358020","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358020/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4659","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-4659 — The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via t…","description":"The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV URL parameter in versions up to, and including, 2.0.6. This is due to insufficient path traversal sanitization in the URLtoRelative() and urlToPath() functions, combined with the…","indicators":{"cves":["CVE-2026-4659"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T07:16:01.967Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/tags/2.0.6/inc_php/unitecreator_helper.class.php#L643","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/tags/2.0.6/inc_php/unitecreator_helper.class.php#L667","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/tags/2.0.6/inc_php/unitecreator_operations.class.php#L710","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/tags/2.0.6/provider/provider_helper.class.php#L597","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/tags/2.0.6/provider/provider_helper.class.php#L607","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_helper.class.php#L643","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_helper.class.php#L667","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_operations.class.php#L710","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/provider/provider_helper.class.php#L597","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/provider/provider_helper.class.php#L607","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3504458%40unlimited-elements-for-elementor&new=3504458%40unlimited-elements-for-elementor&sfp_email=&sfph_mail=","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9e7e3763-4606-4fc4-aa0f-b67e6087bdc2?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-23853","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-23853 — Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions…","description":"Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a use of weak credentials vulnerability. An unauthenticated attacker…","indicators":{"cves":["CVE-2026-23853","CVE-2026-23778","CVE-2026-23776","CVE-2026-23779","CVE-2025-46605","CVE-2025-46606","CVE-2025-46607","CVE-2025-46641","CVE-2026-23777","CVE-2026-28263","CVE-2026-23774"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:16:16.900Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33392","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-33392 — In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass","description":"In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass","indicators":{"cves":["CVE-2026-33392"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:16:17.877Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","label":"cve@jetbrains.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-36568","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2025-36568 — Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LT…","description":"Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an insufficiently protected credentials vulnerability. A low privileged attacker with local…","indicators":{"cves":["CVE-2025-36568"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T09:16:05.000Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-23775","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-23775 — Dell PowerProtect Data Domain appliances with Data Domain Operating System (DD OS) of Feature Releas…","description":"Dell PowerProtect Data Domain appliances with Data Domain Operating System (DD OS) of Feature Release versions 8.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with remote access cou…","indicators":{"cves":["CVE-2026-23775"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T09:16:05.153Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6483","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6483 — A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function st…","description":"A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upg…","indicators":{"cves":["CVE-2026-6483"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T11:16:11.160Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://dl.wavlink.com/firmware/RD/root_uImage_WN530H4-A_2026.04.16.bin","label":"cna@vuldb.com","domainType":"other"},{"url":"https://github.com/dxz0069/WAVLINK-WN530H4-Command-Injection-in-set_add_routing/blob/main/vuldb_submission_report.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/783055","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358021","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358021/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6507","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6507 — A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by…","description":"A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY (Bootstrap Protocol Reply) packet to a dnsmasq server configured with the `--dhcp-split-relay` option. This can lead to memory corruption, causing the dnsmasq da…","indicators":{"cves":["CVE-2026-6507"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T13:16:14.967Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6507","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2459181","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31317","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-31317 — Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attack…","description":"Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file","indicators":{"cves":["CVE-2026-31317"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:16:33.730Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/markhuot/craftql","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/stormmmg/craftql_ssrf/","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/stormmmg/craftql_ssrf/blob/master/craftql-ssrf-en/README_detail.md","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/stormmmg/craftql_ssrf/blob/master/craftql-ssrf-en/README_detail.md","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40459","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40459 — PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inje…","description":"PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP queries and arbitrary directory operations.\n\nThis issue was fixed in PAC4J versions 4.5.10, 5.7.10 an…","indicators":{"cves":["CVE-2026-40459"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:16:34.123Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://cert.pl/en/posts/2026/04/CVE-2026-40458/","label":"cvd@cert.pl","domainType":"other"},{"url":"https://www.pac4j.org/blog/security-advisory-pac4j-core-and-ldap.html","label":"cvd@cert.pl","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6490","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6490 — A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impa…","description":"A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impacted is an unknown function of the file admin/deletecourse.php of the component GET Request Parameter Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated re…","indicators":{"cves":["CVE-2026-6490"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:16:34.983Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/duckpigdog/CVE/blob/main/QueryMine_sms%20PHP%20Project%20Deployment%20Document%20(Windows%20Local)-1.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/786912","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358034","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358034/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-21733","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-21733 — Software installed and run as a non-privileged user may conduct improper GPU system calls to gain wr…","description":"Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory and files.\n\nThis is caused by improper handling of GPU memory reservation protections.","indicators":{"cves":["CVE-2026-21733"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T17:16:35.220Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://www.imaginationtech.com/gpu-driver-vulnerabilities/","label":"367425dc-4d06-4041-9650-c2dc6aaa27ce","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3464","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-3464 — The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to i…","description":"The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajax_attach_file' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator gr…","indicators":{"cves":["CVE-2026-3464"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T17:17:07.217Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/js/common/files/file-attachment-manager.js#L170","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/js/common/files/ftp-uploader.js#L63","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/php/core-addons/private-file/private-file-addon.class.php#L844","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/php/core-addons/private-file/private-file-addon.class.php#L883","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/php/core-addons/private-file/private-file-addon.class.php#L920","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/php/core-addons/private-file/private-file-default-handlers.class.php#L404","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/php/core-addons/private-file/private-file-default-handlers.class.php#L422","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/php/core-addons/private-file/private-file-default-handlers.class.php#L428","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/php/core-addons/private-file/templates/private-attachments-add-ftp-folder-frontend.template.php#L17","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3507868/customer-area","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/aadf1f4c-c852-4167-9b09-7e679a953725?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40515","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40515 — OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers t…","description":"OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not properl…","indicators":{"cves":["CVE-2026-40515"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T17:17:09.067Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/HKUDS/OpenHarness/commit/bd4df81f634f8c7cddcc3fdf7f561a13dcbf03ae","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/HKUDS/OpenHarness/pull/92","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openharness-permission-bypass-via-grep-and-glob-root-argument","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40516","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40516 — OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fe…","description":"OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses. Attackers can influence an a…","indicators":{"cves":["CVE-2026-40516"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T17:17:09.327Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/HKUDS/OpenHarness/commit/bd4df81f634f8c7cddcc3fdf7f561a13dcbf03ae","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/HKUDS/OpenHarness/pull/92","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openharness-ssrf-via-web-fetch-and-web-search","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://github.com/HKUDS/OpenHarness/pull/92","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40518","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40518 — ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerab…","description":"ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers can supply traversal-style values or absolute paths as the agent name to influence directory creati…","indicators":{"cves":["CVE-2026-40518"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T17:17:09.543Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/bytedance/deer-flow/commit/2176b2bbfccfce25ceee08318813f96d843a13fd","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/bytedance/deer-flow/pull/2274","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/bytedance-deerflow-path-traversal-and-arbitrary-file-write-via-bootstrap-mode","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-65104","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2025-65104 — Firebird is an open-source relational database management system. In versions FB3 of the client libr…","description":"Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher…","indicators":{"cves":["CVE-2025-65104"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T18:16:30.773Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-mfpr-9886-xjhg","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5710","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5710 — The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Path…","description":"The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary File Read in versions up to and including 1.3.9.6. This is due to the plugin using client-supplied mfile[] POST values as the source of truth for email attachment selec…","indicators":{"cves":["CVE-2026-5710"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T18:16:32.593Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.9.6/inc/dnd-upload-cf7.php#L203","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.9.6/inc/dnd-upload-cf7.php#L477","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.9.6/inc/dnd-upload-cf7.php#L718","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3508522/drag-and-drop-multiple-file-upload-contact-form-7","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1005eb8c-da5a-4422-9d65-0f341ad755b2?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5718","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5718 — The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbi…","description":"The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.6. This is due to insufficient file type validation that occurs when custom blacklist types are configured, which replaces the default dangero…","indicators":{"cves":["CVE-2026-5718"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T18:16:32.753Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.9.6/inc/dnd-upload-cf7.php#L62","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.9.6/inc/dnd-upload-cf7.php#L883","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.9.6/inc/dnd-upload-cf7.php#L970","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.9.6/inc/dnd-upload-cf7.php#L987","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3508522/drag-and-drop-multiple-file-upload-contact-form-7","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/38f95d40-a6d4-429c-9872-9d2531e942eb?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-28212","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-28212 — Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4,…","description":"Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to the SDL_info() function, resulting in a null pointer dereference a…","indicators":{"cves":["CVE-2026-28212"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T19:16:35.180Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-9884-9qm3-hqch","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-32107","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-32107 — xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did n…","description":"xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and execute arbitrary code…","indicators":{"cves":["CVE-2026-32107"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:33.677Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-p5m6-7m43-pjv9","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-32324","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-32324 — Anviz CX7 Firmware is vulnerable because the application embeds reusable certificate/key material, e…","description":"Anviz CX7 Firmware is \nvulnerable because the application embeds reusable certificate/key \nmaterial, enabling decryption of MQTT traffic and potential interaction \nwith device messaging channels at scale.","indicators":{"cves":["CVE-2026-32324"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:33.817Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json","label":"ics-cert@hq.dhs.gov","domainType":"primary"},{"url":"https://www.anviz.com/contact-us.html","label":"ics-cert@hq.dhs.gov","domainType":"other"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03","label":"ics-cert@hq.dhs.gov","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-32650","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-32650 — Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable enc…","description":"Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable \nencryption, causing database credentials to be sent in plaintext and \nenabling unauthorized database access.","indicators":{"cves":["CVE-2026-32650"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:34.360Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json","label":"ics-cert@hq.dhs.gov","domainType":"primary"},{"url":"https://www.anviz.com/contact-us.html","label":"ics-cert@hq.dhs.gov","domainType":"other"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03","label":"ics-cert@hq.dhs.gov","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35682","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-35682 — Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that ena…","description":"Anviz CX2 Lite is vulnerable to an authenticated command injection via a \nfilename parameter that enables arbitrary command execution (e.g., \nstarting telnetd), resulting in root‑level access.","indicators":{"cves":["CVE-2026-35682"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:35.510Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json","label":"ics-cert@hq.dhs.gov","domainType":"primary"},{"url":"https://www.anviz.com/contact-us.html","label":"ics-cert@hq.dhs.gov","domainType":"other"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03","label":"ics-cert@hq.dhs.gov","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40066","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40066 — Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device…","description":"Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The \ndevice unpacks and executes a script resulting in unauthenticated remote\n code execution.","indicators":{"cves":["CVE-2026-40066"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:35.637Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json","label":"ics-cert@hq.dhs.gov","domainType":"primary"},{"url":"https://www.anviz.com/contact-us.html","label":"ics-cert@hq.dhs.gov","domainType":"other"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03","label":"ics-cert@hq.dhs.gov","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40283","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40283 — WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site…","description":"WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript via the \"Nome\" field in the \"Informações Pacientes\" page. The payload is stored and executed when the patient…","indicators":{"cves":["CVE-2026-40283","CVE-2026-40282","CVE-2026-40284","CVE-2026-40286"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:35.793Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-x74c-gwj9-6cwr","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-r6h8-7vxv-q8pp","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-mccp-8446-phw5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-42rc-rvrx-cmmw","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40434","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40434 — Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet…","description":"Anviz CrossChex Standard\nlacks source verification in the client/server channel, enabling TCP \npacket injection by an attacker on the same network to alter or disrupt \napplication traffic.","indicators":{"cves":["CVE-2026-40434"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:36.083Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json","label":"ics-cert@hq.dhs.gov","domainType":"primary"},{"url":"https://www.anviz.com/contact-us.html","label":"ics-cert@hq.dhs.gov","domainType":"other"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03","label":"ics-cert@hq.dhs.gov","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40461","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40461 — Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings (e…","description":"Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug \nsettings (e.g., enabling SSH), allowing unauthorized state changes that \ncan facilitate later compromise.","indicators":{"cves":["CVE-2026-40461"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:36.217Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json","label":"ics-cert@hq.dhs.gov","domainType":"primary"},{"url":"https://www.anviz.com/contact-us.html","label":"ics-cert@hq.dhs.gov","domainType":"other"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03","label":"ics-cert@hq.dhs.gov","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40196","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40196 — HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerabilit…","description":"HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group, even after their access to that group was revoked. While the web interface correctly enforced the ac…","indicators":{"cves":["CVE-2026-40196"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:33.863Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/sysadminsmedia/homebox/releases/tag/v0.25.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/sysadminsmedia/homebox/security/advisories/GHSA-6pvm-v73p-p6m9","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40285","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40285 — WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection…","description":"WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/memorando/UsuarioDAO.php. The cpf_usuario POST parameter overwrites the session-stored user identity via extract($_REQUEST) in DespachoControle::verificarDespacho(), and the atta…","indicators":{"cves":["CVE-2026-40285"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:34.267Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-666r-v2m7-xgp9","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-666r-v2m7-xgp9","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40303","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40303 — zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, end…","description":"zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls make([]string, count) with no upper bound before any token validation occurs. The function is reached on every request…","indicators":{"cves":["CVE-2026-40303"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:35.140Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/openziti/zrok/releases/tag/v2.0.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/openziti/zrok/security/advisories/GHSA-cpf9-ph2j-ccr9","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40527","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40527 — radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command…","description":"radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DW_TAG_formal_parameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute…","indicators":{"cves":["CVE-2026-40527"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:35.373Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/radareorg/radare2/commit/bc5a89033db3ecb5b1f7bf681fc6ba4dcfc14683","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/radareorg/radare2/pull/25821","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/radare2-command-injection-via-dwarf-parameter-names","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40305","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40305 — DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e…","description":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.…","indicators":{"cves":["CVE-2026-40305","CVE-2026-40306","CVE-2026-40321"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T22:16:32.370Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fpj4-9qhx-5m6m","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2rhw-gw3f-477j","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40352","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40352 — FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoin…","description":"FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticated attacker can bypass the \"old password\" verification by injecting MongoDB query operators. This allows an attacker who has gained a low-privileged s…","indicators":{"cves":["CVE-2026-40352"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T22:16:32.940Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/labring/FastGPT/commit/bd966d479fbe414d02679cf79f9eaaab3d100a2d","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/labring/FastGPT/releases/tag/v4.14.9.5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/labring/FastGPT/security/advisories/GHSA-422w-vrfj-72g6","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40474","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40474 — wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the GymConfigUpd…","description":"wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the GymConfigUpdateView declares permission_required = 'config.change_gymconfig' but inherits WgerFormMixin instead of WgerPermissionMixin, so the permission is never enforced at runtime. Since GymConfig is an ownerl…","indicators":{"cves":["CVE-2026-40474"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T22:16:33.213Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/wger-project/wger/commit/47ee5af93b3ced24b9f94b0a8b9296b50bc9523f","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/wger-project/wger/releases/tag/2.5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/wger-project/wger/security/advisories/GHSA-xppv-4jrx-qf8m","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-2262","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-2262 — The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all ve…","description":"The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the `/wp-json/wp/v2/eablocks/ea_appointments/` REST API endpoint. This is due to the endpoint being registered with `'permission_callback' => '__return_true'`,…","indicators":{"cves":["CVE-2026-2262"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:36.620Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.19/ea-blocks/ea-blocks.php#L141","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.19/ea-blocks/ea-blocks.php#L190","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/trunk/ea-blocks/ea-blocks.php#L190","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3485692/easy-appointments/trunk/ea-blocks/ea-blocks.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?old_path=%2Feasy-appointments/tags/3.12.21&new_path=%2Feasy-appointments/tags/3.12.22","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e681aa8e-522e-4092-aa1f-8ada3097c8d6?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40348","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40348 — Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1,…","description":"Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can trigger server-side requests to arbitrary internal targets through `POST /settings/jellyfin/server-url-verify`. The endpoint accepts a user-controlled URL, appends `…","indicators":{"cves":["CVE-2026-40348","CVE-2026-40349","CVE-2026-40350"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:38.663Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/leepeuker/movary/commit/d459b3513293d41254f7093aef07010a8e5dcf04","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/leepeuker/movary/pull/751","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/leepeuker/movary/releases/tag/0.71.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/leepeuker/movary/security/advisories/GHSA-2m2v-v563-qqvj","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/leepeuker/movary/commit/12c8a090051b1a1c07a3aa48922f3bc9ffe44c8b","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/leepeuker/movary/pull/750","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/leepeuker/movary/security/advisories/GHSA-mcfq-8rx7-w25v","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/leepeuker/movary/commit/92c7400486f5fe9f350046e04e45a8502778bf39","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/leepeuker/movary/pull/749","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/leepeuker/movary/security/advisories/GHSA-7r3f-9fwv-p43w","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40581","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40581 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record…","description":"ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record deletion endpoint (SelectDelete.php) performs permanent, irreversible deletion of family records and all associated data via a plain GET request with no CSRF token validation. An attacker can craft a…","indicators":{"cves":["CVE-2026-40581"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:39.683Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/ChurchCRM/CRM/commit/39361628613af7682b813f3e62a412559616d674","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/pull/8613","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/security/advisories/GHSA-6qxv-xw9j-77pj","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35465","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-35465 — SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle s…","description":"SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation. In versions 0.17.4 and below, a compromised SecureDrop Server can achieve code execution on the Client's virtual machine (sd-app) by exploiting improper filen…","indicators":{"cves":["CVE-2026-35465"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T01:16:18.440Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/freedomofpress/securedrop-client/blob/8dc8bb6e307b13876d67f72d8a071202e2f39ab5/changelog.md?plain=1#L8","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freedomofpress/securedrop-client/commit/e518adaf897e7838467ccf9e1f28152ae6fe3655","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freedomofpress/securedrop-client/security/advisories/GHSA-2jrc-x8fq-prvc","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35582","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-35582 — Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getComm…","description":"Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand() is vulnerable to OS command injection  because it interpolates temporary file paths into a /bin/sh -c shell command string without any escaping or input validation. The IN_FILE_ENDING and OUT_FI…","indicators":{"cves":["CVE-2026-35582"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T02:16:11.510Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/NationalSecurityAgency/emissary/commit/1faf33f2494c0128f250d7d2e8f2da99bbd32ae8","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/NationalSecurityAgency/emissary/security/advisories/GHSA-3p24-9x7v-7789","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40487","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40487 — Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file upload validation bypa…","description":"Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file upload validation bypass allows any authenticated user to upload arbitrary HTML, SVG, or other executable file types to the server by spoofing the `Content-Type` header. The uploaded files are then served by nginx with a C…","indicators":{"cves":["CVE-2026-40487"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T02:16:11.670Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/gitroomhq/postiz-app/releases/tag/v2.21.6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gitroomhq/postiz-app/security/advisories/GHSA-44wg-r34q-hvfx","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gitroomhq/postiz-app/security/advisories/GHSA-44wg-r34q-hvfx","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6518","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6518 — The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbi…","description":"The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the `cmp_theme_update_install` AJAX action. This is due to the function only checking for the `publish_page…","indicators":{"cves":["CVE-2026-6518"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T05:16:24.377Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/cmp-coming-soon-maintenance/tags/4.1.16/niteo-cmp.php#L1421","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cmp-coming-soon-maintenance/tags/4.1.16/niteo-cmp.php#L1437","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cmp-coming-soon-maintenance/tags/4.1.16/niteo-cmp.php#L1447","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?old_path=%2Fcmp-coming-soon-maintenance/tags/4.1.16&new_path=%2Fcmp-coming-soon-maintenance/tags/4.1.17","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d6fb275b-dbba-46df-b170-977ef4a84c4c?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-25917","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-25917 — Dag Authors, who normally should not be able to execute code in the webserver context could craft XC…","description":"Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.\n\nUsers are recommended to upgrade to Apache Airflow 3.2.0, whic…","indicators":{"cves":["CVE-2026-25917"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T07:16:09.347Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/apache/airflow/pull/61641","label":"security@apache.org","domainType":"primary"},{"url":"https://lists.apache.org/thread/6whgpkqbh12rvpfmvcg8b0vwlv4hq3po","label":"security@apache.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/17/9","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-30898","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-30898 — An example of BashOperator in Airflow documentation suggested a way of passing dag_run.conf in the w…","description":"An example of BashOperator in Airflow documentation suggested a way of passing dag_run.conf in the way that could cause unsanitized user input to be used to escalate privileges of UI user to allow execute code on worker. Users should review if any of their own DAGs have adopted this incorrect advice…","indicators":{"cves":["CVE-2026-30898"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T07:16:10.297Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/apache/airflow/pull/64129","label":"security@apache.org","domainType":"primary"},{"url":"https://lists.apache.org/thread/26zmhfj1t95c1hld2r14ho81nzh1bdc8","label":"security@apache.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/17/7","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-30912","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-30912 — In case of SQL errors, exception/stack trace of errors was exposed in API even if \"api/expose_stack_…","description":"In case of SQL errors, exception/stack trace of errors was exposed in API even if \"api/expose_stack_traces\" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.","indicators":{"cves":["CVE-2026-30912"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T07:16:10.427Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/apache/airflow/pull/63028","label":"security@apache.org","domainType":"primary"},{"url":"https://lists.apache.org/thread/tp6kz1hnfb3zsrrtg19myo8x5x80w8r9","label":"security@apache.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/17/5","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-32228","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-32228 — UI / API User with asset materialize permission could trigger dags they had no access to. Users are…","description":"UI / API User with asset materialize permission could trigger dags they had no access to.\nUsers are advised to migrate to Airflow version 3.2.0 that fixes the issue.","indicators":{"cves":["CVE-2026-32228"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T07:16:10.560Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/apache/airflow/pull/63338","label":"security@apache.org","domainType":"primary"},{"url":"https://lists.apache.org/thread/s7c75txgt4qf2rofcn43szfwgcrzy0nj","label":"security@apache.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/17/8","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6560","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6560 — A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects…","description":"A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function Edit_BasicSSID of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly…","indicators":{"cves":["CVE-2026-6560"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T07:16:05.973Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/xiaohaiyang-ai/CVE-Reports/blob/main/Vulnerability-Report.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/788021","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358197","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358197/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6562","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6562 — A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of…","description":"A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.…","indicators":{"cves":["CVE-2026-6562"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T09:16:10.100Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://thinhneee.github.io/posts/muucmf-sqli/","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/789501","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358199","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358199/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6563","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6563 — A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function S…","description":"A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to th…","indicators":{"cves":["CVE-2026-6563"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T09:16:11.000Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/K4ptor/H3C-routers-vulnerability/","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/789531","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358200","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358200/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6568","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6568 — A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.c…","description":"A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Handler. This manipulation of the argument path causes path traversal. The attack can be initiated remo…","indicators":{"cves":["CVE-2026-6568"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T10:16:09.203Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://vuldb.com/submit/789981","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358202","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358202/cti","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vulnplus-note.wetolink.com/share/JyHBnRUaoOY2","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6569","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6569 — A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet…","description":"A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such manipulation of the argument fileUrl leads to improper authentication. The attack can be launched remotely. The ven…","indicators":{"cves":["CVE-2026-6569"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T11:16:14.443Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://vuldb.com/submit/789982","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358203","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358203/cti","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vulnplus-note.wetolink.com/share/wgfZR6kXRApl","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6574","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6574 — A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown pr…","description":"A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials. The attack may be performed from remote. The ex…","indicators":{"cves":["CVE-2026-6574"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T14:16:11.593Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://vuldb.com/submit/790000","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358209","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358209/cti","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vulnplus-note.wetolink.com/share/VhoNkMja5u7A","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6577","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6577 — A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an…","description":"A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file owntracks/views.py of the component logtracks Endpoint. The manipulation leads to missing authentication. The attack can be initiated remotely. The exploit is publicly ava…","indicators":{"cves":["CVE-2026-6577"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T20:16:28.837Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-2-Unauthenticated-GPS-Data-Injection.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/790282","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358212","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358212/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6580","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6580 — A security vulnerability has been detected in liangliangyy DjangoBlog up to 2.1.0.0. Affected is an…","description":"A security vulnerability has been detected in liangliangyy DjangoBlog up to 2.1.0.0. Affected is an unknown function of the file owntracks/views.py of the component Amap API Call Handler. Such manipulation of the argument key leads to use of hard-coded cryptographic key\r . The attack may be launched…","indicators":{"cves":["CVE-2026-6580"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T23:16:33.697Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-5-Hardcoded-Amap-API-Key.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/790287","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358215","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358215/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6581","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6581 — A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the fu…","description":"A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function SetMobileAPInfoById of the file /goform/aspForm. Performing a manipulation of the argument param results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now pu…","indicators":{"cves":["CVE-2026-6581"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T23:16:33.893Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/hmKunlun/H3Cc/blob/main/h3c.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/790977","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358216","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358216/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6582","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6582 — A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the fun…","description":"A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function get_vector_db_details of the file superagi/controllers/vector_dbs.py of the component Vector Database Management Endpoint. Executing a manipulation can lead to missing authentication. The attack…","indicators":{"cves":["CVE-2026-6582"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T23:16:34.080Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://gist.github.com/YLChen-007/f38b32a9cd0c9722e04a716ca4dbf9d5","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791072","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358217","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358217/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6594","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6594 — A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing…","description":"A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing a manipulation of the argument __proto__/constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be performed from remote. The ve…","indicators":{"cves":["CVE-2026-6594"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T02:16:15.633Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/sudo-secure/security-research/blob/main/brikcss-merge/prototype-pollution/PoC.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791805","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358229","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358229/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6595","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6595 — A vulnerability was identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f8…","description":"A vulnerability was identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This vulnerability affects unknown code of the file buslocation.php of the component HTTP GET Parameter Handler. The manipulation of the argument bus_id leads to sql injecti…","indicators":{"cves":["CVE-2026-6595"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T03:16:16.777Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://tcn60zf28jhk.feishu.cn/wiki/MdHFw78Gmi1zbske8Ozc6XTjnIh?from=from_copylink","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/791820","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358230","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358230/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6596","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6596 — A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the func…","description":"A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function create_upload_file of the file src/backend/base/Langflow/api/v1/endpoints.py of the component API Endpoint. The manipulation results in unrestricted upload. It is possible to launch the attack re…","indicators":{"cves":["CVE-2026-6596"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T03:16:16.967Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://gist.github.com/chenhouser2025/c2aabfdee41009cfe45d28a9924742a0","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791919","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358231","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358231/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-32955","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-32955 — SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-based buffer overflow vu…","description":"SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device.","indicators":{"cves":["CVE-2026-32955"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T04:16:29.113Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://jvn.jp/en/vu/JVNVU94271449/","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/en/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-32965","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-32965 — Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manag…","description":"Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc. When the affected device is connected to the network with the initial (factory-default) configuration, the device can be configured with the null string password.","indicators":{"cves":["CVE-2026-32965"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T04:16:45.583Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://jvn.jp/en/vu/JVNVU94271449/","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/en/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6602","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6602 — A vulnerability was found in rickxy Hospital Management System up to 88a4290d957dc5bdde8a56e5ad451ad…","description":"A vulnerability was found in rickxy Hospital Management System up to 88a4290d957dc5bdde8a56e5ad451ad14f7f90f4. Affected is an unknown function of the file /backend/admin/his_admin_account.php. The manipulation of the argument ad_dpic results in unrestricted upload. The attack can be executed remotel…","indicators":{"cves":["CVE-2026-6602"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T04:16:58.933Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/freeloader9527/cve/issues/2","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792092","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358237","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358237/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6603","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6603 — A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability…","description":"A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function execute_python_code/execute_shell_command of the file src/AgentScope/tool/_coding/_python.py. This manipulation causes code injection. The attack is possible to be carried out remotel…","indicators":{"cves":["CVE-2026-6603"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T05:16:15.353Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://gist.github.com/YLChen-007/c084d69aaeda6729f3988603f2b0ce6e","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792223","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358238","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358238/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6604","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6604 — A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the…","description":"A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function _parse_url/prepare_image/openai_audio_to_text of the file src/agentscope/tool/_multi_modality/_openai_tools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument imag…","indicators":{"cves":["CVE-2026-6604"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T05:16:15.567Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://gist.github.com/YLChen-007/e3e0741b297d8c2ffca59b6350d4c657","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792224","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358239","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358239/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6605","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6605 — A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function…","description":"A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function _get_bytes_from_web_url of the file src/agentscope/_utils/_common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. It is possible to initiate th…","indicators":{"cves":["CVE-2026-6605"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T05:16:15.780Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://gist.github.com/YLChen-007/ced2d438ae79a5a11cea663c1ba2c954","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792225","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358240","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358240/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6606","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6606 — A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the…","description":"A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function _process_audio_block of the file src/agentscope/agent/_agent_base.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attac…","indicators":{"cves":["CVE-2026-6606"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T05:16:15.987Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://gist.github.com/YLChen-007/4e589eec07446726612dc416a7d80820","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792226","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358241","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358241/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5966","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5966 — ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authen…","description":"ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system.","indicators":{"cves":["CVE-2026-5966"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T08:16:11.010Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://www.twcert.org.tw/en/cp-139-10832-05f3a-2.html","label":"twcert@cert.org.tw","domainType":"other"},{"url":"https://www.twcert.org.tw/tw/cp-132-10831-a734d-1.html","label":"twcert@cert.org.tw","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6615","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6615 — A weakness has been identified in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue i…","description":"A weakness has been identified in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function Upload of the file superagi/controllers/resources.py of the component Multipart Upload Handler. This manipulation of the argument Name causes path traversal. It is possible to initiate…","indicators":{"cves":["CVE-2026-6615"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T08:16:11.190Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://gist.github.com/YLChen-007/300843c707435540ce0e23bff3e6173a","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791083","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358250","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358250/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5967","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5967 — ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authentic…","description":"ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote attackers with shell access can inject OS commands and execute them with root privileges.","indicators":{"cves":["CVE-2026-5967"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T09:16:09.430Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://www.twcert.org.tw/en/cp-139-10855-e6d1b-2.html","label":"twcert@cert.org.tw","domainType":"other"},{"url":"https://www.twcert.org.tw/tw/cp-132-10854-03015-1.html","label":"twcert@cert.org.tw","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6621","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6621 — A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknow…","description":"A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument __proto__ causes improperly controlled modification of object prototype attributes. Remote exploitation of the attack is possible. Th…","indicators":{"cves":["CVE-2026-6621"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T09:16:10.170Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/sudo-secure/security-research/blob/main/extend-deep/prototype-pollution/PoC.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792387","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358256","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358256/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6625","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6625 — A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulne…","description":"A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file mogu_picture/src/main/java/com/moxi/mogublog/picture/service/impl/LocalFileServiceImpl.java of the component Picture Storag…","indicators":{"cves":["CVE-2026-6625"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T10:16:17.760Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/ccccccctiiiiiiii-lab/public_exp/issues/3","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792417","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358260","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358260/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6629","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6629 — A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the…","description":"A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the function Statement.executeUpdate of the file sql.jsp of the component Interface. Such manipulation of the argument sql leads to sql injection. The attack can be launched remotely. The exploit has been…","indicators":{"cves":["CVE-2026-6629"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T11:16:18.927Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://my.feishu.cn/docx/JttndUaPLoR88HxI1alcz1uencf?from=from_copylink","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/792615","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358263","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358263/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6630","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6630 — A vulnerability was found in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromGstD…","description":"A vulnerability was found in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips results in buffer overflow. The attack may be initiated remotely. The exploit has bee…","indicators":{"cves":["CVE-2026-6630"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T11:16:19.407Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/Jimi-Lab/cve/issues/23","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792882","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358264","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358264/cti","label":"cna@vuldb.com","domainType":"other"},{"url":"https://www.tenda.com.cn/","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6631","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6631 — A vulnerability was determined in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function fromwebExc…","description":"A vulnerability was determined in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. Executing a manipulation of the argument page can lead to buffer overflow. The attack may be launched remotely. The expl…","indicators":{"cves":["CVE-2026-6631"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T11:16:19.583Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/Jimi-Lab/cve/issues/25","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792904","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358265","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358265/cti","label":"cna@vuldb.com","domainType":"other"},{"url":"https://www.tenda.com.cn/","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6632","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6632 — A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the functio…","description":"A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component httpd. The manipulation of the argument menufacturer/Go leads to buffer overflow. Remote exploitation of the attack is poss…","indicators":{"cves":["CVE-2026-6632"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T11:16:19.760Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/Jimi-Lab/cve/issues/26","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792905","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358266","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358266/cti","label":"cna@vuldb.com","domainType":"other"},{"url":"https://www.tenda.com.cn/","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6635","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6635 — A security vulnerability has been detected in rowboatlabs rowboat up to 0.1.67. This impacts the fun…","description":"A security vulnerability has been detected in rowboatlabs rowboat up to 0.1.67. This impacts the function tool_call of the file apps/experimental/tools_webhook/app.py of the component tools_webhook. Such manipulation of the argument X-Tools-JWE leads to improper authentication. The attack may be per…","indicators":{"cves":["CVE-2026-6635"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T12:16:09.673Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/Dave-gilmore-aus/security-advisories/blob/main/rowbat-advisory","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/793433","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358269","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358269/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3517","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-3517 — OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an a…","description":"OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry' command","indicators":{"cves":["CVE-2026-3517","CVE-2026-3518","CVE-2026-3519"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T14:16:19.330Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://community.progress.com/s/article/LoadMaster-Security-Vulnerabilites-CVE-2026-3517-CVE-2026-3518-CVE-2026-3519-CVE-2026-4048-CVE-2026-21876","label":"security@progress.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4048","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-4048 — OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an au…","description":"OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file upload process.","indicators":{"cves":["CVE-2026-4048"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T14:16:20.700Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://community.progress.com/s/article/LoadMaster-Security-Vulnerabilites-CVE-2026-3517-CVE-2026-3518-CVE-2026-3519-CVE-2026-4048-CVE-2026-21876","label":"security@progress.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-25058","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-25058 — Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0…","description":"Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa transcription-collector service exposes an internal endpoint `GET /internal/transcripts/{meeting_id}` that returns transcript data for any meeting without any authentication or…","indicators":{"cves":["CVE-2026-25058","CVE-2026-25883"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:16:41.763Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/Vexa-ai/vexa/security/advisories/GHSA-w73r-2449-qwgh","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/Vexa-ai/vexa/security/advisories/GHSA-fhr6-8hff-cvg4","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-26944","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-26944 — Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through…","description":"Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access could potentially ex…","indicators":{"cves":["CVE-2026-26944","CVE-2026-24504","CVE-2026-24506","CVE-2026-26943","CVE-2026-26951"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:16:42.223Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34427","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-34427 — Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save…","description":"Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject role_id=1 into profile save requests to escalate to Super Administrator privileges, enab…","indicators":{"cves":["CVE-2026-34427"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:16:44.250Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/givanz/Vvveb/commit/0eca14af50f038915b8bf7ceec2becf6b6720b0a","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/givanz/Vvveb/releases/tag/1.0.8.1","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/vvveb-privilege-escalation-via-admin-user-save","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34428","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-34428 — Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy actio…","description":"Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy action of the editor/editor module where the url parameter is passed directly to getUrl() via curl without scheme or destination validation. Authenticated backend users can supply file:// URLs to read arbi…","indicators":{"cves":["CVE-2026-34428"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:16:44.473Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/givanz/Vvveb/commit/2d356844f37819bf771e7cd5e12a8686975e0b2b","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/givanz/Vvveb/releases/tag/1.0.8.1","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/vvveb-ssrf-via-oembedproxy","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6066","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6066 — ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in th…","description":"ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center traf…","indicators":{"cves":["CVE-2026-6066"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:16:50.123Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://www.connectwise.com/company/trust/security-bulletins/2026-04-20-connectwise-automate-bulletin","label":"7d616e1a-3288-43b1-a0dd-0a65d3e70a49","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-24505","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-24505 — Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnera…","description":"Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.","indicators":{"cves":["CVE-2026-24505"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T17:16:31.920Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-25524","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-25524 — Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative t…","description":"Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, PHP functions such as `getimagesize()`, `file_exists()`, and `is_readable()`…","indicators":{"cves":["CVE-2026-25524","CVE-2026-25525","CVE-2026-40098","CVE-2026-40488"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T17:16:32.290Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/OpenMage/magento-lts/releases/tag/v20.17.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/OpenMage/magento-lts/security/advisories/GHSA-fg79-cr9c-7369","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/OpenMage/magento-lts/security/advisories/GHSA-6vqf-6fhm-7rc6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/OpenMage/magento-lts/security/advisories/GHSA-665x-ppc4-685w","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/OpenMage/magento-lts/security/advisories/GHSA-3j5q-7q7h-2hhv","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-30266","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-30266 — Insecure Permissions vulnerability in DeepCool DeepCreative v.1.2.7 and before allows a local attack…","description":"Insecure Permissions vulnerability in DeepCool DeepCreative v.1.2.7 and before allows a local attacker to execute arbitrary code via a crafted file","indicators":{"cves":["CVE-2026-30266"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T17:16:33.377Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"http://deepcool.com","label":"cve@mitre.org","domainType":"other"},{"url":"http://deepcreative.com","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/uncle-hash/vulnerability-research/tree/main/CVE-2026-30266","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41445","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41445 — KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc()…","description":"KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) overflows signed 32-bit integer arithmetic before being widened to size_t, causing malloc()…","indicators":{"cves":["CVE-2026-41445"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T17:16:37.160Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/mborgerding/kissfft/commit/8a8e66e33d692bad1376fe7904d87d767730537f","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/kissfft-integer-overflow-heap-buffer-overflow-via-kiss-fftndr-alloc","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6662","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6662 — A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function…","description":"A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/server.ts of the component Token Endpoint. Performing a manipulation results in permissive cross-domain policy with untrusted domains. It is possible to initiate the attack remote…","indicators":{"cves":["CVE-2026-6662"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T17:16:39.647Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/August829/CVEP/issues/31","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/794601","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358300","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358300/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6248","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6248 — The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and…","description":"The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.5. This is due to two compounding flaws: the Members::update() method does not validate or restrict the value of file-type custom profile fields, allowing authenticated users to store a…","indicators":{"cves":["CVE-2026-6248"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T19:16:11.230Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/wpforo/tags/2.4.16/wpforo/classes/Actions.php#L1418","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wpforo/tags/2.4.16/wpforo/classes/Members.php#L891","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wpforo/tags/2.4.16/wpforo/includes/functions.php#L3187","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3509997/wpforo","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/79cc102a-6777-41be-a395-8c2eeb6deb73?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-29645","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-29645 — NEMU (OpenXiangShan/NEMU) before v2025.12.r2 contains an improper instruction-validation flaw in its…","description":"NEMU (OpenXiangShan/NEMU) before v2025.12.r2 contains an improper instruction-validation flaw in its RISC-V Vector (RVV) decoder. The decoder does not correctly validate the funct3 field when decoding vsetvli/vsetivli/vsetvl, allowing certain invalid OP-V instruction encodings to be misinterpreted a…","indicators":{"cves":["CVE-2026-29645"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T20:16:48.303Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://docs.riscv.org/reference/isa/unpriv/v-st-ext.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/OpenXiangShan/NEMU/commit/481de637d5fc5838356caee80a79e56a33754039","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/OpenXiangShan/NEMU/issues/952","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/OpenXiangShan/NEMU/pull/958","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5478","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5478 — The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all vers…","description":"The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all versions up to, and including, 3.4.4. This is due to the plugin trusting attacker-controlled old_files data from public form submissions as legitimate server-side upload state, and converting attacker-sup…","indicators":{"cves":["CVE-2026-5478"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T20:16:48.800Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/everest-forms/tags/3.4.4/includes/abstracts/class-evf-form-fields-upload.php#L1306","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/everest-forms/tags/3.4.4/includes/abstracts/class-evf-form-fields-upload.php#L1581","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/everest-forms/tags/3.4.4/includes/abstracts/class-evf-form-fields-upload.php#L1665","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3507814/everest-forms","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8641eb53-6a9a-4549-b8ef-e37acbcc7f03?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6249","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6249 — Vvveb CMS 1.0.8 contains a remote code execution vulnerability in its media upload handler that allo…","description":"Vvveb CMS 1.0.8 contains a remote code execution vulnerability in its media upload handler that allows authenticated attackers to execute arbitrary operating system commands by uploading a PHP webshell with a .phtml extension. Attackers can bypass the extension deny-list and upload malicious files t…","indicators":{"cves":["CVE-2026-6249"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T20:16:48.943Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/givanz/Vvveb/commit/23ac0e8c758d80f3c4d9224763c8b2359648270e","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/vvveb-cms-remote-code-execution-via-media-upload","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-29642","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-29642 — A local attacker who can execute privileged CSR operations (or can induce firmware to do so) perform…","description":"A local attacker who can execute privileged CSR operations (or can induce firmware to do so) performs carefully crafted reads/writes to menvcfg (e.g., csrrs in M-mode). On affected XiangShan versions (commit aecf601e803bfd2371667a3fb60bfcd83c333027, 2024-11-19), these menvcfg accesses can unexpected…","indicators":{"cves":["CVE-2026-29642"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:19.393Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://docs.riscv.org/reference/isa/priv/machine.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://docs.riscv.org/reference/isa/priv/priv-csrs.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/OpenXiangShan/XiangShan/commit/5e3dd63","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/OpenXiangShan/XiangShan/issues/3934","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-29648","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-29648 — In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restr…","description":"In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restrict access to henvcfg and senvcfg. As a result, less-privileged code may read or write these CSRs without the required exception, potentially bypassing intended state-enable based isolation controls i…","indicators":{"cves":["CVE-2026-29648"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:19.733Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://docs.riscv.org/reference/isa/priv/smstateen.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/OpenXiangShan/NEMU/issues/690","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/OpenXiangShan/XiangShan/pull/3978","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/OpenXiangShan/NEMU/issues/690","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33626","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-33626 — LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior…","description":"LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy's vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating…","indicators":{"cves":["CVE-2026-33626"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:35.097Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/InternLM/lmdeploy/commit/71d64a339edb901e9005358e0633fbbab367d626","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/InternLM/lmdeploy/pull/4447","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/InternLM/lmdeploy/releases/tag/v0.12.3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5928","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5928 — Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that h…","description":"Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially res…","indicators":{"cves":["CVE-2026-5928"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:36.963Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=33998","label":"3ff69d7a-14f2-4f67-a097-88dee7810d18","domainType":"other"},{"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=33998","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-29643","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-29643 — XiangShan (Open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c21…","description":"XiangShan (Open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) contains an improper exceptional-condition handling flaw in its CSR subsystem (NewCSR). On affected versions, certain sequences of CSR operations targeting non-existent/custom CSR a…","indicators":{"cves":["CVE-2026-29643","CVE-2026-29644"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T22:16:23.507Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://docs.riscv.org/reference/isa/priv/machine.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://docs.riscv.org/reference/isa/priv/priv-csrs.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/OpenXiangShan/XiangShan/issues/3959","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/OpenXiangShan/XiangShan/pull/3966","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/OpenXiangShan/XiangShan/commit/2b1f9796aa98597e5eeac32e5bb1418496987ca4","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/OpenXiangShan/XiangShan/commit/edb1dfaf7d290ae99724594507dc46c2c2125384","label":"cve@mitre.org","domainType":"primary"},{"url":"https://xiangshan-doc-test.readthedocs.io/next/memory/mmu/pmp_pma/","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35570","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-35570 — OpenClaude is an open-source coding-agent command line interface for cloud and local model providers…","description":"OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Versions prior to 0.5.1 have a logic flaw in `bashToolHasPermission()` inside `src/tools/BashTool/bashPermissions.ts`. When the sandbox auto-allow feature is active and no explicit deny rule is conf…","indicators":{"cves":["CVE-2026-35570"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:28.877Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/Gitlawb/openclaude/commit/7002cb302b78ea2a19da3f26226de24e2903fa1d","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/Gitlawb/openclaude/security/advisories/GHSA-m6rx-7pvw-2f73","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/Gitlawb/openclaude/security/advisories/GHSA-m6rx-7pvw-2f73","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41294","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41294 — OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir con…","description":"OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment variable injection. Attackers can place a malicious .env file in a repository or workspace to override runtime configuration and security-sensitive environment setting…","indicators":{"cves":["CVE-2026-41294"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:29.637Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-8rh7-6779-cjqq","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-environment-variable-injection-via-cwd-env-file","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41295","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41295 — OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted worksp…","description":"OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended in-process code exec…","indicators":{"cves":["CVE-2026-41295"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:29.803Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/openclaw/openclaw/commit/53c29df2a9eb242a70d0ff29f3d1e67c8d6801f0","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2qrv-rc5x-2g2h","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-untrusted-workspace-channel-shadow-code-execution-during-built-in-channel-setup","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41296","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41296 — OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesyst…","description":"OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile function that allows sandbox escape. Attackers can exploit the separate path validation and file read operations to bypass sandbox restrictions and read arbitrary files.","indicators":{"cves":["CVE-2026-41296"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:29.993Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/openclaw/openclaw/commit/121870a08583033ed6a0ed73d9ffea32991252bb","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9p3r-hh9g-5cmg","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-sandbox-escape-via-toctou-race-in-remote-fs-bridge-readfile","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41297","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41297 — OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace pl…","description":"OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows attackers to access internal resources by following unvalidated redirects. The marketplace.ts module fails to restrict redirect destinations during archive down…","indicators":{"cves":["CVE-2026-41297","CVE-2026-41302"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:30.163Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/openclaw/openclaw/commit/2ce44ca6a1302b166a128abbd78f72114f2f4f52","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vjx8-8p7h-82gr","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-marketplace-plugin-download-redirect","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://github.com/openclaw/openclaw/commit/8deb9522f3d2680820588b190adb4a2a52f3670b","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9q7v-8mr7-g23p","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-unguarded-fetch-in-marketplace-plugin-download","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41299","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41299 — OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway me…","description":"OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway method where ACP-only provenance fields are gated by self-declared client metadata from WebSocket handshake rather than verified authorization state. Authenticated operator clients can spoof ACP identit…","indicators":{"cves":["CVE-2026-41299"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:30.517Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-6xg4-82hv-cp6f","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-client-identity-spoofing-in-chat-send-gateway-provenance-guard","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41303","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41303 — OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval co…","description":"OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that allows non-approvers to resolve pending exec approvals. Attackers can send Discord text commands to bypass the channels.discord.execApprovals.approvers allowlist and approve pending host e…","indicators":{"cves":["CVE-2026-41303"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:31.223Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-98hh-7ghg-x6rq","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-discord-text-approval-commands","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-39320","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-39320 — Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.25…","description":"Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.25.0 are vulnerable to an unauthenticated Regular Expression Denial of Service (ReDoS) attack within the WebSocket subscription handling logic. By injecting unescaped regex metacharacters into the `cont…","indicators":{"cves":["CVE-2026-39320"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T01:16:05.063Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/SignalK/signalk-server/commit/215d81eb700d5419c3396a0fbf23f2e246dfac2d","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/SignalK/signalk-server/pull/2568","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/SignalK/signalk-server/releases/tag/v2.25.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/SignalK/signalk-server/security/advisories/GHSA-7gcj-phff-2884","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/SignalK/signalk-server/security/advisories/GHSA-7gcj-phff-2884","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-39386","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-39386 — Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 throug…","description":"Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1, any authenticated user can immediately obtain full administrative control of the entire Neko instance (member management, room settings, broadcast control, session te…","indicators":{"cves":["CVE-2026-39386"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T01:16:06.217Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/m1k1o/neko/releases/tag/v3.0.11","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/m1k1o/neko/releases/tag/v3.1.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/m1k1o/neko/security/advisories/GHSA-2gw9-c2r2-f5qf","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-39973","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-39973 — Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 and 3.0.1, a path tra…","description":"Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 and 3.0.1, a path traversal vulnerability in `brut/androlib/res/decoder/ResFileDecoder.java` allows a maliciously crafted APK to write arbitrary files to the filesystem during standard decoding (`apktool d`). This is a se…","indicators":{"cves":["CVE-2026-39973"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T02:16:07.903Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/iBotPeaches/Apktool/commit/e10a0450c7afcd9462c0b76bcbff0e7428b92bdd#diff-cd531ebe1014bfd18185bf21585ca5cdb16fbcb07703ebc47949a1b4e4e36bc3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/iBotPeaches/Apktool/pull/4041","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/iBotPeaches/Apktool/releases/tag/v3.0.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-m8mh-x359-vm8m","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40497","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40497 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's `Helper::stripDangerousTags()` removes `<script>`, `<form>`, `<iframe>`, `<object>` but does NOT strip `<style>` tags. The mailbox signature field is saved via POST /mailbox/settings/{id} and later re…","indicators":{"cves":["CVE-2026-40497","CVE-2026-40565"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T03:16:08.403Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/5aa8d633216f65995e80a7d4a921b784acc94df4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.213","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-fh99-wr77-pxq3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/commit/265379b3ae343f06846adc0aa8510643d1eac2df","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-49pm-xwqj-vwjp","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-31368","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-31368 — AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may…","description":"AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability.","indicators":{"cves":["CVE-2026-31368"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T07:16:07.923Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://www.honor.com/global/security/cve-2026-31368/","label":"3836d913-7555-4dd0-a509-f5667fdf5fe4","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-39467","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-39467 — Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows…","description":"Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows Object Injection.This issue affects Responsive Slider by MetaSlider: from n/a through 3.106.0.","indicators":{"cves":["CVE-2026-39467"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T10:16:29.280Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://patchstack.com/database/wordpress/plugin/ml-slider/vulnerability/wordpress-responsive-slider-by-metaslider-plugin-3-106-0-php-object-injection-vulnerability?_s_id=cve","label":"audit@patchstack.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40520","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40520 — FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiat…","description":"FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess() function where GraphQL mutation input fields are passed directly to shell_exec() without sanitization or escaping. An authenticated user with a valid bearer token can send a GraphQL m…","indicators":{"cves":["CVE-2026-40520"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:20.380Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/FreePBX/api/blob/5f194e39a47e5481e8947f9694304d32724175f6/Api.class.php#L546C1-L554C3","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/FreePBX/api/blob/5f194e39a47e5481e8947f9694304d32724175f6/ApiGqlHelper.class.php#L34C1-L36C136","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/FreePBX/api/commit/5f194e39a47e5481e8947f9694304d32724175f6","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/freepbx-api-module-command-injection-via-graphql","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6746","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6746 — Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firef…","description":"Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6746"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:20.720Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014596","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6747","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6747 — Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140…","description":"Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6747"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:20.813Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021769","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6749","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6749 — Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnera…","description":"Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6749"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:20.993Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022610","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6750","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6750 — Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 1…","description":"Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6750"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:21.073Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023407","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6752","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6752 — Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150,…","description":"Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6752","CVE-2026-6753"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:21.250Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027499","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027501","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6754","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6754 — Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Fire…","description":"Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6754"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:21.420Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027541","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6758","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6758 — Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150…","description":"Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.","indicators":{"cves":["CVE-2026-6758"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:21.770Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013619","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6759","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6759 — Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox…","description":"Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6759"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:21.857Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016164","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6761","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6761 — Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firef…","description":"Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6761"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:22.040Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017857","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6766","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6766 — Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Fir…","description":"Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6766","CVE-2026-6772"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:22.493Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023207","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2026089","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6769","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6769 — Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox…","description":"Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6769"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:22.753Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023753","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6773","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6773 — Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was…","description":"Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.","indicators":{"cves":["CVE-2026-6773"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:23.087Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015959","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6776","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6776 — Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in F…","description":"Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6776"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:23.350Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021770","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6780","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6780 — Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 15…","description":"Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.","indicators":{"cves":["CVE-2026-6780","CVE-2026-6781"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:23.683Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2025179","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2025583","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6782","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6782 — Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 a…","description":"Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.","indicators":{"cves":["CVE-2026-6782"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:23.847Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2026571","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6784","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6784 — Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of…","description":"Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150 and Thunderbird 150.","indicators":{"cves":["CVE-2026-6784"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:24.020Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1536243%2C1745382%2C1851073%2C1893400%2C1963301%2C2001319%2C2002899%2C2012436%2C2014435%2C2016901%2C2019916%2C2020486%2C2020612%2C2020817%2C2021788%2C2022051%2C2022367%2C2022431%2C2023302%2C2023670%2C2024225%2C2024238%2C2024240%2C2024265%2C2024367%2C2024369%2C2024424%2C2024760%2C2025281%2C2025361%2C2025387%2C2025466%2C2025954%2C2025958%2C2026278%2C2026292%2C2026297%2C2026378%2C2027148%2C2027287%2C2027341%2C2027384%2C2027427%2C2027694%2C2027993%2C2028009%2C2028270%2C2028416%2C2028524%2C2029295%2C2029301%2C2029461%2C2029699%2C2029800%2C2029801","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-14362","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2025-14362 — The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if th…","description":"The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force.","indicators":{"cves":["CVE-2025-14362","CVE-2026-0972"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:16:35.207Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://fortra.com/security/advisories/product-security/FI-2026-002","label":"df4dee71-de3a-4139-9588-11b62fe6c0ff","domainType":"other"},{"url":"https://fortra.com/security/advisories/product-security/fi-2026-004","label":"df4dee71-de3a-4139-9588-11b62fe6c0ff","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31018","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-31018 — In Dolibarr ERP & CRM <= 22.0.4, PHP code detection and editing permission enforcement in the Websit…","description":"In Dolibarr ERP & CRM <= 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page cre…","indicators":{"cves":["CVE-2026-31018"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:16:36.443Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"http://dolibarr.com","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/PhDg1410/CVE/blob/main/CVE-2026-31018/README.md","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-31019","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-31019 — In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based f…","description":"In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can bypass this filtering, resulting in full remote code exe…","indicators":{"cves":["CVE-2026-31019"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:16:36.560Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"http://dolibarr.com","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/PhDg1410/CVE/blob/main/CVE-2026-31019/README.md","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-37748","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-37748 — Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/adm…","description":"Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/admin_user_insert.php and vms/php/update_1.php. The move_uploaded_file() function is called without any MIME type, extension, or content validation, allowing an authenticated admin to upload a PHP webshe…","indicators":{"cves":["CVE-2026-37748"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T16:16:20.113Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/menevarad007/CVE-2026-37748","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/sanjay1313/Visitor-Management-System","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/menevarad007/CVE-2026-37748","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-24177","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-24177 — NVIDIA KAI Scheduler contains a vulnerability where an attacker could access API endpoints without a…","description":"NVIDIA KAI Scheduler contains a vulnerability where an attacker could access API endpoints without authorization. A successful exploit of this vulnerability might lead to information disclosure.","indicators":{"cves":["CVE-2026-24177"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:23.787Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24177","label":"psirt@nvidia.com","domainType":"primary"},{"url":"https://nvidia.custhelp.com/app/answers/detail/a_id/5818","label":"psirt@nvidia.com","domainType":"other"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-24177","label":"psirt@nvidia.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-24189","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-24189 — NVIDIA CUDA-Q contains a vulnerability in an endpoint, where an unauthenticated attacker could cause…","description":"NVIDIA CUDA-Q contains a vulnerability in an endpoint, where an unauthenticated attacker could cause an out-of-bounds read by sending a maliciously crafted request. A successful exploit of this vulnerability might lead to denial of service and information disclosure.","indicators":{"cves":["CVE-2026-24189"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:23.933Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24189","label":"psirt@nvidia.com","domainType":"primary"},{"url":"https://nvidia.custhelp.com/app/answers/detail/a_id/5820","label":"psirt@nvidia.com","domainType":"other"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-24189","label":"psirt@nvidia.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-38834","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-38834 — Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do_ping_ac…","description":"Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do_ping_action function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.","indicators":{"cves":["CVE-2026-38834"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:53.257Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/jsjbcyber/repo/blob/main/rep_1.md","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/jsjbcyber/repo/blob/main/rep_1.md","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40161","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40161 — Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.…","description":"Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to 1.10.0, the Tekton Pipelines git resolver in API mode sends the system-configured Git API token to a user-controlled serverURL when the user omits the token parameter. A tenant with TaskRun or Pi…","indicators":{"cves":["CVE-2026-40161","CVE-2026-40938"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:53.790Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/tektoncd/pipeline/issues/9608","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/tektoncd/pipeline/issues/9609","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/tektoncd/pipeline/security/advisories/GHSA-wjxp-xrpv-xpff","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/tektoncd/pipeline/releases/tag/v1.11.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40568","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40568 — FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a store…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a stored cross-site scripting (XSS) vulnerability in the mailbox signature feature. The sanitization function `Helper::stripDangerousTags()` (`app/Misc/Helper.php:568`) uses an incomplete blocklist of only f…","indicators":{"cves":["CVE-2026-40568"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:55.297Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/1d83e1cffb0bf8d109625313530b36b0f5910b3f","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.213","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-w2f5-6wcv-677r","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-w2f5-6wcv-677r","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40585","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40585 — blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a password reset is ini…","description":"blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a password reset is initiated, a 128-character CSPRNG token is generated and stored alongside a password_reset_at timestamp. However, the token redemption function findUserIDFromEmailAndToken() queries only for a matching e…","indicators":{"cves":["CVE-2026-40585"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:56.380Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/blueprintue/blueprintue-self-hosted-edition/security/advisories/GHSA-qr65-6vp8-whjf","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/blueprintue/blueprintue-self-hosted-edition/security/advisories/GHSA-qr65-6vp8-whjf","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40586","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40586 — blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler perfo…","description":"blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts are processed at full network speed with no IP-based rate limiting, no per-account attempt counter, no temporary lockout, no progressive d…","indicators":{"cves":["CVE-2026-40586"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:56.523Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/blueprintue/blueprintue-self-hosted-edition/security/advisories/GHSA-m6c2-6p3h-8jv2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/blueprintue/blueprintue-self-hosted-edition/security/advisories/GHSA-m6c2-6p3h-8jv2","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40589","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40589 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privil…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privileged agent can edit a visible customer and add an email address already owned by a hidden customer in another mailbox. The server discloses the hidden customer’s name and profile URL in the success fl…","indicators":{"cves":["CVE-2026-40589"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:56.660Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/2e2fe37111d92ac665b9ad8806eac94a1a3e502c","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.214","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-mv55-3mgv-fxwr","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-mv55-3mgv-fxwr","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40591","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40591 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-co…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-conversation creation flow accepts attacker-controlled `customer_id`, `name`, `to_email`, and `phone` values and resolves the target customer in the backend without enforcing mailbox-scoped customer vis…","indicators":{"cves":["CVE-2026-40591"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:56.940Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/83eea1ca47d97c6cdc90c501734bc2579b014a34","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.214","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-9ff4-mmhv-x6jp","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-9ff4-mmhv-x6jp","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41189","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41189 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thr…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thread editing is authorized through `ThreadPolicy::edit()`, which checks mailbox access but does not apply the assigned-only restriction from `ConversationPolicy`. A user who cannot view a conversation…","indicators":{"cves":["CVE-2026-41189"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:57.367Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/cdadaf621bb1e1d017315df20d743671f7eae7a9","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.215","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-4h5p-7f5c-q7gj","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41190","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41190 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, when `APP_SH…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, when `APP_SHOW_ONLY_ASSIGNED_CONVERSATIONS` is enabled, direct conversation view correctly blocks users who are neither the assignee nor the creator. The `save_draft` AJAX path is weaker. A direct POST can create…","indicators":{"cves":["CVE-2026-41190"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:57.510Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/414878eb79be7cb01a3ae124df6efcd23729275f","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.215","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-vj2p-2789-3747","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41191","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41191 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, `MailboxesCo…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, `MailboxesController::updateSave()` persists `chat_start_new` outside the allowed-field filter. A user with only the mailbox `sig` permission sees only the signature field in the UI, but can still change the hidd…","indicators":{"cves":["CVE-2026-41191"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:57.653Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/fb130de64e1c830d85dd6988eaa08d725a7be954","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.215","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-wpv9-c2gv-2j82","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40588","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40588 — blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the password change form at…","description":"blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the password change form at /profile/{slug}/edit/ does not include a current_password field and does not verify the user's existing password before accepting a new one. Any attacker who obtains a valid authenticated session — th…","indicators":{"cves":["CVE-2026-40588"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:16:51.207Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/blueprintue/blueprintue-self-hosted-edition/security/advisories/GHSA-73f2-p9jr-m44x","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/blueprintue/blueprintue-self-hosted-edition/security/advisories/GHSA-73f2-p9jr-m44x","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40611","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40611 — Let's Encrypt client and ACME library written in Go (Lego). Prior to 4.34.0, the webroot HTTP-01 cha…","description":"Let's Encrypt client and ACME library written in Go (Lego). Prior to 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to wr…","indicators":{"cves":["CVE-2026-40611"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:16:52.457Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/go-acme/lego/security/advisories/GHSA-qqx8-2xmm-jrv8","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/go-acme/lego/security/advisories/GHSA-qqx8-2xmm-jrv8","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41192","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41192 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply an…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply and draft flows trust client-supplied encrypted attachment IDs. Any IDs present in `attachments_all[]` but omitted from retained lists are decrypted and passed directly to `Attachment::deleteByIds()`. B…","indicators":{"cves":["CVE-2026-41192"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:16:53.047Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/5f182818e2391f8e711fec6ae6648ac0b367bef5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.215","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-cv36-2j23-x6g3","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40613","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40613 — Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN…","description":"Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN attribute parsing functions in coturn perform unsafe pointer casts from uint8_t * to uint16_t * without alignment checks. When processing a crafted STUN message with odd-aligned attribute boundaries,…","indicators":{"cves":["CVE-2026-40613"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T19:16:17.743Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/coturn/coturn/security/advisories/GHSA-j662-9wcj-mf36","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/coturn/coturn/security/advisories/GHSA-j662-9wcj-mf36","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40868","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40868 — Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 1.16.4, ky…","description":"Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 1.16.4, kyverno’s apiCall servicecall helper implicitly injects Authorization: Bearer ... using the kyverno controller serviceaccount token when a policy does not explicitly set an Authorization header. Because…","indicators":{"cves":["CVE-2026-40868"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T19:16:18.420Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/kyverno/kyverno/security/advisories/GHSA-q93q-v844-jrqp","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/kyverno/kyverno/security/advisories/GHSA-q93q-v844-jrqp","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40869","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40869 — Decidim is a participatory democracy framework. Starting in version 0.19.0 and prior to versions 0.3…","description":"Decidim is a participatory democracy framework. Starting in version 0.19.0 and prior to versions 0.30.5 and 0.31.1, a vulnerability allows any registered and authenticated user to accept or reject any amendments. The impact is on any users who have created proposals where the amendments feature is e…","indicators":{"cves":["CVE-2026-40869"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:00.207Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/decidim/decidim/commit/1b99136a1c7aa02616a0b54a6ab88d12907a57a9","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/decidim/decidim/security/advisories/GHSA-w5xj-99cg-rccm","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40870","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40870 — Decidim is a participatory democracy framework. Starting in version 0.0.1 and prior to versions 0.30…","description":"Decidim is a participatory democracy framework. Starting in version 0.0.1 and prior to versions 0.30.5 and 0.31.1, the root level `commentable` field in the API allows access to all commentable resources within the platform, without any permission checks. All Decidim instances are impacted that have…","indicators":{"cves":["CVE-2026-40870"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:00.367Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/decidim/decidim/security/advisories/GHSA-ghmh-q25g-gxxx","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40871","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40871 — mailcow: dockerized is an open source groupware/email suite based on docker. Versions prior to 2026-…","description":"mailcow: dockerized is an open source groupware/email suite based on docker. Versions prior to 2026-03b have a second-order SQL injection vulnerability in the quarantine_category field via the Mailcow API. The /api/v1/add/mailbox endpoint stores quarantine_category without validation or sanitization…","indicators":{"cves":["CVE-2026-40871"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:00.527Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-r8fq-wrfm-cj2q","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-r8fq-wrfm-cj2q","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40879","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40879 — Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.19, when a…","description":"Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.19, when an attacker sends many small, valid JSON messages in one TCP frame, handleData() recurses once per message; the buffer shrinks each call. maxBufferSize is never reached; call stack overflows instead. A…","indicators":{"cves":["CVE-2026-40879"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:01.533Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/nestjs/nest/security/advisories/GHSA-hpwf-8g29-85qm","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40890","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40890 — The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering…","description":"The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a < character that is not followed by a > character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read or a pan…","indicators":{"cves":["CVE-2026-40890"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:02.810Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/gomarkdown/markdown/commit/759bbc3e32073c3bc4e25969c132fc520eda2778","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gomarkdown/markdown/security/advisories/GHSA-77fj-vx54-gvh7","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gomarkdown/markdown/security/advisories/GHSA-77fj-vx54-gvh7","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40909","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40909 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint (…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint (`locale/save.php`) constructs a file path by directly concatenating `$_POST['flag']` into the path at line 30 without any sanitization. The `$_POST['code']` parameter is then written verbatim to that…","indicators":{"cves":["CVE-2026-40909"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet","rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:03.347Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/57f89ffbc27d37c9d9dd727212334846e78ac21a","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-6rc6-p838-686f","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-6rc6-p838-686f","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6819","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6819 — HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin i…","description":"HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin install, /plugin enable, /plugin disable, and /reload-plugins to remote senders by default. Attackers who gain access through the channel layer can remotely manage plugin trust and activation state, en…","indicators":{"cves":["CVE-2026-6819"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:05.780Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/HKUDS/OpenHarness/commit/59017e09880fcf9a6f60456a84fb982900b2c0b2","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/HKUDS/OpenHarness/pull/156","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/HKUDS/OpenHarness/releases/tag/v0.1.7","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/hkuds-openharness-plugin-management-command-exposure","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://github.com/HKUDS/OpenHarness/pull/156","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-21997","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-21997 — Vulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Life Science Application…","description":"Vulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Life Science Applications (component: Common Core).  Supported versions that are affected are 9.2.1-9.2.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Lif…","indicators":{"cves":["CVE-2026-21997"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:24.653Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22007","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-22007 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ…","description":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security).  Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.…","indicators":{"cves":["CVE-2026-22007","CVE-2026-22013","CVE-2026-22016","CVE-2026-22018","CVE-2026-22021","CVE-2026-34268","CVE-2026-34282"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:26.440Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22010","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-22010 — Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Ora…","description":"Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform).  Supported versions that are affected are 8.0.7.9, 8.0.8.7 and  8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker wit…","indicators":{"cves":["CVE-2026-22010","CVE-2026-34310","CVE-2026-34313","CVE-2026-34314","CVE-2026-34321","CVE-2026-34325"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:27.550Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22011","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-22011 — Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: ADPatch)…","description":"Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: ADPatch).  Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications DBA.  Succ…","indicators":{"cves":["CVE-2026-22011"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:27.740Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34291","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-34291 — Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). Suppo…","description":"Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server.  Whil…","indicators":{"cves":["CVE-2026-34291"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:33.950Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34292","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-34292 — Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). S…","description":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).  Supported versions that are affected are 12.2.1.4.0 and  14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server.…","indicators":{"cves":["CVE-2026-34292"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:34.087Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34297","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-34297 — Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: K…","description":"Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: Knowledge Integration).  Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HCM…","indicators":{"cves":["CVE-2026-34297"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:34.743Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34305","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-34305 — Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Serv…","description":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services).  Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and  15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to co…","indicators":{"cves":["CVE-2026-34305","CVE-2026-34315"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:35.850Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34309","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-34309 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Secu…","description":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security).  Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools…","indicators":{"cves":["CVE-2026-34309"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:36.390Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34320","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-34320 — Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Servic…","description":"Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications (component: User Interface).   The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to com…","indicators":{"cves":["CVE-2026-34320"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:37.643Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35229","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-35229 — Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affect…","description":"Vulnerability in the Java VM component of Oracle Database Server.  Supported versions that are affected are 19.3-19.30 and  21.3-21.21. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Java VM.  Successful attacks of this vulnerability…","indicators":{"cves":["CVE-2026-35229"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:38.440Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35230","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-35230 — Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The su…","description":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).   The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracl…","indicators":{"cves":["CVE-2026-35230","CVE-2026-35242","CVE-2026-35245","CVE-2026-35246","CVE-2026-35247","CVE-2026-35248","CVE-2026-35249","CVE-2026-35250","CVE-2026-35251"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:38.583Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35231","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-35231 — Vulnerability in the Oracle Financial Services Transaction Filtering product of Oracle Financial Ser…","description":"Vulnerability in the Oracle Financial Services Transaction Filtering product of Oracle Financial Services Applications (component: User Interface).   The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to…","indicators":{"cves":["CVE-2026-35231"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:38.717Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35243","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-35243 — Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middlew…","description":"Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where…","indicators":{"cves":["CVE-2026-35243"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:40.260Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40905","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40905 — LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, a password reset poisonin…","description":"LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, a password reset poisoning vulnerability was identified in the application due to improper trust of user-controlled HTTP headers. The application uses the X-Forwarded-Host header when generating password reset URLs. By manipu…","indicators":{"cves":["CVE-2026-40905"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:44.503Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/Kovah/LinkAce/security/advisories/GHSA-48wv-jpf4-vjfv","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40925","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40925 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/configurationUpda…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/configurationUpdate.json.php` (also routed via `/updateConfig`) persists dozens of global site settings from `$_POST` but protects the endpoint only with `User::isAdmin()`. It does not call `forbidIfIsUntrustedRequest…","indicators":{"cves":["CVE-2026-40925"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:45.903Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/f9492f5e6123dff0292d5bb3164fde7665dc36b4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-vvfw-4m39-fjqf","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-vvfw-4m39-fjqf","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6823","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6823 — HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerabil…","description":"HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote channels inherit allow_from = [\"*\"] permitting arbitrary remote senders to pass admission checks. Attackers who can reach the configured channel can bypass access controls and reach h…","indicators":{"cves":["CVE-2026-6823"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:48.827Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/HKUDS/OpenHarness/commit/fab40c6eabfb15f2bdf23cddd3cfe66a64ea203d","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/HKUDS/OpenHarness/pull/147","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/HKUDS/OpenHarness/releases/tag/v0.1.7","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/hkuds-openharness-insecure-default-remote-channel-allowlist","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://github.com/HKUDS/OpenHarness/pull/147","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40706","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40706 — In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfs_build_permissions_posix…","description":"In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfs_build_permissions_posix() in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path (stat, readdir, open) when pr…","indicators":{"cves":["CVE-2026-40706"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T22:16:19.077Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/tuxera/ntfs-3g/blob/d3ace19838ce37cfde55294e76841e6d2f393f9e/libntfs-3g/acls.c#L4011-L4027","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/tuxera/ntfs-3g/releases/tag/2026.2.25","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-4cwv-5285-63v9","label":"cve@mitre.org","domainType":"primary"},{"url":"https://www.openwall.com/lists/oss-security/2026/04/21/4","label":"cve@mitre.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/21/4","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"},{"url":"https://lists.debian.org/debian-lts-announce/2026/04/msg00024.html","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40931","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40931 — Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch fo…","description":"Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch for CVE-2026-24884 relies on a purely logical string validation within the isPathWithinParent utility. This check verifies if a resolved path string starts with the destination directory string but fail…","indicators":{"cves":["CVE-2026-40931"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T22:16:19.247Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/node-modules/compressing/security/advisories/GHSA-4c3q-x735-j3r5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/node-modules/compressing/security/advisories/GHSA-4c3q-x735-j3r5","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6832","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6832 — Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint t…","description":"Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the session_id parameter. Attackers can exploit unvalidated…","indicators":{"cves":["CVE-2026-6832"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T22:16:21.040Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/nesquena/hermes-webui/commit/3cc5839bf303fa6758bfdac538507407a2929655","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/nesquena/hermes-webui/pull/409","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/nesquena/hermes-webui/pull/412","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/nesquena/hermes-webui/releases/tag/v0.50.132","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/nesquena/hermes-webui/releases/tag/v0.50.32","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/nesquena-hermes-webui-arbitrary-file-deletion-via-unvalidated-session-id","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40926","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40926 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, three admin-only JSON endp…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and prior, three admin-only JSON endpoints — `objects/categoryAddNew.json.php`, `objects/categoryDelete.json.php`, and `objects/pluginRunUpdateScript.json.php` — enforce only a role check (`Category::canCreateCategory()` / `User::isAdmin…","indicators":{"cves":["CVE-2026-40926"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:20.163Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/ee5615153c40628ab3ec6fe04962d1f92e67d3e2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-ffw8-fwxp-h64w","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-ffw8-fwxp-h64w","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41055","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41055 — WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in AVideo's LiveLinks proxy adds `isSSRFSafeURL()` validation but leaves DNS TOCTOU vulnerabilities where DNS rebinding between validation and the actual HTTP request redirects traffic to internal endpoi…","indicators":{"cves":["CVE-2026-41055"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:20.707Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/0e56382921fc71e64829cd1ec35f04e338c70917","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/commit/8d8fc0cadb425835b4861036d589abcea4d78ee8","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-793q-xgj6-7frp","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-9x67-f2v7-63rw","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-793q-xgj6-7frp","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41056","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41056 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the `allowOrigin($allowAll…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and below, the `allowOrigin($allowAll=true)` function in `objects/functions.php` reflects any arbitrary `Origin` header back in `Access-Control-Allow-Origin` along with `Access-Control-Allow-Credentials: true`. This function is called by…","indicators":{"cves":["CVE-2026-41056"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:20.850Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/caf705f38eae0ccfac4c3af1587781355d24495e","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-ccq9-r5cw-5hwq","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-ccq9-r5cw-5hwq","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41057","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41057 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the CORS origin validation…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and below, the CORS origin validation fix in commit `986e64aad` is incomplete. Two separate code paths still reflect arbitrary `Origin` headers with credentials allowed for all `/api/*` endpoints: (1) `plugin/API/router.php` lines 4-8 un…","indicators":{"cves":["CVE-2026-41057"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:20.987Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/5e2b897ccac61eb6daca2dee4a6be3c4c2d93e13","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-ff5q-cc22-fgp4","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41058","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41058 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVi…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVideo's CloneSite `deleteDump` parameter does not apply path traversal filtering, allowing `unlink()` of arbitrary files via `../../` sequences in the GET parameter. Commit 3c729717c26f160014a5c86b0b6ac…","indicators":{"cves":["CVE-2026-41058"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:21.117Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/3c729717c26f160014a5c86b0b6accdbd613e7b2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/commit/941decd6d19e2e694acb75e86317d10fbb560284","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-5879-4fmr-xwf2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-xmjm-86qv-g226","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41060","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41060 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isSSRFSafeURL()` func…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isSSRFSafeURL()` function in `objects/functions.php` contains a same-domain shortcircuit (lines 4290-4296) that allows any URL whose hostname matches `webSiteRootURL` to bypass all SSRF protections. Because the check comp…","indicators":{"cves":["CVE-2026-41060"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:21.250Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/a0156a6398362086390d949190f9d52a823000ba","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-j432-4w3j-3w8j","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-j432-4w3j-3w8j","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41133","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41133 — pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.…","description":"pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.5.0b3.dev97 cache `role` and `permission` in the session at login and continues to authorize requests using these cached values, even after an admin changes the user's role/permissions in the database…","indicators":{"cves":["CVE-2026-41133"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T00:16:29.153Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/pyload/pyload/commit/e95804fb0d06cbb07d2ba380fc494d9ff89b68c1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/pyload/pyload/security/advisories/GHSA-66hx-chf7-3332","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41135","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41135 — free5GC UDR is the Policy Control Function (PCF) for free5GC, an an open-source project for 5th gene…","description":"free5GC UDR is the Policy Control Function (PCF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. A memory leak vulnerability in versions prior to 1.4.3 allows any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory g…","indicators":{"cves":["CVE-2026-41135"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T00:16:29.287Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-98cp-84m9-q3qp","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/free5gc/pcf/commit/599803b1b2eb4611e26d5216481ee142bce71a16","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-22753","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-22753 — Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a P…","description":"Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security components will not be exercised as intended by the applicatio…","indicators":{"cves":["CVE-2026-22753"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T06:16:04.160Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://spring.io/security/cve-2026-22753","label":"security@vmware.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22754","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-22754 — Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path=\"/se…","description":"Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path=\"/servlet-path\" pattern=\"/endpoint/**\"/> to define the servlet path for computing a path matcher, then the servlet path is not included and the related authorization rules are not exercised. This can lead…","indicators":{"cves":["CVE-2026-22754"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T06:16:04.270Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://spring.io/security/cve-2026-22754","label":"security@vmware.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6022","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6022 — In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resou…","description":"In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion.","indicators":{"cves":["CVE-2026-6022"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:16:12.903Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://www.telerik.com/products/aspnet-ajax/documentation/knowledge-base/kb-security-uncontrolled-resource-consumption-cve-2026-6022","label":"security@progress.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6023","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6023 — In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is…","description":"In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible.","indicators":{"cves":["CVE-2026-6023"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:16:13.040Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://www.telerik.com/products/aspnet-ajax/documentation/knowledge-base/kb-security-deserialization-of-untrusted-data-cve-2026-6023","label":"security@progress.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4132","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-4132 — The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading…","description":"The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution in all versions up to and including 1.19.2. This is due to insufficient validation of the file path stored in the 'hh_htpasswd_path' option and lack of sanitization on the 'h…","indicators":{"cves":["CVE-2026-4132"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:24.240Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/http-headers/tags/1.19.2/http-headers.php#L1296","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/tags/1.19.2/http-headers.php#L1298","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/tags/1.19.2/http-headers.php#L1403","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/tags/1.19.2/http-headers.php#L671","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/tags/1.19.2/http-headers.php#L722","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/tags/1.19.2/http-headers.php#L97","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/trunk/http-headers.php#L1296","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/trunk/http-headers.php#L1298","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/trunk/http-headers.php#L1403","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/trunk/http-headers.php#L671","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/trunk/http-headers.php#L722","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/trunk/http-headers.php#L97","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ce010c6f-16bd-4178-a621-31ba6378946a?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6846","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6846 — A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a speciall…","description":"A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution,…","indicators":{"cves":["CVE-2026-6846"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:27.607Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6846","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460006","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6855","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6855 — A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in th…","description":"A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in the chat session handler by manipulating the `logs_dir` parameter. This allows the attacker to create new directories and write files to arbitrary locations on the system, potentially leading to unautho…","indicators":{"cves":["CVE-2026-6855"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T13:16:22.410Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6855","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460013","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6857","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6857 — A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the Prot…","description":"A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to gain…","indicators":{"cves":["CVE-2026-6857"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T13:16:22.583Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6857","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460003","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31450","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-31450 — In the Linux kernel, the following vulnerability has been resolved: ext4: publish jinode after initi…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: publish jinode after initialization\n\next4_inode_attach_jinode() publishes ei->jinode to concurrent users.\nIt used to set ei->jinode before jbd2_journal_init_jbd_inode(),\nallowing a reader to observe a non-NULL jinode with i_v…","indicators":{"cves":["CVE-2026-31450"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:39.083Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/1aec30021edd410b986c156f195f3d23959a9d11","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/2d2b648960147d078b000b9a7494017082024366","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/33f486987af21531a7b18973d11795ede3da9ddd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4855a59e21789c79f003a9b5f4135c95a7495c6b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a070d5a872ffe0e0fe5c46eda6386140ded39adb","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/be54c0055407a73b60349c093c8ce621cb8fa232","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e4325e84727e539c8597bd5b8491349f57f7fb17","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e76bcb727e4874a2f9d0297f8e3f8eced89b0764","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31456","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-31456 — In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between co…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/pagewalk: fix race between concurrent split and refault\n\nThe splitting of a PUD entry in walk_pud_range() can race with a\nconcurrent thread refaulting the PUD leaf entry causing it to try walking\na PMD range that has disappeared…","indicators":{"cves":["CVE-2026-31456"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:40.203Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/38ec58670a0c5fc1edabdeccd857e586b7b3f318","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3b89863c3fa482912911cd65a12a3aeef662c250","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9bbbebd94dd5be25ec8c899d46ef01b33d5d22c0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31479","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-31479 — In the Linux kernel, the following vulnerability has been resolved: drm/xe: always keep track of rem…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: always keep track of remap prev/next\n\nDuring 3D workload, user is reporting hitting:\n\n[  413.361679] WARNING: drivers/gpu/drm/xe/xe_vm.c:1217 at vm_bind_ioctl_ops_unwind+0x1e2/0x2e0 [xe], CPU#7: vkd3d_queue/9925\n[  413.3619…","indicators":{"cves":["CVE-2026-31479"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:44.993Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/5eda8001ebb5269755608d678dd1f3928ab077c9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/bfe9e314d7574d1c5c851972e7aee342733819d2","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ccd41f110c608b3cc347b9be881c3e72cd634b2b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e6ba1749549e87b83c0c4885d84b543687c3740e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31510","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-31510 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-d…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb\n\nBefore using sk pointer, check if it is null.\n\nFix the following:\n\n KASAN: null-ptr-deref in range [0x0000000000000260-0x0000000000000267]\n CPU: 0 UID: 0 PID: 5985 Comm:…","indicators":{"cves":["CVE-2026-31510"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:50.130Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/03d4eafb0f3788239df63575951f6b4c97bbfda4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/0780f9333852971ca77d110019e3a66ce5a7b100","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/1dc6db047919ecd59493cd51248b37381bbabcbb","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3c821bc0fbeaa27910a20d0b43c6008d099792af","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/898b89c90ff9496e64b9331040778cc4e1b28c9d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a04a760c06bb591989db659439efdf106f0bae76","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/b6552e0503973daf6f23bd6ed9273ef131ee364f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d34776c7fa1f2c510f1cdd14823aba701babb4ad","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33593","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-33593 — A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.","description":"A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.","indicators":{"cves":["CVE-2026-33593"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:53.713Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33608","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-33608 — An attacker can send a notify request that causes a new secondary domain to be added to the bind bac…","description":"An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it.","indicators":{"cves":["CVE-2026-33608"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:54.650Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41651","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41651 — PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way us…","description":"PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that all…","indicators":{"cves":["CVE-2026-41651"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:17:04.617Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L2273-L2277","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L4036","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L873-L882","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/PackageKit/PackageKit/security/advisories/GHSA-f55j-vvr9-69xv","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html","label":"security-advisories@github.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6859","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6859 — A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when…","description":"A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run `ilab train/download/generate` with a specially crafted malicious…","indicators":{"cves":["CVE-2026-6859"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:17:07.687Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6859","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2459998","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"vendor-powmix-botnet-targets-czech-workforce","source":"vendor-blogs","category":"advisory","severity":"high","title":"PowMix botnet targets Czech workforce","description":"Cisco Talos discovered an ongoing malicious campaign, operating since at least December 2025, affecting a broader workforce in the Czech Republic with a previously undocumented botnet we call “PowMix.”","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T10:00:33.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://blog.talosintelligence.com/powmix-botnet-targets-czech-workforce/","label":"Cisco Talos","domainType":"other"}],"feedLabel":null},{"id":"vendor-darktrace-identifies-zionsiphon-malware-engineered-for-ot-disruption-in-israeli-","source":"vendor-blogs","category":"advisory","severity":"high","title":"Darktrace identifies ZionSiphon malware engineered for OT disruption in Israeli water sector environments","description":"Researchers from Darktrace detailed a malware strain dubbed ZionSiphon, highlighting a piece of OT (operational technology)-focused malware designed...\nThe post Darktrace identifies ZionSiphon malware engineered for OT disruption in Israeli water sector environments appeared first on Industrial Cybe…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T10:15:48.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://industrialcyber.co/ransomware/darktrace-identifies-zionsiphon-malware-engineered-for-ot-disruption-in-israeli-water-sector-environments/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"vendor-cisa-warns-organizations-of-supply-chain-compromise-in-axios-npm-package-deliver","source":"vendor-blogs","category":"advisory","severity":"high","title":"CISA warns organizations of supply chain compromise in Axios npm package delivering remote access trojan","description":"The U.S. CISA (Cybersecurity and Infrastructure Security Agency) issued an alert warning of a supply chain compromise affecting...\nThe post CISA warns organizations of supply chain compromise in Axios npm package delivering remote access trojan appeared first on Industrial Cyber.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T10:11:54.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://industrialcyber.co/cisa/cisa-warns-organizations-of-supply-chain-compromise-in-axios-npm-package-delivering-remote-access-trojan/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"vendor-hscc-warns-ai-driven-supply-chains-are-outpacing-healthcare-cybersecurity-defens","source":"vendor-blogs","category":"advisory","severity":"high","title":"HSCC warns AI-driven supply chains are outpacing healthcare cybersecurity defenses and oversight models","description":"The Health Sector Coordinating Council, through its Cybersecurity Working Group, published a guide to help healthcare organizations manage...\nThe post HSCC warns AI-driven supply chains are outpacing healthcare cybersecurity defenses and oversight models appeared first on Industrial Cyber.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T11:28:47.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://industrialcyber.co/medical/hscc-warns-ai-driven-supply-chains-are-outpacing-healthcare-cybersecurity-defenses-and-oversight-models/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"malbaz-967486f372064f8edc8695c91660fe436dadb2cd848a251268c8002fccd4f45c","source":"malware-bazaar","category":"malware","severity":"high","title":"967486f372064f8edc8695c91660fe436dadb2cd848a251268c8002fccd4f45c","description":"File type: exe | Reporter: JAMESWT_WT","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"177cb7e200e19e8afea0d4e778d21cb2","sha1":"5c44c374fe8a6a4c7815b5d6d759124730a7ba4a","sha256":"967486f372064f8edc8695c91660fe436dadb2cd848a251268c8002fccd4f45c"}},"tags":["83-142-209-204","exe"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:59:19Z","fetchedAt":"2026-04-22T15:00:06.237Z","references":[{"url":"https://bazaar.abuse.ch/sample/967486f372064f8edc8695c91660fe436dadb2cd848a251268c8002fccd4f45c/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-3e65e72b82055d6897cde37c80e4bf9fa04a14a88a8a59233fe6688486a1a31d","source":"malware-bazaar","category":"malware","severity":"high","title":"3e65e72b82055d6897cde37c80e4bf9fa04a14a88a8a59233fe6688486a1a31d.ps1","description":"File type: ps1 | Reporter: JAMESWT_WT","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"51d9788d36bd5197cfc2d79bffd107fd","sha1":"84ff9201ef3a4af6b922049985a320472e5ce098","sha256":"3e65e72b82055d6897cde37c80e4bf9fa04a14a88a8a59233fe6688486a1a31d"}},"tags":["83-142-209-204","ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:58:44Z","fetchedAt":"2026-04-22T15:00:06.237Z","references":[{"url":"https://bazaar.abuse.ch/sample/3e65e72b82055d6897cde37c80e4bf9fa04a14a88a8a59233fe6688486a1a31d/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-286640beb0eae8359a4c78ac95b293392943088c60823f7fc269a4488316d885","source":"malware-bazaar","category":"malware","severity":"high","title":"286640beb0eae8359a4c78ac95b293392943088c60823f7fc269a4488316d885.ps1","description":"File type: ps1 | Reporter: JAMESWT_WT","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"83c0c504b4d2ca6dd931f25edddf31c1","sha1":"0b098323c285dd18f3377c6766166f88e3729cc5","sha256":"286640beb0eae8359a4c78ac95b293392943088c60823f7fc269a4488316d885"}},"tags":["83-142-209-204","ps1","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:58:21Z","fetchedAt":"2026-04-22T15:00:06.237Z","references":[{"url":"https://bazaar.abuse.ch/sample/286640beb0eae8359a4c78ac95b293392943088c60823f7fc269a4488316d885/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-1feea0fb9e74f08c7954c3e438a1af857a3d394a397dba0b4534ed4edf4d8086","source":"malware-bazaar","category":"malware","severity":"high","title":"04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747.zip","description":"File type: zip | Reporter: JAMESWT_WT","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"d22d0f4b9e9f1c86c98f3ce5701d1439","sha1":"45c7ea59cf05e977f83ecb398dfcbc4179a946ab","sha256":"1feea0fb9e74f08c7954c3e438a1af857a3d394a397dba0b4534ed4edf4d8086"}},"tags":["83-142-209-204","stego","zip","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:58:02Z","fetchedAt":"2026-04-22T15:00:06.237Z","references":[{"url":"https://bazaar.abuse.ch/sample/1feea0fb9e74f08c7954c3e438a1af857a3d394a397dba0b4534ed4edf4d8086/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-b95f31100a5e8a33f26615803fb1fe62b5f7c1f0eaffc25e4e7504936c843dd5","source":"malware-bazaar","category":"malware","severity":"high","title":"update.ps1","description":"File type: ps1 | Reporter: JAMESWT_WT","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"4ea1d81fa5a11e17659586c625c1dfc8","sha1":"671504e70e4bd35bed1db2aef15d681b3631d348","sha256":"b95f31100a5e8a33f26615803fb1fe62b5f7c1f0eaffc25e4e7504936c843dd5"}},"tags":["107-173-143-107","ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:55:56Z","fetchedAt":"2026-04-22T15:00:06.237Z","references":[{"url":"https://bazaar.abuse.ch/sample/b95f31100a5e8a33f26615803fb1fe62b5f7c1f0eaffc25e4e7504936c843dd5/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-44671d56654521eb05acab950b91c0efc1c0c02b689b2ee8fa4f262f57640330","source":"malware-bazaar","category":"malware","severity":"high","title":"archive0331.zip","description":"File type: zip | Reporter: johnk3r","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"1d23a84bbde85808b490bd714c9fa546","sha1":"c25109c596b4278ab5a929565b217660300bd865","sha256":"44671d56654521eb05acab950b91c0efc1c0c02b689b2ee8fa4f262f57640330"}},"tags":["lauderdale-dollar-mar-forgot-trycloudflare-com","zip"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:46:20Z","fetchedAt":"2026-04-22T15:00:06.237Z","references":[{"url":"https://bazaar.abuse.ch/sample/44671d56654521eb05acab950b91c0efc1c0c02b689b2ee8fa4f262f57640330/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-8c4758e6736950e0bf0d80bfd10ca9eba5a9756227a9f2797ebacbf22ff2e076","source":"malware-bazaar","category":"malware","severity":"high","title":"Order List.js","description":"File type: js | Reporter: lowmal3","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"3adeb1a915fa01518aa7e1577eebe75f","sha1":"ca8b241c5f2f2eef87057a564279a6d4f6c4f12c","sha256":"8c4758e6736950e0bf0d80bfd10ca9eba5a9756227a9f2797ebacbf22ff2e076"}},"tags":["107-173-143-107","js"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:40:22Z","fetchedAt":"2026-04-22T15:00:06.237Z","references":[{"url":"https://bazaar.abuse.ch/sample/8c4758e6736950e0bf0d80bfd10ca9eba5a9756227a9f2797ebacbf22ff2e076/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-69f215a8744582fdd7f1643be8fd8587cd6edb18834de592afffc6344a76f9b3","source":"malware-bazaar","category":"malware","severity":"high","title":"69f215a8744582fdd7f1643be8fd8587cd6edb18834de.exe","description":"File type: exe | Reporter: abuse_ch","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"73d0fe59ff15619d8486b01f992b85ce","sha1":"3607b4bd59c1fbe05d712ec0f9b3547bc289ccf5","sha256":"69f215a8744582fdd7f1643be8fd8587cd6edb18834de592afffc6344a76f9b3"}},"tags":["exe","RAT","ValleyRAT"],"malwareFamily":"ValleyRAT","confidence":null,"publishedAt":"2026-04-22T14:36:15Z","fetchedAt":"2026-04-22T15:00:06.237Z","references":[{"url":"https://bazaar.abuse.ch/sample/69f215a8744582fdd7f1643be8fd8587cd6edb18834de592afffc6344a76f9b3/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-f64ccc637b29a4000090e960789f88470ef02eca8b1e063e4b5611a7f43b3961","source":"malware-bazaar","category":"malware","severity":"high","title":"1aa21baefecada61d25cf01cd1eb681b.exe","description":"File type: exe | Reporter: abuse_ch","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"1aa21baefecada61d25cf01cd1eb681b","sha1":"289945eb9260f08c0737be586730fcc00295a142","sha256":"f64ccc637b29a4000090e960789f88470ef02eca8b1e063e4b5611a7f43b3961"}},"tags":["exe","RedLineStealer","infostealer"],"malwareFamily":"RedLineStealer","confidence":null,"publishedAt":"2026-04-22T14:35:34Z","fetchedAt":"2026-04-22T15:00:06.237Z","references":[{"url":"https://bazaar.abuse.ch/sample/f64ccc637b29a4000090e960789f88470ef02eca8b1e063e4b5611a7f43b3961/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-26d67030c87fe26194c0e77caaf0a4305d59081b25275af4d4b4b7f1c2403392","source":"malware-bazaar","category":"malware","severity":"high","title":"最新版收菜软件【内部版】.exe","description":"File type: exe | Reporter: CNGaoLing","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"9c256ee0d49b6d3d11ffb7199f1c4272","sha1":"acb0620e90d2c5c3f5a0167f89504e40c4fc4020","sha256":"26d67030c87fe26194c0e77caaf0a4305d59081b25275af4d4b4b7f1c2403392"}},"tags":["exe","XRed","XRedRAT"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:26:59Z","fetchedAt":"2026-04-22T15:00:06.237Z","references":[{"url":"https://bazaar.abuse.ch/sample/26d67030c87fe26194c0e77caaf0a4305d59081b25275af4d4b4b7f1c2403392/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-16f75af75110e7a9aafe0bf5b6e3727c628edae8e131fbe23d87f9b1866d0be1","source":"malware-bazaar","category":"malware","severity":"high","title":"商家版.exe","description":"File type: exe | Reporter: CNGaoLing","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"cb2d702aeb37410e71e09b314dd1cc7f","sha1":"0d53092ca23f71086769e710067d89e99579021e","sha256":"16f75af75110e7a9aafe0bf5b6e3727c628edae8e131fbe23d87f9b1866d0be1"}},"tags":["exe","XRed","XRedRAT"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:26:09Z","fetchedAt":"2026-04-22T15:00:06.237Z","references":[{"url":"https://bazaar.abuse.ch/sample/16f75af75110e7a9aafe0bf5b6e3727c628edae8e131fbe23d87f9b1866d0be1/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-6326aadda1ea3106cd9b0cf0ef428f9dd55f4be45c6a3416521d5504a248af27","source":"malware-bazaar","category":"malware","severity":"high","title":"inst.880233900b.exe","description":"File type: exe | Reporter: CNGaoLing","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"f5836b923aa05cfcc30e7c8a078ff2ea","sha1":"83591a5aaeb999f01aaba8fa5479d4679a4d6218","sha256":"6326aadda1ea3106cd9b0cf0ef428f9dd55f4be45c6a3416521d5504a248af27"}},"tags":["exe","SilverFox","Trojan/SilverFox.bm[lddel]","ValleyRAT"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:25:06Z","fetchedAt":"2026-04-22T15:00:06.237Z","references":[{"url":"https://bazaar.abuse.ch/sample/6326aadda1ea3106cd9b0cf0ef428f9dd55f4be45c6a3416521d5504a248af27/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-2cae0bd8e9fc6d05239790712547a2e6b3a0eedc6b2e6e32282f44ff20b8da78","source":"malware-bazaar","category":"malware","severity":"high","title":"Chormex33.exe","description":"File type: exe | Reporter: CNGaoLing","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"35956895c3e0e955a0e8f6b18e2c0e99","sha1":"9728c7c0be8136dfebae628b0c42684b6605782a","sha256":"2cae0bd8e9fc6d05239790712547a2e6b3a0eedc6b2e6e32282f44ff20b8da78"}},"tags":["exe","SilverFox","ValleyRAT"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:24:03Z","fetchedAt":"2026-04-22T15:00:06.237Z","references":[{"url":"https://bazaar.abuse.ch/sample/2cae0bd8e9fc6d05239790712547a2e6b3a0eedc6b2e6e32282f44ff20b8da78/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-5c11f39ef919cbe095b447f2663461dde5bd36b34a14538327e5589efa04803d","source":"malware-bazaar","category":"malware","severity":"high","title":"ps.ps1","description":"File type: ps1 | Reporter: JAMESWT_WT","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"cc60ac8abcd3a80e86389fea9faf7c12","sha1":"7c66c2f73228ba587d42e2f3dca1f1f6a54a45f3","sha256":"5c11f39ef919cbe095b447f2663461dde5bd36b34a14538327e5589efa04803d"}},"tags":["booking","lkgkdsjd-com","ps1","pulse-srvc-com"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:19:46Z","fetchedAt":"2026-04-22T15:00:06.237Z","references":[{"url":"https://bazaar.abuse.ch/sample/5c11f39ef919cbe095b447f2663461dde5bd36b34a14538327e5589efa04803d/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-21c07c68a32d37b4dfcdcf4d321e26105f7f41a079d7a6e9c66867737409a935","source":"malware-bazaar","category":"malware","severity":"high","title":"21c07c68a32d37b4dfcdcf4d321e26105f7f41a079d7a6e9c66867737409a935.html","description":"File type: html | Reporter: JAMESWT_WT","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"338bbb92eac945166f7292c7856fdc55","sha1":"800fab454788ea11e6953f2c6b3ffa6b126110ec","sha256":"21c07c68a32d37b4dfcdcf4d321e26105f7f41a079d7a6e9c66867737409a935"}},"tags":["booking","html","lkgkdsjd-com","pulse-srvc-com"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:19:39Z","fetchedAt":"2026-04-22T15:00:06.237Z","references":[{"url":"https://bazaar.abuse.ch/sample/21c07c68a32d37b4dfcdcf4d321e26105f7f41a079d7a6e9c66867737409a935/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-addae6c82dd407f54d8c0fe9ee223d69011dd2f03cb3428de7ff411924a30f98","source":"malware-bazaar","category":"malware","severity":"high","title":"addae6c82dd407f54d8c0fe9ee223d69011dd2f03cb3428de7ff411924a30f98.dll","description":"File type: exe | Reporter: JAMESWT_WT","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"5b6ec12d8988d81a98fbfe207a5182c1","sha1":"36994d08f88baa92b1142a753f065fb64a809cbd","sha256":"addae6c82dd407f54d8c0fe9ee223d69011dd2f03cb3428de7ff411924a30f98"}},"tags":["exe","invalid-signature"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:10:39Z","fetchedAt":"2026-04-22T15:00:06.237Z","references":[{"url":"https://bazaar.abuse.ch/sample/addae6c82dd407f54d8c0fe9ee223d69011dd2f03cb3428de7ff411924a30f98/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-6b829c2e656f812918bfb36f873a9c0c207832bf4c9aa72d866ddd4b9c9b93f7","source":"malware-bazaar","category":"malware","severity":"high","title":"buffer.zip","description":"File type: zip | Reporter: JAMESWT_WT","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"3e02a9db64f30f77e1ee42f61ff5d7d6","sha1":"d4bec7d45c81d29c59792758db4d9e1f717adb8e","sha256":"6b829c2e656f812918bfb36f873a9c0c207832bf4c9aa72d866ddd4b9c9b93f7"}},"tags":["booking","HijackLoader","lkgkdsjd-com","pulse-srvc-com","shadowladder","zip"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:04:11Z","fetchedAt":"2026-04-22T15:00:06.237Z","references":[{"url":"https://bazaar.abuse.ch/sample/6b829c2e656f812918bfb36f873a9c0c207832bf4c9aa72d866ddd4b9c9b93f7/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e827168edcf67707285b4e","source":"otx","category":"threat-intel","severity":"high","title":"Same packet, different magic: Hits India's banking sector and Korea geopolitics","description":"A new variant of the LOTUSLITE backdoor, version 1.1, has been identified targeting India's banking sector and South Korean diplomatic circles. The backdoor is delivered via DLL sideloading using legitimate Microsoft-signed executables and initially through CHM files containing malicious JavaScript.…","indicators":{"cves":[],"ips":["172.81.60.97"],"domains":["editor.gleeze.com","cosmosmusic.com","www.cosmosmusic.com"],"urls":[],"hashes":{"md5":"5abac6560eeb77f71e4cd2e1b33d973e","sha1":"1ffd797a49df270494b8cb2d2d0d679387fbd44a","sha256":"cc0ff7e25ea686171919575916e2d9ebaeb5800a063f370a6980ea791f8851b8"}},"tags":["espionage","chm files","backdoor","south korea diplomacy","lotuslite","dll sideloading","india banking","javascript loader","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T01:40:38.268Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69e827168edcf67707285b4e","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e82714e5cf2d1fb9fe1b0a","source":"otx","category":"threat-intel","severity":"high","title":"Mach-O Man Malware: What CISOs Need to Know","description":"Lazarus Group is conducting an active campaign targeting businesses through ClickFix attacks, distributing a newly identified macOS malware kit called \"Mach-O Man\". The attack begins with fake meeting invitations via Telegram, redirecting victims to fraudulent collaboration platforms impersonating Z…","indicators":{"cves":[],"ips":["172.86.113.102"],"domains":["livemicrosft.com","update-teams.live"],"urls":["http://172.86.113.102/localencode","http://livemicrosft.com/meet/89035563931?p=9jXK14VFM8fObdKxfkake8tD7rPhzs.1","http://update-teams.live/teams"],"hashes":{"md5":null,"sha1":null,"sha256":"a73ce18952b40fd621789e43c56b2af08d1497ce3560b2481fa973d8265ce491"}},"tags":["mach-o man","browser stealing","pylangghostrat","social engineering","macos","mach-o binaries","telegram exfiltration","credential theft","clickfix","fintech targeting","apt","phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T01:40:36.560Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69e82714e5cf2d1fb9fe1b0a","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e7690744c08ddc410e543f","source":"otx","category":"threat-intel","severity":"high","title":"Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories","description":"Void Dokkaebi, also known as Famous Chollima, has evolved its operations into a self-propagating supply chain threat targeting software developers. The North Korea-aligned group uses fabricated job interviews to lure developers into cloning malicious repositories. Once compromised, the victim's mach…","indicators":{"cves":[],"ips":["166.88.4.2","85.239.62.36","23.27.20.143","23.27.202.27","23.27.120.142","154.91.0.196","198.105.127.210","83.168.68.219"],"domains":[],"urls":[],"hashes":{"md5":"a12957e7627cb19fba2a4b155f7258b7","sha1":"78be1ea752622c75fd5c636abc2e6e7a51484323","sha256":"834a92277f1bd82d4d473ac0aa2ddb23208a3a8763a576b882e7326c42bc5412"}},"tags":["dev#popper rat","omnistealer","git history tampering","vs code exploitation","worm propagation","supply chain attack","fake job interview","blockchain infrastructure","invisibleferret","repository poisoning","north korea","developer targeting","beavertail","ottercookie","supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:09:43.074Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69e7690744c08ddc410e543f","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e63f93a0ddbd53fcab3f51","source":"otx","category":"threat-intel","severity":"high","title":"The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy","description":"The Gentlemen ransomware-as-a-service program has rapidly expanded since mid-2025, claiming over 320 victims with 240 attacks occurring in early 2026. The service provides multi-platform lockers for Windows, Linux, NAS, BSD, and ESXi, enabling comprehensive coverage of corporate environments. During…","indicators":{"cves":[],"ips":[],"domains":["tezwsse5czllksjb7cwp65rvnk4oobmzti2znn42i43bjdfd2prqqkad.onion"],"urls":["http://tezwsse5czllksjb7cwp65rvnk4oobmzti2znn42i43bjdfd2prqqkad.onion/"],"hashes":{"md5":"c9d004384de06bbc53724b1431dc0fde","sha1":"f1025bb2f147c01742f263bc0b8d462af9728a22","sha256":"fe1033335a045c696c900d435119d210361966e2fb5cd1ba3382608cfa2c8e68"}},"tags":["cobalt-strike","domain-compromise","the gentlemen","psexec","systembc","esxi-encryption","lateral-movement","cobalt strike","anydesk","ransomware-as-a-service","mimikatz","group-policy-deployment","ransomware","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T15:00:35.743Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69e63f93a0ddbd53fcab3f51","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e2417dcac9587a626c98a2","source":"otx","category":"threat-intel","severity":"high","title":"Iranian APT Seedworm Targets Global Organizations via Microsoft Teams","description":"In late February 2026, following escalating Middle East tensions and coordinated military actions, Iranian APT group Seedworm launched sophisticated social engineering attacks via Microsoft Teams. Attackers impersonated IT support personnel using deceptive Microsoft 365 tenant domains to convince vi…","indicators":{"cves":[],"ips":[],"domains":["serialmenot.com","dd3.filedwnl.top","dd4.filedwnl.top"],"urls":["https://dd3.filedwnl.top","https://dd4.filedwnl.top"],"hashes":{"md5":"f8560b9a893eeb2130fc7159e9c1b851","sha1":"e2e8516b4f275e8c636620b7377ee3b9f9f47bb0","sha256":"ddf75e118db8a5614483ee7e7528a3e2621901059899a8a497335bdef2fba437"}},"tags":["muddywater infrastructure","in-memory execution","seedworm","microsoft teams","dindoor","social engineering","dindoor backdoor","iran apt","deno runtime","dinodance","apt","phishing","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:19:41.824Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69e2417dcac9587a626c98a2","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69bd045137b178c16714dcf6","source":"otx","category":"threat-intel","severity":"high","title":"An Overview of The Gentlemen's TTPs","description":"This intelligence report provides a comprehensive analysis of The Gentlemen, a ransomware group known for its sophisticated tactics, techniques, and procedures (TTPs). The group exploits vulnerabilities in FortiOS/FortiProxy, maintains a database of compromised devices, and employs advanced defense…","indicators":{"cves":["CVE-2023-27532","CVE-2024-37085","CVE-2024-55591","CVE-2025-32463"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"efd5366eb7473d6f7fb97ec7ac59f09d","sha1":"42bcc743c71a9ea083c1c750a398110582796762","sha256":"2834114ff7e487c4ca3f50ca39f7d652dea1be98f885c388f01b6ff35309307b"}},"tags":["vasa locker","medusa","cve-2024-37085","raas","fortios","data-exfiltration","cve-2025-32463","lockbit 5.0","defense-evasion","babyk","ransomware","cve-2024-55591","the gentlemen","cve-2023-27532","babuk","exploit","lateral-movement","qilin","credential-theft"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-03-20T08:24:49.787Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69bd045137b178c16714dcf6","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e1f1296b63ec46a94782ce","source":"otx","category":"threat-intel","severity":"high","title":"Takes Aim at the Ransomware Throne","description":"In February 2025, BlackBasta ransomware operations ceased after their internal chat logs were leaked online, leading to disbandment. However, former affiliates continued launching attacks using different ransomware families, including the relatively unknown Payouts King group that emerged in April 2…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":"d68ce82e82801cd487f9cd2d24f7b30e353cafd0704dcdf0bb8f12822d4227c2"}},"tags":["aes encryption","blackbasta affiliates","edr evasion","blackbasta","spam bombing","direct system calls","payouts king","quick assist","microsoft teams","cactus","rsa encryption","ransomware","phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:36:57.288Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69e1f1296b63ec46a94782ce","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e1f157d8f8bb7547f8c23f","source":"otx","category":"threat-intel","severity":"high","title":"Dissecting macOS intrusion from lure to compromise","description":"Microsoft Threat Intelligence uncovered a macOS-focused cyber campaign by North Korean threat actor Sapphire Sleet utilizing social engineering to compromise systems. The attack chain begins with a malicious AppleScript file disguised as a Zoom SDK update, which executes cascading payloads through c…","indicators":{"cves":[],"ips":["83.136.209.22","188.227.196.252","104.145.210.107","83.136.208.246","83.136.208.48","83.136.210.180"],"domains":["uw04webzoom.us","ur01webzoom.us","uv01webzoom.us","check02id.com","uv03webzoom.us","uv04webzoom.us","uw03webzoom.us","uw05webzoom.us","ux06webzoom.us"],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":"a05400000843fbad6b28d2b76fc201c3d415a72d88d8dc548fafd8bae073c640"}},"tags":["social engineering","north korea","systemupdate.app","tcc bypass","com.google.chromes.updaters","applescript","services","softwareupdate.app","cryptocurrency theft","com.apple.cli","macos","sapphire sleet","credential harvesting","icloudz","phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:37:43.088Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69e1f157d8f8bb7547f8c23f","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69dfa9e58a74337f7fb97333","source":"otx","category":"threat-intel","severity":"high","title":"The n8n n8mare: How threat actors are misusing AI workflow automation","description":"Investigation reveals widespread abuse of n8n, an AI workflow automation platform, in sophisticated phishing campaigns from October 2025 through March 2026. Attackers exploit the platform's webhook functionality to deliver malware and fingerprint devices while bypassing security filters through trus…","indicators":{"cves":[],"ips":[],"domains":["majormetalcsorp.com","monicasue.app.n8n.cloud","onedrivedownload.zoholandingpage.com","pagepoinnc.app.n8n.cloud","tti.app.n8n.cloud"],"urls":["http://majormetalcsorp.com/Openfolder","http://monicasue.app.n8n.cloud/webhook/download-file-92684bb4-ee1d-4806-a264-50bfeb750dab","http://onedrivedownload.zoholandingpage.com/my-workspace/DownloadedOneDrive","http://pagepoinnc.app.n8n.cloud/webhook/downloading-1a92cb4f-cff3-449d-8bdd-ec439b4b3496"],"hashes":{"md5":"629ce6eb0387a8f72d72d43fa6d74521","sha1":"ea5d2096a2ef3dfe4fb870bd1f0270efaea993a6","sha256":"93a09e54e607930dfc068fcbc7ea2c2ea776c504aa20a8ca12100a28cfdcc75a"}},"tags":["datto rmm","phishing campaign","n8n","webhook abuse","lucidrook","phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T15:08:21.166Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69dfa9e58a74337f7fb97333","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"news-new-npm-supply-chain-attack-self-spreads-to-steal-auth-tokens","source":"general-news","category":"news","severity":"high","title":"New npm supply-chain attack self-spreads to steal auth tokens","description":"A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T12:57:42.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/new-npm-supply-chain-attack-self-spreads-to-steal-auth-tokens/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-researchers-detect-zionsiphon-malware-targeting-israeli-water-desalination-ot-sy","source":"general-news","category":"news","severity":"high","title":"Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems","description":"Cybersecurity researchers have flagged a new malware called ZionSiphon that appears to be specifically designed to target Israeli water treatment and desalination systems.\nThe malware has been codenamed ZionSiphon by Darktrace, highlighting its ability to set up persistence, tamper with local config…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T07:34:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://thehackernews.com/2026/04/researchers-detect-zionsiphon-malware.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-newly-discovered-powmix-botnet-hits-czech-workers-using-randomized-c2-traffic","source":"general-news","category":"news","severity":"high","title":"Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic","description":"Cybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least December 2025.\n\"PowMix employs randomized command-and-control (C2) beaconing intervals, rather than persistent…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T17:52:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://thehackernews.com/2026/04/newly-discovered-powmix-botnet-hits.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-navigating-the-unique-security-risks-of-asia-s-digital-supply-chain","source":"general-news","category":"news","severity":"high","title":"Navigating the Unique Security Risks of Asia's Digital Supply Chain","description":"Regulatory differences, interconnected digital ecosystems, and the rise of AI have created a complex supply chain Asian organizations must wrangle.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T19:30:47.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.darkreading.com/cloud-security/navigating-unique-security-risks-asias-digital-supply-chain","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-mirai-botnet-targets-flaw-in-discontinued-d-link-routers","source":"general-news","category":"news","severity":"high","title":"Mirai Botnet Targets Flaw in Discontinued D-Link Routers","description":"The exploitation of the command injection vulnerability started one year after public disclosure and PoC exploit code publication.\nThe post Mirai Botnet Targets Flaw in Discontinued D-Link Routers appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T11:44:07.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.securityweek.com/mirai-botnet-targets-flaw-in-discontinued-d-link-routers/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-are-sboms-failing-supply-chain-attacks-rise-as-security-teams-struggle-with-sbom","source":"general-news","category":"news","severity":"high","title":"Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data","description":"Researcher says the missing piece is a governance-driven intelligence layer that turns SBOM and VEX data into explainable security decisions.\nThe post Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T11:30:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.securityweek.com/are-sboms-failing-supply-chain-attacks-rise-as-security-teams-struggle-with-sbom-data/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-zionsiphon-malware-targets-water-infrastructure-systems","source":"general-news","category":"news","severity":"high","title":"ZionSiphon Malware Targets Water Infrastructure Systems","description":"ZionSiphon malware targets OT water systems with sabotage and ICS scanning capabilities","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:00:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.infosecurity-magazine.com/news/zionsiphon-malware-water/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-attackers-exploit-dvr-command-injection-flaw-to-deploy-mirai-based-botnet","source":"general-news","category":"news","severity":"high","title":"Attackers Exploit DVR Command Injection Flaw to Deploy  Mirai-Based Botnet","description":"FortiGuard Labs has identified a Mirai-based Nexcorium campaign actively exploiting CVE-2024-3721 in TBK DVR devices","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T13:01:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.infosecurity-magazine.com/news/mirai-variant-dvr-flaw-iot-botnet/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-why-the-axios-attack-proves-ai-is-mandatory-for-supply-chain-security","source":"general-news","category":"news","severity":"high","title":"Why the Axios attack proves AI is mandatory for supply chain security","description":"Two weeks ago, a suspected North Korean threat actor slipped malicious code into a package within Axios, a widely used JavaScript library. The immediate concern was the blast radius: roughly 100 million weekly downloads spanning enterprises, startups, and government systems. But beyond the sheer sca…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T13:17:25.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://cyberscoop.com/ai-powered-security-operations-axios-supply-chain-attack/","label":"CyberScoop","domainType":"media"}],"feedLabel":null},{"id":"nvd-CVE-2025-15470","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-15470 — The Eleganzo theme for WordPress is vulnerable to arbitrary directory deletion due to insufficient p…","description":"The Eleganzo theme for WordPress is vulnerable to arbitrary directory deletion due to insufficient path validation in the akd_required_plugin_callback function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to de…","indicators":{"cves":["CVE-2025-15470"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T04:17:20.670Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://testwp.local/wp-content/themes/eleganzo/welcome.php#L96","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7c5d7818-e548-4d8f-b847-396d528b58cd?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1314","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1314 — The 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress is…","description":"The 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the send_post_pages_json() function in all versions up to, and including, 1.16.17. This makes it possible for unauthentic…","indicators":{"cves":["CVE-2026-1314"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T04:17:32.963Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3467608/","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d7e41753-2dbf-4afa-b61e-e617be2c4dc2?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1509","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1509 — The Avada (Fusion) Builder plugin for WordPress is vulnerable to Arbitrary WordPress Action Executio…","description":"The Avada (Fusion) Builder plugin for WordPress is vulnerable to Arbitrary WordPress Action Execution in all versions up to, and including, 3.15.1. This is due to the plugin's `output_action_hook()` function accepting user-controlled input to trigger any registered WordPress action hook without prop…","indicators":{"cves":["CVE-2026-1509"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T04:17:33.173Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://avada.com/documentation/avada-changelog/","label":"security@wordfence.com","domainType":"other"},{"url":"https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fdc57b06-bae9-49a3-84dd-f593705330e9?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1541","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1541 — The Avada (Fusion) Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in a…","description":"The Avada (Fusion) Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.15.1. This is due to the plugin's `fusion_get_post_custom_field()` function failing to validate whether metadata keys are protected (underscore-prefixed). This make…","indicators":{"cves":["CVE-2026-1541"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T04:17:33.433Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f1f69f93-80e3-434d-98a6-fc8757b4e6d1?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-2396","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-2396 — The List View Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via…","description":"The List View Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event description in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev…","indicators":{"cves":["CVE-2026-2396"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T04:17:33.783Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/list-view-google-calendar/tags/7.4.3/library/tags/li.php#L6","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c339bf65-c522-4954-8aed-275c51298aea?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-39963","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-39963 — Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the serendipity_setCook…","description":"Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2  and below, the serendipity_setCookie() function in include/functions_config.inc.php uses $_SERVER['HTTP_HOST'] without validation as the domain parameter of setcookie(). An attacker who can influence the Host header at login time, su…","indicators":{"cves":["CVE-2026-39963"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T04:17:39.580Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/s9y/Serendipity/releases/tag/2.6.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/s9y/Serendipity/security/advisories/GHSA-4m6c-649p-f6gf","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/s9y/Serendipity/security/advisories/GHSA-4m6c-649p-f6gf","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-39984","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-39984 — Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below…","description":"Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-specific constraint check…","indicators":{"cves":["CVE-2026-39984"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["transport"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T04:17:40.203Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/sigstore/timestamp-authority/releases/tag/v2.0.6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-xm5m-wgh2-rrg3","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40091","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40091 — SpiceDB is an open source database system for creating and managing security-critical application pe…","description":"SpiceDB is an open source database system for creating and managing security-critical application permissions. In versions 1.49.0 through 1.51.0, when SpiceDB starts with log level info, the startup \"configuration\" log will include the full datastore DSN, including the plaintext password, inside Dat…","indicators":{"cves":["CVE-2026-40091"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T04:17:46.360Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/authzed/spicedb/releases/tag/v1.51.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/authzed/spicedb/security/advisories/GHSA-jf4f-rr2c-9m58","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40096","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40096 — immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.…","description":"immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the shared album functionality, where the album name is inserted unsanitized into a <meta> tag in api.service.ts. A registered attacker can create a shared…","indicators":{"cves":["CVE-2026-40096"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T04:17:47.680Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/immich-app/immich/releases/tag/v2.7.3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/immich-app/immich/security/advisories/GHSA-24fq-72x8-v7hm","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-4812","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4812 — The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Missing Authorization to Arbi…","description":"The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Post/Page Disclosure in versions up to and including 6.7.0. This is due to AJAX field query endpoints accepting user-supplied filter parameters that override field-configured restrictions withou…","indicators":{"cves":["CVE-2026-4812"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T04:17:48.523Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/advanced-custom-fields/tags/6.7.0/includes/fields/class-acf-field-page_link.php#L144","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/advanced-custom-fields/tags/6.7.0/includes/fields/class-acf-field-post_object.php#L155","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/advanced-custom-fields/tags/6.7.0/includes/fields/class-acf-field-post_object.php#L92","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/advanced-custom-fields/tags/6.7.0/includes/fields/class-acf-field-relationship.php#L118","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/advanced-custom-fields/tags/6.7.0/includes/fields/class-acf-field-relationship.php#L171","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/advanced-custom-fields/tags/6.7.0/includes/fields/class-acf-field-relationship.php#L180","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/advanced-custom-fields/tags/6.7.0/includes/fields/class-acf-field-relationship.php#L187","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/advanced-custom-fields/tags/6.7.0/includes/fields/class-acf-field-user.php#L435","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/advanced-custom-fields/trunk/includes/fields/class-acf-field-page_link.php#L144","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/advanced-custom-fields/trunk/includes/fields/class-acf-field-post_object.php#L155","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/advanced-custom-fields/trunk/includes/fields/class-acf-field-post_object.php#L92","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/advanced-custom-fields/trunk/includes/fields/class-acf-field-relationship.php#L118","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/advanced-custom-fields/trunk/includes/fields/class-acf-field-relationship.php#L171","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/advanced-custom-fields/trunk/includes/fields/class-acf-field-relationship.php#L180","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/advanced-custom-fields/trunk/includes/fields/class-acf-field-relationship.php#L187","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/advanced-custom-fields/trunk/includes/fields/class-acf-field-user.php#L435","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/51e3a976-a1a3-411a-b88c-f1cb2aa8d5eb?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5160","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5160 — Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross…","description":"Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross-site Scripting (XSS) due to improper ordering of URL validation and normalization. The renderer validates link destinations using a prefix-based check (IsDangerousURL) before resolving HTML entities.…","indicators":{"cves":["CVE-2026-5160"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T06:16:13.860Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/yuin/goldmark/commit/cb46bbc4eca29d55aa9721e04ad207c23ccc44f9","label":"report@snyk.io","domainType":"primary"},{"url":"https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMYUINGOLDMARKRENDERERHTML-15838406","label":"report@snyk.io","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6293","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6293 — The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery…","description":"The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in version 1.0. This is due to missing nonce validation on the plugin settings update handler, combined with insufficient input sanitization on all user-supplied…","indicators":{"cves":["CVE-2026-6293"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T07:16:12.340Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/inquiry-form-to-posts-or-pages/tags/1.0/inq_form.php#L180","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-form-to-posts-or-pages/tags/1.0/inq_form.php#L60","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-form-to-posts-or-pages/tags/1.0/inq_form.php#L63","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-form-to-posts-or-pages/tags/1.0/inquery_form_to_posts_or_pages.php#L139","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-form-to-posts-or-pages/trunk/inq_form.php#L180","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-form-to-posts-or-pages/trunk/inq_form.php#L60","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-form-to-posts-or-pages/trunk/inq_form.php#L63","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-form-to-posts-or-pages/trunk/inquery_form_to_posts_or_pages.php#L139","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6abd3968-a8e7-4b40-bb7e-387bab10eba9?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1782","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1782 — The MetForm Pro plugin for WordPress is vulnerable to Improper Input Validation in all versions up t…","description":"The MetForm Pro plugin for WordPress is vulnerable to Improper Input Validation  in all versions up to, and including, 3.9.7 This is due to the payment integrations (Stripe/PayPal) trusting a user-submitted calculation field value without recomputing or validating it against the configured form pric…","indicators":{"cves":["CVE-2026-1782"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T09:16:31.213Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://wpmet.com/plugin/metform/","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a49dd64b-6ae8-49ed-9e8a-e5b73c2acf4b?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3642","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3642 — The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions…","description":"The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshot_form_builder_update_field_data() AJAX handler lacks any capability checks (current_user_can()) or nonce verification (check_ajax_referer()/wp_verify_nonce()). The…","indicators":{"cves":["CVE-2026-3642"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T09:16:31.550Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/e-shot-form-builder/tags/1.0.2/admin/class-eshotformbuilder-admin.php#L656","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/e-shot-form-builder/tags/1.0.2/includes/class-eshotformbuilder.php#L162","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/e-shot-form-builder/trunk/admin/class-eshotformbuilder-admin.php#L656","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/e-shot-form-builder/trunk/includes/class-eshotformbuilder.php#L162","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/815bd708-b2f8-4add-901b-863fbb3c4d81?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3649","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3649 — The Katalogportal PDF Sync plugin for WordPress is vulnerable to Missing Authorization in all versio…","description":"The Katalogportal PDF Sync plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.0. The katalogportal_popup_shortcode() function is registered as an AJAX handler via wp_ajax_katalogportal_shortcodePrinter but lacks any capability check (current_user_can(…","indicators":{"cves":["CVE-2026-3649"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T09:16:31.917Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/katalogportal-pdf-sync/tags/1.0.0/inc/class.admin.php#L12","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/katalogportal-pdf-sync/tags/1.0.0/inc/class.admin.php#L209","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/katalogportal-pdf-sync/trunk/inc/class.admin.php#L12","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/katalogportal-pdf-sync/trunk/inc/class.admin.php#L209","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a01e7b21-f3ff-42a8-b78a-ad69973eda01?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3659","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3659 — The WP Circliful plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shor…","description":"The WP Circliful plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the [circliful] shortcode and via multiple shortcode attributes of the [circliful_direct] shortcode in all versions up to and including 1.2. This is due to insufficient input saniti…","indicators":{"cves":["CVE-2026-3659"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T09:16:32.083Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-circliful/tags/1.2/wp-circliful.php#L241","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-circliful/tags/1.2/wp-circliful.php#L257","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-circliful/tags/1.2/wp-circliful.php#L263","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-circliful/tags/1.2/wp-circliful.php#L285","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-circliful/trunk/wp-circliful.php#L241","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-circliful/trunk/wp-circliful.php#L257","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-circliful/trunk/wp-circliful.php#L263","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-circliful/trunk/wp-circliful.php#L285","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/030534e2-bf7d-42e4-94a1-986f629bea15?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3998","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3998 — The WM JqMath plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' shor…","description":"The WM JqMath plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' shortcode attribute of the [jqmath] shortcode in all versions up to and including 1.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The generat…","indicators":{"cves":["CVE-2026-3998"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T09:16:32.253Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/wm-jqmath/tags/1.3/wm_jqmath.php#L27","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wm-jqmath/tags/1.3/wm_jqmath.php#L33","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wm-jqmath/trunk/wm_jqmath.php#L27","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wm-jqmath/trunk/wm_jqmath.php#L33","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b4aebb45-b47b-4b5a-8281-400a4b786689?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4002","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4002 — The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to…","description":"The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 2.1.8. This is due to missing nonce validation in the ajax_revoke_token() function which handles the 'petjeaf_disconnect' AJAX action. The function performs destructive operations includ…","indicators":{"cves":["CVE-2026-4002"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T09:16:32.547Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/petje-af/tags/2.1.8/includes/class-petje-af-oauth2-provider.php#L326","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/petje-af/tags/2.1.8/includes/class-petje-af-oauth2-provider.php#L346","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/petje-af/tags/2.1.8/includes/class-petje-af.php#L182","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/petje-af/trunk/includes/class-petje-af-oauth2-provider.php#L326","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/petje-af/trunk/includes/class-petje-af-oauth2-provider.php#L346","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/petje-af/trunk/includes/class-petje-af.php#L182","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/28a071ac-37ee-4fb9-b8c6-0a782ee673b4?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4005","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4005 — The Coachific Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'u…","description":"The Coachific Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userhash' shortcode attribute in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping. The plugin uses sanitize_text_field() on the 'userhash' parame…","indicators":{"cves":["CVE-2026-4005"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T09:16:32.717Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/coachific-shortcode/tags/1.0/coachific.php#L13","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/coachific-shortcode/tags/1.0/coachific.php#L29","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/coachific-shortcode/trunk/coachific.php#L13","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/coachific-shortcode/trunk/coachific.php#L29","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3d91158c-0b34-460e-9fdb-b99165ebca78?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4011","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4011 — The Power Charts Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id'…","description":"The Power Charts Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the [pc] shortcode in all versions up to, and including, 0.1.0. This is due to insufficient input sanitization and output escaping on the 'id' shortcode attribute. Specifically, in the p…","indicators":{"cves":["CVE-2026-4011"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T09:16:32.883Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/wpgo-power-charts-lite/tags/0.1.0/classes/power-charts-shortcodes.php#L40","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wpgo-power-charts-lite/tags/0.1.0/classes/power-charts-shortcodes.php#L62","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wpgo-power-charts-lite/trunk/classes/power-charts-shortcodes.php#L40","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wpgo-power-charts-lite/trunk/classes/power-charts-shortcodes.php#L62","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ea41d391-ba8d-43d9-8eda-69ac28c49328?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4091","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4091 — The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up t…","description":"The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.0. This is due to missing nonce verification on the settings form in the func_page_main() function. This makes it possible for unauthenticated attackers to inject malicious web s…","indicators":{"cves":["CVE-2026-4091"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T09:16:33.050Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/open-brain/tags/0.5.0/index.php#L237","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/open-brain/tags/0.5.0/index.php#L252","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/open-brain/tags/0.5.0/index.php#L253","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/open-brain/tags/0.5.0/index.php#L272","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/open-brain/trunk/index.php#L237","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/open-brain/trunk/index.php#L252","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/open-brain/trunk/index.php#L253","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/open-brain/trunk/index.php#L272","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/93df6480-9bb1-4f5d-bb39-ff1a01d739cf?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5717","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5717 — The VI: Include Post By plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'c…","description":"The VI: Include Post By plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class_container' attribute of the 'include-post-by-cat' shortcode in all versions up to, and including, 0.4.200706 due to insufficient input sanitization and output escaping on user supplied attributes…","indicators":{"cves":["CVE-2026-5717"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T09:16:33.527Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/vi-include-post-by/tags/0.4.200706/vi_include_post_by.php#L809","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/vi-include-post-by/trunk/vi_include_post_by.php#L809","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b3e95dc2-0f50-4009-9cc0-a02f9977ce58?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-28741","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-28741 — Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail t…","description":"Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a user's authentication method via a CSRF attack by tricking a user into visiting a malicious page. Mattermost A…","indicators":{"cves":["CVE-2026-28741","CVE-2026-3590"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T11:16:33.450Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://mattermost.com/security-updates","label":"responsibledisclosure@mattermost.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40728","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40728 — Missing Authorization vulnerability in BlockArt Magazine Blocks magazine-blocks allows Exploiting In…","description":"Missing Authorization vulnerability in BlockArt Magazine Blocks magazine-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Magazine Blocks: from n/a through <= 1.8.3.","indicators":{"cves":["CVE-2026-40728"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T11:16:35.560Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/magazine-blocks/vulnerability/wordpress-magazine-blocks-plugin-1-8-3-broken-access-control-vulnerability?_s_id=cve","label":"audit@patchstack.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40729","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40729 — Missing Authorization vulnerability in bPlugins 3D viewer – Embed 3D Models 3d-viewer allows Exploit…","description":"Missing Authorization vulnerability in bPlugins 3D viewer – Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D viewer – Embed 3D Models: from n/a through <= 1.8.5.","indicators":{"cves":["CVE-2026-40729"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T11:16:35.683Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/3d-viewer/vulnerability/wordpress-3d-viewer-embed-3d-models-plugin-1-8-5-broken-access-control-vulnerability?_s_id=cve","label":"audit@patchstack.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40730","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40730 — Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer…","description":"Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeGrill Demo Importer: from n/a through <= 2.0.0.6.","indicators":{"cves":["CVE-2026-40730"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T11:16:35.807Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/themegrill-demo-importer/vulnerability/wordpress-themegrill-demo-importer-plugin-2-0-0-6-broken-access-control-vulnerability?_s_id=cve","label":"audit@patchstack.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40734","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40734 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i…","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zahlan Categories Images categories-images allows DOM-Based XSS.This issue affects Categories Images: from n/a through <= 3.3.1.","indicators":{"cves":["CVE-2026-40734","CVE-2025-15636","CVE-2026-6370"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T11:16:35.937Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/categories-images/vulnerability/wordpress-categories-images-plugin-3-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve","label":"audit@patchstack.com","domainType":"other"},{"url":"https://patchstack.com/database/wordpress/plugin/youtube-showcase/vulnerability/wordpress-youtube-showcase-plugin-3-5-1-cross-site-scripting-xss-vulnerability?_s_id=cve","label":"audit@patchstack.com","domainType":"other"},{"url":"https://patchstack.com/database/wordpress/plugin/mini-ajax-woo-cart/vulnerability/wordpress-mini-ajax-cart-for-woocommerce-plugin-1-3-4-cross-site-scripting-xss-vulnerability?_s_id=cve","label":"audit@patchstack.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40737","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40737 — Authorization Bypass Through User-Controlled Key vulnerability in VillaTheme COMPE compe-woo-compare…","description":"Authorization Bypass Through User-Controlled Key vulnerability in VillaTheme COMPE compe-woo-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects COMPE: from n/a through <= 1.1.4.","indicators":{"cves":["CVE-2026-40737"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T11:16:36.053Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/compe-woo-compare-products/vulnerability/wordpress-compe-plugin-1-1-4-insecure-direct-object-references-idor-vulnerability?_s_id=cve","label":"audit@patchstack.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40740","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40740 — Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configu…","description":"Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.7.","indicators":{"cves":["CVE-2026-40740"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T11:16:36.177Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/tutor/vulnerability/wordpress-tutor-lms-plugin-3-9-7-broken-access-control-vulnerability?_s_id=cve","label":"audit@patchstack.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40742","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40742 — Missing Authorization vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Explo…","description":"Missing Authorization vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio AB Testing: from n/a through <= 8.2.8.","indicators":{"cves":["CVE-2026-40742"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T11:16:36.293Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/nelio-ab-testing/vulnerability/wordpress-nelio-ab-testing-plugin-8-2-8-sensitive-data-exposure-vulnerability?_s_id=cve","label":"audit@patchstack.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40763","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40763 — Missing Authorization vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows…","description":"Missing Authorization vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1056.","indicators":{"cves":["CVE-2026-40763"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T11:16:36.657Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/royal-elementor-addons/vulnerability/wordpress-royal-elementor-addons-plugin-1-7-1056-broken-access-control-vulnerability?_s_id=cve","label":"audit@patchstack.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40778","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40778 — Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support allows Exp…","description":"Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Majestic Support: from n/a through <= 1.1.2.","indicators":{"cves":["CVE-2026-40778"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T11:16:36.900Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/majestic-support/vulnerability/wordpress-majestic-support-plugin-1-1-2-broken-access-control-vulnerability?_s_id=cve","label":"audit@patchstack.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40786","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40786 — Missing Authorization vulnerability in Long Watch Studio MyRewards woorewards allows Exploiting Inco…","description":"Missing Authorization vulnerability in Long Watch Studio MyRewards woorewards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyRewards: from n/a through <= 5.7.3.","indicators":{"cves":["CVE-2026-40786"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T11:16:37.153Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/woorewards/vulnerability/wordpress-myrewards-plugin-5-7-3-broken-access-control-vulnerability?_s_id=cve","label":"audit@patchstack.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1852","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1852 — The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request Forge…","description":"The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the updateLabel() and remove() functions. This makes it possible for unauthenticated attackers t…","indicators":{"cves":["CVE-2026-1852"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T12:16:38.613Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/wpcodefactory/woo-product-pricing-tables/releases/tag/v1.1.1","label":"security@wordfence.com","domainType":"primary"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a3b459e0-4bd9-443e-96e4-91663a35c26e?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1636","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1636 — A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain co…","description":"A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges.","indicators":{"cves":["CVE-2026-1636"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T13:16:24.170Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://support.lenovo.com/us/en/product_security/LEN-211071","label":"psirt@lenovo.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-25219","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-25219 — The `access_key` and `connection_string` connection properties were not marked as sensitive names in…","description":"The `access_key` and `connection_string` connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as well as when Connection was accidentaly logged to logs, those values could be seen in the logs. Azu…","indicators":{"cves":["CVE-2026-25219"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T13:16:24.343Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/apache/airflow/pull/61580","label":"security@apache.org","domainType":"primary"},{"url":"https://github.com/apache/airflow/pull/61582","label":"security@apache.org","domainType":"primary"},{"url":"https://lists.apache.org/thread/t4dlmqkn0njz4chk3g7mdgzb96y4ttqh","label":"security@apache.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/15/3","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-12141","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-12141 — In Grafana's alerting system, users with edit permissions for a contact point, specifically the perm…","description":"In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role \"Contact Point Writer\", which is part of the basic role Editor - can edit contact…","indicators":{"cves":["CVE-2025-12141"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T16:16:33.040Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://grafana.com/security/security-advisories/cve-2025-12141/","label":"security@grafana.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-53444","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-53444 — Cross-Site Request Forgery (CSRF) vulnerability in DeluxeThemes Userpro allows Cross Site Request Fo…","description":"Cross-Site Request Forgery (CSRF) vulnerability in DeluxeThemes Userpro allows Cross Site Request Forgery.This issue affects Userpro: from n/a before 5.1.11.","indicators":{"cves":["CVE-2025-53444"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T16:16:33.837Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://patchstack.com/database/wordpress/plugin/userpro/vulnerability/wordpress-userpro-plugin-5-1-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve","label":"audit@patchstack.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-20202","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-20202 — In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform ve…","description":"In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127, a user who holds a role that contains the high-privilege capability `edit_user`could create a special…","indicators":{"cves":["CVE-2026-20202","CVE-2026-20203"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T16:16:34.120Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://advisory.splunk.com/advisories/SVD-2026-0401","label":"psirt@cisco.com","domainType":"other"},{"url":"https://advisory.splunk.com/advisories/SVD-2026-0402","label":"psirt@cisco.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-15635","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-15635 — Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover allows Cros…","description":"Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover allows Cross Site Request Forgery.This issue affects Smart Online Order for Clover: from n/a through 1.6.0.","indicators":{"cves":["CVE-2025-15635"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T17:17:00.277Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://patchstack.com/database/wordpress/plugin/clover-online-orders/vulnerability/wordpress-smart-online-order-for-clover-plugin-1-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve","label":"audit@patchstack.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-20059","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-20059 — A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unaut…","description":"A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-s…","indicators":{"cves":["CVE-2026-20059","CVE-2026-20060"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T17:17:01.060Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-vulns-n2EJSbbw","label":"psirt@cisco.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-20061","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-20061 — A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authe…","description":"A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device.\r\n\r\nThis vu…","indicators":{"cves":["CVE-2026-20061"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T17:17:01.433Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-vulns-n2EJSbbw","label":"psirt@cisco.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-20078","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-20078 — Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker&nbs…","description":"Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker&nbsp;to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials.&nbsp;\r\n\r\nThese vulnerabilities are due to improper san…","indicators":{"cves":["CVE-2026-20078","CVE-2026-20081"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T17:17:01.610Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-file-download-RmKEVWPx","label":"psirt@cisco.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-20132","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-20132 — Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (IS…","description":"Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative&nbsp;write privileges to conduct a stored cross-site scripting (XSS) attack or a reflected XSS attack against a user of the web-bas…","indicators":{"cves":["CVE-2026-20132"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T17:17:01.967Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isexss-BS8ctE7U","label":"psirt@cisco.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-20136","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-20136 — A vulnerability in the&nbsp;CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identi…","description":"A vulnerability in the&nbsp;CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to ro…","indicators":{"cves":["CVE-2026-20136"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T17:17:02.150Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-cmd-inj-5WSJcYJB","label":"psirt@cisco.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-20148","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-20148 — A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perf…","description":"A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is…","indicators":{"cves":["CVE-2026-20148"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T17:17:02.637Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ","label":"psirt@cisco.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-20152","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-20152 — A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web…","description":"A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements.\r\n\r\nThis vulnerability is due to improper validation of user-supplied authentication input in HT…","indicators":{"cves":["CVE-2026-20152"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T17:17:02.870Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-auth-bypass-6YZkTQhd","label":"psirt@cisco.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-20161","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-20161 — A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, loca…","description":"A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device.\r\n\r\nThis vulnerability is due to improper access controls on files that are on the local file syst…","indicators":{"cves":["CVE-2026-20161"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T17:17:03.120Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-agentfilewrite-tqUw3SMU","label":"psirt@cisco.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-20170","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-20170 — A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed…","description":"A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed this vulnerability in the Cisco Webex Contact Center service, and no customer action is needed.\r\n\r This…","indicators":{"cves":["CVE-2026-20170"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T17:17:03.297Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webexcc-xss-WEX5nUnA","label":"psirt@cisco.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33214","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33214 — Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API expo…","description":"Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't enforce proper access control. This issue has been fixed in version 5.17. If users are unable to update immediately, they can work around this issue by b…","indicators":{"cves":["CVE-2026-33214","CVE-2026-33220"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T18:17:20.053Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/WeblateOrg/weblate/pull/18513","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-mpf5-3vph-q75r","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WeblateOrg/weblate/pull/18516","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-mqph-7h49-hqfm","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5758","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5758 — JavaScript is vulnerable to prototype pollution in Mafintosh's protocol-buffers-schema Version 3.6.0…","description":"JavaScript is vulnerable to prototype pollution in Mafintosh's protocol-buffers-schema Version 3.6.0, where an attacker may alter the application logic, bypass security checks, cause a DoS or achieve remote code execution.","indicators":{"cves":["CVE-2026-5758"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T18:17:24.920Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/mafintosh/protocol-buffers-schema/pull/70","label":"cret@cert.org","domainType":"primary"},{"url":"https://morielharush.github.io/2026/04/12/cve-2026-5758-protocol-buffers-schema-prototype-pollution/","label":"cret@cert.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33440","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33440 — Weblate is a web based localization tool. In versions prior to 5.17, the ALLOWED_ASSET_DOMAINS setti…","description":"Weblate is a web based localization tool. In versions prior to 5.17, the ALLOWED_ASSET_DOMAINS setting applied only to the first issued requests and didn't restrict possible redirects. This issue has been fixed in version 5.17.","indicators":{"cves":["CVE-2026-33440"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T19:16:35.447Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/WeblateOrg/weblate/commit/8be80625a864c8db5854503872a65e8a0b7399a6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-5fhx-9jwj-867m","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-34244","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34244 — Weblate is a web based localization tool. In versions prior to 5.17, a user with the project.edit pe…","description":"Weblate is a web based localization tool. In versions prior to 5.17, a user with the project.edit permission (granted by the per-project \"Administration\" role) can configure machine translation service URLs pointing to arbitrary internal network addresses. During configuration validation, Weblate ma…","indicators":{"cves":["CVE-2026-34244"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T19:16:35.903Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/WeblateOrg/weblate/commit/e619e9090202e4886b844c110d39308e7e882c0e","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-xrwr-fcw6-fmq8","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-39845","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-39845 — Weblate is a web based localization tool. In versions prior to 5.17, the webhook add-on did not util…","description":"Weblate is a web based localization tool. In versions prior to 5.17, the webhook add-on did not utilize existing SSRF protections. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable the webhook add-on as a workaround.","indicators":{"cves":["CVE-2026-39845"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T19:16:36.373Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/WeblateOrg/weblate/pull/18815","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-f8hv-g549-hwg2","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40256","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40256 — Weblate is a web based localization tool. In versions prior to 5.17, repository-boundary validation…","description":"Weblate is a web based localization tool. In versions prior to 5.17, repository-boundary validation relies on string prefix checks on resolved absolute paths. In multiple code paths, the check uses startswith against the repository root path. This is not path-segment aware and can be bypassed when t…","indicators":{"cves":["CVE-2026-40256"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T19:16:37.470Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/WeblateOrg/weblate/commit/e30dbcb33ae78e754ecef192d54f996b89cb4e15","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-ffgh-3jrf-8wvh","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6245","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6245 — A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_child_read_data() fu…","description":"A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_child_read_data() function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit termination, it results in an…","indicators":{"cves":["CVE-2026-6245"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T19:16:38.250Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6245","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457954","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6383","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6383 — A flaw was found in KubeVirt's Role-Based Access Control (RBAC) evaluation logic. The authorization…","description":"A flaw was found in KubeVirt's Role-Based Access Control (RBAC) evaluation logic. The authorization mechanism improperly truncates subresource names, leading to incorrect permission evaluations. This allows authenticated users with specific custom roles to gain unauthorized access to subresources, p…","indicators":{"cves":["CVE-2026-6383"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T19:16:38.520Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6383","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458741","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-21726","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-21726 — The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single…","description":"The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/{namespace}\n\nThanks to Prasanth Sundararajan for reporting this vulnerability.","indicators":{"cves":["CVE-2026-21726"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:34.177Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-21726","label":"security@grafana.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40915","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40915 — A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the F…","description":"A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel data.…","indicators":{"cves":["CVE-2026-40915"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:36.717Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-40915","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458744","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40916","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40916 — A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decod…","description":"A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a local user to cause a Denial of Service (DoS). By opening a specially crafted TIM image file, the application crashes due to an unconditional overflow when writing to a variable-leng…","indicators":{"cves":["CVE-2026-40916"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:36.900Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-40916","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458745","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40917","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40917 — A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the `icns_slurp()` function…","description":"A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the `icns_slurp()` function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that proce…","indicators":{"cves":["CVE-2026-40917"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:37.080Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-40917","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458746","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40918","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40918 — A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can le…","description":"A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service (DoS). This occurs due to a stack-based buffer overflow and an out-of-bounds read in the PVR image loader, causing the application to crash. Systems that process untrusted PV…","indicators":{"cves":["CVE-2026-40918"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:37.260Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-40918","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458747","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40919","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40919 — A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plug…","description":"A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacker could leverage this to cause a denial of service (DoS), leading to the plugin crashing and potentia…","indicators":{"cves":["CVE-2026-40919"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:37.430Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-40919","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458748","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6298","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6298 — Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to o…","description":"Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Critical)","indicators":{"cves":["CVE-2026-6298"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:38.643Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/495700484","label":"chrome-cve-admin@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6362","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6362 — Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to poten…","description":"Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted video file. (Chromium security severity: High)","indicators":{"cves":["CVE-2026-6362"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:43.557Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/500066234","label":"chrome-cve-admin@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6364","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6364 — Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obt…","description":"Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted file. (Chromium security severity: Medium)","indicators":{"cves":["CVE-2026-6364"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:43.910Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/502103414","label":"chrome-cve-admin@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6385","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6385 — A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specia…","description":"A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds checks,…","indicators":{"cves":["CVE-2026-6385"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:44.230Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6385","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458764","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40186","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40186 — ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit…","description":"ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit 49d0bb7, included in versions 2.17.1 of the ApostropheCMS-maintained sanitize-html package bypasses allowedTags enforcement for text inside nonTextTagsArray elements (textarea and option). Apostrophe…","indicators":{"cves":["CVE-2026-40186"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T21:17:27.523Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/apostrophecms/apostrophe/commit/7ca2d16237c72718ef7e5c7ae0458e6027ac4f64","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-9mrh-v2v3-xpfm","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40500","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40500 — ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the…","description":"ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests to a…","indicators":{"cves":["CVE-2026-40500"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T22:17:22.377Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://gist.github.com/thepiyushkumarshukla/7514e5eed526fd9d20fcfc42ce8d0a82","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://processwire.com/","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://www.vulncheck.com/advisories/processwire-cms-ssrf-via-add-module-from-url","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-39350","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-39350 — Istio is an open platform to connect, manage, and secure microservices. In versions 1.25.0 through 1…","description":"Istio is an open platform to connect, manage, and secure microservices. In versions 1.25.0 through 1.27.8, 1.28.0 through 1.28.5, 1.29.0, and 1.29.1, the serviceAccounts and notServiceAccounts fields in AuthorizationPolicy incorrectly interpret dots (.) as a regular expression matcher. Because . is…","indicators":{"cves":["CVE-2026-39350"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T23:16:09.477Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/istio/istio/security/advisories/GHSA-9gcg-w975-3rjh","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-4949","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4949 — The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict C…","description":"The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.16.12. This is due to the 'process_checkout' function not properly enforcing t…","indicators":{"cves":["CVE-2026-4949"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T23:16:10.383Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-user-avatar/tags/4.16.10/src/Admin/SettingsPages/Membership/PlansPage/SettingsPage.php#L107","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-user-avatar/tags/4.16.10/src/Admin/SettingsPages/Membership/views/add-edit-plan.php#L24","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-user-avatar/tags/4.16.10/src/Membership/Controllers/CheckoutController.php#L223","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-user-avatar/tags/4.16.10/src/Membership/Controllers/CheckoutController.php#L239","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-user-avatar/tags/4.16.10/src/Membership/Models/Subscription/SubscriptionEntity.php#L461","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3497425/wp-user-avatar#file14","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4cc29d32-2727-42df-bd42-2caf0f182c0e?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40503","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40503 — OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gatew…","description":"OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to escape the project memor…","indicators":{"cves":["CVE-2026-40503"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T01:16:11.440Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/HKUDS/OpenHarness/commit/dd1d235450dd987b20bff01b7bfb02fe8620a0af","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/HKUDS/OpenHarness/pull/127","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openharness-path-traversal-information-disclosure-via-memory-show","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3299","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3299 — The WP YouTube Lyte plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin…","description":"The WP YouTube Lyte plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lyte' shortcode in all versions up to, and including, 1.7.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attack…","indicators":{"cves":["CVE-2026-3299"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T02:16:11.533Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3482595/wp-youtube-lyte","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/de09d051-d124-4397-bd1c-b193acd6c186?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40962","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40962 — FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encrypt…","description":"FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.","indicators":{"cves":["CVE-2026-40962"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T02:16:12.227Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22348","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3885","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3885 — The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Si…","description":"The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_box' shortcode in all versions up to, and including, 7.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possi…","indicators":{"cves":["CVE-2026-3885"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T03:16:27.080Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3489360/shortcodes-ultimate","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f6929fdc-a5b1-4c71-9291-3fafa9381cf2?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3878","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3878 — The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdocs_option…","description":"The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdocs_options[icon_size]' parameter in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-leve…","indicators":{"cves":["CVE-2026-3878"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T04:17:09.813Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3481830/wp-docs","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e11ecf13-0b3b-4148-abca-677652a68c24?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4032","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4032 — The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' pa…","description":"The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in 'cc' comment shortcode in versions up to, and including, 0.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject ar…","indicators":{"cves":["CVE-2026-4032"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T04:17:10.890Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3481552/codecolorer","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/44fd7e13-f48a-43c6-a735-15036aa03005?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5070","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5070 — The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text…","description":"The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text content in versions up to, and including, 1.20.32 due to insufficient output escaping in the gallery template. This makes it possible for authenticated attackers, with contributor-level access and abo…","indicators":{"cves":["CVE-2026-5070"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T04:17:11.720Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://themes.trac.wordpress.org/changeset/320834/vantage","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fb7d4eee-fd81-4d9d-8d8d-a56870b27874?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22615","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-22615 — Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is po…","description":"Due to improper\ninput validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is\npossible for an attacker with admin privileges and access to the local system to\ninject malicious code resulting in arbitrary command execution. This security issue has been fixed in the latest version…","indicators":{"cves":["CVE-2026-22615"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T05:16:14.433Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf","label":"CybersecurityCOE@eaton.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22616","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-22616 — Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the…","description":"Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been fixed in the latest version of Eaton IPP which is available on the Eaton download centre.","indicators":{"cves":["CVE-2026-22616"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T05:16:14.563Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf","label":"CybersecurityCOE@eaton.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22617","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-22617 — Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a n…","description":"Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. This security issue has been fixed in the latest version of Eaton IPP software which is available on th…","indicators":{"cves":["CVE-2026-22617"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T06:16:08.980Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf","label":"CybersecurityCOE@eaton.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22618","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-22618 — A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP…","description":"A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attacks. This security issue has been fixed in the latest version of Eaton IPP software which is available…","indicators":{"cves":["CVE-2026-22618"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T06:16:10.297Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf","label":"CybersecurityCOE@eaton.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3551","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3551 — The Custom New User Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting v…","description":"The Custom New User Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's admin settings in all versions up to, and including, 1.2.0. This is due to insufficient input sanitization and output escaping on multiple settings fields including 'User Mail Subject'…","indicators":{"cves":["CVE-2026-3551"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T06:16:10.530Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/tags/1.2.0/admin/includes.php#L132","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/tags/1.2.0/admin/includes.php#L46","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/tags/1.2.0/admin/includes.php#L52","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/tags/1.2.0/admin/includes.php#L59","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/tags/1.2.0/admin/includes.php#L84","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/tags/1.2.0/admin/includes.php#L90","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/tags/1.2.0/admin/includes.php#L97","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/tags/1.2.0/custom-new-user-notification.php#L63","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/trunk/admin/includes.php#L132","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/trunk/admin/includes.php#L46","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/trunk/admin/includes.php#L52","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/trunk/admin/includes.php#L59","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/trunk/admin/includes.php#L84","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/trunk/admin/includes.php#L90","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/trunk/admin/includes.php#L97","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/trunk/custom-new-user-notification.php#L63","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7a14d35d-144c-4ddd-b288-5e0e006fb165?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3581","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3581 — The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versi…","description":"The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.10.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to modify stored…","indicators":{"cves":["CVE-2026-3581"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T06:16:13.433Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3495944/basic-google-maps-placemarks","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b8a2bbfe-eb87-4e26-ba20-bc406d681124?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3595","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3595 — The Riaxe Product Customizer plugin for WordPress is vulnerable to authorization bypass in all versi…","description":"The Riaxe Product Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.2. This is due to the plugin registering a REST API route at POST /wp-json/InkXEProductDesignerLite/customer/delete_customer without a permission_callback, causing WordPr…","indicators":{"cves":["CVE-2026-3595"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T06:16:14.550Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L2993","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L3150","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L4271","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L2993","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L3150","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L4271","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/59da92e2-9ea0-4566-ae4d-3d5d91d0e42e?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3773","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3773 — The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the…","description":"The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the 'scan_id' parameter in all versions up to, and including, 4.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This m…","indicators":{"cves":["CVE-2026-3773"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T06:16:19.260Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/online-accessibility/trunk/includes/ajax_functions/false-positives.php#L20","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/online-accessibility/trunk/includes/classes/Helper.php#L166","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b882ba6d-47c0-401a-bf50-5cf0bf0f3d5b?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-13364","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-13364 — The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for…","description":"The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'put_wpgm' shortcode in all versions up to, and including, 4.8.7. This is due to insufficient input sanitization and output escaping on u…","indicators":{"cves":["CVE-2025-13364"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T07:16:28.550Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset?old_path=wp-google-map-plugin/tags/4.8.7/wp-google-map-plugin.php&new_path=wp-google-map-plugin/tags/4.8.8/wp-google-map-plugin.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/91d6cf21-cb65-40cb-ad19-5a8e7179fd98?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1572","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1572 — The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of…","description":"The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 9.0. This is due to missing authorization checks on the AJAX handler `lae_admin_ajax()` and insufficient…","indicators":{"cves":["CVE-2026-1572"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T07:16:29.610Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/9.0/admin/admin-ajax.php#L28","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/9.0/admin/admin-ajax.php#L64","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/9.0/admin/views/settings.php#L707","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/9.0/plugin.php#L207","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/admin/admin-ajax.php#L28","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/admin/admin-ajax.php#L64","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/admin/views/settings.php#L707","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/plugin.php#L207","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/24b9bf5a-19ac-4e99-b32d-1ab681356a1b?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3355","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3355 — The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scri…","description":"The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘crsearch’ parameter in all versions up to, and including, 5.101.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inj…","indicators":{"cves":["CVE-2026-3355"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T07:16:29.943Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3472287/customer-reviews-woocommerce","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a851172f-3b27-4bc2-adc7-6863c2fd1c0a?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3861","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3861 — LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where op…","description":"LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs, potentially causing the iOS device to become temporarily inoperable.","indicators":{"cves":["CVE-2026-3861"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T07:16:30.090Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://hackerone.com/reports/3422905","label":"dl_cve@linecorp.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3875","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3875 — The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocs…","description":"The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocs_feedback_form' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible…","indicators":{"cves":["CVE-2026-3875"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T07:16:30.207Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset?old_path=betterdocs/tags/4.3.8/views/shortcodes/feedback-form.php&new_path=betterdocs/tags/4.3.9/views/shortcodes/feedback-form.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5b7e4c3c-a12e-4b11-9673-79a7060052a8?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3995","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3995 — The OPEN-BRAIN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'API Key' s…","description":"The OPEN-BRAIN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'API Key' settings field in all versions up to, and including, 0.5.0. This is due to insufficient input sanitization and output escaping. The plugin uses sanitize_text_field() which strips HTML tags but does not…","indicators":{"cves":["CVE-2026-3995"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T07:16:30.503Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/open-brain/tags/0.5.0/index.php#L128","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/open-brain/tags/0.5.0/index.php#L252","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/open-brain/tags/0.5.0/index.php#L253","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/open-brain/tags/0.5.0/index.php#L272","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/open-brain/trunk/index.php#L128","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/open-brain/trunk/index.php#L252","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/open-brain/trunk/index.php#L253","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/open-brain/trunk/index.php#L272","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3fe3fa95-cc1d-469b-8a97-37987b9ae362?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41030","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41030 — In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on…","description":"In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges.","indicators":{"cves":["CVE-2026-41030"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T07:16:30.660Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/ONLYOFFICE/DesktopEditors/blob/master/CHANGELOG.md","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41034","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41034 — ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conver…","description":"ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion (via pictFmla.cbBufInCtlStm and other vectors), leading to an information leak and ASLR bypass.","indicators":{"cves":["CVE-2026-41034"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T07:16:30.843Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/ONLYOFFICE/DocumentServer/blob/master/CHANGELOG.md","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-0718","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-0718 — The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vu…","description":"The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ultp_shareCount_callback() function in all versions up to, and including, 5.0.5. This makes it possible for unaut…","indicators":{"cves":["CVE-2026-0718"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T08:16:27.170Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset?old_path=/ultimate-post/tags/5.0.5/classes/Blocks.php&new_path=/ultimate-post/tags/5.0.6/classes/Blocks.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c4b2cf3b-5d35-4ce6-9453-1538a6f7752f?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-6024","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-6024 — The authentication endpoint fails to encode user-supplied input before rendering it in the web page,…","description":"The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection.\nAn attacker can leverage this by injecting malicious scripts into the authentication endpoint. This can result in the user's browser being redirected to a malicious web…","indicators":{"cves":["CVE-2025-6024"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T10:16:14.243Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4251/","label":"ed10eef1-636d-4fbe-9993-6890dfa878f8","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-12624","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-12624 — Active access tokens are not revoked or invalidated when a user account is locked within WSO2 Identi…","description":"Active access tokens are not revoked or invalidated when a user account is locked within WSO2 Identity Server. This failure to enforce revocation allows previously issued, valid tokens to remain usable, enabling continued access to protected resources by locked user accounts.\n\nThe security consequen…","indicators":{"cves":["CVE-2025-12624"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T11:16:26.447Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4684/","label":"ed10eef1-636d-4fbe-9993-6890dfa878f8","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3369","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3369 — The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cr…","description":"The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded image title in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…","indicators":{"cves":["CVE-2026-3369"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T12:16:08.233Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3477632/real-time-auto-find-and-replace","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/497c2f5f-ed7d-486e-baf2-aefbe3dc412f?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6414","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6414 — @fastify/static versions 8.0.0 through 9.1.0 decode percent-encoded path separators (%2F) before fil…","description":"@fastify/static versions 8.0.0 through 9.1.0 decode percent-encoded path separators (%2F) before filesystem resolution, while Fastify's router treats them as literal characters. This mismatch allows attackers to bypass route-based middleware or guards that protect files served by @fastify/static. Fo…","indicators":{"cves":["CVE-2026-6414"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T13:16:52.243Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://cna.openjsf.org/security-advisories.html","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"other"},{"url":"https://github.com/fastify/fastify-static/security/advisories/GHSA-x428-ghpx-8j92","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"primary"},{"url":"https://github.com/fastify/middie/security/advisories/GHSA-cxrg-g7r8-w69p","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"primary"},{"url":"https://github.com/honojs/hono/security/advisories/GHSA-q5qw-h33p-qvwr","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-4160","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4160 — The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin fo…","description":"The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference via the 'submission_id' parameter in versions up to, and including, 6.1.21. This is due to missing authorization and ownership validation…","indicators":{"cves":["CVE-2026-4160"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T14:16:18.167Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3496638/fluentform","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/154fc656-3a33-4783-a941-10bb848244b3?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6410","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6410 — @fastify/static versions 8.0.0 through 9.1.0 allow path traversal when directory listing is enabled…","description":"@fastify/static versions 8.0.0 through 9.1.0 allow path traversal when directory listing is enabled via the list option. The dirList.path() function resolves directories outside the configured static root using path.join() without a containment check. A remote unauthenticated attacker can obtain dir…","indicators":{"cves":["CVE-2026-6410"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T14:16:20.173Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://cna.openjsf.org/security-advisories.html","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"other"},{"url":"https://github.com/fastify/fastify-static/security/advisories/GHSA-pr96-94w5-mx2h","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-2840","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-2840 — The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to…","description":"The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eeb_mailto' shortcode in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authentica…","indicators":{"cves":["CVE-2026-2840"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T15:17:17.190Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset?old_path=/email-encoder-bundle/tags/2.4.4/src/Front/Shortcodes/MailtoShortcode.php&new_path=/email-encoder-bundle/tags/2.4.5/src/Front/Shortcodes/MailtoShortcode.php&old=3462208&new=3494181","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?old_path=/email-encoder-bundle/tags/2.4.4/src/Validate/Encoding.php&new_path=/email-encoder-bundle/tags/2.4.5/src/Validate/Encoding.php&old=3462208&new=3494181","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9987b5b4-33d8-4446-acbe-58c6cb5604df?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-37100","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-37100 — An issue in the Bluetooth Low Energy (BLE) control interface of the Yamaha SR-B30A sound bar firmwar…","description":"An issue in the Bluetooth Low Energy (BLE) control interface of the Yamaha SR-B30A sound bar firmware 2.40 (Mobile App: Sound Bar Remote / version: 2.40) allows remote attackers within BLE radio range to connect without authentication via the Sound Bar Remote protocol","indicators":{"cves":["CVE-2026-37100"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T16:16:16.910Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://gist.github.com/sohsatoh/02699fbbdff90e6c2078b508f830022b","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2025-36579","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-36579 — Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthentica…","description":"Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, leading to unauthorized access.","indicators":{"cves":["CVE-2025-36579"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T17:16:54.073Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000300450/dsa-2025-153","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-43883","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-43883 — Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or excepti…","description":"Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.","indicators":{"cves":["CVE-2025-43883"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T18:16:43.667Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-24749","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-24749 — The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior…","description":"The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL() or DBFile::getSourceURL() incorrectly add an access grant to the current session, which by…","indicators":{"cves":["CVE-2026-24749"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T18:16:44.610Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/silverstripe/silverstripe-assets/security/advisories/GHSA-jgcf-rf45-2f8v","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://www.silverstripe.org/download/security-releases/cve-2026-24749","label":"security-advisories@github.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-43935","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-43935 — Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release…","description":"Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.","indicators":{"cves":["CVE-2025-43935"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T19:16:32.610Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-43937","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-43937 — Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information in…","description":"Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to…","indicators":{"cves":["CVE-2025-43937"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T19:16:32.750Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33472","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33472 — Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 c…","description":"Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority() that allows an attacker to bypass the security fix for CVE-2026-32303. The method hardcodes the URI scheme based on port number, causing…","indicators":{"cves":["CVE-2026-33472"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T22:16:37.583Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/cryptomator/cryptomator/pull/4179","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/cryptomator/cryptomator/releases/tag/1.19.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/cryptomator/cryptomator/security/advisories/GHSA-9q8x-whrw-x44p","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/cryptomator/cryptomator/security/advisories/GHSA-9q8x-whrw-x44p","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-34164","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34164 — Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0,…","description":"Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox messages can contain highly sensitive information including personal data (PII), citizen identifiers…","indicators":{"cves":["CVE-2026-34164"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T22:16:37.757Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/generiekzaakafhandelcomponent/gzac-issues/issues/653","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/valtimo-platform/valtimo/commit/f16a1940ba7b34627c0b966f98ca78655ace9335","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/valtimo-platform/valtimo/pull/497","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/valtimo-platform/valtimo/releases/tag/13.22.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/valtimo-platform/valtimo/security/advisories/GHSA-hfrg-mcvw-8mch","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40253","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40253 — openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. In versions 3.26.0 and bel…","description":"openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library (asn1.c) accept a raw pointer but no buffer length parameter, and trust attacker-controlled BER length fields without validating them ag…","indicators":{"cves":["CVE-2026-40253"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T23:16:33.107Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/opencryptoki/opencryptoki/commit/ed378f463ef73364c89feb0fc923f4dc867332a3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/opencryptoki/opencryptoki/security/advisories/GHSA-c9cf-6vr4-wfxm","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/opencryptoki/opencryptoki/security/advisories/GHSA-c9cf-6vr4-wfxm","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40255","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40255 — AdonisJS HTTP Server is a package for handling HTTP requests in the AdonisJS framework. In @adonisjs…","description":"AdonisJS HTTP Server is a package for handling HTTP requests in the AdonisJS framework. In @adonisjs/http-server versions prior to 7.8.1 and 8.0.0-next.0 through 8.1.3, and @adonisjs/core versions prior to 7.4.0, the response.redirect().back() method reads the Referer header from the incoming HTTP r…","indicators":{"cves":["CVE-2026-40255"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T23:16:33.267Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/adonisjs/http-server/commit/2008fb6cf4f6f1c0ca5797d57def4d93e1c3de08","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/adonisjs/http-server/releases/tag/v7.8.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/adonisjs/http-server/releases/tag/v8.2.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/adonisjs/http-server/security/advisories/GHSA-6qvv-pj99-48qm","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40265","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40265 — Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset downloa…","description":"Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset download endpoint at /api/notes/{noteID}/assets/{assetID} is registered without authentication middleware, and the backend query does not verify ownership or book visibility. An unauthenticated user who know…","indicators":{"cves":["CVE-2026-40265"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T01:17:40.293Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/enchant97/note-mark/commit/6593898855add151eb9965d96998b05e14c62026","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/enchant97/note-mark/releases/tag/v0.19.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/enchant97/note-mark/security/advisories/GHSA-p5w6-75f9-cc2p","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40922","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40922 — SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a pr…","description":"SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar README rendering (incomplete fix for CVE-2026-33066) enabled the Lute HTML sanitizer, but the sanitizer does not block iframe tags, and its URL-prefix blocklist does not effe…","indicators":{"cves":["CVE-2026-40922"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T01:17:40.447Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/advisories/GHSA-4663-4mpg-879v","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/siyuan-note/siyuan/commit/b382f50e1880ed996364509de5a10a72d7409428","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/siyuan-note/siyuan/releases/tag/v3.6.4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-8q5w-mmxf-48jg","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-8q5w-mmxf-48jg","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-3488","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3488 — The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in all versions up to,…","description":"The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14.16.4. This is due to missing capability checks on multiple AJAX handlers including `wp_statistics_get_filters`, `wp_statistics_getPrivacyStatus`, `wp_statistics_updatePrivacyStatus`…","indicators":{"cves":["CVE-2026-3488"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T02:16:05.707Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-statistics/tags/14.16.1/includes/admin/class-wp-statistics-admin-ajax.php#L310","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-statistics/tags/14.16.1/src/Service/Admin/FilterHandler/FilterManager.php#L62","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-statistics/tags/14.16.1/src/Service/Admin/PrivacyAudit/PrivacyAuditController.php#L21","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-statistics/tags/14.16.1/src/Service/Admin/PrivacyAudit/PrivacyAuditController.php#L41","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-statistics/trunk/includes/admin/class-wp-statistics-admin-ajax.php#L310","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-statistics/trunk/src/Service/Admin/FilterHandler/FilterManager.php#L62","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-statistics/trunk/src/Service/Admin/PrivacyAudit/PrivacyAuditController.php#L21","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3483860/wp-statistics/trunk/src/Service/Admin/PrivacyAudit/PrivacyAuditController.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b1938ba4-ced7-455b-8772-a192d9cb0897?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4817","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4817 — The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulner…","description":"The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms/order/items REST API endpoint in versions up to and including 3.7.25. This is due to insufficient in…","indicators":{"cves":["CVE-2026-4817"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T02:16:05.883Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/masterstudy-lms-learning-management-system/tags/3.7.17/_core/lms/classes/models/StmStatistics.php#L202","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/masterstudy-lms-learning-management-system/tags/3.7.17/_core/lms/classes/models/StmStatistics.php#L238","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/masterstudy-lms-learning-management-system/tags/3.7.17/_core/lms/classes/vendor/Query.php#L676","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/masterstudy-lms-learning-management-system/tags/3.7.17/_core/lms/route.php#L16","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/models/StmStatistics.php#L202","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/models/StmStatistics.php#L238","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/vendor/Query.php#L676","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/masterstudy-lms-learning-management-system/trunk/_core/lms/route.php#L16","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3506029/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/vendor/Query.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?old_path=%2Fmasterstudy-lms-learning-management-system/tags/3.7.25&new_path=%2Fmasterstudy-lms-learning-management-system/tags/3.7.26","label":"security@wordfence.com","domainType":"other"},{"url":"https://ti.wordfence.io/vendors/patch/1789/download","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7a51fe96-f3d3-46fe-9e3a-fb7c1bd17b05?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5162","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5162 — The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via…","description":"The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagram_follow_text' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for authe…","indicators":{"cves":["CVE-2026-5162"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T02:16:06.073Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/modules/instagram-feed/widgets/wpr-instagram-feed.php#L5334","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/modules/instagram-feed/widgets/wpr-instagram-feed.php#L5528","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/modules/instagram-feed/widgets/wpr-instagram-feed.php#L5623","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3503219/royal-elementor-addons/trunk/modules/instagram-feed/widgets/wpr-instagram-feed.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/16d083bc-d726-4291-bc6d-a7bf83fa78c3?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4666","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4666 — The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the…","description":"The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of `extract($args, EXTR_OVERWRITE)` on user-controlled input in the `edit()` method of `classes/Posts.php` in all versions up to, and including, 2.4.16. The `post_edit` action handler in `Actions.…","indicators":{"cves":["CVE-2026-4666"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T04:16:11.023Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/wpforo/tags/2.4.16/classes/Actions.php#L773","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wpforo/tags/2.4.16/classes/Posts.php#L283","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wpforo/tags/2.4.16/classes/Posts.php#L285","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wpforo/tags/2.4.16/includes/functions.php#L532","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?old_path=%2Fwpforo/tags/2.4.16&new_path=%2Fwpforo/tags/2.4.17","label":"security@wordfence.com","domainType":"other"},{"url":"https://ti.wordfence.io/vendors/patch/1885/download","label":"security@wordfence.com","domainType":"other"},{"url":"https://wordpress.org/plugins/wpforo/","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/049ffab1-677d-4112-9f1d-092ee01299f1?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5052","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5052 — Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-…","description":"Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially leading to information disclosure. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0, 1.…","indicators":{"cves":["CVE-2026-5052"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T04:16:12.567Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://discuss.hashicorp.com/t/hcsec-2026-06-vault-vulnerable-to-server-side-request-forgery-in-acme-challenge-validation-via-attacker-controlled-dns/77343","label":"security@hashicorp.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3330","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3330 — The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ip_search', 'st…","description":"The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ip_search', 'startdate', 'enddate', 'username_search', and 'useremail_search' parameters in all versions up to, and including, 1.15.40. This is due to the `WDW_FM_Library::validate_data()` method calling `stripslash…","indicators":{"cves":["CVE-2026-3330"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T05:16:18.080Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/form-maker/tags/1.15.22/admin/controllers/Submissions_fm.php#L84","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/form-maker/tags/1.15.22/admin/models/Submissions_fm.php#L154","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/form-maker/tags/1.15.22/framework/WDW_FM_Library.php#L415","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/form-maker/trunk/admin/controllers/Submissions_fm.php#L84","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/form-maker/trunk/admin/models/Submissions_fm.php#L154","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/form-maker/trunk/framework/WDW_FM_Library.php#L415","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3501693%40form-maker&new=3501693%40form-maker&sfp_email=&sfph_mail=","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5e383b8a-27e5-4b35-8d11-6e4102255d44?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4853","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4853 — The JetBackup – Backup, Restore & Migrate plugin for WordPress is vulnerable to Path Traversal leadi…","description":"The JetBackup – Backup, Restore & Migrate plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary Directory Deletion in versions up to and including 3.1.19.8. This is due to insufficient input validation on the fileName parameter in the file upload handler. The plugin sanitizes the…","indicators":{"cves":["CVE-2026-4853"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T05:16:18.680Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/backup/tags/3.1.17.5/src/JetBackup/Ajax/Calls/AddToQueue.php#L244","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/backup/tags/3.1.17.5/src/JetBackup/Ajax/Calls/AddToQueue.php#L64","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/backup/tags/3.1.17.5/src/JetBackup/Upload/Upload.php#L66","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/backup/trunk/src/JetBackup/Ajax/Calls/AddToQueue.php#L244","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/backup/trunk/src/JetBackup/Ajax/Calls/AddToQueue.php#L64","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/backup/trunk/src/JetBackup/Upload/Upload.php#L66","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3495633%40backup&new=3495633%40backup&sfp_email=&sfph_mail=","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4aa0fa80-05dd-4fe1-b7b5-7ed0cf13053c?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5234","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5234 — The LatePoint plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions…","description":"The LatePoint plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.3.2. The vulnerability exists because the OsStripeConnectController::create_payment_intent_for_transaction action is registered as a public action (no authentication required)…","indicators":{"cves":["CVE-2026-5234"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T05:16:18.830Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/latepoint/tags/5.2.9/lib/controllers/stripe_connect_controller.php#L20","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/latepoint/tags/5.2.9/lib/controllers/stripe_connect_controller.php#L31","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/latepoint/tags/5.2.9/lib/controllers/stripe_connect_controller.php#L33","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/latepoint/tags/5.2.9/lib/controllers/stripe_connect_controller.php#L50","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/latepoint/trunk/lib/controllers/stripe_connect_controller.php#L20","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/latepoint/trunk/lib/controllers/stripe_connect_controller.php#L31","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/latepoint/trunk/lib/controllers/stripe_connect_controller.php#L33","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/latepoint/trunk/lib/controllers/stripe_connect_controller.php#L50","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3505127/latepoint/trunk/lib/controllers/stripe_connect_controller.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/afec4c8c-a18d-4907-8879-2412f8a1abed?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5427","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5427 — The Kubio plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to and includin…","description":"The Kubio plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to and including 2.7.2. This is due to insufficient capability checks in the kubio_rest_pre_insert_import_assets() function, which is hooked to the rest_pre_insert_{post_type} filter for posts, pages, templates, and…","indicators":{"cves":["CVE-2026-5427"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T05:16:18.973Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/kubio/tags/2.7.1/lib/filters/post-insert.php#L17","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/kubio/tags/2.7.1/lib/importer/importer-filters/kubio-blocks.php#L20","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/kubio/tags/2.7.1/lib/src/Core/Importer.php#L546","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/kubio/trunk/lib/filters/post-insert.php#L17","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/kubio/trunk/lib/importer/importer-filters/kubio-blocks.php#L20","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/kubio/trunk/lib/src/Core/Importer.php#L546","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3506647/kubio/trunk/lib/src/Core/Importer.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d8096f3c-e1a9-424f-af10-3e80212db985?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5502","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5502 — The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthori…","description":"The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course content manipulation in versions up to and including 3.9.8. This is due to a missing authorization check in the tutor_update_course_content_order() function. The function only validates the…","indicators":{"cves":["CVE-2026-5502"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T05:16:19.117Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.7/classes/Course.php#L1700","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.7/classes/Course.php#L1789","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Course.php#L1700","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Course.php#L1789","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3505142/tutor/tags/3.9.9/classes/Course.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f32ae42d-dd1f-41d7-8ae4-ddec56d78ae6?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6080","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6080 — The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.…","description":"The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.9.8. This is due to insufficient escaping on the 'date' parameter combined with direct interpolation into a SQL fragment before being passed to $wpdb->prepare(). This makes it possible for authenticat…","indicators":{"cves":["CVE-2026-6080"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T05:16:19.430Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.8/classes/Instructors_List.php#L376","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.8/classes/Instructors_List.php#L451","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.8/views/pages/instructors.php#L38","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Instructors_List.php#L376","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Instructors_List.php#L451","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/tutor/trunk/views/pages/instructors.php#L38","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3505142/tutor/tags/3.9.9/classes/Instructors_List.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6dd041ff-a0a3-4d1f-83e0-6ec2a978e9cf?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5797","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5797 — The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in ve…","description":"The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and including 11.1.0. This is due to insufficient input sanitization and the execution of do_shortcode() on user-submitted quiz answer text. User-submitted answers pass through sanitize_t…","indicators":{"cves":["CVE-2026-5797"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T06:16:30.153Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/classes/class-qmn-quiz-manager.php#L572","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/classes/class-qsm-results-pages.php#L193","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/classes/question-types/class-question-review-text.php#L15","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/classes/question-types/class-question-review.php#L40","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quiz-master-next/trunk/php/classes/class-qmn-quiz-manager.php#L572","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quiz-master-next/trunk/php/classes/class-qsm-results-pages.php#L193","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quiz-master-next/trunk/php/classes/question-types/class-question-review-text.php#L15","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quiz-master-next/trunk/php/classes/question-types/class-question-review.php#L40","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3506094%40quiz-master-next&new=3506094%40quiz-master-next&sfp_email=&sfph_mail=","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f2aa33cc-c1c4-42d4-9c2f-54648426ee4b?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6441","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6441 — The Canto plugin for WordPress is vulnerable to Missing Authorization in versions up to and includin…","description":"The Canto plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 3.1.1. This is due to the absence of any capability check or nonce verification in the updateOptions() function, which is exposed via two AJAX hooks: wp_ajax_updateOptions (class-canto.php line 231)…","indicators":{"cves":["CVE-2026-6441"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T07:16:03.020Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/canto/tags/3.1.1/includes/class-canto-settings.php#L603","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/canto/tags/3.1.1/includes/class-canto.php#L231","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/canto/tags/3.1.1/includes/class-canto.php#L572","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/canto/trunk/includes/class-canto-settings.php#L603","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/canto/trunk/includes/class-canto.php#L231","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/canto/trunk/includes/class-canto.php#L572","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c1a0200f-9861-4eca-adbf-d458eb6b4e63?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40002","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40002 — Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to trigge…","description":"Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to trigger sensitive operations. The vulnerability stems from the lack of validation for applications accessing the service interface. Exploiting this vulnerability, an attacker can write files to specific par…","indicators":{"cves":["CVE-2026-40002"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:16:18.120Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/8224335890517684583","label":"psirt@zte.com.cn","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6451","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6451 — The cms-fuer-motorrad-werkstaetten plugin for WordPress is vulnerable to Cross-Site Request Forgery…","description":"The cms-fuer-motorrad-werkstaetten plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.0.0. This is due to missing nonce validation on all eight AJAX deletion handlers: vehicles_cfmw_d_vehicle, contacts_cfmw_d_contact, suppliers_cfmw_d_supplier, receipt…","indicators":{"cves":["CVE-2026-6451"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:16:18.243Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/tags/1.0.0/includes/cfmw-catalogs.php#L88","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/tags/1.0.0/includes/cfmw-contacts.php#L93","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/tags/1.0.0/includes/cfmw-positions.php#L119","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/tags/1.0.0/includes/cfmw-receipts.php#L92","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/tags/1.0.0/includes/cfmw-settings.php#L191","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/tags/1.0.0/includes/cfmw-stock.php#L101","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/tags/1.0.0/includes/cfmw-suppliers.php#L108","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/tags/1.0.0/includes/cfmw-vehicles.php#L100","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/tags/1.0.0/includes/cfmw-vehicles.php#L98","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/trunk/includes/cfmw-catalogs.php#L88","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/trunk/includes/cfmw-contacts.php#L93","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/trunk/includes/cfmw-positions.php#L119","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/trunk/includes/cfmw-receipts.php#L92","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/trunk/includes/cfmw-settings.php#L191","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/trunk/includes/cfmw-stock.php#L101","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/trunk/includes/cfmw-suppliers.php#L108","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/trunk/includes/cfmw-vehicles.php#L100","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/trunk/includes/cfmw-vehicles.php#L98","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6895a774-7e78-4ab2-a2b3-2a333f258778?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6439","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6439 — The VideoZen plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and…","description":"The VideoZen plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping in the videozen_conf() function. The 'lang' POST parameter is stored directly via update_option() without any sanit…","indicators":{"cves":["CVE-2026-6439"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T09:16:05.447Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/videozen/tags/1.0.1/videozen-conf.php#L24","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/videozen/tags/1.0.1/videozen-conf.php#L69","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/videozen/trunk/videozen-conf.php#L24","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/videozen/trunk/videozen-conf.php#L69","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/47bcd04b-a479-49f2-94d0-df2a7684210c?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6494","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6494 — A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injecti…","description":"A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the `toolsetroute` parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control char…","indicators":{"cves":["CVE-2026-6494"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T09:16:05.600Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6494","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2459131","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35072","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35072 — Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 th…","description":"Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS command ('OS command injection') vulnerability. A high privileg…","indicators":{"cves":["CVE-2026-35072","CVE-2026-35073","CVE-2026-35074","CVE-2026-35153"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T11:16:10.090Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6487","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6487 — A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/c…","description":"A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This manipulation of the argument path causes path traversal. The attack is possible to be carried out remotely. The exploit has been pub…","indicators":{"cves":["CVE-2026-6487"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T13:16:14.427Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://tcn60zf28jhk.feishu.cn/wiki/CnpvwDdyOi5PXOk8X1fcorudnSv?from=from_copylink","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/786183","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358028","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358028/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6488","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6488 — A vulnerability was identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This…","description":"A vulnerability was identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This vulnerability affects unknown code of the file admin/editcourse.php of the component GET Request Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be initi…","indicators":{"cves":["CVE-2026-6488"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T13:16:14.603Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/duckpigdog/CVE/blob/main/QueryMine_sms%20PHP%20Project%20Deployment%20Document%20(Windows%20Local)-2.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/786925","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358032","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358032/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6489","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6489 — A security flaw has been discovered in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593.…","description":"A security flaw has been discovered in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This issue affects some unknown processing of the file admin/addteacher.php of the component Background Management Page. The manipulation of the argument image results in unrestricted upload. The att…","indicators":{"cves":["CVE-2026-6489"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T13:16:14.787Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/duckpigdog/CVE/blob/main/QueryMine_sms%20PHP%20Project%20Deployment%20Document%20(Windows%20Local)-3.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/786981","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358033","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358033/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-70795","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-70795 — STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user…","description":"STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's IOCTL handler, enabling…","indicators":{"cves":["CVE-2025-70795"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:16:33.373Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://bbs.kafan.cn/thread-2287429-1-1.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://bbs.kafan.cn/thread-2287429-2-1.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/magicsword-io/LOLDrivers/commit/eea8326bf891d810902203e9ac5cfdeaf5a17a1c","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/magicsword-io/LOLDrivers/issues/268","label":"cve@mitre.org","domainType":"primary"},{"url":"https://www.virustotal.com/gui/file/70bcec00c215fe52779700f74e9bd669ff836f594df92381cbfb7ee0568e7a8b","label":"cve@mitre.org","domainType":"other"},{"url":"https://www.virustotal.com/gui/file/9ace6a1e4bee5834be38b4c2fd26780d1fcc18ea9d58224e31d6382c19e53296","label":"cve@mitre.org","domainType":"other"},{"url":"https://www.virustotal.com/gui/file/fc3588482f596a067b65d5d64d21fe62463b38a138fc87d8d2350efa86d34284","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40458","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40458 — PAC4J is vulnerable to Cross-Site Request Forgery (CSRF). A malicious attacker can craft a specially…","description":"PAC4J is vulnerable to Cross-Site Request Forgery (CSRF). A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site request with a token whose hash collides with the victim's legitimate CSRF token. Importantly, the attack…","indicators":{"cves":["CVE-2026-40458"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:16:33.987Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://cert.pl/en/posts/2026/04/CVE-2026-40458/","label":"cvd@cert.pl","domainType":"other"},{"url":"https://www.pac4j.org/blog/security-advisory-pac4j-core-and-ldap.html","label":"cvd@cert.pl","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6491","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6491 — A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the func…","description":"A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function im_minpos_vec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such manipulation of the argument n leads to heap-based buffer overflow. An attack has to be approached l…","indicators":{"cves":["CVE-2026-6491"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:16:35.187Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/biniamf/pocs/tree/main/libvips_im_minpos_vec_oob","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/libvips/libvips/","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/libvips/libvips/issues/4965","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/libvips/libvips/issues/4965#issuecomment-4135003499","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/786994","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358035","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358035/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6492","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6492 — A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc76197…","description":"A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc761974c7616f44c2bbc04bea. The impacted element is an unknown function of the file /api/health/detailed of the component Health Check Endpoint. Performing a manipulation results in information disclosure. R…","indicators":{"cves":["CVE-2026-6492"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:16:35.380Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/sudo-secure/security-research/blob/main/Hotel-Booking-Management-System/sensitive-information-disclosure/PoC.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/787242","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358036","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358036/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41153","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41153 — In JetBrains Junie before 252.549.29 command execution was possible via malicious project file","description":"In JetBrains Junie before 252.549.29 command execution was possible via malicious project file","indicators":{"cves":["CVE-2026-41153"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T15:16:51.853Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","label":"cve@jetbrains.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6496","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6496 — A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function…","description":"A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argument file[] results in path traversal. The attack may be performed from remote. The exploit has been m…","indicators":{"cves":["CVE-2026-6496"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T15:16:52.480Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://drive.google.com/file/d/14taA8w3e5z3gl4WttpB4_CquwQdz1i6r/view?usp=sharing","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/787942","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358039","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358039/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-21709","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-21709 — A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Sig…","description":"A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Signature Enforcement.","indicators":{"cves":["CVE-2026-21709"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T16:16:36.413Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://www.veeam.com/kb4830","label":"support@hackerone.com","domainType":"other"},{"url":"https://www.veeam.com/kb4831","label":"support@hackerone.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6497","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6497 — A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerabil…","description":"A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerability is an unknown functionality of the file /filemanager.php?p= ajax=true&type=upload of the component File Upload Handler. This manipulation of the argument uploadurl causes server-side request forge…","indicators":{"cves":["CVE-2026-6497"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T16:17:07.763Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://drive.google.com/file/d/1pB3dI4oUy09mAtDHWbLlcoRRC1b3YU6k/view?usp=sharing","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/787943","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358040","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358040/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6437","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6437 — Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Drive…","description":"Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver (aws-efs-csi-driver) before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection.\n\n\n\n\nTo remediate this issue, us…","indicators":{"cves":["CVE-2026-6437"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T19:16:40.150Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://aws.amazon.com/security/security-bulletins/2026-016-aws/","label":"ff89ba41-3aa1-4d27-914a-91399e9639e5","domainType":"other"},{"url":"https://github.com/kubernetes-sigs/aws-efs-csi-driver/releases/tag/v3.0.1","label":"ff89ba41-3aa1-4d27-914a-91399e9639e5","domainType":"primary"},{"url":"https://github.com/kubernetes-sigs/aws-efs-csi-driver/security/advisories/GHSA-mph4-q2vm-w2pw","label":"ff89ba41-3aa1-4d27-914a-91399e9639e5","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-31927","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-31927 — Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overw…","description":"Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal \nto overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized \nSSH access when combined with debug‑setting changes","indicators":{"cves":["CVE-2026-31927"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:33.370Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json","label":"ics-cert@hq.dhs.gov","domainType":"primary"},{"url":"https://www.anviz.com/contact-us.html","label":"ics-cert@hq.dhs.gov","domainType":"other"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03","label":"ics-cert@hq.dhs.gov","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-32648","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-32648 — Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration d…","description":"Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug \nconfiguration details (e.g., SSH/RTTY status), assisting attackers in \nreconnaissance against the device.","indicators":{"cves":["CVE-2026-32648"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:34.220Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json","label":"ics-cert@hq.dhs.gov","domainType":"primary"},{"url":"https://www.anviz.com/contact-us.html","label":"ics-cert@hq.dhs.gov","domainType":"other"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03","label":"ics-cert@hq.dhs.gov","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33093","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33093 — Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with…","description":"Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures\n a photo with the front facing camera, exposing visual information about\n the deployment environment.","indicators":{"cves":["CVE-2026-33093"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:34.493Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json","label":"ics-cert@hq.dhs.gov","domainType":"primary"},{"url":"https://www.anviz.com/contact-us.html","label":"ics-cert@hq.dhs.gov","domainType":"other"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03","label":"ics-cert@hq.dhs.gov","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33569","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33569 — Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff…","description":"Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling \non‑path attackers to sniff credentials and session data, which can be \nused to compromise the device.","indicators":{"cves":["CVE-2026-33569"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:34.847Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json","label":"ics-cert@hq.dhs.gov","domainType":"primary"},{"url":"https://www.anviz.com/contact-us.html","label":"ics-cert@hq.dhs.gov","domainType":"other"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03","label":"ics-cert@hq.dhs.gov","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35061","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35061 — Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be retrieved with…","description":"Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be \nretrieved without authentication, revealing sensitive operational \nimagery.","indicators":{"cves":["CVE-2026-35061"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:35.117Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json","label":"ics-cert@hq.dhs.gov","domainType":"primary"},{"url":"https://www.anviz.com/contact-us.html","label":"ics-cert@hq.dhs.gov","domainType":"other"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03","label":"ics-cert@hq.dhs.gov","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33145","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33145 — xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to exe…","description":"xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled (which is the default when not explicitly c…","indicators":{"cves":["CVE-2026-33145"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:32.610Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-rmvv-7633-fg7h","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40155","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40155 — The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In…","description":"The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Users are affected if thei…","indicators":{"cves":["CVE-2026-40155"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:33.713Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/auth0/nextjs-auth0/commit/98c36dc306970c2230ea1a32efef431d29b99978","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/auth0/nextjs-auth0/releases/tag/v4.18.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-xq8m-7c5p-c2r6","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40293","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40293 — OpenFGA is an authorization/permission engine built for developers. In versions 0.1.4 through 1.13.1…","description":"OpenFGA is an authorization/permission engine built for developers. In versions 0.1.4 through 1.13.1, when OpenFGA is configured to use preshared-key authentication with the built-in playground enabled, the local server includes the preshared API key in the HTML response of the /playground endpoint.…","indicators":{"cves":["CVE-2026-40293"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:34.567Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/openfga/openfga/releases/tag/v1.14.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/openfga/openfga/security/advisories/GHSA-68m9-983m-f3v5","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40301","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40301 — DOMSanitizer is a DOM/SVG/MathML Sanitizer for PHP 7.3+. Prior to version 1.0.10, DOMSanitizer::sani…","description":"DOMSanitizer is a DOM/SVG/MathML Sanitizer for PHP 7.3+. Prior to version 1.0.10, DOMSanitizer::sanitize() allows <style> elements in SVG content but never inspects their text content. CSS url() references and @import rules pass through unfiltered, causing the browser to issue HTTP requests to attac…","indicators":{"cves":["CVE-2026-40301"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:34.850Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/rhukster/dom-sanitizer/commit/49a98046b708a4c92f754f5b0ef1720bb85142e2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/rhukster/dom-sanitizer/releases/tag/1.0.10","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/rhukster/dom-sanitizer/security/advisories/GHSA-93vf-569f-22cq","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40302","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40302 — zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the…","description":"zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the proxyUi template engine uses Go's text/template (which performs no HTML escaping) instead of html/template. The GitHub OAuth callback handlers in both publicProxy and dynamicProxy embed the attacker-…","indicators":{"cves":["CVE-2026-40302","CVE-2026-40304"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:34.997Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/openziti/zrok/releases/tag/v2.0.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/openziti/zrok/security/advisories/GHSA-4fxq-2x3x-6xqx","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/openziti/zrok/security/advisories/GHSA-3jpj-v3xr-5h6g","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-2434","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-2434 — The Pz-LinkCard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blogcard'…","description":"The Pz-LinkCard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blogcard' shortcode attributes in all versions up to, and including, 2.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev…","indicators":{"cves":["CVE-2026-2434"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T23:16:12.167Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/pz-linkcard/tags/2.5.8/pz-linkcard.php#L442","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/pz-linkcard/tags/2.5.8/pz-linkcard.php#L636","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/pz-linkcard/trunk/pz-linkcard.php#L636","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/687ffac2-1f07-4adb-ba12-5f2ea357ea7e?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40479","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40479 — Kimai is an open-source time tracking application. In versions 1.16.3 through 2.52.0, the escapeForH…","description":"Kimai is an open-source time tracking application. In versions 1.16.3 through 2.52.0, the escapeForHtml() function in KimaiEscape.js does not escape double quote or single quote characters. When a user's profile alias is inserted into an HTML attribute context via the team member form prototype and…","indicators":{"cves":["CVE-2026-40479"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T23:16:12.317Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/kimai/kimai/releases/tag/2.53.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/kimai/kimai/security/advisories/GHSA-g82g-m9vx-vhjg","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40486","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40486 — Kimai is an open-source time tracking application. In versions 2.52.0 and below, the User Preference…","description":"Kimai is an open-source time tracking application. In versions 2.52.0 and below, the User Preferences API endpoint (PATCH /api/users/{id}/preferences) applies submitted preference values without checking the isEnabled() flag on preference objects. Although the hourly_rate and internal_rate fields ar…","indicators":{"cves":["CVE-2026-40486"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T23:16:12.593Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/kimai/kimai/releases/tag/2.53.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/kimai/kimai/security/advisories/GHSA-qh43-xrjm-4ggp","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40333","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40333 — libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two funct…","description":"libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptp_unpack_EOS_events() have xsize available but never pass it, leaving both…","indicators":{"cves":["CVE-2026-40333"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:37.120Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/gphoto/libgphoto2/commit/1817ecead20c2aafa7549dac9619fe38f47b2f53","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gphoto/libgphoto2/security/advisories/GHSA-hq94-cp6h-3gjp","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40335","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40335 — libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-o…","description":"libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in `ptp_unpack_DPV()` in `camlibs/ptp2/ptp-pack.c` (lines 622–629). The UINT128 and INT128 cases advance `*offset += 16` without verifying that 16 bytes remain in the buffer. The entry c…","indicators":{"cves":["CVE-2026-40335","CVE-2026-40338","CVE-2026-40339","CVE-2026-40340"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:37.390Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/gphoto/libgphoto2/commit/433bde9888d70aa726e32744cd751d7dbe94379a","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gphoto/libgphoto2/security/advisories/GHSA-g4g5-c2x9-cqfj","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gphoto/libgphoto2/commit/3b9f9696be76ae51dca983d9dd8ce586a2561845","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gphoto/libgphoto2/security/advisories/GHSA-2hwp-w84q-27hf","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gphoto/libgphoto2/commit/09f8a940b1e418b5693f5c11e3016a1ad2cea62d","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gphoto/libgphoto2/security/advisories/GHSA-42cm-m9hc-r7q8","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gphoto/libgphoto2/commit/7c7f515bc88c3d0c4098ac965d313518e0ccbe33","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gphoto/libgphoto2/security/advisories/GHSA-xfw3-xvjp-5wcv","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40337","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40337 — The Sentry kernel is a high security level micro-kernel implementation made for high security embedd…","description":"The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the __sys_int_* syscall familly. Prior to version 0.4.7, this can lead to DoS and…","indicators":{"cves":["CVE-2026-40337"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:37.667Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/camelot-os/sentry-kernel/commit/150b7edd2c5b0da0a8baeed3135ddde613b08081","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/camelot-os/sentry-kernel/pull/108","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/camelot-os/sentry-kernel/security/advisories/GHSA-5hgv-rg2f-79pg","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40347","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40347 — Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial…","description":"Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary candid…","indicators":{"cves":["CVE-2026-40347"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:38.520Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/Kludex/python-multipart/releases/tag/0.0.26","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/Kludex/python-multipart/security/advisories/GHSA-mj87-hwqh-73pj","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40483","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40483 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the Pledge Editor…","description":"ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the Pledge Editor renders donation comment values directly into HTML input value attributes without escaping via htmlspecialchars(). An authenticated user with Finance permissions can inject HTML attribute-breaking cha…","indicators":{"cves":["CVE-2026-40483"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:39.243Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/ChurchCRM/CRM/commit/b3da72a2b35f9c600e340a9dfd35e7792ff4f899","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/pull/8609","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/security/advisories/GHSA-wjmf-w8gj-rx7g","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40485","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40485 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the public API log…","description":"ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the public API login endpoint (/api/public/user/login) returns distinguishable HTTP response codes based on whether a username exists: 404 for non-existent users and 401 for valid users with incorrect passwords. An una…","indicators":{"cves":["CVE-2026-40485"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:39.540Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/ChurchCRM/CRM/commit/214694eb83778e1f5e52b3dfa2a99d0e965c1850","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/pull/8607","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/security/advisories/GHSA-x2qh-xmhq-4jpx","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40593","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40593 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the User Editor (U…","description":"ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the User Editor (UserEditor.php) renders stored usernames directly into an HTML input value attribute without applying htmlspecialchars(). An administrator can save a username containing HTML attribute-breaking charact…","indicators":{"cves":["CVE-2026-40593"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:39.957Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/ChurchCRM/CRM/security/advisories/GHSA-7h46-9f64-p49q","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-1559","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1559 — The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkin_place…","description":"The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkin_place_id' parameter in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access…","indicators":{"cves":["CVE-2026-1559"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T02:16:11.187Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/youzify/tags/1.3.6/includes/public/core/class-youzify-wall.php#L109","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/youzify/tags/1.3.6/includes/public/core/wall/class-youzify-form.php#L506","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/youzify/trunk/includes/public/core/class-youzify-wall.php#L109","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/youzify/trunk/includes/public/core/wall/class-youzify-form.php#L506","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3483281/youzify/trunk/includes/public/core/wall/class-youzify-form.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?old_path=%2Fyouzify/tags/1.3.6&new_path=%2Fyouzify/tags/1.3.7","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6bd69711-8303-4086-87c3-eb2935a89aff?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1838","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1838 — The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode_i…","description":"The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode_id' parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script…","indicators":{"cves":["CVE-2026-1838"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T02:16:11.337Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/hostel/tags/1.1.6/controllers/ajax.php#L28","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/hostel/tags/1.1.6/hostel.php#L44","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/hostel/tags/1.1.6/views/partial/rooms-table.html.php#L29","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/hostel/trunk/controllers/ajax.php#L28","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/hostel/trunk/hostel.php#L44","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/hostel/trunk/views/partial/rooms-table.html.php#L29","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3478265/hostel/trunk/hostel.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?old_path=%2Fhostel/tags/1.1.6&new_path=%2Fhostel/tags/1.1.7","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2b9da491-771a-4100-b41a-7411981dd34b?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40490","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40490 — The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and async…","description":"The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When redirect following is enabled (followRedirect(true)), versions of AsyncHttpClient prior to 3.0.9 and 2.14.5 forward Authorization and Proxy-Authorization headers…","indicators":{"cves":["CVE-2026-40490"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T02:16:11.977Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/AsyncHttpClient/async-http-client/commit/6b2fbb7f8","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/AsyncHttpClient/async-http-client/commit/ae557ad35246721c09dafb2976609cd0004e78ae","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/AsyncHttpClient/async-http-client/releases/tag/async-http-client-project-2.14.5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/AsyncHttpClient/async-http-client/releases/tag/async-http-client-project-3.0.9","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-cmxv-58fp-fm3g","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40491","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40491 — gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a P…","description":"gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members. This…","indicators":{"cves":["CVE-2026-40491"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T03:16:13.157Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/wkentaro/gdown/commit/af569fc6ed300b7974dee66dc51e9f01b57b4dff","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/wkentaro/gdown/releases/tag/v5.2.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/wkentaro/gdown/security/advisories/GHSA-76hw-p97h-883f","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-4801","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4801 — The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site…","description":"The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via external iCal feed data in all versions up to, and including, 3.1.16 due to insufficient output escaping of event titles, descriptions, and locations fetched from external iCal feeds in…","indicators":{"cves":["CVE-2026-4801"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T05:16:23.987Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/coblocks/tags/3.1.16/src/blocks/events/index.php#L218","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/coblocks/tags/3.1.16/src/blocks/events/index.php#L245","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/coblocks/tags/3.1.16/src/blocks/events/index.php#L246","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/coblocks/tags/3.1.16/src/blocks/events/index.php#L255","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/coblocks/tags/3.1.16/src/blocks/events/index.php#L91","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/coblocks/trunk/src/blocks/events/index.php#L218","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/coblocks/trunk/src/blocks/events/index.php#L245","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/coblocks/trunk/src/blocks/events/index.php#L246","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/coblocks/trunk/src/blocks/events/index.php#L255","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/coblocks/trunk/src/blocks/events/index.php#L91","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3475789/coblocks/trunk/src/blocks/events/index.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?old_path=%2Fcoblocks/tags/3.1.16&new_path=%2Fcoblocks/tags/3.1.17","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bde0aef3-aa61-4ee7-9cbf-9f51cb5ac700?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6048","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6048 — The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi…","description":"The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget's button URL `custom_attributes` field in all versions up to, and including, 2.1.1 due to insufficient validation of custom attribute names. Specifically, the plugin uses `esc_htm…","indicators":{"cves":["CVE-2026-6048"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T05:16:24.157Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/ultimate-flipbox-addon-for-elementor/tags/2.1.1/widget/simple/ufae-frontend/class-ufae-frontend-item.php#L250","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/ultimate-flipbox-addon-for-elementor/tags/2.1.1/widget/stories/ufae-frontend/class-ufae-frontend-loop.php#L248","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/ultimate-flipbox-addon-for-elementor/tags/2.1.2/widget/simple/ufae-frontend/class-ufae-frontend-item.php#L263","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/ultimate-flipbox-addon-for-elementor/tags/2.1.2/widget/stories/ufae-frontend/class-ufae-frontend-loop.php#L253","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/faa6ad51-7b3b-4fe1-95fa-e9b63943d533?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41253","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41253 — In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 d…","description":"In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious file whose name is valid output from the conductor encoding path, such as a pathname with an initial ace/c+ substring, aka \"hypothetical in-band sign…","indicators":{"cves":["CVE-2026-41253"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T06:16:17.427Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://blog.calif.io/p/mad-bugs-even-cat-readmetxt-is-not","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/gnachman/iTerm2/commit/a9e745993c2e2cbb30b884a16617cd5495899f86","label":"cve@mitre.org","domainType":"primary"},{"url":"https://iterm2.com/downloads.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://news.ycombinator.com/item?id=47809190","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41254","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41254 — Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow…","description":"Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication.","indicators":{"cves":["CVE-2026-41254"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T07:16:10.807Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://abhinavagarwal07.github.io/posts/lcms2-cubesize-overflow/","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/mm2/Little-CMS/commit/da6110b1d14abc394633a388209abd5ebedd7ab0","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/mm2/Little-CMS/commit/e0641b1828d0a1af5ecb1b11fe22f24fceefd4bc","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/mm2/Little-CMS/security/advisories/GHSA-4xp6-rcgg-m9qq","label":"cve@mitre.org","domainType":"primary"},{"url":"https://www.openwall.com/lists/oss-security/2026/04/17/16","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-0894","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-0894 — The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scri…","description":"The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content_block shortcode in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping on user supplied values consumed from user-created…","indicators":{"cves":["CVE-2026-0894"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T10:16:12.093Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3447914/custom-post-widget","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/246dee15-82e0-4630-8d95-d2419e9eaef8?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-2505","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-2505 — The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions…","description":"The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.1, via the 'z_taxonomy_image' shortcode. This is due to the shortcode rendering path passing attacker-controlled class input into a fallback image builder that concatenates H…","indicators":{"cves":["CVE-2026-2505"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T10:16:12.823Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3499275/categories-images","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/34fb64d5-e152-4950-9ef4-6d53a97a56fb?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-2986","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-2986 — The Contextual Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t…","description":"The Contextual Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'other_attributes' parameter in versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor…","indicators":{"cves":["CVE-2026-2986"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T12:16:11.600Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3481684/contextual-related-posts","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8f59e069-a953-47b6-8106-55f55df722ed?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40948","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40948 — The Keycloak authentication manager in `apache-airflow-providers-keycloak` did not generate or valid…","description":"The Keycloak authentication manager in `apache-airflow-providers-keycloak` did not generate or validate the OAuth 2.0 `state` parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's b…","indicators":{"cves":["CVE-2026-40948"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T14:16:10.897Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/apache/airflow/pull/64114","label":"security@apache.org","domainType":"primary"},{"url":"https://lists.apache.org/thread/kc0odpr70hbqhdb9ksnz42fkqz2xld9q","label":"security@apache.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/17/14","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-0868","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-0868 — The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cro…","description":"The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's calendly shortcode in all versions up to, and including, 4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it po…","indicators":{"cves":["CVE-2026-0868"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T04:16:10.670Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3466576/embed-calendly-scheduling","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d5653ebe-7145-4b1c-94f8-ca87ed0dc4f5?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6559","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6559 — A weakness has been identified in Wavlink WL-WN579A3 220323. This affects the function sub_401F80 of…","description":"A weakness has been identified in Wavlink WL-WN579A3 220323. This affects the function sub_401F80 of the file /cgi-bin/login.cgi. This manipulation of the argument Hostname causes cross site scripting. Remote exploitation of the attack is possible. Upgrading the affected component is recommended. Th…","indicators":{"cves":["CVE-2026-6559"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T06:16:10.437Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://dl.wavlink.com/firmware/RD/WINSTAR_WN579A3-A-2026-03-10-94f93d4-WO-mt7628-squashfs-sysupgrade.bin","label":"cna@vuldb.com","domainType":"other"},{"url":"https://github.com/Litengzheng/vul_db/blob/main/WL-WN579A3/vul_16/README.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/785303","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358196","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358196/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6561","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6561 — A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit_adminlogo…","description":"A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit_adminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filename results in unrestricted upload. The attack is possible to be carried out remotely. The exploit is…","indicators":{"cves":["CVE-2026-6561"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T08:16:26.113Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/zzk6th/my-cve-notes/blob/main/EyouCMS%20Arbitrary%20File%20Copy%20Vulnerability%20in%20edit_adminlogo()%20Leading%20to%20Sensitive%20Information%20Disclosure.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/788038","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358198","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358198/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6564","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6564 — A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown fun…","description":"A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown function of the component Session Handling. The manipulation results in improper authorization. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendo…","indicators":{"cves":["CVE-2026-6564"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T10:16:08.457Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/cailiujia/CVE","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/789924","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358201","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358201/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6571","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6571 — A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is…","description":"A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipulation of the argument group_role can lead to authorization bypass. The attack may be launched remotel…","indicators":{"cves":["CVE-2026-6571"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T12:16:33.607Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://vuldb.com/submit/789987","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358205","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358205/cti","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vulnplus-note.wetolink.com/share/atu3UbqnfAgs","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6572","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6572 — A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this iss…","description":"A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this issue is some unknown functionality of the file /app/controller/share.class.php of the component fileUpload Endpoint. The manipulation of the argument fileUpload leads to improper authorization. Remote e…","indicators":{"cves":["CVE-2026-6572"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T13:16:45.650Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://vuldb.com/submit/789988","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358206","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358206/cti","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vulnplus-note.wetolink.com/share/PLCI4v0BWaF8","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6573","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6573 — A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exa…","description":"A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely. T…","indicators":{"cves":["CVE-2026-6573"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T13:16:46.187Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://vuldb.com/submit/789990","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358207","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358207/cti","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vulnplus-note.wetolink.com/share/1QZ4NE0oTRIc","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6576","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6576 — A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the…","description":"A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument Source can lead to command injection. It is possible…","indicators":{"cves":["CVE-2026-6576"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T19:16:14.347Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-1-WeChat-Bot-RCE.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/790281","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358211","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358211/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6578","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6578 — A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknow…","description":"A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of the argument SECRET_KEY results in hard-coded credentials. The attack can be launched remotely. The…","indicators":{"cves":["CVE-2026-6578"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T22:16:35.133Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-3-Hardcoded-Django-SECRET_KEY.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/790283","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358213","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358213/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6579","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6579 — A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown fun…","description":"A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown function of the file blog/views.py of the component Clean Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the publi…","indicators":{"cves":["CVE-2026-6579"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T22:16:35.320Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-4-Unauthenticated-Cache-Purge.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/790286","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358214","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358214/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6583","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6583 — A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the functio…","description":"A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function delete_api_key/edit_api_key of the file superagi/controllers/api_key.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. The attack is possible to be car…","indicators":{"cves":["CVE-2026-6583"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T23:16:34.300Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://gist.github.com/YLChen-007/ba28ac92d9fd011d40560dbf2bac39ce","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791074","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358218","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358218/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6584","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6584 — A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects th…","description":"A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function update_user of the file superagi/controllers/user.py of the component User Update Endpoint. The manipulation of the argument user_id results in authorization bypass. The attack may be perfo…","indicators":{"cves":["CVE-2026-6584"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T00:16:34.093Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://gist.github.com/YLChen-007/79b967ece52d424558f279156dd53324","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791075","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358219","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358219/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6585","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6585 — A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the f…","description":"A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function update_organisation of the file superagi/controllers/organisation.py of the component Organisation Update Endpoint. This manipulation of the argument organisation_id causes authorization bypas…","indicators":{"cves":["CVE-2026-6585"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T00:16:34.307Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://gist.github.com/YLChen-007/88ea045efa387ab0b93f6dd2f797e653","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791076","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358220","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358220/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6586","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6586 — A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function…","description":"A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function get_budget/update_budget of the file superagi/controllers/budget.py of the component Budget Endpoint. Such manipulation leads to authorization bypass. It is possible to launch the attack remotely. Th…","indicators":{"cves":["CVE-2026-6586"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T00:16:34.507Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://gist.github.com/YLChen-007/4b6b95f98aeed927a99d2a76eaf53444","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791077","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358221","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358221/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6587","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6587 — A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the…","description":"A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function _try_process_local_file/_try_process_url of the file src/ragas/metrics/collections/multi_modal_faithfulness/util.py of the component Collections Module. Performing a manipulation of the argum…","indicators":{"cves":["CVE-2026-6587"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T00:16:34.703Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://adithyanak.com/ragas-v0214-arbitrary-file-read-vulnerability","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/791088","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358222","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358222/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6588","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6588 — A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function…","description":"A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function download_model/delete_model of the file api/src/serge/routers/model.py of the component Model API Endpoint. Executing a manipulation can lead to missing authentication. The attack can be launched rem…","indicators":{"cves":["CVE-2026-6588"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T01:16:30.867Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://gist.github.com/YLChen-007/5fbc93a21f9928e91a72ab0d72fb1e88","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791089","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358223","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358223/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6589","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6589 — A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function create…","description":"A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function create_origin_only_middleware of the file server.py. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The…","indicators":{"cves":["CVE-2026-6589"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T01:16:31.477Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://gist.github.com/YLChen-007/d314f8120e47601dfa3ac8b899f12d1f","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791108","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358224","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358224/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6590","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6590 — A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function get_model_preview of…","description":"A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function get_model_preview of the file app/model_manager.py of the component Model Preview Endpoint. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. The…","indicators":{"cves":["CVE-2026-6590"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T01:16:31.673Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://gist.github.com/YLChen-007/b46c4cfef1643df14ed73e278129af2c","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791109","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358225","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358225/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6591","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6591 — A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folder_paths.get_annotated_f…","description":"A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folder_paths.get_annotated_filepath of the file folder_paths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been p…","indicators":{"cves":["CVE-2026-6591"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T01:16:31.870Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://gist.github.com/YLChen-007/1e6db39703626dc5c1a2505426754333","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791112","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358226","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358226/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-32957","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-32957 — SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for cri…","description":"SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for critical function issue on firmware maintenance. Arbitrary file may be uploaded on the device without authentication.","indicators":{"cves":["CVE-2026-32957","CVE-2026-32962"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T04:16:39.093Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://jvn.jp/en/vu/JVNVU94271449/","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/en/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-32958","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-32958 — SD-330AC and AMC Manager provided by silex technology, Inc. use a hard-coded cryptographic key. An a…","description":"SD-330AC and AMC Manager provided by silex technology, Inc. use a hard-coded cryptographic key. An administrative user may be directed to apply a fake firmware update.","indicators":{"cves":["CVE-2026-32958"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T04:16:42.580Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://jvn.jp/en/vu/JVNVU94271449/","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/en/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-32959","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-32959 — SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a broken…","description":"SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a broken or risky cryptographic algorithm. Information in the traffic may be retrieved via man-in-the-middle attack.","indicators":{"cves":["CVE-2026-32959"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T04:16:43.790Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://jvn.jp/en/vu/JVNVU94271449/","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/en/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-32960","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-32960 — SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a sensitive inform…","description":"SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a sensitive information in resource not removed before reuse.  An attacker may login to the device without knowing the password by sending a crafted packet.","indicators":{"cves":["CVE-2026-32960"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T04:16:44.037Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://jvn.jp/en/vu/JVNVU94271449/","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/en/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-32964","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-32964 — SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CR…","description":"SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CRLF sequences ('CRLF Injection') vulnerability. Processing some crafted configuration data may lead to arbitrary entries injected to the system configuration.","indicators":{"cves":["CVE-2026-32964"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T04:16:45.450Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://jvn.jp/en/vu/JVNVU94271449/","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/en/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6598","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6598 — A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element…","description":"A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function create_project/encrypt_auth_settings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument auth_settin…","indicators":{"cves":["CVE-2026-6598"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T04:16:52.857Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://gist.github.com/chenhouser2025/77adb3486c06c635ae4b09a3eaf90213","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791921","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358233","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358233/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6599","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6599 — A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the functi…","description":"A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function get_client_ip/install_mcp_config of the file src/backend/base/langflow/api/v1/mcp_projects.py of the component Model Context Protocol Configuration API. Performing a manipulation of the argument X-…","indicators":{"cves":["CVE-2026-6599"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T04:16:53.060Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://gist.github.com/chenhouser2025/a909c47316b7a0948ee68c109ab747a3","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791922","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358234","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358234/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6601","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6601 — A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts an unknown function…","description":"A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts an unknown function of the component Datatables. The manipulation leads to resource consumption. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor wa…","indicators":{"cves":["CVE-2026-6601"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T04:16:56.763Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/devsamuelsantiago/lagom-whmcs-dos-poc","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791943","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358236","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358236/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6607","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6607 — A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the f…","description":"A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function api_generate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used…","indicators":{"cves":["CVE-2026-6607"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T05:16:16.190Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://gist.github.com/YLChen-007/87216a2d97a882d619e11dc67cd473b5","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/lm-sys/FastChat/","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/lm-sys/FastChat/commit/c9e84b89c91d45191dc24466888de526fa04cf33","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/lm-sys/FastChat/issues/3833","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/lm-sys/FastChat/pull/3835","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792227","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358242","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358242/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6608","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6608 — A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of t…","description":"A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was fix…","indicators":{"cves":["CVE-2026-6608"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T06:16:21.733Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://gist.github.com/YLChen-007/e45039d23e698222d887ee09735d9d36","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/lm-sys/FastChat/","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/lm-sys/FastChat/issues/3834","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792228","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358243","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358243/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6609","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6609 — A flaw has been found in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function…","description":"A flaw has been found in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function form_valid of the file oauth/views.py. This manipulation of the argument oauthid causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used. T…","indicators":{"cves":["CVE-2026-6609"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T06:16:22.050Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-6-OAuth-Email-Binding-IDOR.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/790288","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358244","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358244/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6612","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6612 — A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the functio…","description":"A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the function get_agent_execution/update_agent_execution of the file superagi/controllers/agent_execution.py of the component Agent Execution Endpoint. Executing a manipulation of the argument agent_execution_id…","indicators":{"cves":["CVE-2026-6612"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T07:16:15.943Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://gist.github.com/YLChen-007/d033e9d4d23e0832b9ede71dc545ac9a","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791078","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358247","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358247/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6613","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6613 — A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function…","description":"A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function delete_agent/stop_schedule/get_schedule_data of the file superagi/controllers/agent.py. The manipulation of the argument agent_id leads to authorization bypass. The attack is possible to be carried o…","indicators":{"cves":["CVE-2026-6613"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T07:16:16.147Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://gist.github.com/YLChen-007/1d87985b274ce22c4294726d7758df8e","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791081","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358248","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358248/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6614","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6614 — A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vu…","description":"A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function get_project/update_project/get_projects_organisation of the file superagi/controllers/project.py. The manipulation results in authorization bypass. The attack may be perfor…","indicators":{"cves":["CVE-2026-6614"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T07:16:16.343Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://gist.github.com/YLChen-007/ac40da2253c7364d043c0dfe3275190b","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791082","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358249","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358249/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41282","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41282 — ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-var…","description":"ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets (not the default configuration).","indicators":{"cves":["CVE-2026-41282"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T08:16:10.140Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/projectdiscovery/nuclei/commit/6c803c74d193f85f8a6d9803ce493fd302cad0eb","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/projectdiscovery/nuclei/commit/d2217320162d5782ca7cb95bef9dda17063818f3","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/projectdiscovery/nuclei/pull/7221","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/projectdiscovery/nuclei/pull/7321","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/projectdiscovery/nuclei/security/advisories/GHSA-jm34-66cf-qpvr","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/projectdiscovery/nuclei/pull/7221","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"},{"url":"https://github.com/projectdiscovery/nuclei/pull/7321","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6616","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6616 — A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects…","description":"A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extract_with_bs4/extract_with_3k/extract_with_lxml of the file superagi/helper/webpage_extractor.py of the component WebScraperTool. Such manipulation leads to server-side request forger…","indicators":{"cves":["CVE-2026-6616"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T08:16:11.390Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://gist.github.com/YLChen-007/4bb1d709cbb58cee46d839c651d3221f","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791084","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358251","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358251/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6617","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6617 — A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function…","description":"A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function get_api_tool_provider_remote_schema of the file api/services/tools/api_tools_manage_service.py of the component ApiToolManageService. Performing a manipulation of the argument url results in server-s…","indicators":{"cves":["CVE-2026-6617"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T08:16:11.597Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://gist.github.com/chenhouser2025/306c6a7ad6aff9bc9a7fa76d5df38c63","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792231","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358252","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358252/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6618","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6618 — A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse_openai_…","description":"A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse_openai_plugin_json_to_tool_bundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery. T…","indicators":{"cves":["CVE-2026-6618"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T09:16:09.607Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://gist.github.com/chenhouser2025/d7b1c574b0e32eb9169f7046b486e662","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792241","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358253","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358253/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6620","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6620 — A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the fun…","description":"A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of the argument Type results in path traversal. The attack may be launched remotely. The exploit has been…","indicators":{"cves":["CVE-2026-6620"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T09:16:09.990Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/ccccccctiiiiiiii-lab/public_exp/issues/2","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792336","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358255","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358255/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6626","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6626 — A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unkn…","description":"A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unknown functionality of the component Asset Handler/Aggregate Handler. The manipulation results in improper neutralization of special elements in data query logic. It is possible to launch the attack rem…","indicators":{"cves":["CVE-2026-6626"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T10:16:17.943Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/NicolasPauferro/studiesofnosqli","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792601","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358261","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358261/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6628","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6628 — A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput o…","description":"A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the component Query Viewer Component. This manipulation of the argument custom causes sql injection. The attack can be initiated remotely. The exploit has been published…","indicators":{"cves":["CVE-2026-6628"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T10:16:18.147Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/NicolasPauferro/studiessqli","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792607","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358262","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358262/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6654","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6654 — Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thi…","description":"Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting the length to zero.","indicators":{"cves":["CVE-2026-6654"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T11:16:19.937Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/mozilla/thin-vec/security/advisories/GHSA-xphw-cqx3-667j","label":"security@mozilla.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6634","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6634 — A weakness has been identified in usememos memos up to 0.22.1. This affects the function memos_acces…","description":"A weakness has been identified in usememos memos up to 0.22.1. This affects the function memos_access_token of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The attack is possible to be c…","indicators":{"cves":["CVE-2026-6634"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T12:16:09.490Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/Dave-gilmore-aus/security-advisories/blob/main/usememos-security-advisory","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/793432","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358268","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358268/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6636","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6636 — A vulnerability was detected in p2r3 convert up to 6998584ace3e11db66dff0b423612a5cf91de75b. Affecte…","description":"A vulnerability was detected in p2r3 convert up to 6998584ace3e11db66dff0b423612a5cf91de75b. Affected is the function Bun.serve of the file buildCache.js of the component API. Performing a manipulation of the argument pathname results in path traversal. It is possible to initiate the attack remotely…","indicators":{"cves":["CVE-2026-6636"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T12:16:09.943Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/Dave-gilmore-aus/security-advisories/blob/main/convert-advisory","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/793436","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358270","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358270/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-66335","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-66335 — Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw…","description":"Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version 0.6.1…","indicators":{"cves":["CVE-2025-66335"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T14:16:16.760Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://lists.apache.org/thread/odp0fyyst8kxm7hhm9z4d1snh1y4hjpy","label":"security@apache.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/17/4","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33558","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33558 — Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component…","description":"Information exposure vulnerability has been identified in Apache Kafka.\n\nThe NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information will…","indicators":{"cves":["CVE-2026-33558"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T14:16:19.010Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://kafka.apache.org/cve-list","label":"security@apache.org","domainType":"other"},{"url":"https://lists.apache.org/thread/pz5g4ky3h0k91tfd14p0dzqjp80960kl","label":"security@apache.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/17/3","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6649","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6649 — A vulnerability was determined in Qibo CMS 1.0. Affected by this issue is some unknown functionality…","description":"A vulnerability was determined in Qibo CMS 1.0. Affected by this issue is some unknown functionality of the file /index/image/headers. Executing a manipulation of the argument starts can lead to server-side request forgery. The attack can be launched remotely. The exploit has been publicly disclosed…","indicators":{"cves":["CVE-2026-6649"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T14:16:23.600Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://tcn60zf28jhk.feishu.cn/wiki/VYIcwwH4uiWZMgkX0SecopTgnQd?from=from_copylink","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/793510","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358283","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358283/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34429","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34429 — Vvveb prior to 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticate…","description":"Vvveb prior to 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticated users with media upload and rename permissions to execute arbitrary JavaScript by bypassing MIME type validation and renaming uploaded files to executable extensions. Attackers can prepend a GIF89a…","indicators":{"cves":["CVE-2026-34429"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:16:44.650Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://delta.cyberm.ca/bugbin/ur66bvB7BYTC9y0eCIk3uzhZQgbjzAkG/","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://github.com/givanz/Vvveb/commit/cc997d3359ea5e49a45c132f5dee3bc80fb441d7","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/givanz/Vvveb/releases/tag/1.0.8.1","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/vvveb-stored-xss-via-media-upload-and-rename","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40896","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40896 — OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user w…","description":"OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with `manage_agendas` permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target p…","indicators":{"cves":["CVE-2026-40896"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:16:48.567Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/opf/openproject/commit/8f693a1f35d0a84bb69af78fb6925f74329ae4fe","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/opf/openproject/security/advisories/GHSA-hh5p-gwf8-h245","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/opf/openproject/security/advisories/GHSA-hh5p-gwf8-h245","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41245","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41245 — Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnera…","description":"Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when a crafted RAR archive is extracted. Version 7.5.10 fixes the…","indicators":{"cves":["CVE-2026-41245"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:16:49.113Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/junrar/junrar/commit/d77e9a83eb721cd51f9c23d7869d0e6ad7f952d7","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/junrar/junrar/releases/tag/v7.5.10","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/junrar/junrar/security/advisories/GHSA-hf5p-q87m-crj7","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6650","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6650 — A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file…","description":"A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zb_users/plugin/AppCentre/app_upload.php of the component ZBA File Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available and…","indicators":{"cves":["CVE-2026-6650"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:16:55.617Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/qingyun985/Cyber-Security/issues/3","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/793451","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358284","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358284/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6652","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6652 — A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate…","description":"A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote ex…","indicators":{"cves":["CVE-2026-6652"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:16:56.013Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://medium.com/@pkhuyar/the-danger-of-php-eval-a23410187ca2","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/794186","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358286","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358286/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-66954","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-66954 — A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or…","description":"A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is triggered by modifying a parameter within requests sent to the /nasapi endpoint.","indicators":{"cves":["CVE-2025-66954"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T17:16:29.837Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/DBmonster19/CVE-2025-66954","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-22761","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-22761 — Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A…","description":"Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.","indicators":{"cves":["CVE-2026-22761"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T17:16:31.053Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-26942","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-26942 — Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Spe…","description":"Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execu…","indicators":{"cves":["CVE-2026-26942"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T17:16:32.657Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-28684","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-28684 — python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prio…","description":"python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, `set_key()` and `unset_key()` in python-dotenv follow symbolic links when rewriting `.env` files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when…","indicators":{"cves":["CVE-2026-28684"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T17:16:33.087Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/theskumar/python-dotenv/releases/tag/v1.2.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/theskumar/python-dotenv/security/advisories/GHSA-mf9w-mj56-hr94","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/theskumar/python-dotenv/security/advisories/GHSA-mf9w-mj56-hr94","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35154","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35154 — Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions…","description":"Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper privilege management vulnerability in IDRAC. A high privileged attacker with local access could poten…","indicators":{"cves":["CVE-2026-35154"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T17:16:34.263Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-23752","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-23752 — GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the template grou…","description":"GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the template group creation and editing functionality that allows authenticated administrators to inject arbitrary JavaScript by manipulating the companyname POST parameter without HTML sanitization. Attackers can inj…","indicators":{"cves":["CVE-2026-23752"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T18:16:23.947Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://gfi.ai/products-and-solutions/email-and-messaging-solutions/helpdesk/resources/product-releases","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://www.vulncheck.com/advisories/gfi-helpdesk-stored-xss-via-companyname-parameter","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-23753","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-23753 — GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the language mana…","description":"GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the language management functionality where the charset POST parameter is passed directly to SWIFT_Language::Create() without HTML sanitization and subsequently rendered unsanitized by View_Language.RenderGrid(). An a…","indicators":{"cves":["CVE-2026-23753"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T18:16:24.137Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://gfi.ai/products-and-solutions/email-and-messaging-solutions/helpdesk/resources/product-releases","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://www.vulncheck.com/advisories/gfi-helpdesk-stored-xss-via-charset-parameter","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-23756","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-23756 — GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the Troubleshoote…","description":"GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the Troubleshooter module where the subject POST parameter is not sanitized in Controller_Step.InsertSubmit() and EditSubmit() before being rendered by View_Step.RenderViewSteps(). An authenticated staff member can in…","indicators":{"cves":["CVE-2026-23756"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T18:16:24.297Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://gfi.ai/products-and-solutions/email-and-messaging-solutions/helpdesk/resources/product-releases","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://www.vulncheck.com/advisories/gfi-helpdesk-stored-xss-via-troubleshooter-step-subject","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-23757","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-23757 — GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports modu…","description":"GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFT_Report::Create() without HTML sanitization. Attackers can inject arbitrary JavaScript into the report title field when creating or editing a re…","indicators":{"cves":["CVE-2026-23757"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T18:16:24.473Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://gfi.ai/products-and-solutions/email-and-messaging-solutions/helpdesk/resources/product-releases","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://www.vulncheck.com/advisories/gfi-helpdesk-stored-xss-via-reports-module","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-26399","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-26399 — A stack-use-after-return issue exists in the Arduino_Core_STM32 library prior to version 1.7.0. The…","description":"A stack-use-after-return issue exists in the Arduino_Core_STM32 library prior to version 1.7.0. The pwm_start() function allocates a TIM_HandleTypeDef structure on the stack and passes its address to HAL initialization routines, where it is stored in a global timer handle registry. After the functio…","indicators":{"cves":["CVE-2026-26399"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T18:16:25.040Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/Acen28/CVE-2026-26399-Disclosure","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/stm32duino/Arduino_Core_STM32/releases/tag/1.6.1","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-39112","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-39112 — Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Manage…","description":"Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the visname parameter of visitors-form.php. An authenticated attacker can inject arbitrary JavaScript that is later executed when the malicious input is viewed in manage-newvisitor…","indicators":{"cves":["CVE-2026-39112"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T18:16:27.417Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/efekaanakkar/Apartment-Visitors-Management-System-CVEs/","label":"cve@mitre.org","domainType":"primary"},{"url":"https://phpgurukul.com/?sdm_process_download=1&download_id=21524","label":"cve@mitre.org","domainType":"other"},{"url":"https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41389","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41389 — OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result me…","description":"OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially disclosi…","indicators":{"cves":["CVE-2026-41389"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T18:16:27.980Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/openclaw/openclaw/commit/1470de5d3e0970856d86cd99336bb8ada3fe87da","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/openclaw/openclaw/commit/52ef42302ead9e183e6c8810e0a04ee4ef8ae9fc","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/openclaw/openclaw/commit/6e58f1f9f54bca1fea1268ec0ee4c01a2af03dde","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mr34-9552-qr95","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-unvalidated-tool-result-media-paths","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6060","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6060 — A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource cons…","description":"A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS: \n\n  *  7.0.X\n  *  8.0.X\n  *  2023.X\n  *  2024.X\n  *  2025.X\n  *  2026.X before 2026.3.X","indicators":{"cves":["CVE-2026-6060"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T19:16:11.043Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://otrs.com/release-notes/otrs-security-advisory-2026-01/","label":"security@otrs.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6550","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6550 — Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python befor…","description":"Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version  4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache, resulting in ciphertext that can be decryp…","indicators":{"cves":["CVE-2026-6550"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T20:16:49.283Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://aws.amazon.com/security/security-bulletins/2026-017-aws/","label":"ff89ba41-3aa1-4d27-914a-91399e9639e5","domainType":"other"},{"url":"https://github.com/aws/aws-encryption-sdk-python/releases/tag/v3.3.1","label":"ff89ba41-3aa1-4d27-914a-91399e9639e5","domainType":"primary"},{"url":"https://github.com/aws/aws-encryption-sdk-python/releases/tag/v4.0.5","label":"ff89ba41-3aa1-4d27-914a-91399e9639e5","domainType":"primary"},{"url":"https://github.com/aws/aws-encryption-sdk-python/security/advisories/GHSA-v638-38fc-rhfv","label":"ff89ba41-3aa1-4d27-914a-91399e9639e5","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-29647","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-29647 — In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to…","description":"In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling.","indicators":{"cves":["CVE-2026-29647"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:19.637Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://docs.riscv.org/reference/isa/priv/smstateen.html#state-enable-0-registers","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/OpenXiangShan/NEMU/issues/691","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/OpenXiangShan/XiangShan/pull/3978","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/OpenXiangShan/NEMU/issues/691","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-4852","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4852 — The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable t…","description":"The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image Source' attachment field in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. This makes it possible for…","indicators":{"cves":["CVE-2026-4852"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:36.560Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/image-source-control-isc/tags/3.8.0/public/views/global-list.php#L37","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/db0222e2-5a50-43f4-8620-12b97c712dec?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6729","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6729 — HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that…","description":"HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by exploiting a shared ohmo session key that lacks sender identity verification. Attackers can reuse anothe…","indicators":{"cves":["CVE-2026-6729"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T22:16:23.800Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/HKUDS/OpenHarness/commit/3186851c479ee714a9bb9aa6cd77017db7e589e2","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/HKUDS/OpenHarness/pull/159","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/hkuds-openharness-session-key-collision-privilege-escalation","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://github.com/HKUDS/OpenHarness/pull/159","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5721","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5721 — The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress i…","description":"The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.5.0.4. This is due to insufficient input sanitization and output escaping in the prepareCellOutput() method of the L…","indicators":{"cves":["CVE-2026-5721"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T23:16:24.403Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3510613/","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8db736fb-cd6c-4a52-9dd3-eefd0a8d9267?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35588","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35588 — Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassand…","description":"Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module (`glances/exports/glances_cassandra/__init__.py`) interpolates `keyspace`, `table`, and `replication_factor` configuration values directly into CQL statements without validation. A us…","indicators":{"cves":["CVE-2026-35588"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:29.163Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/nicolargo/glances/commit/d339181f03a14bb15506307e9d58f876e23d8160","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nicolargo/glances/commit/e41b665576f9fd5374e3152078726cc59a01e48c","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nicolargo/glances/security/advisories/GHSA-grp3-h8m8-45p7","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nicolargo/glances/security/advisories/GHSA-grp3-h8m8-45p7","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40045","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40045 — OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored…","description":"OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft setup codes to redirect clients to malicious endpoints, disclosing plaintext gateway credentials.","indicators":{"cves":["CVE-2026-40045"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:29.300Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/openclaw/openclaw/commit/a941a4fef9bc43b2973c92d0dcff5b8a426210c5","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-83f3-hh45-vfw9","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-cleartext-credential-transmission-via-unencrypted-websocket-gateway-endpoints","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41285","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41285 — In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted…","description":"In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND) option (over a local network) with length zero, because of an \"nd_opt_len * 8 - 2\" expression with no preceding check for whether nd_opt_len is zero.","indicators":{"cves":["CVE-2026-41285"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:29.480Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/openbsd/src/commit/086c5738bcd3c203bcc08d024fcf983cb409115f","label":"cve@mitre.org","domainType":"primary"},{"url":"https://www.openbsd.org/errata78.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://www.rfc-editor.org/rfc/rfc4861#section-4.6","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41298","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41298 — OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoi…","description":"OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoint in identity-bearing HTTP modes. Read-scoped callers can terminate running subagent sessions by sending requests to this endpoint, bypassing authorization controls.","indicators":{"cves":["CVE-2026-41298"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:30.350Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/openclaw/openclaw/commit/54a0878517167c6e49900498cf77420dadb74beb","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5hff-46vh-rxmw","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-session-termination-endpoint","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41300","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41300 — OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered…","description":"OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoints by having their discovered URL survive the trust decline process into manual prompts requiring oper…","indicators":{"cves":["CVE-2026-41300"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:30.690Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/openclaw/openclaw/commit/2a75416634837c21ed05b8c3ed906eb7a7807060","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9f4w-67g7-mqwv","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-attacker-discovered-endpoint-preservation-in-remote-onboarding","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41301","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41301 — OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability i…","description":"OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingress path that allows pairing challenges to be issued before event signature validation. An unauthenticated remote attacker can send forged direct messages to create pending pairing…","indicators":{"cves":["CVE-2026-41301"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:30.873Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/openclaw/openclaw/commit/4ee742174f36b5445703e3b1ef2fbd6ae6700fa4","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-h43v-27wg-5mf9","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-forged-nostr-dm-pairing-state-creation-via-signature-verification-bypass","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41330","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41330 — OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec polic…","description":"OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification, Do…","indicators":{"cves":["CVE-2026-41330"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:31.557Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/openclaw/openclaw/commit/4d912e04519b4bd53b248437c53748cdebce9a41","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9gp8-hjxr-6f34","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-environment-variable-override-via-host-exec-policy","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41331","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41331 — OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight…","description":"OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that allows unauthorized group senders to trigger transcription processing. Attackers can exploit insufficient allowlist enforcement to cause resource or billing consumption by initiatin…","indicators":{"cves":["CVE-2026-41331"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:31.740Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/openclaw/openclaw/commit/c4fa8635d03943ffe9e294d501089521dca635c5","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-m6fx-m8hc-572m","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-resource-consumption-via-unauthorized-telegram-audio-preflight-transcription","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-39377","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-39377 — The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja…","description":"The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The `Extr…","indicators":{"cves":["CVE-2026-39377","CVE-2026-39378"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T01:16:05.937Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/jupyter/nbconvert/releases/tag/v7.17.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-39886","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-39886 — OpenEXR provides the specification and reference implementation of the EXR file format, an image sto…","description":"OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Versions 3.4.0 through 3.4.9 have a signed integer overflow vulnerability in OpenEXR's HTJ2K (High-Throughput JPEG 2000) decompression path. The `ht_undo_i…","indicators":{"cves":["CVE-2026-39886","CVE-2026-40244","CVE-2026-40250"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T02:16:07.753Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.10","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-r3mr-mx8q-jcw5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.8","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.10","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-j526-66f6-fxhx","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-m5qw-23x2-6phj","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6058","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6058 — ** UNSUPPORTED WHEN ASSIGNED ** An improper encoding or escaping vulnerability in the CGI program of…","description":"** UNSUPPORTED WHEN ASSIGNED ** An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the WLAN to cause a denial-of-service (DoS) condition in the web management interface by convincing an authentica…","indicators":{"cves":["CVE-2026-6058"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T02:16:08.500Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://www.zyxel.com/global/en/support/end-of-life","label":"security@zyxel.com.tw","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6674","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6674 — The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the…","description":"The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the 'arttype' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it…","indicators":{"cves":["CVE-2026-6674"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T03:16:09.070Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/tags/1.0.0/includes/cfmw-positions.php#L202","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/tags/1.0.0/includes/cfmw-positions.php#L207","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/trunk/includes/cfmw-positions.php#L202","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/trunk/includes/cfmw-positions.php#L207","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/af4bd5f6-4f0e-4035-8544-48154a05cef1?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6675","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6675 — The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Una…","description":"The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Email Relay in all versions up to, and including, 2.2.0. This is due to insufficient authorization checks and missing server-side validation of the recipient email address supplied v…","indicators":{"cves":["CVE-2026-6675","CVE-2026-6703"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T03:16:09.210Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/tags/2.1.9/includes/class-responsive-block-editor-addons.php#L2212","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/tags/2.1.9/includes/class-responsive-block-editor-addons.php#L2324","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/tags/2.1.9/includes/class-responsive-block-editor-addons.php#L2403","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/trunk/includes/class-responsive-block-editor-addons.php#L2212","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/trunk/includes/class-responsive-block-editor-addons.php#L2324","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/trunk/includes/class-responsive-block-editor-addons.php#L2403","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/17452a29-bcef-451a-9893-a436ac5d3b80?source=cve","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/tags/2.2.0/includes/class-responsive-block-editor-addons.php#L1730","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/tags/2.2.0/includes/class-responsive-block-editor-addons.php#L1814","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/tags/2.2.0/includes/class-responsive-block-editor-addons.php#L668","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/trunk/includes/class-responsive-block-editor-addons.php#L1730","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/trunk/includes/class-responsive-block-editor-addons.php#L1814","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/trunk/includes/class-responsive-block-editor-addons.php#L668","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3465616","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/187b072d-6314-4ac1-a924-b14324b2fd8d?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31370","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-31370 — Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerabi…","description":"Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.","indicators":{"cves":["CVE-2026-31370"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T07:16:09.437Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://www.honor.com/global/security/CVE-2026-31370/","label":"3836d913-7555-4dd0-a509-f5667fdf5fe4","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6711","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6711 — The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 't…","description":"The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.6. This is due to the use of filter_input() without a sanitization filter and insufficient output escaping. This makes it possible for unauthent…","indicators":{"cves":["CVE-2026-6711"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T07:16:09.743Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3482210%40website-llms-txt&new=3482210%40website-llms-txt&sfp_email=&sfph_mail=","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f5af155b-b65e-4cb1-a748-fc0fc5c6176d?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6712","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6712 — The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin set…","description":"The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a…","indicators":{"cves":["CVE-2026-6712"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T07:16:09.880Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3482210%40website-llms-txt&new=3482210%40website-llms-txt&sfp_email=&sfph_mail=","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2ab86a42-2a8f-4cbc-a754-a3e307b1b73f?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6755","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6755 — Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and…","description":"Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.","indicators":{"cves":["CVE-2026-6755"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:21.510Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1880429","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6763","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6763 — Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firef…","description":"Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6763"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:22.227Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021666","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6764","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6764 — Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed…","description":"Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6764"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:22.313Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022162","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6765","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6765 — Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150,…","description":"Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6765"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:22.390Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022419","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6767","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6767 — Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox…","description":"Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6767"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:22.577Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023209","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6770","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6770 — Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefo…","description":"Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6770"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:22.840Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2024220","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6774","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6774 — Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Th…","description":"Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.","indicators":{"cves":["CVE-2026-6774"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:23.173Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016915","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6775","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6775 — Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 a…","description":"Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.","indicators":{"cves":["CVE-2026-6775"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:23.260Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021768","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6777","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6777 — Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150 and Thunde…","description":"Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.","indicators":{"cves":["CVE-2026-6777"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:23.430Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022726","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6778","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6778 — Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150…","description":"Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.","indicators":{"cves":["CVE-2026-6778"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:23.513Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022746","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6779","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6779 — Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thun…","description":"Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.","indicators":{"cves":["CVE-2026-6779"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:23.600Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023343","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6783","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6783 — Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnera…","description":"Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.","indicators":{"cves":["CVE-2026-6783"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:23.930Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027564","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-1241","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-1241 — Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to v…","description":"Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data.","indicators":{"cves":["CVE-2025-1241"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:16:35.320Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://fortra.com/security/advisories/product-security/FI-2026-001","label":"df4dee71-de3a-4139-9588-11b62fe6c0ff","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-31981","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-31981 — HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 (…","description":"HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 (HTTP) being open, allowing unencrypted access.  An attacker with access to the network traffic can sniff packets from the connection and uncover the data.","indicators":{"cves":["CVE-2025-31981"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:16:35.580Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127605","label":"psirt@hcl.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-0971","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-0971 — An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML…","description":"An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page.","indicators":{"cves":["CVE-2026-0971"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:16:35.717Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://fortra.com/security/advisories/product-security/fi-2025-013","label":"df4dee71-de3a-4139-9588-11b62fe6c0ff","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1089","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1089 — User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to t…","description":"User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information Disclosure.","indicators":{"cves":["CVE-2026-1089"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:16:35.943Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://www.fortra.com/security/advisories/product-security/fi-2026-005","label":"df4dee71-de3a-4139-9588-11b62fe6c0ff","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31013","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-31013 — Dovestones Softwares ADPhonebook <4.0.1.1 has a reflected cross-site scripting (XSS) vulnerability i…","description":"Dovestones Softwares ADPhonebook <4.0.1.1 has a reflected cross-site scripting (XSS) vulnerability in the search parameter of the /ADPhonebook?Department=HR endpoint. User-supplied input is reflected in the HTTP response without proper input validation or output encoding, allowing execution of arbit…","indicators":{"cves":["CVE-2026-31013"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:16:36.217Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://dovestones.com/download/","label":"cve@mitre.org","domainType":"other"},{"url":"https://gist.github.com/pentestrox/a35cd5df1a5a84eabada897fc4ffcc79","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-31014","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-31014 — Dovestones Softwares AD Self Update <4.0.0.5 is vulnerable to Cross Site Request Forgery (CSRF). The…","description":"Dovestones Softwares AD Self Update <4.0.0.5 is vulnerable to Cross Site Request Forgery (CSRF). The affected endpoint processes state-changing requests without requiring a CSRF token or equivalent protection. The endpoint accepts application/x-www-form-urlencoded requests, and an originally POST-ba…","indicators":{"cves":["CVE-2026-31014"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:16:36.337Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://dovestones.com/download/","label":"cve@mitre.org","domainType":"other"},{"url":"https://gist.github.com/pentestrox/64cb5febcd9b3022c1f9d3340bf586e3","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40498","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40498 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthent…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that should be restricted to administrators. The /system/cron endpoint relies on a static MD5 hash derived from the APP_KEY, which is exposed in…","indicators":{"cves":["CVE-2026-40498","CVE-2026-40567"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T16:16:20.240Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/b1d6c2c601a6ec3626ab13e679607b5084dfbd38","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.213","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-5jw5-q9j7-4rxc","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/commit/9131b16f80eade81002cb9809a2603f6b61981cf","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-q8v4-v62h-5528","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-24176","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-24176 — NVIDIA KAI Scheduler contains a vulnerability where an attacker could cause improper authorization t…","description":"NVIDIA KAI Scheduler contains a vulnerability where an attacker could cause improper authorization through cross-namespace pod references. A successful exploit of this vulnerability might lead to data tampering.","indicators":{"cves":["CVE-2026-24176"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:23.603Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24176","label":"psirt@nvidia.com","domainType":"primary"},{"url":"https://nvidia.custhelp.com/app/answers/detail/a_id/5818","label":"psirt@nvidia.com","domainType":"other"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-24176","label":"psirt@nvidia.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-25542","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-25542 — Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 0.43…","description":"Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 0.43.0 to 1.11.0, trusted resources verification policies match a resource source string (refSource.URI) against spec.resources[].pattern using regexp.MatchString. In Go, regexp.MatchString reports a matc…","indicators":{"cves":["CVE-2026-25542"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:24.213Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/tektoncd/pipeline/commit/b8905600322aa86327baae0a7c04d6cf1207362a","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/tektoncd/pipeline/security/advisories/GHSA-rmx9-2pp3-xhcr","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-26067","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-26067 — October is a Content Management System (CMS) and web platform. Prior to 3.7.14 and 4.1.10, a server-…","description":"October is a Content Management System (CMS) and web platform. Prior to 3.7.14 and 4.1.10, a server-side information disclosure vulnerability was identified in the handling of CSS preprocessor files. Backend users with Editor permissions could craft .less, .sass, or .scss files that leverage the com…","indicators":{"cves":["CVE-2026-26067"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:24.383Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/octobercms/october/security/advisories/GHSA-3888-q23f-x7qh","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-26274","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-26274 — October is a Content Management System (CMS) and web platform. Prior to 3.7.14 and 4.1.10, a vulnera…","description":"October is a Content Management System (CMS) and web platform. Prior to 3.7.14 and 4.1.10, a vulnerability was identified in the Twig sandbox security policy that allowed database write operations when cms.safe_mode is enabled. Backend users with Developer permissions could use Twig template markup…","indicators":{"cves":["CVE-2026-26274"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:30.667Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/octobercms/october/security/advisories/GHSA-h6jm-f4hh-fw27","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35451","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35451 — Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting (XSS) vulnerability exi…","description":"Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting (XSS) vulnerability exists in the BlockNote editor component. Due to a lack of protocol validation in the FileBlock component and insufficient server-side inspection of block content, an attacker can inject a javascript: UR…","indicators":{"cves":["CVE-2026-35451"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:53.087Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/twentyhq/twenty/commit/8da69e0f77ea820a6845a4c3c025b6af3861d523","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/twentyhq/twenty/security/advisories/GHSA-7w89-7q26-gj7q","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/twentyhq/twenty/security/advisories/GHSA-7w89-7q26-gj7q","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40566","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40566 — FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Serve…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery (SSRF) vulnerability in the IMAP/SMTP connection test functionality of FreeScout's `MailboxesController`. Three AJAX actions  `fetch_test` (line 731), `send_test` (line 682), an…","indicators":{"cves":["CVE-2026-40566"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:55.000Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/efe82e31b4a0d4c0b20025d09df0615e8139ff08","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.213","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-fg98-rgx6-8x4g","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-fg98-rgx6-8x4g","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40574","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40574 — OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2…","description":"OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2, an authorization bypass exists in OAuth2 Proxy as part of the email_domain enforcement option. An attacker may be able to authenticate with an email claim such as attacker@evil.com@company.com and s…","indicators":{"cves":["CVE-2026-40574"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:55.730Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-c5c4-8r6x-56w3","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40590","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40590 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the Change C…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the Change Customer modal exposes a “Create a new customer” flow via POST /customers/ajax with action=create. Under limited visibility, the endpoint drops unique-email validation. If the supplied email already be…","indicators":{"cves":["CVE-2026-40590"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:56.803Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/b3d7611e6e173ed8a5e525b791deb6b32cf1ce62","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.214","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-wjw4-8xg6-342m","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-wjw4-8xg6-342m","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40592","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40592 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the undo-sen…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the undo-send route `GET /conversation/undo-reply/{thread_id}` checks only whether the current user can view the parent conversation. It does not verify that the current user created the reply being undone. In a…","indicators":{"cves":["CVE-2026-40592"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:57.087Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/c779afdda86fa00a4b85779e034bbfd9ce20c76d","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.214","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-674v-r6xp-mvp6","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41183","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41183 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be hidd…","indicators":{"cves":["CVE-2026-41183"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:57.227Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/6583d6f5a593b51223904f9e0f2e721e63c76de0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.215","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-7rh8-9rgv-g35r","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-7rh8-9rgv-g35r","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40587","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40587 — blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a user changes their pa…","description":"blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a user changes their password via the profile edit page, or when a password reset is completed via the reset link, neither operation invalidates existing authenticated sessions for that user. A server-side session store ass…","indicators":{"cves":["CVE-2026-40587"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:16:51.073Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/blueprintue/blueprintue-self-hosted-edition/security/advisories/GHSA-gqpq-x62g-p4mg","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/blueprintue/blueprintue-self-hosted-edition/security/advisories/GHSA-gqpq-x62g-p4mg","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40594","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40594 — pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the set…","description":"pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the set_session_cookie_secure before_request handler in src/pyload/webui/app/__init__.py reads the X-Forwarded-Proto header from any HTTP request without validating that the request originates from a trusted…","indicators":{"cves":["CVE-2026-40594"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:16:51.553Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/pyload/pyload/security/advisories/GHSA-mp82-fmj6-f22v","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/pyload/pyload/security/advisories/GHSA-mp82-fmj6-f22v","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40602","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40602 — The Home Assistant Command-line interface (hass-cli) is a command-line tool for Home Assistant. Up t…","description":"The Home Assistant Command-line interface (hass-cli) is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no r…","indicators":{"cves":["CVE-2026-40602"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:16:51.827Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/home-assistant-ecosystem/home-assistant-cli/pull/453","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/home-assistant-ecosystem/home-assistant-cli/security/advisories/GHSA-33qf-q99x-wpm8","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40606","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40606 — mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software…","description":"mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP serv…","indicators":{"cves":["CVE-2026-40606"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:16:52.127Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-527g-3w9m-29hv","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40608","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40608 — Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams.…","description":"Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. Prior to 0.4.15, the embedded HTTP sidecar contains three POST handlers (/api/state, /api/restore, and /api/history-svg) that process incoming requests by accumulating the entire request body into a J…","indicators":{"cves":["CVE-2026-40608"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:16:52.280Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/DayuanJiang/next-ai-draw-io/commit/31819f413cc4b329a1cb81e5fccd0cd98c1fd665","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/DayuanJiang/next-ai-draw-io/security/advisories/GHSA-9q7h-wgfw-p378","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/DayuanJiang/next-ai-draw-io/security/advisories/GHSA-9q7h-wgfw-p378","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41194","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41194 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the mailbox…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the mailbox OAuth disconnect action is implemented as `GET /mailbox/oauth-disconnect/{id}/{in_out}/{provider}`. It removes stored OAuth metadata from the mailbox and then redirects. Because it is a GET route, no…","indicators":{"cves":["CVE-2026-41194"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:16:53.400Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/eb397efae2086524ba0ee91abb916de8db7a4ac1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.215","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-6rvw-fhqx-cfv5","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-22751","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-22751 — Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login…","description":"Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use (TOCTOU) race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0.0…","indicators":{"cves":["CVE-2026-22751"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T19:16:16.550Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://spring.io/security/cve-2026-22751","label":"security@vmware.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6744","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6744 — A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Do…","description":"A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Downloadable Link Handler. The manipulation results in server-side request forgery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted earl…","indicators":{"cves":["CVE-2026-6744"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T19:16:18.727Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://drive.google.com/file/d/1pVSN3BYjI_rUE2Jms5EcIBGSMdrq6Wql/view?usp=sharing","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/794680","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358435","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358435/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33812","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33812 — Parsing a malicious font file can cause excessive memory allocation.","description":"Parsing a malicious font file can cause excessive memory allocation.","indicators":{"cves":["CVE-2026-33812"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:16:56.290Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://go.dev/cl/761180","label":"security@golang.org","domainType":"other"},{"url":"https://go.dev/issue/78382","label":"security@golang.org","domainType":"other"},{"url":"https://pkg.go.dev/vuln/GO-2026-4962","label":"security@golang.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40889","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40889 — Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.2 an…","description":"Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.2 and 16.4.2, authenticated users can access unauthorized files by exploiting certain api endpoint. Versions 15.58.2 and 16.4.2 contain a patch. No known workarounds are available.","indicators":{"cves":["CVE-2026-40889"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:02.680Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/frappe/hrms/releases/tag/v15.58.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/frappe/hrms/releases/tag/v16.4.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/frappe/hrms/security/advisories/GHSA-6cg5-4q6m-vrgm","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40907","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40907 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, the endpoint `plugin/Live/…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and prior, the endpoint `plugin/Live/view/Live_restreams/list.json.php` contains an Insecure Direct Object Reference (IDOR) vulnerability that allows any authenticated user with streaming permission to retrieve other users' live restream…","indicators":{"cves":["CVE-2026-40907"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:03.080Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/d5992fff2811df4adad1d9fc7d0a5837b882aed7","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-gpgp-w4x2-h3h7","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-gpgp-w4x2-h3h7","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40908","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40908 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file `git.json.php` at…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file `git.json.php` at the web root executes `git log -1` and returns the full output as JSON to any unauthenticated user. This exposes the exact deployed commit hash (enabling version fingerprinting against known CVEs), d…","indicators":{"cves":["CVE-2026-40908"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:03.220Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-52hf-63q4-r926","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-52hf-63q4-r926","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41320","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41320 — Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.54.0 an…","description":"Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.54.0 and 14.38.1, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. Versions 15.54.0 and 14…","indicators":{"cves":["CVE-2026-41320"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:03.797Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/frappe/hrms/security/advisories/GHSA-745c-5q8r-vgj2","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-21998","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-21998 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported…","description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise My…","indicators":{"cves":["CVE-2026-21998","CVE-2026-22002","CVE-2026-22005","CVE-2026-22009","CVE-2026-22017","CVE-2026-34267","CVE-2026-34272","CVE-2026-34278","CVE-2026-34303","CVE-2026-35240"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:24.863Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-21999","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-21999 — Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are a…","description":"Vulnerability in the XML Database component of Oracle Database Server.  Supported versions that are affected are 23.4.0-23.26.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise XML Database.  Successful attacks require human interaction…","indicators":{"cves":["CVE-2026-21999"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:25.060Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22001","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-22001 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). S…","description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).  Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to comp…","indicators":{"cves":["CVE-2026-22001","CVE-2026-22015"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:25.253Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22003","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-22003 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co…","description":"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u481 and  8u481-b50; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows low privileged…","indicators":{"cves":["CVE-2026-22003"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:25.650Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22004","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-22004 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions th…","description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.…","indicators":{"cves":["CVE-2026-22004","CVE-2026-34304","CVE-2026-35236","CVE-2026-35237","CVE-2026-35238"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:25.857Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22006","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-22006 — Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (compone…","description":"Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Employee Snapshot).   The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterpris…","indicators":{"cves":["CVE-2026-22006","CVE-2026-34280"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:26.240Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22019","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-22019 — Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (compo…","description":"Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Person Search).   The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise…","indicators":{"cves":["CVE-2026-22019"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:29.030Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34266","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34266 — Vulnerability in the PeopleSoft Enterprise HCM Absence Management product of Oracle PeopleSoft (comp…","description":"Vulnerability in the PeopleSoft Enterprise HCM Absence Management product of Oracle PeopleSoft (component: Absence Management).   The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Ente…","indicators":{"cves":["CVE-2026-34266"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:30.040Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34269","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34269 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Port…","description":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal).  Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools.…","indicators":{"cves":["CVE-2026-34269"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:30.557Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34270","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34270 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plug…","description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).  Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to…","indicators":{"cves":["CVE-2026-34270","CVE-2026-34271","CVE-2026-34276"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:30.717Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34273","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34273 — Vulnerability in Oracle GoldenGate (component: Libraries). Supported versions that are affected are…","description":"Vulnerability in Oracle GoldenGate (component: Libraries).  Supported versions that are affected are 23.4-23.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate.  Successful attacks of this vulnerability can result in  una…","indicators":{"cves":["CVE-2026-34273"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:31.237Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34274","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34274 — Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: User Interfa…","description":"Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: User Interface).  Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator.  Success…","indicators":{"cves":["CVE-2026-34274"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:31.390Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34277","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34277 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Flui…","description":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Fluid Core).  Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTo…","indicators":{"cves":["CVE-2026-34277"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:31.860Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34281","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34281 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported ver…","description":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel).   The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris.  While the…","indicators":{"cves":["CVE-2026-34281"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:32.493Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34283","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34283 — Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Identit…","description":"Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Identity Console).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Ide…","indicators":{"cves":["CVE-2026-34283"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:32.823Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34284","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34284 — Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (c…","description":"Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Human workflow 11g+).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to c…","indicators":{"cves":["CVE-2026-34284"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:32.973Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34293","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34293 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versio…","description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).  Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of t…","indicators":{"cves":["CVE-2026-34293","CVE-2026-35239"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:34.223Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34295","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34295 — Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: P…","description":"Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: Purchasing).   The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM Purcha…","indicators":{"cves":["CVE-2026-34295"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:34.477Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34296","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34296 — Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply…","description":"Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Product Quality Management).   The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compro…","indicators":{"cves":["CVE-2026-34296"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:34.610Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34298","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34298 — Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Pe…","description":"Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization).  Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Application…","indicators":{"cves":["CVE-2026-34298"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:34.887Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34299","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34299 — Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft (…","description":"Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft (component: Work Order Management).   The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSof…","indicators":{"cves":["CVE-2026-34299","CVE-2026-34301"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:35.020Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34300","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34300 — Vulnerability in the PeopleSoft Enterprise FIN Contracts product of Oracle PeopleSoft (component: Co…","description":"Vulnerability in the PeopleSoft Enterprise FIN Contracts product of Oracle PeopleSoft (component: Contracts).   The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Contract…","indicators":{"cves":["CVE-2026-34300"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:35.150Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34302","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34302 — Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader)…","description":"Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader).  Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Workflow.  While the vuln…","indicators":{"cves":["CVE-2026-34302"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:35.410Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34306","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34306 — Vulnerability in the PeopleSoft Enterprise FIN Project Costing product of Oracle PeopleSoft (compone…","description":"Vulnerability in the PeopleSoft Enterprise FIN Project Costing product of Oracle PeopleSoft (component: Projects).   The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Pro…","indicators":{"cves":["CVE-2026-34306"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:35.997Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34307","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34307 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Work…","description":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Workflow).  Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools…","indicators":{"cves":["CVE-2026-34307"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:36.117Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34308","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34308 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versi…","description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON).  Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Se…","indicators":{"cves":["CVE-2026-34308"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:36.253Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34317","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34317 — Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported…","description":"Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client).  Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes…","indicators":{"cves":["CVE-2026-34317","CVE-2026-34318","CVE-2026-34319"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:37.183Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34323","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34323 — Vulnerability in the Oracle Life Sciences InForm product of Oracle Life Science Applications (compon…","description":"Vulnerability in the Oracle Life Sciences InForm product of Oracle Life Science Applications (component: IDM Authentication).  Supported versions that are affected are 7.0.1.0 and  7.0.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Or…","indicators":{"cves":["CVE-2026-34323","CVE-2026-34324"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:37.937Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35232","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35232 — Vulnerability in Oracle Fusion Middleware (component: Dynamic Monitoring Service). Supported version…","description":"Vulnerability in Oracle Fusion Middleware (component: Dynamic Monitoring Service).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Fusion Middleware.  Successful at…","indicators":{"cves":["CVE-2026-35232"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:38.847Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35234","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35234 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported…","description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition).  Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks…","indicators":{"cves":["CVE-2026-35234"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:38.993Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35235","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35235 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versio…","description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS).  Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of th…","indicators":{"cves":["CVE-2026-35235"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:39.120Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35241","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35241 — Vulnerability in the PeopleSoft Enterprise CS Student Records product of Oracle PeopleSoft (componen…","description":"Vulnerability in the PeopleSoft Enterprise CS Student Records product of Oracle PeopleSoft (component: Research Tracking).   The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise…","indicators":{"cves":["CVE-2026-35241"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:39.983Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35244","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35244 — Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component…","description":"Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management).   The supported version that is affected is 11.2.24.0.000. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle H…","indicators":{"cves":["CVE-2026-35244"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:40.400Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35252","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35252 — Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: C Oracl…","description":"Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: C Oracle SSL API).  Supported versions that are affected are 12.2.1.4.0 and  12.1.3.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle S…","indicators":{"cves":["CVE-2026-35252"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:41.560Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40910","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40910 — frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTT…","description":"frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser backend…","indicators":{"cves":["CVE-2026-40910"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:45.157Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/fatedier/frp/security/advisories/GHSA-pq96-pwvg-vrr9","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/fatedier/frp/security/advisories/GHSA-pq96-pwvg-vrr9","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40923","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40923 — Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to…","description":"Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tekton/ internal paths by using .. path traversal components. The restriction check uses strin…","indicators":{"cves":["CVE-2026-40923","CVE-2026-40924"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:45.543Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/tektoncd/pipeline/releases/tag/v1.11.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/tektoncd/pipeline/security/advisories/GHSA-rx35-6rhx-7858","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/tektoncd/pipeline/security/advisories/GHSA-m2cx-gpqf-qf74","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40927","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40927 — Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving…","description":"Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving a comment on a page, it is possible to include a JavaScript URI as the link. When a user clicks on the link the JavaScript executes. This vulnerability is fixed in 0.80.0.","indicators":{"cves":["CVE-2026-40927"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:46.110Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/docmost/docmost/security/advisories/GHSA-4gv6-jw3v-wc34","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6796","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6796 — A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_l…","description":"A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_login of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This manipulation of the argument errorPassword causes cleartext sto…","indicators":{"cves":["CVE-2026-6796"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:48.333Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://vuldb.com/submit/794797","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358490","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358490/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6797","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6797 — A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability…","description":"A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability is the function ZipSecureFile.setMinflateRatio of the file common/src/main/java/com/publiccms/common/tools/DocToHtmlUtils.java. Such manipulation leads to resource consumption. It is possible to laun…","indicators":{"cves":["CVE-2026-6797"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:48.593Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://vuldb.com/submit/794798","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358491","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358491/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1354","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1354 — Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with th…","description":"Zero Motorcycles firmware versions 44 and prior enable an attacker to \nforcibly pair a device with the motorcycle via Bluetooth. Once paired, \nan attacker can utilize over-the-air firmware updating functionality to \npotentially upload malicious firmware to the motorcycle. The motorcycle \nmust first…","indicators":{"cves":["CVE-2026-1354"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T22:16:18.643Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-06.json","label":"ics-cert@hq.dhs.gov","domainType":"primary"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-06","label":"ics-cert@hq.dhs.gov","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41527","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41527 — KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra u…","description":"KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there is an error in the mechanism (KUniqueService) for ensuring that only one instance is running.","indicators":{"cves":["CVE-2026-41527"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T22:16:20.363Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://commits.kde.org/kleopatra/73471abb92d99c56354adb582bfaec2764c22b79","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/KDE/kleopatra/releases","label":"cve@mitre.org","domainType":"primary"},{"url":"https://kde.org/info/security/advisory-20260408-1.txt","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6799","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6799 — A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unkno…","description":"A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET&section=ping_config of the component Endpoint. Performing a manipulation of the argument destination results in command injection. The atta…","indicators":{"cves":["CVE-2026-6799"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T22:16:20.510Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/Blackhole23-Lab/-/blob/main/Comfast-CF-N1-S-Router-VUDB.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/795203","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358492","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358492/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6829","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6829 — nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated atta…","description":"nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated attackers to set or change a session workspace to an arbitrary existing directory on disk by manipulating workspace path parameters in endpoints such as /api/session/new, /api/session/update, /api/chat/st…","indicators":{"cves":["CVE-2026-6829"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T22:16:20.690Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/nesquena/hermes-webui/commit/2a7a5ddfaf39e3b0094b7ac37e9f1dbcf40a3918","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/nesquena/hermes-webui/pull/416","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/nesquena/hermes-webui/releases/tag/v0.50.34","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/nesquena-hermes-webui-arbitrary-workspace-directory-access","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40928","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40928 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, multiple AVideo JSON endpo…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and prior, multiple AVideo JSON endpoints under `objects/` accept state-changing requests via `$_REQUEST`/`$_GET` and persist changes tied to the caller's session user, without any anti-CSRF token, origin check, or referer check. A malic…","indicators":{"cves":["CVE-2026-40928"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:20.300Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/7aaad601bd9cd7b993ba0ee1b1bea6c32ee7b77c","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-x2pw-9c38-cp2j","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-x2pw-9c38-cp2j","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40929","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40929 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/commentDelete.jso…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/commentDelete.json.php` is a state-mutating JSON endpoint that deletes comments but performs no CSRF validation. It does not call `forbidIfIsUntrustedRequest()`, does not verify a CSRF/global token, and does not check…","indicators":{"cves":["CVE-2026-40929"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:20.433Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/184f36b1896f3364f864f17c1acca3dd8df3af27","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-8qm8-g55h-xmqr","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40935","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40935 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/getCaptcha.php` a…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/getCaptcha.php` accepts the CAPTCHA length (`ql`) directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined w…","indicators":{"cves":["CVE-2026-40935"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:20.577Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/bf1c76989e6a9054be4f0eb009d68f0f2464b453","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-hg7g-56h5-5pqr","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41061","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41061 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isValidDuration()` re…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isValidDuration()` regex at `objects/video.php:918` uses `/^[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}/` without a `$` end anchor, allowing arbitrary HTML/JavaScript to be appended after a valid duration prefix. The crafted duratio…","indicators":{"cves":["CVE-2026-41061"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:21.387Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/bcba324644df8b4ed1f891462455f1cd26822a45","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-8pv3-29pp-pf8f","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-8pv3-29pp-pf8f","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41062","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41062 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the directory traversal fi…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and below, the directory traversal fix introduced in commit 2375eb5e0 for `objects/aVideoEncoderReceiveImage.json.php` only checks the URL path component (via `parse_url($url, PHP_URL_PATH)`) for `..` sequences. However, the downstream f…","indicators":{"cves":["CVE-2026-41062"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:21.520Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/2375eb5e0a6d3cbcfb05377657d0820a7d470b1d","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/commit/bd11c16ec894698e54e2cdae25026c61ad1ed441","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-f4f9-627c-jh33","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-m63r-m9jh-3vc6","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41063","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41063 — WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete XSS fix in A…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete XSS fix in AVideo's `ParsedownSafeWithLinks` class overrides `inlineMarkup` for raw HTML but does not override `inlineLink()` or `inlineUrlTag()`, allowing `javascript:` URLs in markdown link syntax to bypass san…","indicators":{"cves":["CVE-2026-41063"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:21.663Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/3ae02fa240939dbefc5949d64f05790fd25d728d","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/commit/cae8f0dadbdd962c89b91d0095c76edb8aadcacf","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-72h5-39r7-r26j","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-m7r8-6q9j-m2hc","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41126","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41126 — BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect th…","description":"BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect through bigbluebutton/api/join via get-parameter \"logoutURL.\" Version 3.0.24 has adjusted the handling of requests with incorrect checksum so that the default logoutURL is used. No known workarounds are…","indicators":{"cves":["CVE-2026-41126"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T00:16:28.327Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-cvwj-4pcp-f3g8","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41127","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41127 — BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have a missing authoriza…","description":"BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have a missing authorization that allows viewers to inject/overwrite captions Version 3.0.24 tightened the permissions on who is able to submit captions. No known workarounds are available.","indicators":{"cves":["CVE-2026-41127"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T00:16:28.463Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-q387-2q28-mg33","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41131","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41131 — OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in spec…","description":"OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in specific scenarios, models using conditions with caching enabled can result in two different check requests producing the same cache key. This could result in OpenFGA reusing an earlier cached result for…","indicators":{"cves":["CVE-2026-41131"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T00:16:29.013Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/openfga/openfga/releases/tag/v1.14.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/openfga/openfga/security/advisories/GHSA-57j5-qwp2-vqp6","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6833","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6833 — The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote atta…","description":"The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.","indicators":{"cves":["CVE-2026-6833"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T04:16:07.303Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://www.twcert.org.tw/en/cp-139-10834-eb3ee-2.html","label":"twcert@cert.org.tw","domainType":"other"},{"url":"https://www.twcert.org.tw/tw/cp-132-10833-e3a53-1.html","label":"twcert@cert.org.tw","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6834","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6834 — The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated rem…","description":"The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method.","indicators":{"cves":["CVE-2026-6834"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T04:16:09.307Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://www.twcert.org.tw/en/cp-139-10834-eb3ee-2.html","label":"twcert@cert.org.tw","domainType":"other"},{"url":"https://www.twcert.org.tw/tw/cp-132-10833-e3a53-1.html","label":"twcert@cert.org.tw","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6835","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6835 — The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated…","description":"The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload arbitrary files to any path, including HTML documents, which may result in a XSS-like effect.","indicators":{"cves":["CVE-2026-6835"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T04:16:09.560Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://www.twcert.org.tw/en/cp-139-10836-ed15f-2.html","label":"twcert@cert.org.tw","domainType":"other"},{"url":"https://www.twcert.org.tw/tw/cp-132-10835-cb0c2-1.html","label":"twcert@cert.org.tw","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22747","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-22747 — Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle cer…","description":"Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user.\nThi…","indicators":{"cves":["CVE-2026-22747"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T06:16:03.933Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://spring.io/security/cve-2026-22747","label":"security@vmware.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22748","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-22748 — Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtD…","description":"Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder  or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator<Jwt> separately, for example by calling setJwtValidator.This issue affects Spring Security: from 6.3.0 through 6.3.14, fr…","indicators":{"cves":["CVE-2026-22748"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T06:16:04.040Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://spring.io/security/cve-2026-22748","label":"security@vmware.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40448","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40448 — Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory a…","description":"Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory allocation for large tensors in Samsung Open Source ONE.\nAffected version is prior to commit  1.30.0.","indicators":{"cves":["CVE-2026-40448"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:12.500Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://github.com/Samsung/ONE/pull/16481","label":"PSIRT@samsung.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40449","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40449 — Integer overflow in buffer size calculation could result in out of bounds memory access when handlin…","description":"Integer overflow in buffer size calculation could result in out of bounds memory access when handling large tensors in Samsung Open Source ONE.\nAffected version is prior to commit  1.30.0.","indicators":{"cves":["CVE-2026-40449"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:13.450Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://github.com/Samsung/ONE/pull/16481","label":"PSIRT@samsung.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40450","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40450 — Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incor…","description":"Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incorrect copy length and memory corruption for oversized tensors.\nAffected version is prior to commit  1.30.0.","indicators":{"cves":["CVE-2026-40450"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:13.553Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://github.com/Samsung/ONE/pull/16481","label":"PSIRT@samsung.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41664","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41664 — Integer overflow in memory copy size calculation in Samsung Open Source ONE could lead to invalid me…","description":"Integer overflow in memory copy size calculation in Samsung Open Source ONE could lead to invalid memory operations with large tensor shapes.\nAffected version is prior to commit  1.30.0.","indicators":{"cves":["CVE-2026-41664"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:13.657Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://github.com/Samsung/ONE/pull/16481","label":"PSIRT@samsung.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41665","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41665 — Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause…","description":"Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause incorrect memory initialization for large intermediate tensors.\nAffected version is prior to commit  1.30.0.","indicators":{"cves":["CVE-2026-41665"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:13.763Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://github.com/Samsung/ONE/pull/16481","label":"PSIRT@samsung.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41666","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41666 — Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bou…","description":"Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bounds access during loop state propagation.\nAffected version is prior to commit  1.30.0.","indicators":{"cves":["CVE-2026-41666"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:13.867Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://github.com/Samsung/ONE/pull/16481","label":"PSIRT@samsung.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41667","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41667 — Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause inc…","description":"Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large constant nodes.\nAffected version is prior to commit  1.30.0.","indicators":{"cves":["CVE-2026-41667"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:13.990Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://github.com/Samsung/ONE/pull/16481","label":"PSIRT@samsung.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6839","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6839 — Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out o…","description":"Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE\nAffected version is prior to commit  1.30.0.","indicators":{"cves":["CVE-2026-6839"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:14.957Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://github.com/Samsung/ONE/pull/16481","label":"PSIRT@samsung.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6840","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6840 — Missing bounds validation for operator could allow out of range operator-code lookup during model lo…","description":"Missing bounds validation for operator could  allow out of range operator-code lookup during model loading\nAffected version is prior to commit  1.30.0.","indicators":{"cves":["CVE-2026-6840"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:15.067Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://github.com/Samsung/ONE/pull/16481","label":"PSIRT@samsung.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-1379","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1379 — The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin setting…","description":"The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and…","indicators":{"cves":["CVE-2026-1379"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:19.667Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/http-headers/tags/1.19.2/views/manual.php#L18","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/trunk/views/manual.php#L18","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/02e63068-02a8-4106-b64e-430c24815e55?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1845","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1845 — The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin sett…","description":"The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an…","indicators":{"cves":["CVE-2026-1845"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:20.650Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://wordpress.org/plugins/re-pro/","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1978fd4f-f130-4e72-85df-24a6f9aebfe2?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-2714","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-2714 — The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '…","description":"The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Admi…","indicators":{"cves":["CVE-2026-2714"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:20.817Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/institute-management/tags/5.5/admin/inc/wl_im_settings.php#L47","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/institute-management/trunk/admin/inc/wl_im_settings.php#L47","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1fd62c3d-2c15-4d1c-9210-4c2aca379fe3?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-2717","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-2717 — The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and inc…","description":"The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and including, 1.19.2. This is due to insufficient sanitization of custom header name and value fields before writing them to the Apache .htaccess file via `insert_with_markers()`. This makes it possible for…","indicators":{"cves":["CVE-2026-2717"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:20.987Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/http-headers/tags/1.19.2/http-headers.php#L1098","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/tags/1.19.2/http-headers.php#L745","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/trunk/http-headers.php#L1098","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/trunk/http-headers.php#L745","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7716e77f-e899-4046-9421-86fc0c36c245?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-2719","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-2719 — The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exce…","description":"The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to, and including, 0.4.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-…","indicators":{"cves":["CVE-2026-2719"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:21.130Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/private-wp-suite/tags/0.4.1/private-wp-suite.php#L153","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/private-wp-suite/trunk/private-wp-suite.php#L153","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/af88a631-c4ec-47ec-ad9b-1ef38ea1be09?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3362","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3362 — The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '…","description":"The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Minimum Count' settings field in all versions up to and including 2.2. This is due to insufficient input sanitization (no sanitize callback on register_setting) and missing output escaping (no esc_att…","indicators":{"cves":["CVE-2026-3362"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:21.757Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/short-comment-filter/tags/2.2/classes/short-comment-filter-settings.php#L21","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/short-comment-filter/tags/2.2/classes/short-comment-filter-settings.php#L54","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/short-comment-filter/tags/2.2/classes/short-comment-filter-settings.php#L61","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/short-comment-filter/tags/2.2/views/settings.php#L25","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/short-comment-filter/trunk/classes/short-comment-filter-settings.php#L21","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/short-comment-filter/trunk/classes/short-comment-filter-settings.php#L54","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/short-comment-filter/trunk/classes/short-comment-filter-settings.php#L61","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/short-comment-filter/trunk/views/settings.php#L25","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4ba46475-bf54-49a8-9b0e-fae3fb4e1df9?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4074","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4074 — The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t…","description":"The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cheikh' and 'lang' shortcode attributes in all versions up to, and including, 1.0.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The q…","indicators":{"cves":["CVE-2026-4074"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:21.947Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/quran-live/tags/1.0.3/inc/Class_QuranLive.php#L191","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/tags/1.0.3/inc/Class_QuranLive.php#L216","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/tags/1.0.3/inc/Class_QuranLive.php#L217","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/tags/1.0.3/inc/Class_QuranLive.php#L245","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/tags/1.0.3/inc/Class_QuranLive.php#L246","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/tags/1.0.3/quran-live.php#L110","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/trunk/inc/Class_QuranLive.php#L191","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/trunk/inc/Class_QuranLive.php#L216","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/trunk/inc/Class_QuranLive.php#L217","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/trunk/inc/Class_QuranLive.php#L245","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/trunk/inc/Class_QuranLive.php#L246","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/trunk/quran-live.php#L110","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/883484dd-d48d-46f9-ae96-223626c50039?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4076","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4076 — The Slider Bootstrap Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via…","description":"The Slider Bootstrap Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'category' and 'template' shortcode attributes in all versions up to and including 1.0.7. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes.…","indicators":{"cves":["CVE-2026-4076"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:22.117Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/tags/1.0.7/includes/sbc-shortcode.php#L109","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/tags/1.0.7/includes/sbc-shortcode.php#L113","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/tags/1.0.7/includes/sbc-shortcode.php#L38","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/tags/1.0.7/includes/sbc-shortcode.php#L47","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/tags/1.0.7/includes/sbc-shortcode.php#L7","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/tags/1.0.7/includes/sbc-shortcode.php#L93","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/trunk/includes/sbc-shortcode.php#L109","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/trunk/includes/sbc-shortcode.php#L113","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/trunk/includes/sbc-shortcode.php#L38","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/trunk/includes/sbc-shortcode.php#L47","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/trunk/includes/sbc-shortcode.php#L7","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/trunk/includes/sbc-shortcode.php#L93","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/26fe0b7b-dbf8-467f-b5e2-86a858eeaf89?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4082","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4082 — The ER Swiffy Insert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [swif…","description":"The ER Swiffy Insert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [swiffy] shortcode in all versions up to and including 1.0.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes ('n', 'w', 'h'). These attributes are…","indicators":{"cves":["CVE-2026-4082"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:22.273Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/er-swiffy-insert/tags/1.0.0/er-swiffy-insert.php#L49","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/er-swiffy-insert/tags/1.0.0/er-swiffy-insert.php#L56","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/er-swiffy-insert/trunk/er-swiffy-insert.php#L49","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/er-swiffy-insert/trunk/er-swiffy-insert.php#L56","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/074d9712-9b26-47da-9e24-49854fd7257c?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4085","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4085 — The Easy Social Photos Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via…","description":"The Easy Social Photos Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapper_class' shortcode attribute of the 'my-instagram-feed' shortcode in all versions up to, and including, 3.1.2. This is due to insufficient input sanitization and output escaping on user su…","indicators":{"cves":["CVE-2026-4085"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:22.417Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/my-instagram-feed/tags/3.1.2/frontend/class-my-instagram-feed-frontend.php#L53","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/my-instagram-feed/tags/3.1.2/frontend/views/feed.php#L102","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/my-instagram-feed/trunk/frontend/class-my-instagram-feed-frontend.php#L53","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/my-instagram-feed/trunk/frontend/views/feed.php#L102","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8640724c-0bd4-4684-9fd1-027f2af64e67?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4088","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4088 — The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppw_c…","description":"The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppw_cta_box' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user-supplied post meta values including 'cta_box_button_link', 'cta_…","indicators":{"cves":["CVE-2026-4088"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:22.560Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/switch-cta-box/tags/1.1/inc/box_display_template.php#L14","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/switch-cta-box/tags/1.1/inc/box_display_template.php#L18","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/switch-cta-box/tags/1.1/inc/box_display_template.php#L2","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/switch-cta-box/tags/1.1/inc/shortcode_setup.php#L8","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/switch-cta-box/trunk/inc/box_display_template.php#L14","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/switch-cta-box/trunk/inc/box_display_template.php#L18","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/switch-cta-box/trunk/inc/box_display_template.php#L2","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/switch-cta-box/trunk/inc/shortcode_setup.php#L8","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/19a3fc90-b81c-4451-80e0-cead99a2dcd9?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4089","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4089 — The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id…","description":"The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in all versions up to and including 1.0.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The ttt_twittee_tweeter() fun…","indicators":{"cves":["CVE-2026-4089"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:22.713Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/twittee-text-tweet/tags/1.0.8/ttt-twittee-text-tweet.php#L55","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/twittee-text-tweet/tags/1.0.8/ttt-twittee-text-tweet.php#L87","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/twittee-text-tweet/trunk/ttt-twittee-text-tweet.php#L55","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/twittee-text-tweet/trunk/ttt-twittee-text-tweet.php#L87","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4d678e97-f466-4640-83ee-a3a24550e8d8?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4090","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4090 — The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up…","description":"The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in the rd_ic_settings_page function when processing settings form submissions. This makes it possible for unauthenticated attackers…","indicators":{"cves":["CVE-2026-4090"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:22.867Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/tags/0.0.0.0/includes/inquiry-cart-shortcode.php#L32","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/tags/0.0.0.0/includes/inquiry-cart-shortcode.php#L34","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/tags/0.0.0.0/includes/settings-page.php#L21","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/tags/0.0.0.0/includes/settings-page.php#L46","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/tags/0.0.0.0/includes/settings-page.php#L47","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/tags/0.0.0.0/includes/settings-page.php#L48","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/tags/0.0.0.0/includes/settings-page.php#L49","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/tags/0.0.0.0/includes/settings-page.php#L6","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/trunk/includes/inquiry-cart-shortcode.php#L32","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/trunk/includes/inquiry-cart-shortcode.php#L34","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/trunk/includes/settings-page.php#L21","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/trunk/includes/settings-page.php#L46","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/trunk/includes/settings-page.php#L47","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/trunk/includes/settings-page.php#L48","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/trunk/includes/settings-page.php#L49","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/trunk/includes/settings-page.php#L6","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/772e9b2b-b2d5-4950-804b-d0914004710c?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4117","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4117 — The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and incl…","description":"The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5. This is due to a missing capability check in the CalJSettingsPage class constructor, which processes the 'save-obtained-key' operation directly from POST data without verifying that the re…","indicators":{"cves":["CVE-2026-4117"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:23.027Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/calj/tags/1.5/CalJSettingsPage.php#L25","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/calj/tags/1.5/CalJSettingsPage.php#L30","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/calj/tags/1.5/calj.php#L17","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/calj/trunk/CalJSettingsPage.php#L25","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/calj/trunk/CalJSettingsPage.php#L30","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/calj/trunk/calj.php#L17","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d1c7df8e-2f82-4474-88ef-8c8ddaeb4656?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4118","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4118 — The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ve…","description":"The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.3. This is due to missing nonce validation in the cbox_options_page() function which handles saving, creating, and deleting plugin settings. The form rendered on the s…","indicators":{"cves":["CVE-2026-4118"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:23.180Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/call-to-action-plugin/tags/3.1.3/call-to-action-plugin.php#L41","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/call-to-action-plugin/tags/3.1.3/call-to-action-plugin.php#L55","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/call-to-action-plugin/tags/3.1.3/call-to-action-plugin.php#L69","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/call-to-action-plugin/tags/3.1.3/call-to-action-plugin.php#L76","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/call-to-action-plugin/trunk/call-to-action-plugin.php#L41","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/call-to-action-plugin/trunk/call-to-action-plugin.php#L55","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/call-to-action-plugin/trunk/call-to-action-plugin.php#L69","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/call-to-action-plugin/trunk/call-to-action-plugin.php#L76","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6d15f5de-9ec9-466d-aafe-6304356ccb39?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4121","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4121 — The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to…","description":"The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.1. This is due to missing nonce validation in the plugin's settings page handler (admin/setting.php). The settings form does not include a wp_nonce_field() and the form processing co…","indicators":{"cves":["CVE-2026-4121"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:23.490Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/kcaptcha/tags/1.0.1/admin/setting.php#L12","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/kcaptcha/tags/1.0.1/admin/setting.php#L30","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/kcaptcha/tags/1.0.1/admin/setting.php#L47","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/kcaptcha/trunk/admin/setting.php#L12","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/kcaptcha/trunk/admin/setting.php#L30","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/kcaptcha/trunk/admin/setting.php#L47","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a6c1c73b-76e3-4cb9-ad53-9d5d4e7519c9?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4125","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4125 — The WPMK Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' sho…","description":"The WPMK Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, in the wpmk_block_sh…","indicators":{"cves":["CVE-2026-4125"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:23.633Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/wpmk-block/tags/1.0.1/classes/wpmk-block-class.php#L82","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wpmk-block/tags/1.0.1/classes/wpmk-block-class.php#L97","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wpmk-block/trunk/classes/wpmk-block-class.php#L82","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wpmk-block/trunk/classes/wpmk-block-class.php#L97","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5e397c7a-2aef-4c23-a224-e324ea4bb4b1?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4126","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4126 — The Table Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versio…","description":"The Table Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0 via the 'table_manager' shortcode. The shortcode handler `tablemanager_render_table_shortcode()` takes a user-controlled `table` attribute, applies only `sanitize_key()`…","indicators":{"cves":["CVE-2026-4126"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:23.777Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/table-manager/tags/1.0.0/table-manager.php#L561","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/table-manager/tags/1.0.0/table-manager.php#L572","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/table-manager/tags/1.0.0/table-manager.php#L573","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/table-manager/trunk/table-manager.php#L561","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/table-manager/trunk/table-manager.php#L572","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/table-manager/trunk/table-manager.php#L573","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/25b3607c-f99e-4359-8228-0f3452f80aac?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4128","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4128 — The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing Authorization…","description":"The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. The delete_term() function, which handles the 'tpmcattt_delete_term' AJAX action, does not perform any capability check (e.g., current_user_can()) to veri…","indicators":{"cves":["CVE-2026-4128"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:23.930Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/tp-restore-categories-and-taxonomies/tags/1.0.1/admin/class-tp-move-categories-and-taxonomies-to-trash-admin.php#L474","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/tp-restore-categories-and-taxonomies/tags/1.0.1/includes/class-tp-move-categories-and-taxonomies-to-trash.php#L169","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/tp-restore-categories-and-taxonomies/trunk/admin/class-tp-move-categories-and-taxonomies-to-trash-admin.php#L474","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/tp-restore-categories-and-taxonomies/trunk/includes/class-tp-move-categories-and-taxonomies-to-trash.php#L169","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/53a0749f-86e9-4f62-9de2-a6759c78ba2f?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4131","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4131 — The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery in…","description":"The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.4. This is due to the settings form on the admin page (wpo_admin_page.php) lacking nonce generation (wp_nonce_field) and verification (wp_verify_nonce/check_admin_re…","indicators":{"cves":["CVE-2026-4131"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:24.080Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/tags/1.4/wp-popup-optin.php#L218","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/tags/1.4/wpo_admin_page.php#L103","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/tags/1.4/wpo_admin_page.php#L104","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/tags/1.4/wpo_admin_page.php#L15","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/tags/1.4/wpo_admin_page.php#L43","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/trunk/wp-popup-optin.php#L218","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/trunk/wpo_admin_page.php#L103","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/trunk/wpo_admin_page.php#L104","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/trunk/wpo_admin_page.php#L15","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/trunk/wpo_admin_page.php#L43","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0a8a49c4-21e8-447c-94da-8241c7d66c29?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4133","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4133 — The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all v…","description":"The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.7. This is due to missing nonce validation in the imTextP2POptionPage() function which processes settings updates. The form at line 314 does not include a wp_nonce_field(…","indicators":{"cves":["CVE-2026-4133"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:24.400Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/textp2p-texting-widget/tags/1.7/inc/admin/im-textp2p-options.php#L299","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/textp2p-texting-widget/tags/1.7/inc/admin/im-textp2p-options.php#L7","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/textp2p-texting-widget/trunk/inc/admin/im-textp2p-options.php#L299","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/textp2p-texting-widget/trunk/inc/admin/im-textp2p-options.php#L7","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2d36fa25-108b-462b-b84e-2e77943b1871?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4138","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4138 — The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all v…","description":"The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing nonce validation on the plugin's settings form in the dxuc-unanswered-comments-admin-page.php file. This makes it possible for unauthenticated…","indicators":{"cves":["CVE-2026-4138"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:24.547Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/dx-unanswered-comments/tags/1.7/dxuc-unanswered-comments-admin-page.php#L13","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/dx-unanswered-comments/tags/1.7/dxuc-unanswered-comments-admin-page.php#L21","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/dx-unanswered-comments/tags/1.7/dxuc-unanswered-comments-admin-page.php#L25","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/dx-unanswered-comments/tags/1.7/dxuc-unanswered-comments-admin-page.php#L40","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/dx-unanswered-comments/trunk/dxuc-unanswered-comments-admin-page.php#L13","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/dx-unanswered-comments/trunk/dxuc-unanswered-comments-admin-page.php#L21","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/dx-unanswered-comments/trunk/dxuc-unanswered-comments-admin-page.php#L25","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/dx-unanswered-comments/trunk/dxuc-unanswered-comments-admin-page.php#L40","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e44dbd0e-d6a7-438b-b1bf-a6628734fec4?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4139","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4139 — The mCatFilter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up t…","description":"The mCatFilter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.5.2. This is due to the complete absence of nonce verification and capability checks in the compute_post() function, which processes settings updates. The compute_post() function is…","indicators":{"cves":["CVE-2026-4139"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:24.707Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/mcatfilter/tags/0.5.2/mcatfilter.php#L138","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/mcatfilter/tags/0.5.2/mcatfilter.php#L320","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/mcatfilter/tags/0.5.2/mcatfilter.php#L339","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/mcatfilter/trunk/mcatfilter.php#L138","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/mcatfilter/trunk/mcatfilter.php#L320","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/mcatfilter/trunk/mcatfilter.php#L339","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/622ee6c8-7739-44ae-b88f-63a93c0a9b20?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4140","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4140 — The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in…","description":"The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.1.6. This is due to missing nonce validation in the ni_order_export_action() AJAX handler function. The handler processes settings updates when the 'page' parameter…","indicators":{"cves":["CVE-2026-4140"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:24.857Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/ni-woocommerce-order-export/tags/3.1.6/include/ni-order-export.php#L136","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/ni-woocommerce-order-export/tags/3.1.6/include/ni-order-setting.php#L59","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/ni-woocommerce-order-export/trunk/include/ni-order-export.php#L136","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/ni-woocommerce-order-export/trunk/include/ni-order-setting.php#L59","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2d62c49c-3a33-4865-abcc-22d8e38ac198?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4142","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4142 — The Sentence To SEO (keywords, description and tags) plugin for WordPress is vulnerable to Stored Cr…","description":"The Sentence To SEO (keywords, description and tags) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Permanent keywords' field in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping. The plugin reads user input via filte…","indicators":{"cves":["CVE-2026-4142"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:25.000Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php#L262","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php#L50","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php#L75","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php#L81","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php#L87","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php#L262","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php#L50","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php#L75","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php#L81","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php#L87","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7d11b2db-d097-433f-923c-f49ef2951c0e?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4279","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4279 — The Bread & Butter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'breadb…","description":"The Bread & Butter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'breadbutter-customevent-button' shortcode in all versions up to, and including, 8.2.0.25. This is due to insufficient input sanitization and output escaping on the 'event' shortcode attribute. The customEve…","indicators":{"cves":["CVE-2026-4279"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:25.160Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/bread-butter/tags/8.2.0.25/src/Base/Shortcode.php#L364","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/bread-butter/tags/8.2.0.25/src/Base/Shortcode.php#L380","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/bread-butter/trunk/src/Base/Shortcode.php#L364","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/bread-butter/trunk/src/Base/Shortcode.php#L380","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0728b42b-5ec7-46a2-a9a5-3316107e9324?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4280","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4280 — The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up t…","description":"The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwp_ajax_form AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwp_theme option…","indicators":{"cves":["CVE-2026-4280"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:25.310Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/breaking-news-wp/tags/1.3/breaking-news.php#L366","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/breaking-news-wp/tags/1.3/breaking-news.php#L372","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/breaking-news-wp/tags/1.3/breaking-news.php#L85","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/breaking-news-wp/trunk/breaking-news.php#L366","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/breaking-news-wp/trunk/breaking-news.php#L372","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/breaking-news-wp/trunk/breaking-news.php#L85","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4772b482-f5e5-4707-b012-aca70fc89e49?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4353","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4353 — The CI HUB Connector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id'…","description":"The CI HUB Connector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the `cihub_metadata` shortcode in all versions up to, and including, 1.2.106 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers…","indicators":{"cves":["CVE-2026-4353"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:25.457Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/ci-hub-connector/tags/1.2.106/ci-hub-wordpress-connector.php#L645","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/ci-hub-connector/trunk/ci-hub-wordpress-connector.php#L645","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f4b36468-319a-4de3-9112-bd4a3cf7d637?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5748","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5748 — The Text Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's…","description":"The Text Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ts` shortcode in all versions up to, and including, 0.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,…","indicators":{"cves":["CVE-2026-5748"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:25.700Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/text-snippet/tags/0.0.1/text-snippet.php#L78","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/text-snippet/trunk/text-snippet.php#L78","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8cc7a0f3-6a58-4e42-9341-aecf55d2ccb1?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5767","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5767 — The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin…","description":"The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `slideShowProSC` shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat…","indicators":{"cves":["CVE-2026-5767"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:25.840Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/slideshowpro-shortcode/tags/1.0.2/slideshowpro_sc.php#L287","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slideshowpro-shortcode/trunk/slideshowpro_sc.php#L287","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/51467cef-9624-4dd9-a368-d3b5fac7bb3d?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5820","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5820 — The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table o…","description":"The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 1.0.6. This is due to the front-end TOC rendering script reading heading text via `innerText` and inserting it into the page using `innerHTML` wi…","indicators":{"cves":["CVE-2026-5820"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:25.977Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/zypento-blocks/tags/1.0.6/assets/js/src/blocks/table-of-contents/view.js#L57","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/zypento-blocks/tags/1.0.6/assets/js/src/blocks/table-of-contents/view.js#L71","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/024a6a0f-f819-40e7-9618-71219c27aa64?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6041","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6041 — The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom…","description":"The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom Buzz Avatar' (buzz_comments_avatar_image) setting in all versions up to, and including, 0.9.4. This is due to insufficient input sanitization and output escaping. This makes it possible for authentica…","indicators":{"cves":["CVE-2026-6041"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:26.123Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/buzz-comments/trunk/admin.tpl.php#L36","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/buzz-comments/trunk/buzzComments_class.php#L187","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1516ebe7-4d16-4e97-9baa-bc5857f95126?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6236","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6236 — The Posts map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' short…","description":"The Posts map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' shortcode attribute in all versions up to, and including, 0.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, w…","indicators":{"cves":["CVE-2026-6236"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:26.400Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/posts-map/tags/0.1.3/posts-map.php#L33","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/posts-map/tags/0.1.3/posts-map.php#L78","label":"security@wordfence.com","domainType":"other"},{"url":"https://wordpress.org/plugins/posts-map/","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e02c5817-7a54-4958-a076-71e5e7729cda?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6246","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6246 — The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting…","description":"The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'container_right_width' attribute of the 'simple_random_posts' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping on user supplied a…","indicators":{"cves":["CVE-2026-6246"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:26.540Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/simple-random-posts-shortcode/tags/0.3/simple-random-posts-shortcode.php#L54","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/simple-random-posts-shortcode/trunk/simple-random-posts-shortcode.php#L54","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7d61e6ea-4975-452a-8f9c-1c6d428372ac?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6294","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6294 — The Google PageRank Display plugin for WordPress is vulnerable to Cross-Site Request Forgery in vers…","description":"The Google PageRank Display plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4. This is due to missing nonce validation in the gpdisplay_option() function, which handles the plugin settings page. The settings form does not include a wp_nonce_field(),…","indicators":{"cves":["CVE-2026-6294"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:26.677Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/google-pagerank-display/tags/1.4/gpdisplay.php#L32","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/google-pagerank-display/tags/1.4/gpdisplay.php#L56","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/google-pagerank-display/trunk/gpdisplay.php#L32","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/google-pagerank-display/trunk/gpdisplay.php#L56","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e39ebe27-7780-48b6-8dca-7da7a78fce69?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6396","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6396 — The Fast & Fancy Filter – 3F plugin for WordPress is vulnerable to Cross-Site Request Forgery in ver…","description":"The Fast & Fancy Filter – 3F plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce verification in the saveFields() function, which handles the fff_save_settins AJAX action. This makes it possible for unauthenticated atta…","indicators":{"cves":["CVE-2026-6396"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:26.810Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/fast-fancy-filter-3f/tags/1.2.2/includes/admin/class-admin.php#L24","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/fast-fancy-filter-3f/tags/1.2.2/includes/admin/class-admin.php#L419","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/fast-fancy-filter-3f/trunk/includes/admin/class-admin.php#L24","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/fast-fancy-filter-3f/trunk/includes/admin/class-admin.php#L419","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4b5fbf2c-1231-482f-b5a5-819f31da3524?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6843","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6843 — A flaw was found in nano. A local user could exploit a format string vulnerability in the `statuslin…","description":"A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application attempts to display this name, leading to a segmentation fault (SEGV). This results in a Denial of Se…","indicators":{"cves":["CVE-2026-6843"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:26.963Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6843","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460017","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6844","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6844 — A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit tw…","description":"A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable Format (ELF) file. One vulnerability, a resource exhaustion (CWE-400), can lead to an out-of-memory c…","indicators":{"cves":["CVE-2026-6844"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:27.140Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6844","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460016","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6845","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6845 — A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a…","description":"A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw can lead to the syste…","indicators":{"cves":["CVE-2026-6845"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:27.373Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6845","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460012","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1395","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1395 — The Gutentools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Slider…","description":"The Gutentools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Slider block's block_id attribute in all versions up to, and including, 1.1.3. This is due to insufficient input sanitization and output escaping combined with a custom unescaping routine that reintroduces…","indicators":{"cves":["CVE-2026-1395"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:50.437Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/gutentools/tags/1.1.3/core/blocks/post-slider.php#L232","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/gutentools/trunk/core/blocks/post-slider.php#L232","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/gutentools/trunk/core/gutentools_block.php#L123","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3476597/gutentools/trunk/core/blocks/post-slider.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b2683b4e-b993-4c84-b7cc-a2cb511b4097?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1913","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1913 — The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t…","description":"The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login_link shortcode in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the 'prefix' attribute. This makes it possible for authentica…","indicators":{"cves":["CVE-2026-1913"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:50.853Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/gallagher-website-design/tags/2.6.4/gallagher-website-design.php#L203","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/gallagher-website-design/trunk/gallagher-website-design.php#L203","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3454227%40gallagher-website-design&new=3454227%40gallagher-website-design&sfp_email=&sfph_mail=","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d8d013ae-a512-454a-bcfc-8725a6928fee?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1930","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1930 — The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a missi…","description":"The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the page_options_ajax_disconnect() function in all versions up to, and including, 3.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and abo…","indicators":{"cves":["CVE-2026-1930"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:51.000Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/emailchef/tags/3.5.1/admin/class-emailchef-admin.php#L121","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/emailchef/tags/3.5.1/admin/class-emailchef-admin.php#L200","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/emailchef/trunk/admin/class-emailchef-admin.php#L121","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/emailchef/trunk/admin/class-emailchef-admin.php#L200","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3474353%40emailchef&new=3474353%40emailchef&sfp_email=&sfph_mail=","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3ae02595-17f0-472d-bc4f-6169cce7a583?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33256","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33256 — An attacker can send a web request that causes unlimited memory allocation in the internal web serve…","description":"An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.","indicators":{"cves":["CVE-2026-33256","CVE-2026-33257","CVE-2026-33260"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:51.193Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","label":"security@open-xchange.com","domainType":"other"},{"url":"https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html","label":"security@open-xchange.com","domainType":"other"},{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33258","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33258 — By publishing and querying a crafted zone an attacker can cause allocation of large entries in the n…","description":"By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC(3) caches.","indicators":{"cves":["CVE-2026-33258"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:51.460Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33259","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33259 — Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free a…","description":"Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur with a malfunctioning RPZ provider.","indicators":{"cves":["CVE-2026-33259"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:51.580Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33261","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33261 — A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of s…","description":"A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service.","indicators":{"cves":["CVE-2026-33261"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:51.857Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33262","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33262 — An attacker can send replies that result in a null pointer dereference, caused by a missing consiste…","description":"An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are disabled by default.","indicators":{"cves":["CVE-2026-33262"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:51.997Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33600","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33600 — An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by…","description":"An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.","indicators":{"cves":["CVE-2026-33600"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:52.107Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33601","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33601 — If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zo…","description":"If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.","indicators":{"cves":["CVE-2026-33601"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:52.223Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6848","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6848 — A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive…","description":"A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with access to an idle authent…","indicators":{"cves":["CVE-2026-6848"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:52.347Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6848","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460119","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33254","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33254 — An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memor…","description":"An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default.","indicators":{"cves":["CVE-2026-33254"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:53.520Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33594","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33594 — A client can trigger excessive memory allocation by generating a lot of queries that are routed to a…","description":"A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released until the end of the connection.","indicators":{"cves":["CVE-2026-33594"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:53.837Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33595","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33595 — A client can trigger excessive memory allocation by generating a lot of errors responses over a sing…","description":"A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection.","indicators":{"cves":["CVE-2026-33595"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:53.950Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33598","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33598 — A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAd…","description":"A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress() or getAddressListByDomain() on a packet cache.","indicators":{"cves":["CVE-2026-33598"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:54.303Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33602","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33602 — A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum co…","description":"A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service.","indicators":{"cves":["CVE-2026-33602"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:54.537Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33609","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33609 — Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queri…","description":"Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees.","indicators":{"cves":["CVE-2026-33609"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:54.770Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33610","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33610 — A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when…","description":"A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it.","indicators":{"cves":["CVE-2026-33610"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:54.887Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33611","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33611 — An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS…","description":"An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend.","indicators":{"cves":["CVE-2026-33611"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:55.000Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6861","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6861 — A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs proc…","description":"A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG (Scalable Vector Graphics) CSS (Cascading Style Sheets) data. A local user could exploit this by convincing a victim to open a malicious SVG file, which may lead to a denia…","indicators":{"cves":["CVE-2026-6861"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:17:07.860Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6861","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2459992","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6862","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6862 — A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fai…","description":"A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI (Extensible Firmware Interface) device path node header. A local user could exploit this vulnerab…","indicators":{"cves":["CVE-2026-6862"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:17:08.060Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6862","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2459982","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"vendor-ir-trends-q1-2026-phishing-reemerges-as-top-initial-access-vector-as-attacks-tar","source":"vendor-blogs","category":"advisory","severity":"medium","title":"IR Trends Q1 2026: Phishing reemerges as top initial access vector, as attacks targeting public administration persist","description":"Phishing reemerged as the most observed means of gaining initial access, accounting for over a third of the engagements where initial access could be determined. Phishing has not been the top vertical for initial access since Q2 2025.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:00:34.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://blog.talosintelligence.com/ir-trends-q1-2026/","label":"Cisco Talos","domainType":"other"}],"feedLabel":null},{"id":"vendor-podcast-it-s-not-you-it-s-your-printer-state-sponsored-and-phishing-threats-in-2","source":"vendor-blogs","category":"advisory","severity":"medium","title":"[Podcast] It's not you, it's your printer: State-sponsored and phishing threats in 2025","description":"In this episode of Talos Takes, Amy and Martin Lee unpack state-sponsored and phishing trends from the 2025 Talos Year in Review.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:29:49.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://blog.talosintelligence.com/podcast-its-not-you-its-your-printer-state-sponsored-and-phishing-threats-in-2025/","label":"Cisco Talos","domainType":"other"}],"feedLabel":null},{"id":"vendor-phishing-and-mfa-exploitation-targeting-the-keys-to-the-kingdom","source":"vendor-blogs","category":"advisory","severity":"medium","title":"Phishing and MFA exploitation: Targeting the keys to the kingdom","description":"In 2025, attackers increasingly targeted weaknesses in multi-factor authentication (MFA) workflows, and phishing attacks leveraged valid, compromised credentials to launch lures from trusted accounts. The trends focused entirely on trust, or the lack thereof, in everyday business operations.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:00:08.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://blog.talosintelligence.com/phishing-and-mfa-exploitation-targeting-the-keys-to-the-kingdom/","label":"Cisco Talos","domainType":"other"}],"feedLabel":null},{"id":"threatfox-1796033","source":"threatfox","category":"threat-intel","severity":"medium","title":"payload: undefined","description":"https://x.com/suyog41/status/2046592187606220864","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["EnmityStealer","ClickFix","finger-tcp79","fingerfix","win.fingerfix","finger-delivery","Mirax"],"malwareFamily":"Unknown Stealer","confidence":100,"publishedAt":"2026-04-22T10:39:07Z","fetchedAt":"2026-04-22T15:00:06.465Z","references":[{"url":"https://x.com/suyog41/status/2046592187606220864","label":"ThreatFox","domainType":"other"},{"url":"https://www.cleafy.com/cleafy-labs/mirax-a-new-android-rat-turning-infected-devices-into-potential-residential-proxy-nodes","label":"ThreatFox","domainType":"other"}],"feedLabel":null},{"id":"otx-69e7a6a0bb463e49c9b7572e","source":"otx","category":"threat-intel","severity":"medium","title":"New NGate variant hides in a trojanized NFC payment app","description":"ESET researchers have identified a new NGate malware variant targeting Android users in Brazil since November 2025. The threat actors trojanized the legitimate HandyPay NFC payment application, likely using AI-generated code, to relay NFC data from victims' payment cards to attacker-controlled devic…","indicators":{"cves":[],"ips":["108.165.230.223"],"domains":["raiffeisen-cz.eu","app.mobil-csob-cz.eu","nfc.cryptomaker.info","protecaocartao.online","spy.ngate.cc"],"urls":[],"hashes":{"md5":"d142bb04f32a50db476b63bbe1ac2ee7","sha1":"a4f793539480677241ef312150e9c02e324c0aa2","sha256":"6e3eea7fb31b8e81026021307247f6eecc5b7f97f35e900796f4786746cde3b8"}},"tags":["handypay trojanization","brazil targeting","ngate","fake lottery","nfc relay","ai-generated code","pin theft","phantomcard","payment card fraud","ransomware","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T16:32:32.765Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69e7a6a0bb463e49c9b7572e","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e8738326fb86b891dd3c1f","source":"otx","category":"threat-intel","severity":"medium","title":"March 2026 Phishing Email Trends Report","description":"In March 2026, trojans represented 21% of attachment-based threats, while phishing attacks using fake pages dropped from 42% to 15% month-over-month. Script-based malware increased significantly, with HTML at 14% and JavaScript at 11%. Compressed files including ZIP (14%), RAR (8%), and 7Z (5%) were…","indicators":{"cves":[],"ips":[],"domains":["controller.airdns.org","ccp11nl.hyperhost.ua"],"urls":[],"hashes":{"md5":"0e9bd0c9991b21b13eddb518dee0eecf","sha1":null,"sha256":null}},"tags":["agenttesla","phishing email","trojan campaigns","fake invoices","remcosrat","script-based attacks","credential theft","html phishing","phishing","botnet","infostealer"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:06:43.012Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69e8738326fb86b891dd3c1f","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e76908461fbf60038d0105","source":"otx","category":"threat-intel","severity":"medium","title":"Highly destructive Lotus Wiper used in a targeted attack","description":"A highly targeted destructive wiper campaign dubbed 'Lotus Wiper' was discovered targeting the energy and utilities sector in Venezuela during late 2025 and early 2026. The attack begins with batch scripts coordinating execution across networks using domain shares as trigger mechanisms. These script…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"c6d0f67db6a7dbf1f9394d98c1e13670","sha1":null,"sha256":null}},"tags":["destructive attack","targeted campaign","critical infrastructure","batch scripts","venezuela","disk wiping","lotus wiper","energy sector","ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:09:44.593Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69e76908461fbf60038d0105","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e68c661e82c96759b91265","source":"otx","category":"threat-intel","severity":"medium","title":"Nightmare-Eclipse Tooling Seen in Real-World Intrusion","description":"Activity involving BlueHammer, RedSun, and UnDefend tooling from the Nightmare-Eclipse proof-of-concept repository was observed during a live intrusion investigation. The malicious binaries were staged in user-writable directories including Pictures and Downloads folders, with execution attempts fai…","indicators":{"cves":["CVE-2026-33825"],"ips":["78.29.48.29","212.232.23.69"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":"a2b6c7a9c4490df70de3cdbfa5fc801a3e1cf6a872749259487e354de2876b7c"}},"tags":["undefend","beigeburrow","nightmare-eclipse","cve-2026-33825","redsun","windows defender bypass","bluehammer","fortigate vpn","privilege escalation"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T20:28:22.703Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69e68c661e82c96759b91265","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e6db546f646b9818b7bf0d","source":"otx","category":"threat-intel","severity":"medium","title":"macOS ClickFix Campaign: AppleScript Stealers & New Terminal Protections","description":"A sophisticated ClickFix campaign targets both Windows and macOS users through fake CAPTCHA pages that trick victims into executing malicious commands. The macOS variant deploys an AppleScript-based infostealer that harvests sensitive data including keychain databases, credentials, and session cooki…","indicators":{"cves":[],"ips":["172.94.9.250","172.94.9.250"],"domains":["gen.detect.by.nscloudsandbox.tr","bull-run.fun","spot-wave.fun"],"urls":["https://bull-run.fun/","https://spot-wave.fun/","http://172.94.9.250/d/xxx10108"],"hashes":{"md5":"e12285f507c847b986233991b86b22e3","sha1":null,"sha256":"c07a15640065580e3bbff86eb567050e1a9e9847e2034ff00953ce7eeb2eec41"}},"tags":["clickfix","macos","session hijacking","credential harvesting","cryptocurrency wallet theft","applescript","social engineering","browser data exfiltration","infostealer","phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T02:05:08.869Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69e6db546f646b9818b7bf0d","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e68ccac96ab3f866763f12","source":"otx","category":"threat-intel","severity":"medium","title":"Abusing OAuth Device Code Flow","description":"In early 2026, phishing attacks remain a top threat vector in security operations. This analysis covers a novel attack method exploiting Microsoft's OAuth 2.0 Device Authorization Grant (Device Code Flow) to compromise user accounts. Attackers use phishing emails containing Mailchimp's Mandrill serv…","indicators":{"cves":[],"ips":[],"domains":["adobe.safest.org"],"urls":["http://adobe.safest.org/","http://ppsrq.org/so/3dPniokM8/c"],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["persistent access","microsoft entra id","device code flow","graph api","oauth","phishing","credential theft","token hijacking"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T20:30:02.335Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69e68ccac96ab3f866763f12","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e734af1069d427edf013a9","source":"otx","category":"threat-intel","severity":"medium","title":"StepDrainer MaaS Platform Targeting Multi-Chain Crypto Wallets and NFT Assets","description":"StepDrainer is a Malware-as-a-Service (MaaS) platform engineered to steal digital assets from cryptocurrency wallets, including fungible tokens and high-value NFT collections. The malware supports more than 20 blockchain networks and incorporates multiple draining techniques, particularly abusing ER…","indicators":{"cves":[],"ips":[],"domains":["aodefevrgdkhqltdnwgzbyjoywrlbntbhfwq.com","moonscan.live","scanclaw.live","aahdjjsivunugynqjvyfbhqnjekniyfboma.com"],"urls":["http://scanclaw.live/KjYQnKB-.php","http://moonscan.live/7w2NU3Z-.php"],"hashes":{"md5":null,"sha1":null,"sha256":"7fd19c564761e2c8c9b583cf30db810e313417c7d3572f637f8cedf4d2cc1e91"}},"tags":["smart contract","stager api","stepdrainer","maas","infostealer","crypto"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T08:26:23.319Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69e734af1069d427edf013a9","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e739ee02f0f88b6f9e017a","source":"otx","category":"threat-intel","severity":"medium","title":"Zero-Day Local Privilege Escalation Exploit","description":"RedSun.exe is a publicly available proof-of-concept exploit targeting a zero-day vulnerability in Microsoft Defender that enables local privilege escalation from standard user to SYSTEM-level access on Windows systems. The exploit leverages flawed Defender remediation logic for cloud-tagged maliciou…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"7933bb74a2b3289e8c4b74a43c2149ac","sha1":"f0f0c5a3421f4d00b9da1387ff9d3cc12332b559","sha256":"57a70c383feb9af60b64ab6768a1ca1b3f7394b8c5ffdbfafc8e988d63935120"}},"tags":["redsun","redsun.exe","microsoft defender","windows","zero-day","system access","privilege escalation","tieringengineservice","filesystem manipulation","zeroday"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T08:48:46.405Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69e739ee02f0f88b6f9e017a","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e628228cf9938a05a3c669","source":"otx","category":"threat-intel","severity":"medium","title":"FlowerStorm Phishing Kit Targeting Microsoft Credentials via Cloudflare-Backed Infrastructure","description":"IOCs related to FlowerStorm phishing‑kit–driven campaign that delivers fake Microsoft authentication pages via compromised domains fronted by Cloudflare. The activity abuses legitimate cloud and CDN services for delivery while credential harvesting occurs on attacker‑controlled infrastructure, with…","indicators":{"cves":[],"ips":[],"domains":["boysgirlsclubchester.continuousperformance.de","chestersuplandsd.continuousperformance.de","chesteruplandsd.continuousperformance.de","delcofamilyvillage.continuousperformance.de","fleschlawfirm.continuousperformance.de","jbsafetyintl.continuousperformance.de","stevenscollege.continuousperformance.de"],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["flowerstorm","iocs","cloudflare","phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T13:20:34.778Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69e628228cf9938a05a3c669","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e5ff33953b2bfaa5b6c105","source":"otx","category":"threat-intel","severity":"medium","title":"FakeWallet crypto stealer spreading in the App Store","description":"In March 2026, over twenty phishing applications were discovered in the Apple App Store masquerading as popular cryptocurrency wallets. These malicious apps redirect users to browser pages that distribute trojanized versions of legitimate wallets designed to steal recovery phrases and private keys.…","indicators":{"cves":[],"ips":[],"domains":["appstoreios.com","iosfc.com","crypto-stroe.cc","helllo2025.com","kkkhhhnnn.com","nmu8n.com","sxsfcc.com","yjzhengruol.com","zmx6f.com","6688cf.jhxrpbgq.com","api.dc1637.xyz","mgi1y.siyangoil.com","mti4ywy4.lahuafa.com","mtjln.siyangoil.com","mziyytm5ytk.ahroar.com","ngy2yjq0otlj.ahroar.com","ntm0mdkzymy3n.oukwww.com","nziwytu5n.lahuafa.com","odm0.siyangoil.com","www.gxzhrc.cn","xz.apps-store.im","zdrhnmjjndu.ulbcl.com"],"urls":["https://139.180.139.209/prod-api/system/confData/getUserConfByKey/","https://6688cf.jhxrpbgq.com/6axqkwuq","https://api.dc1637.xyz","https://api.npoint.io/153b165a59f8f7d7b097","https://appstoreios.com/DjZH?key=646556306F6Q465O313L737N3332939Y353I830F31","https://crypto-stroe.cc/","https://helllo2025.com/api/open/postByTokenpocket","https://iosfc.com/ledger/ios/Rsakeycatch.php","https://kkkhhhnnn.com/api/open/postByTokenpocket","https://mgi1y.siyangoil.com/vmzLvi4Dh/1Dd0m4BmAuhVVCbzF","https://mti4ywy4.lahuafa.com/UVB2U/mw2ZmvXKUEbzI0n","https://mtjln.siyangoil.com/08dT284P/1ZMz5Xmb0EoQZVvS5","https://mziyytm5ytk.ahroar.com/kAN2pIEaariFb8Yc","https://ngy2yjq0otlj.ahroar.com/17pIWJfr9DBiXYrSb","https://ngy2yjq0otlj.ahroar.com/EpCXMKDMx1roYGJ","https://nmu8n.com/tpocket/ios/Rsakeyword.php","https://ntm0mdkzymy3n.oukwww.com/7nhn7jvv5YieDe7P?0e7b9c78e=686989d97cf0d70346cbde2031207cbf","https://ntm0mdkzymy3n.oukwww.com/jFms03nKTf7RIZN8?61f68b07f8=0565364633b5acdd24a498a6a9ab4eca","https://nziwytu5n.lahuafa.com/10RsW/mw2ZmvXKUEbzI0n","https://odm0.siyangoil.com/TYTmtV8t/JG6T5nvM1AYqAcN","https://sxsfcc.com/api/open/postByTokenpocket","https://www.gxzhrc.cn/download/","https://xz.apps-store.im/CqDq?key=646R563V6F6Y465K313J737G343C3352383R336O35","https://xz.apps-store.im/DjZH?key=646B563L6F6N4657313B737U3436335E3833331737","https://xz.apps-store.im/s/dDan?key=646756376F6A465D313L737J333993473233038L39&c=","https://xz.apps-store.im/s/iuXt?key=646Y563Y6F6H465J313X737U333S9342323N030R34&c=","https://yjzhengruol.com/s/3f605f","https://zdrhnmjjndu.ulbcl.com/7uchSEp6DIEAqux?a3f65e=417ae7f384c49de8c672aec86d5a2860","https://zdrhnmjjndu.ulbcl.com/tWe0ASmXJbDz3KGh?4a1bbe6d=31d25ddf2697b9e13ee883fff328b22f","https://zmx6f.com/btp/ios/receiRsakeyword.php"],"hashes":{"md5":"fd0dc5d4bba740c7b4cc78c4b19a5840","sha1":null,"sha256":null}},"tags":["provisioning profiles","fakewallet","chinese targeting","enterprise certificates","ios","phishing apps","cryptocurrency","sparkkitty","phishing","supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T10:25:55.404Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69e5ff33953b2bfaa5b6c105","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e2417e5e4fdd5f16c75dbe","source":"otx","category":"threat-intel","severity":"medium","title":"Untangling a Linux Incident With an OpenAI Twist","description":"A technology sector organization experienced a multi-actor compromise on a Linux endpoint where cryptominers were deployed and credential harvesting occurred. The incident became complex when the legitimate user attempted to troubleshoot suspected malicious activity using OpenAI's Codex AI agent whi…","indicators":{"cves":["CVE-2025-47812"],"ips":["62.60.246.210"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["codex ai","multi-actor","living-off-the-land","linux compromise","edr evasion","credential theft","monero mining","cryptominer","phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:19:42.479Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69e2417e5e4fdd5f16c75dbe","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e27c47d37f66809a367479","source":"otx","category":"threat-intel","severity":"medium","title":"From fake Proton VPN sites to gaming mods, this Windows infostealer is everywhere","description":"Multiple campaigns are distributing NWHStealer through diverse delivery methods including fake VPN downloads, hardware utilities, and gaming modifications. The malware collects browser data, saved passwords, and cryptocurrency wallet information. Distribution occurs via fake websites impersonating l…","indicators":{"cves":[],"ips":[],"domains":["get-proton-vpn.com","vpn-proton-setup.com","newworld-helloworld.icu"],"urls":["https://www.onworks.net/software/windows/app-hardware-visualizer"],"hashes":{"md5":"15b2bb2a3d57e2553ff79a7e47101550","sha1":"eaa4260a222b6cf41fb9033a8f3ee213ce85983f","sha256":"e97cb6cbcf2583fe4d8dcabd70d3f67f6cc977fc9a8cbb42f8a2284efe24a1e3"}},"tags":["nwhstealer","fake vpn","dll hijacking","infostealer","process injection","cryptocurrency wallet theft","browser data theft","uac bypass","cryptocurrency theft","fake websites","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T18:30:31.161Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69e27c47d37f66809a367479","label":"OTX Pulse","domainType":"primary"},{"url":"https://otx.alienvault.com/pulse/69dfb91808e1258915184d6e","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e389bd5760ef67b7f37472","source":"otx","category":"threat-intel","severity":"medium","title":"Operation PhantomCLR: Stealth Execution via AppDomain Hijacking and In-Memory .NET Abuse","description":"A highly sophisticated multi-stage post-exploitation framework targeting organizations in the Middle East and EMEA financial sectors exploits legitimate digitally signed Intel utilities through .NET AppDomainManager mechanism abuse. The attack leverages trusted binary proxy execution, bypassing EDR…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"c84e5bb76d90607bc03de133215f800e","sha1":"da346cb32cacd215b9f0b245ad0048815a718dee","sha256":"f2266b45d60f5443c5c9304b5f0246348ad82ca4f63c7554c46642311e3f8b83"}},"tags":["financial sector","reflective loading","jit trampolining","middle east targeting","cloudfront domain fronting","syscall usage","sandbox evasion","appdomainmanager hijacking","apt","phishing","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T13:40:13.550Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69e389bd5760ef67b7f37472","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69bd18a61f631ff045510990","source":"otx","category":"threat-intel","severity":"medium","title":"CVE-2026-33017: How attackers compromised Langflow AI pipelines in 20 hours","description":"A critical vulnerability in Langflow, an open-source visual framework for AI agents and RAG pipelines, was disclosed on March 17, 2026. The vulnerability, CVE-2026-33017, allows unauthenticated remote code execution on exposed Langflow instances. Within 20 hours, exploitation attempts were observed…","indicators":{"cves":["CVE-2025-3248","CVE-2026-33017"],"ips":[],"domains":["d6tcpc6flblph01gdcb0ku9ixih393m54.oast.live","d6tcpe7nsv6kk9rdrpggi37zmjfxw9imr.oast.me","d6td5s9qte0bea7273e0wuou77jjx77uk.oast.pro","d6tgbe1qte0a8rkffb3gqabqm8517exd3.oast.fun"],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["cve-2026-33017","exploitation","data exfiltration","langflow","vulnerability","ai","rce","honeypot","supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-03-20T09:51:34.102Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69bd18a61f631ff045510990","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e1f0e855758d808bea9915","source":"otx","category":"threat-intel","severity":"medium","title":"Joomla SEO Spam Injector: Obfuscated PHP Backdoor Hijacking Site Visitors","description":"A compromised Joomla website displayed suspicious product links unrelated to the business. Investigation revealed heavily obfuscated PHP code injected at the top of index.php that contacted external command-and-control servers to receive instructions and manipulate content. The malware acts as a rem…","indicators":{"cves":[],"ips":[],"domains":["lashowroom.com","cdn.erpsaz.com","cdn.saholerp.com"],"urls":["http://cdn.erpsaz.com/admin.php"],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["obfuscation","php backdoor","dynamic content injection","remote loader","joomla","search engine manipulation","command-and-control","seo spam","ransomware","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:35:52.341Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69e1f0e855758d808bea9915","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e1fb9b3bbb36c5db446094","source":"otx","category":"threat-intel","severity":"medium","title":"Direct-Sys Loader and CGrabber Stealer Five-Stage Malware Chain","description":"A sophisticated five-stage malware operation delivers two new malware families: Direct-Sys Loader and CGrabber Stealer. The attack begins with ZIP archives distributed via GitHub user attachment URLs, exploiting a legitimate Microsoft-signed binary (Launcher_x64.exe) for DLL sideloading. Direct-Sys…","indicators":{"cves":[],"ips":[],"domains":["sinixproduction.com","evasivestars.com","attackzombie.com","gogenbydet.cc","playbergs.info","startbuldingship.com","technologytorg.com"],"urls":["http://technologytorg.com/api/auth","http://technologytorg.com/api/upload/chunk","http://technologytorg.com/api/upload/complete","http://technologytorg.com/api/upload/start"],"hashes":{"md5":"ed770654eb36947eec999ea1492452c9","sha1":"c686657afbb6c86e97e1a546cb3a5035b9770f3b","sha256":"fd8bba8b570050cbe0a82f21209eafe1ddaf007f4f5aec100b8b29cae9a76d49"}},"tags":["information stealer","cryptocurrency theft","syscall","direct-sys loader","cgrabber stealer","anti-analysis","dll sideloading","github distribution"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T09:21:31.050Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69e1fb9b3bbb36c5db446094","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e0dddf690d636ed8ac9c40","source":"otx","category":"threat-intel","severity":"medium","title":"Beyond the breach: inside a cargo theft actor's post-compromise playbook","description":"A cargo theft threat actor maintained access to a decoy environment for over a month, providing extensive visibility into post-compromise operations. The attacker established redundant persistence using multiple remote access tools, including four ScreenConnect instances, Pulseway RMM, and SimpleHel…","indicators":{"cves":[],"ips":[],"domains":["qto12q.top","carrier-packets-docs.com","amtechcomputers.net","nq251os.top","officcee404.com","af124i1agga.anondns.net","screlay.amtechcomputers.net","signer.bulbcentral.com"],"urls":["https://carrier-packets-docs.com/FREEDOM_FREIGHT_SERVICES_CARRIERS_ONBOARDING.vbs","https://qto12q.top/pdf.ps1"],"hashes":{"md5":"03b8a9da7ca89c139a13681e360d3082","sha1":"d45d60b20006bc3a39ae1761cb5f5f5b067b4ee5","sha256":"f4977bfeae2a957add1aaf01804d2de2a5a5f9f1338f719db661ac4f53528747"}},"tags":["cargo theft","freight fraud","screenconnect","rmm tools","transportation targeting","cryptocurrency stealer","load board compromise","signing-as-a-service","ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T13:02:23.747Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69e0dddf690d636ed8ac9c40","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e09f9d80e986921250a6f3","source":"otx","category":"threat-intel","severity":"medium","title":"CVE-2026-39987 update: How attackers weaponized marimo to deploy a blockchain botnet via HuggingFace","description":"Three days after disclosure of a critical pre-authorization remote code execution vulnerability in the marimo Python notebook platform, multiple threat actors deployed malware hosted on HuggingFace Spaces. A previously undocumented NKAbuse variant was delivered through a typosquatted HuggingFace Spa…","indicators":{"cves":["CVE-2017-5638","CVE-2026-39987"],"ips":["111.90.145.139","160.30.128.96","185.225.17.176","38.147.173.172","120.227.46.184","185.187.207.193","45.147.97.11","60.249.14.39","92.208.115.60"],"domains":["bskke4.dnslog.cn"],"urls":[],"hashes":{"md5":"bdcb5867f73beae89c3fce46ad5185be","sha1":"9c363fbcc86662ce15cee15e5dd16b71b769ceb4","sha256":"f2960805f89990cb28898e892bbdc5a2f86b6089c68f4ab7f2f5e456a8d0c21d"}},"tags":["huggingface","cve-2026-39987","nkn blockchain","marimo","botnet","rce","supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T08:36:45.830Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69e09f9d80e986921250a6f3","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69dfc7dfb590f3df513f5fee","source":"otx","category":"threat-intel","severity":"medium","title":"Silent Crypto Wallet Takeover Unlimited USDT Approval Exploitation via Trust Wallet QR Code Phishing","description":"An active campaign targets Trust Wallet users through malicious QR codes distributed via Telegram, exploiting deep link mechanisms to redirect victims to Netlify-hosted phishing domains. The attack masquerades as a legitimate USDT transfer interface but covertly triggers an ERC-20 approve() transact…","indicators":{"cves":[],"ips":[],"domains":[],"urls":["https://link.trustwallet.com/open_url?coin_id=60&url=https://swift-wallat-usdt-send.netlify.app","https://send-usdt-09-admin.netlify.app","https://swift-wallat-usdt-send.netlify.app"],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["crypto drainer","qr code phishing","token approval abuse","trust wallet","drainer-as-a-service","usdt","telegram bot","deep link exploitation","bnb smart chain","phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T17:16:15.355Z","fetchedAt":"2026-04-22T15:00:00.860Z","references":[{"url":"https://otx.alienvault.com/pulse/69dfc7dfb590f3df513f5fee","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"news-webinar-eliminate-ghost-identities-before-they-expose-your-enterprise-data","source":"general-news","category":"news","severity":"medium","title":"[Webinar] Eliminate Ghost Identities Before They Expose Your Enterprise Data","description":"In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching.\nFor every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI agent…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T08:07:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://thehackernews.com/2026/04/webinar-find-and-eliminate-orphaned-non.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-obsidian-plugin-abuse-delivers-phantompulse-rat-in-targeted-finance-crypto-attac","source":"general-news","category":"news","severity":"medium","title":"Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks","description":"A \"novel\" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financial and cryptocurrenc…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T10:20:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://thehackernews.com/2026/04/obsidian-plugin-abuse-delivers.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-n8n-webhooks-abused-since-october-2025-to-deliver-malware-via-phishing-emails","source":"general-news","category":"news","severity":"medium","title":"n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails","description":"Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails.\n\"By leveraging trusted infrastructure, these attack…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T17:09:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://thehackernews.com/2026/04/n8n-webhooks-abused-since-october-2025.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-tycoon-2fa-phishers-scatter-adopt-device-code-phishing","source":"general-news","category":"news","severity":"medium","title":"Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing","description":"In embracing device code phishing, attackers trick victims into handing over account access by using a service's legitimate new-device login flow.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T19:05:51.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.darkreading.com/threat-intelligence/tycoon-2fa-hackers-device-code-phishing","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-surge-in-silent-subject-phishing-attacks-targets-vip-users","source":"general-news","category":"news","severity":"medium","title":"Surge in Silent Subject Phishing Attacks Targets VIP Users","description":"Null subject phishing campaigns bypass filters and target VIPs with QR code and RMM abuse","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T13:00:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.infosecurity-magazine.com/news/silent-subject-phishing-campaigns/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"nvd-CVE-2025-52641","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2025-52641 — HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of int…","description":"HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such information may provide insights into the underlying environment, which could potentially aid in further targeted actions or limited information disclosur…","indicators":{"cves":["CVE-2025-52641"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T09:16:31.063Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130007","label":"psirt@hcl.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-27769","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-27769 — Mattermost versions 10.11.x <= 10.11.12 fail to validate whether users were correctly owned by the c…","description":"Mattermost versions 10.11.x <= 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API.. Mat…","indicators":{"cves":["CVE-2026-27769"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T11:16:33.017Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://mattermost.com/security-updates","label":"responsibledisclosure@mattermost.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33212","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-33212 — Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify use…","description":"Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have access to given scope. The attacker needs to brute-force the random UUID of the task, so exploiting…","indicators":{"cves":["CVE-2026-33212"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T18:17:19.897Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/WeblateOrg/weblate/commit/4e06b12cd05d087db68384e09d5f70fe883f2b70","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-vj45-x3pj-f4w4","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-21727","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-21727 — --- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: /static…","description":"---\ntitle: Cross-Tenant Legacy Correlation Disclosure and Deletion\ndraft: false\nhero:\n  image: /static/img/heros/hero-legal2.svg\n  content: \"# Cross-Tenant Legacy Correlation Disclosure and Deletion\"\ndate: 2026-01-29\nproduct: Grafana\nseverity: Low\ncve: CVE-2026-21727\ncvss_score: \"3.3\"\ncvss_vector: \"…","indicators":{"cves":["CVE-2026-21727"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:34.290Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-21727","label":"security@grafana.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6312","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6312 — Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a remo…","description":"Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)","indicators":{"cves":["CVE-2026-6312"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:40.940Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/498269651","label":"chrome-cve-admin@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6313","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6313 — Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote at…","description":"Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)","indicators":{"cves":["CVE-2026-6313"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T20:16:41.093Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","label":"chrome-cve-admin@google.com","domainType":"other"},{"url":"https://issues.chromium.org/issues/498765210","label":"chrome-cve-admin@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40947","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-40947 — Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an u…","description":"Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path.","indicators":{"cves":["CVE-2026-40947"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T00:16:29.223Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://www.yubico.com/support/security-advisories/ysa-2026-01/","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40505","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-40505 — MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject…","description":"MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running mutool…","indicators":{"cves":["CVE-2026-40505"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware","phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T02:16:11.887Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=0f17d789fe8c29b41e47663be82514aaca3a4dfb","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://github.com/ArtifexSoftware/mupdf/commit/0f17d789fe8c29b41e47663be82514aaca3a4dfb","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/ArtifexSoftware/mupdf/releases/tag/1.27.0","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/mupdf-mutool-ansi-injection-via-metadata","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3155","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-3155 — The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to authorization bypass in…","description":"The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.8.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscri…","indicators":{"cves":["CVE-2026-3155"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T12:16:07.507Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3501190/onesignal-free-web-push-notifications","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/58337bbc-ba10-4876-b91c-78657afc67d1?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41080","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-41080 — libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML…","description":"libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.","indicators":{"cves":["CVE-2026-41080"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T17:16:54.917Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/libexpat/libexpat/issues/47","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/libexpat/libexpat/pull/1183","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40263","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-40263 — Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the login endpoin…","description":"Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the login endpoint performs bcrypt password verification only when the supplied username exists, returning immediately for nonexistent usernames. This timing discrepancy allows unauthenticated attackers to enumerate v…","indicators":{"cves":["CVE-2026-40263"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T01:17:40.137Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/enchant97/note-mark/commit/cf4c6f6acf70b569d80396d323b067c00d45c034","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/enchant97/note-mark/security/advisories/GHSA-w6m9-39cv-2fwp","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/enchant97/note-mark/security/advisories/GHSA-w6m9-39cv-2fwp","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6486","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6486 — A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of th…","description":"A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manipulation of the argument displayname results in cross site scripting. The attack can be executed remot…","indicators":{"cves":["CVE-2026-6486"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T13:16:14.117Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/classroombookings/classroombookings/","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/classroombookings/classroombookings/commit/69c3c9bb8a17f1ea572d8f4502bf238f0214c98a","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/classroombookings/classroombookings/pull/83","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/classroombookings/classroombookings/releases/tag/v2.17.1","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/sudo-secure/security-research/blob/main/classroombookings/stored-xss/PoC.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/786154","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358027","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358027/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6493","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6493 — A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file…","description":"A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/[locale]/(auth)/reset-password/components/reset-password-form.tsx of the component Reset Password Handler. Executing a manipulation of the argument redirectTo can lead to cross site s…","indicators":{"cves":["CVE-2026-6493"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T15:16:52.313Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://gist.github.com/TrebledJ/0bd0494a28daaa16abb565b2cef4bd7c","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/lukevella/rallly/","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/lukevella/rallly/pull/2245","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/lukevella/rallly/releases/tag/v4.8.0","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/787347","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358037","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358037/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33436","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-33436 — Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. I…","description":"Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. In versions prior to 2.0.0, file upload endpoints render user-supplied filenames directly into HTML using unsafe methods like innerHTML without sanitization. An attacker can craft a file with a malicio…","indicators":{"cves":["CVE-2026-33436"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:32.750Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-q5j3-4m5w-wp75","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-q5j3-4m5w-wp75","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40334","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-40334 — libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing…","description":"libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptp_unpack_Canon_FE() in camlibs/ptp2/ptp-pack.c (line 1377). The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the resu…","indicators":{"cves":["CVE-2026-40334"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:37.257Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/gphoto/libgphoto2/commit/259fc7d3bfe534ce4b114c464f55b448670ab873","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gphoto/libgphoto2/security/advisories/GHSA-ph87-cc3j-c6hm","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40336","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-40336 — libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory…","description":"libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (lines 884–885). When processing a secondary enumeration list (introduced in 2024+ Sony cameras), the function overwrites dpd->FORM.Enum.S…","indicators":{"cves":["CVE-2026-40336"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:37.523Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/gphoto/libgphoto2/commit/404ff02c75f3cb280196fc260a63c4d26cf1a8f6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gphoto/libgphoto2/security/advisories/GHSA-g8xw-p5wj-mrxv","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40341","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-40341 — libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of…","description":"libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB devices. Commit c385b34af260595dfbb5f9329526be5158985987 contains a patch. No known…","indicators":{"cves":["CVE-2026-40341"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:38.220Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/gphoto/libgphoto2/commit/c385b34af260595dfbb5f9329526be5158985987","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gphoto/libgphoto2/security/advisories/GHSA-vjx3-gjp6-r2g2","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-32690","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-32690 — Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables…","description":"Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked.\n\nIf you do not store variables with sensitive values in JSON form, you are not affected. Otherwise please upgrade to Apa…","indicators":{"cves":["CVE-2026-32690"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T07:16:10.683Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/apache/airflow/pull/63480","label":"security@apache.org","domainType":"primary"},{"url":"https://lists.apache.org/thread/7rnzxofntcznqxnhsmjvvlvygwph7rn5","label":"security@apache.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/17/6","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6570","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6570 — A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function ini…","description":"A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argument path results in authorization bypass. The attack may be initiated remotely. The exploit has been…","indicators":{"cves":["CVE-2026-6570"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T12:16:32.763Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://vuldb.com/submit/789983","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358204","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358204/cti","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vulnplus-note.wetolink.com/share/byd7AQVs42VY","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6592","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6592 — A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the functi…","description":"A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/user_manager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed…","indicators":{"cves":["CVE-2026-6592"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T02:16:15.230Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://gist.github.com/YLChen-007/50f0cdc5e3f7b737ce99c783e487ca0d","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791113","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358227","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358227/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6593","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6593 — A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functional…","description":"A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functionality of the file server.py of the component View Endpoint. Performing a manipulation results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public…","indicators":{"cves":["CVE-2026-6593"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T02:16:15.437Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://gist.github.com/YLChen-007/1d91fabb465284d7a974746f7e6cc5cc","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791114","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358228","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358228/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6597","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6597 — A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_…","description":"A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/core.py of the component Flow Using API. This manipulation causes unprotected storage of credentials. The attack can be initiated…","indicators":{"cves":["CVE-2026-6597"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T03:16:17.153Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://gist.github.com/chenhouser2025/b93261c6e651f14800a4f2e4365f357b","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791920","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358232","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358232/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6600","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6600 — A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the f…","description":"A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of the component Frontend React Component Rendering. Executing a manipulation can lead to cross site scr…","indicators":{"cves":["CVE-2026-6600"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T04:16:54.603Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://gist.github.com/chenhouser2025/935aa5d4556264ba408059eec0960b1a","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791923","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358235","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358235/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6610","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6610 — A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an…","description":"A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file djangoblog/settings.py of the component Setting Handler. Such manipulation of the argument USER/PASSWORD leads to hard-coded credentials. The attack may be launched remote…","indicators":{"cves":["CVE-2026-6610"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T06:16:22.233Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-12-DEBUG-Enabled-Hardcoded-DB-Creds.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/790289","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358245","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358245/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6611","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6611 — A vulnerability was found in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function…","description":"A vulnerability was found in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component File Upload Endpoint. Performing a manipulation of the argument SECRET_KEY results in use of hard-coded cryptographic key\r . Remote exploitation of…","indicators":{"cves":["CVE-2026-6611"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T07:16:15.650Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-11-Weak-File-Upload-Auth.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/790313","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358246","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358246/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6619","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6619 — A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTa…","description":"A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The manipulation of the argument filename leads to cross site scripting. The attack may be initiat…","indicators":{"cves":["CVE-2026-6619"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T09:16:09.800Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://gist.github.com/chenhouser2025/a8ac169dad5cf84811cf9c0505491ea8","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792242","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358254","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358254/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6622","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6622 — A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknow…","description":"A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknown function of the file /?\\_route=customers/edit/ of the component Customer Handler. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit is publicly availa…","indicators":{"cves":["CVE-2026-6622"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T10:16:17.207Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/4m3rr0r/PoCVulDb/issues/18","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792393","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358257","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358257/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6623","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6623 — A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an u…","description":"A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an unknown function of the file /?_route=settings/users-view/ of the component Profile Page Handler. Performing a manipulation results in cross site scripting. The attack is possible to be carried out rem…","indicators":{"cves":["CVE-2026-6623"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T10:16:17.403Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/4m3rr0r/PoCVulDb/issues/17","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792394","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358258","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358258/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6624","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6624 — A weakness has been identified in BichitroGan ISP Billing Software 2025.3.20. Affected is an unknown…","description":"A weakness has been identified in BichitroGan ISP Billing Software 2025.3.20. Affected is an unknown function of the file /?\\_route=pool/add of the component Pool List Interface. Executing a manipulation can lead to cross site scripting. The attack may be performed from remote. The exploit has been…","indicators":{"cves":["CVE-2026-6624"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T10:16:17.580Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/4m3rr0r/PoCVulDb/issues/16","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792395","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358259","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358259/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6633","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6633 — A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function…","description":"A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifang_backend_account/logic/admin/L_rbac_admin.php of the component Extended Management Module. The manipulation of the argument Account results in cross site scripting. The…","indicators":{"cves":["CVE-2026-6633"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T12:16:09.303Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/shiyifei999-ux/cve/issues/1","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/793352","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358267","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358267/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6648","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6648 — A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionalit…","description":"A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionality of the component Internal Message Module. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and could be used. The ven…","indicators":{"cves":["CVE-2026-6648"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T13:16:11.647Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://tcn60zf28jhk.feishu.cn/wiki/FHHMwcwCliOd0Bke3XkcEz3Enuc?from=from_copylink","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/793450","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358282","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358282/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6651","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6651 — A security flaw has been discovered in erponline.xyz ERP Online up to 4.0.0. This vulnerability affe…","description":"A security flaw has been discovered in erponline.xyz ERP Online up to 4.0.0. This vulnerability affects unknown code of the component Inventory Edit Item Page. The manipulation of the argument Item Name results in cross site scripting. The attack may be launched remotely. The exploit has been releas…","indicators":{"cves":["CVE-2026-6651"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:16:55.810Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://olografix.org/acme/ERP_Online-POC.gif","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/793806","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358285","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358285/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-39396","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-39396 — OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, `Extract…","description":"OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, `ExtractPluginFromImage()` in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via `io.Copy` with no upper bound on the number of bytes writte…","indicators":{"cves":["CVE-2026-39396"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T01:16:06.507Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/openbao/openbao/security/advisories/GHSA-r65v-xgwc-g56j","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/openbao/openbao/security/advisories/GHSA-r65v-xgwc-g56j","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-31369","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-31369 — PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may af…","description":"PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability","indicators":{"cves":["CVE-2026-31369"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T07:16:09.323Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://www.honor.com/global/security/CVE-2026-31369/","label":"3836d913-7555-4dd0-a509-f5667fdf5fe4","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-31958","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2025-31958 — HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulne…","description":"HCL BigFix Service Management is susceptible to HTTP Request Smuggling.  HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end server…","indicators":{"cves":["CVE-2025-31958"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:16:35.440Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124209","label":"psirt@hcl.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-27937","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-27937 — October is a Content Management System (CMS) and web platform. Prior to 3.7.16 and 4.1.16, a reflect…","description":"October is a Content Management System (CMS) and web platform. Prior to 3.7.16 and 4.1.16, a reflected Cross-Site Scripting (XSS) vulnerability was identified in the backend DataTable widget where a query parameter was rendered without proper output escaping. This vulnerability is fixed in 3.7.16 an…","indicators":{"cves":["CVE-2026-27937"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:35.900Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/octobercms/october/security/advisories/GHSA-jj38-h5w5-mvpf","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-29179","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-29179 — October is a Content Management System (CMS) and web platform. Prior to 3.7.16 and 4.1.16, fine-grai…","description":"October is a Content Management System (CMS) and web platform. Prior to 3.7.16 and 4.1.16, fine-grained sub-permission checks for asset and blueprint file operations were not enforced in the CMS and Tailor editor extensions. This only affects backend users who were explicitly granted editor access b…","indicators":{"cves":["CVE-2026-29179"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:36.053Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/octobercms/october/security/advisories/GHSA-jvwg-phxx-j3rp","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40279","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-40279 — BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3,…","description":"BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decode_signed32() in src/bacnet/bacint.c reconstructs a 32-bit signed integer from four APDU bytes using signed left shifts. When any of the four bytes has bit 7 set (value ≥ 0x80), the left-shift ope…","indicators":{"cves":["CVE-2026-40279"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:54.853Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/bacnet-stack/bacnet-stack/security/advisories/GHSA-326g-j95f-gmxv","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/bacnet-stack/bacnet-stack/security/advisories/GHSA-326g-j95f-gmxv","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6743","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6743 — A vulnerability has been found in WebSystems WebTOTUM 2026. This impacts an unknown function of the…","description":"A vulnerability has been found in WebSystems WebTOTUM 2026. This impacts an unknown function of the component Calendar. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading the affected component…","indicators":{"cves":["CVE-2026-6743"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:58.157Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://olografix.org/acme/WebTOTUM-POC.gif","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/794617","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358434","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358434/cti","label":"cna@vuldb.com","domainType":"other"},{"url":"https://www.websys.eu/gestionale-online-in-cloud-per-pmi-callcenter","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6745","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6745 — A vulnerability was determined in Bagisto up to 2.3.15. Affected by this vulnerability is an unknown…","description":"A vulnerability was determined in Bagisto up to 2.3.15. Affected by this vulnerability is an unknown functionality of the component Custom Scripts Handler. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be…","indicators":{"cves":["CVE-2026-6745"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T19:16:18.917Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://drive.google.com/drive/folders/10p6SYcSVyfaaTg_dgItzMJvqixcmKnHR?usp=sharing","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/794681","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358436","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358436/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22008","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-22008 — Vulnerability in Oracle Java SE (component: Libraries). The supported version that is affected is Or…","description":"Vulnerability in Oracle Java SE (component: Libraries).   The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE.  Successful attacks of this vulnerab…","indicators":{"cves":["CVE-2026-22008"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:26.690Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22014","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-22014 — Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Workflow…","description":"Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Workflow and Business Events).  Supported versions that are affected are 12.2.7-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User…","indicators":{"cves":["CVE-2026-22014"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:28.140Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34312","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-34312 — Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected…","description":"Vulnerability in the RDBMS component of Oracle Database Server.  Supported versions that are affected are 19.3-19.30. Easily exploitable vulnerability allows high privileged attacker having Row Access Method privilege with network access via multiple protocols to compromise RDBMS.  Successful attack…","indicators":{"cves":["CVE-2026-34312"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:36.650Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6830","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6830 — nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching…","description":"nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys and…","indicators":{"cves":["CVE-2026-6830"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T22:16:20.863Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/nesquena/hermes-webui/commit/88dc8bbe26a6055161d3251b70f5cd3d3c5831b0","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/nesquena/hermes-webui/pull/351","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/nesquena/hermes-webui/releases/tag/v0.50.12","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/nesquena/hermes-webui/releases/tag/v0.50.132","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/nesquena-hermes-webui-environment-variable-credential-leakage-via-profile-switch","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41144","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-41144 — F´ (F Prime) is a framework that enables development and deployment of spaceflight and other embedde…","description":"F´ (F Prime) is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize > fileSize uses U32 addition that wraps around on overflow. An attacker-crafted DataPacket with byteOffset=0xFFF…","indicators":{"cves":["CVE-2026-41144"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T00:16:29.550Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://github.com/nasa/fprime/commit/cacdd555456bd83ab395b521d56c0330470ea798","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nasa/fprime/security/advisories/GHSA-qmvv-rxh4-ccqh","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6392","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6392 — Tanium addressed an information disclosure vulnerability in Threat Response.","description":"Tanium addressed an information disclosure vulnerability in Threat Response.","indicators":{"cves":["CVE-2026-6392"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T03:16:01.420Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://security.tanium.com/TAN-2026-011","label":"3938794e-25f5-4123-a1ba-5cbd7f104512","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6408","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6408 — Tanium addressed an information disclosure vulnerability in Tanium Server.","description":"Tanium addressed an information disclosure vulnerability in Tanium Server.","indicators":{"cves":["CVE-2026-6408"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T03:16:01.540Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://security.tanium.com/TAN-2026-012","label":"3938794e-25f5-4123-a1ba-5cbd7f104512","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6416","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6416 — Tanium addressed an uncontrolled resource consumption vulnerability in Interact.","description":"Tanium addressed an uncontrolled resource consumption vulnerability in Interact.","indicators":{"cves":["CVE-2026-6416"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T03:16:01.643Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://security.tanium.com/TAN-2026-010","label":"3938794e-25f5-4123-a1ba-5cbd7f104512","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22746","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-22746 — Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAc…","description":"Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAccountNonExpired, or #isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, o…","indicators":{"cves":["CVE-2026-22746"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T06:16:02.780Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://spring.io/security/cve-2026-22746","label":"security@vmware.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6842","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6842 — A flaw was found in nano. In environments with permissive umask settings, a local attacker can explo…","description":"A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions (0777 instead of 0700) for the `~/.local` directory. This allows the attacker to inject a malicious `.desktop` launcher, which could lead to unintended actions or in…","indicators":{"cves":["CVE-2026-6842"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:16:13.170Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6842","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460018","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33596","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-33596 — A client might theoretically be able to cause a mismatch between queries sent to a backend and the r…","description":"A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DNS over TLS backend.","indicators":{"cves":["CVE-2026-33596"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:54.073Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33597","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-33597 — PRSD detection denial of service","description":"PRSD detection denial of service","indicators":{"cves":["CVE-2026-33597"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:54.187Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33599","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-33599 — A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, whe…","description":"A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade (Lua) option to newServer or auto_upgrade (YAML) settings. DDR upgrade is not enabled by default.","indicators":{"cves":["CVE-2026-33599"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:54.410Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"cisa-adv-cisa-adds-eight-known-exploited-vulnerabilities-to-catalog","source":"cisa-advisories","category":"advisory","severity":"unknown","title":"CISA Adds Eight Known Exploited Vulnerabilities to Catalog","description":"CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. \nCVE-2023-27351 PaperCut NG/MF Improper Authentication Vulnerability\nCVE-2024-27199 JetBrains TeamCity Relative Path Traversal Vulnerability\nCVE-2025-2749 Kentico…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T12:00:00.000Z","fetchedAt":"2026-04-22T15:00:00.177Z","references":[{"url":"https://www.cisa.gov/news-events/alerts/2026/04/20/cisa-adds-eight-known-exploited-vulnerabilities-catalog","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-cisa-adds-one-known-exploited-vulnerability-to-catalog","source":"cisa-advisories","category":"advisory","severity":"unknown","title":"CISA Adds One Known Exploited Vulnerability to Catalog","description":"CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.\nCVE-2026-34197 Apache ActiveMQ Improper Input Validation Vulnerability\nThis type of vulnerability is a frequent attack vector for malicious cyber actors and poses sign…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T12:00:00.000Z","fetchedAt":"2026-04-22T15:00:00.177Z","references":[{"url":"https://www.cisa.gov/news-events/alerts/2026/04/16/cisa-adds-one-known-exploited-vulnerability-catalog","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40499","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40499 — radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's print_…","description":"radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted se…","indicators":{"cves":["CVE-2026-40499"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T04:17:48.330Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/radareorg/radare2/commit/5590c87deeb7eb2a106fd7aab9ca88bfeebb7397","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/radareorg/radare2/issues/25752","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/radareorg/radare2/releases/tag/6.1.4","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/radare2-command-injection-via-pdb-parser-print-gvars","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6328","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-6328 — Improper input validation, Improper verification of cryptographic signature vulnerability in XQUIC P…","description":"Improper input validation, Improper verification of cryptographic signature vulnerability in XQUIC Project XQUIC xquic on Linux (QUIC protocol implementation, packet processing module, STREAM frame handler modules) allows Protocol Manipulation.This issue affects XQUIC: through 1.8.3.","indicators":{"cves":["CVE-2026-6328"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T04:17:48.750Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/alibaba/xquic/commit/4764604a0e487eeb49338b4498aecda2194eae84","label":"alibaba-cna@list.alibaba-inc.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-26291","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-26291 — Stored cross-site scripting vulnerability exists in GROWI v7.4.6 and earlier. If this vulnerability…","description":"Stored cross-site scripting vulnerability exists in GROWI v7.4.6 and earlier. If this vulnerability is exploited, an arbitrary script may be executed in a user's web browser.","indicators":{"cves":["CVE-2026-26291"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T05:16:25.597Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://growi.co.jp/news/43/","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://jvn.jp/en/jp/JVN62079296/","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-14813","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2025-14813 — Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. B…","description":"Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules). This vulnerability is associated with program files G3413CTRBlockCipher.\n\nGOSTCTR implementation unable to process more than 255 blocks correctly.\n\n\nThis issue aff…","indicators":{"cves":["CVE-2025-14813","CVE-2026-5588"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T10:16:38.243Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/bcgit/bc-java/commit/701686cb0184cd9ae103c801b3581fdf95c6d4f3","label":"91579145-5d7b-4cc5-b925-a0262ff19630","domainType":"primary"},{"url":"https://github.com/bcgit/bc-java/commit/b42574345414e4b7c8051b16fa1fafe01c29871f","label":"91579145-5d7b-4cc5-b925-a0262ff19630","domainType":"primary"},{"url":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%9014813","label":"91579145-5d7b-4cc5-b925-a0262ff19630","domainType":"primary"},{"url":"https://github.com/bcgit/bc-java/commit/656bae0dbd9b1521f840521ff786e78749fe3057","label":"91579145-5d7b-4cc5-b925-a0262ff19630","domainType":"primary"},{"url":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905588","label":"91579145-5d7b-4cc5-b925-a0262ff19630","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-0636","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-0636 — Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability i…","description":"Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). This vulnerability is associated with program files LDAPStoreHelper.\n\nThis issue affects BC-JAVA: from 1.74 before 1.84.","indicators":{"cves":["CVE-2026-0636"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T10:16:38.413Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/bcgit/bc-java/commit/d20cdb8430e09224114fec0179a71859929fcbde","label":"91579145-5d7b-4cc5-b925-a0262ff19630","domainType":"primary"},{"url":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%900636","label":"91579145-5d7b-4cc5-b925-a0262ff19630","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33808","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-33808 — Impact@fastify/express v4.0.4 and earlier fails to normalize URLs before passing them to Express mid…","description":"Impact@fastify/express v4.0.4 and earlier fails to normalize URLs before passing them to Express middleware when Fastify router normalization options are enabled. This allows complete bypass of path-scoped authentication middleware via duplicate slashes when ignoreDuplicateSlashes is enabled, or via…","indicators":{"cves":["CVE-2026-33808"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T10:16:48.453Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://cna.openjsf.org/security-advisories.html","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"other"},{"url":"https://github.com/fastify/fastify-express/security/advisories/GHSA-6hw5-45gm-fj88","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"primary"},{"url":"https://github.com/fastify/fastify-express/security/advisories/GHSA-6hw5-45gm-fj88","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-3505","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-3505 — Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerabilit…","description":"Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all (pg modules). This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java, OperatorHelper.Ja…","indicators":{"cves":["CVE-2026-3505"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T10:16:49.133Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/bcgit/bc-java/commit/dc7530939ffb6cdb57636f3609d98e23b94e71c1","label":"91579145-5d7b-4cc5-b925-a0262ff19630","domainType":"primary"},{"url":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%903505","label":"91579145-5d7b-4cc5-b925-a0262ff19630","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5598","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5598 — Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core mo…","description":"Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerability is associated with program files FrodoEngine.Java.\n\nThis issue affects BC-JAVA: from 1.71 before 1.84.","indicators":{"cves":["CVE-2026-5598"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T10:16:49.757Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/bcgit/bc-java/commit/8692e6b2b191fc4aafa32545c7a78bdb9bf110c5","label":"91579145-5d7b-4cc5-b925-a0262ff19630","domainType":"primary"},{"url":"https://github.com/bcgit/bc-java/commit/94abbd56413dfdac651fd878bc60253871ef5e87","label":"91579145-5d7b-4cc5-b925-a0262ff19630","domainType":"primary"},{"url":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905598","label":"91579145-5d7b-4cc5-b925-a0262ff19630","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33805","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-33805 — @fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the clie…","description":"@fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This allows attackers to retroactively strip proxy-added headers from upstream requests by listing them in t…","indicators":{"cves":["CVE-2026-33805"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T11:16:34.990Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://cna.openjsf.org/security-advisories.html","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"other"},{"url":"https://github.com/fastify/fastify-reply-from/security/advisories/GHSA-gwhp-pf74-vj37","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"primary"},{"url":"https://github.com/fastify/fastify-reply-from/security/advisories/GHSA-gwhp-pf74-vj37","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-4667","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-4667 — HP System Optimizer might potentially be vulnerable to escalation of privilege. HP is releasing an u…","description":"HP System Optimizer might potentially be vulnerable to escalation of privilege. HP is releasing an update to mitigate this potential vulnerability.","indicators":{"cves":["CVE-2026-4667"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T15:16:42.650Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://support.hp.com/us-en/document/ish_14747002-14747024-16/hpsbgn04101","label":"hp-security-alert@hp.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5387","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5387 — The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations inte…","description":"The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations intended only for Simulator Instructor or Simulator Developer (Administrator) roles, resulting in privilege escalation with potential for modification of simulation parameters, training configuration, and…","indicators":{"cves":["CVE-2026-5387"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T16:16:39.007Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-04.json","label":"ics-cert@hq.dhs.gov","domainType":"primary"},{"url":"https://softwaresupportsp.aveva.com/en-US/downloads/products/details/57b79fdb-7b5f-4125-8a44-833b6b5c6d6f","label":"ics-cert@hq.dhs.gov","domainType":"other"},{"url":"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2026-004.pdf","label":"ics-cert@hq.dhs.gov","domainType":"other"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-04","label":"ics-cert@hq.dhs.gov","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2025-15610","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2025-15610 — Deserialization of untrusted data vulnerability in OpenText, Inc RightFax on Windows, 64 bit, 32 bit…","description":"Deserialization of untrusted data vulnerability in OpenText, Inc RightFax on Windows, 64 bit, 32 bit allows Object Injection.This issue affects RightFax: through 25.4.","indicators":{"cves":["CVE-2025-15610"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T17:17:00.020Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0861863","label":"security@opentext.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5189","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5189 — CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3…","description":"CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitation r…","indicators":{"cves":["CVE-2026-5189"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T19:16:37.990Z","fetchedAt":"2026-04-22T15:00:21.758Z","references":[{"url":"https://help.sonatype.com/en/sonatype-nexus-repository-3-71-0-release-notes.html","label":"103e4ec9-0a87-450b-af77-479448ddef11","domainType":"other"},{"url":"https://support.sonatype.com/hc/en-us/articles/50817138825491","label":"103e4ec9-0a87-450b-af77-479448ddef11","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6398","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-6398 — Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in…","description":"Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.","indicators":{"cves":["CVE-2026-6398","CVE-2026-5968"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T21:17:28.370Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[],"feedLabel":null},{"id":"nvd-CVE-2026-1564","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-1564 — Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a use…","description":"Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a user interface component. Requires a high privileged user with a developer role.","indicators":{"cves":["CVE-2026-1564"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T22:16:51.250Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://support.pega.com/support-doc/pega-security-advisory-b26-vulnerability-remediation-note","label":"security@pega.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1711","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-1711 — Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-Site Scripting vulnerabil…","description":"Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-Site Scripting vulnerability in a user interface component. Requires a high privileged user with a developer role.","indicators":{"cves":["CVE-2026-1711"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T22:16:51.880Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://support.pega.com/support-doc/pega-security-advisory-d26-vulnerability-remediation-note","label":"security@pega.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40179","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40179 — Prometheus is an open-source monitoring system and time series database. Versions 3.0 through 3.5.1…","description":"Prometheus is an open-source monitoring system and time series database. Versions 3.0 through 3.5.1 and 3.6.0 through 3.11.1 have stored cross-site scripting vulnerabilities in multiple components of the Prometheus web UI where metric names and label values are injected into innerHTML without escapi…","indicators":{"cves":["CVE-2026-40179"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T23:16:09.870Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/prometheus/prometheus/commit/07c6232d159bfb474a077788be184d87adcfac3c","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/prometheus/prometheus/pull/18506","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/prometheus/prometheus/security/advisories/GHSA-vffh-x6r8-xx99","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40192","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40192 — Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-…","description":"Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of serv…","indicators":{"cves":["CVE-2026-40192"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T23:16:10.053Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/python-pillow/Pillow/pull/9521","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb","label":"security-advisories@github.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5363","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5363 — Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allow…","description":"Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. \nAn adjacent attacker with the ability to inter…","indicators":{"cves":["CVE-2026-5363"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T00:16:29.547Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://www.tp-link.com/us/support/faq/3562/","label":"f23511db-6c3e-4e32-a477-6aa17d310630","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1880","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-1880 — An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update…","description":"An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update process allows privilege escalation due to improper protection of required execution resources during the validation phase, permitting a local user to make unprivileged modifications. This allows the…","indicators":{"cves":["CVE-2026-1880"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T03:16:25.857Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://www.asus.com/security-advisory","label":"54bf65a7-a193-42d2-b1ba-8e150d3c35e1","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3428","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-3428 — A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center…","description":"A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center(华硕大厅) allows a local user to achieve privilege escalation to Administrator via exploitation of a Time-of-check Time-of-use (TOC-TOU) during the update process, where an unexpected payload is substitu…","indicators":{"cves":["CVE-2026-3428"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T03:16:26.937Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://www.asus.com/security-advisory/","label":"54bf65a7-a193-42d2-b1ba-8e150d3c35e1","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6349","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-6349 — The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated…","description":"The \niSherlock developed by HGiga  has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.","indicators":{"cves":["CVE-2026-6349"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T03:16:30.660Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://www.twcert.org.tw/en/cp-139-10841-4f504-2.html","label":"twcert@cert.org.tw","domainType":"other"},{"url":"https://www.twcert.org.tw/tw/cp-132-10842-3f255-1.html","label":"twcert@cert.org.tw","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40118","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40118 — UDP Console provided by Arcserve contains an incorrectly specified destination in a communication ch…","description":"UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the affected product to a dummy URL, the product may unintentionally communicate with the dummy domain, causing information…","indicators":{"cves":["CVE-2026-40118"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T05:16:14.860Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://jvn.jp/en/jp/JVN88396700/","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://support.arcserve.com/s/article/P00003790?language=en_US&r=94&ui-knowledge-components-aura-actions.KnowledgeArticleVersionCreateDraftFromOnlineAction.createDraftFromOnlineArticle=1","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-15621","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2025-15621 — Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client do…","description":"Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication","indicators":{"cves":["CVE-2025-15621"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T13:16:43.423Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://sparxsystems.com/products/ea/17.1/history.html","label":"db4dfee8-a97e-4877-bfae-eba6d14a2166","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6409","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-6409 — A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of unt…","description":"A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability.","indicators":{"cves":["CVE-2026-6409"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T15:17:41.910Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-p2gh-cfq4-4wjc","label":"cve-coordination@google.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-27820","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-27820 — zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3…","description":"zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output but…","indicators":{"cves":["CVE-2026-27820"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T18:16:44.770Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68w","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://hackerone.com/reports/3467067","label":"security-advisories@github.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-2336","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-2336 — A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user…","description":"A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax_auth session cookie and forge a new cookie with administrative privileges.This issue affects IStaX before 2026.03.","indicators":{"cves":["CVE-2026-2336"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T18:16:44.927Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/istax-privilege-escalation-via-weak-cookie-authentication","label":"dc3f6da9-85b5-4a73-84a2-2ec90b40fca5","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-54510","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2025-54510 — A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticate…","description":"A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity.","indicators":{"cves":["CVE-2025-54510"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T19:16:32.897Z","fetchedAt":"2026-04-22T15:00:21.759Z","references":[{"url":"https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3034.html","label":"psirt@amd.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-54502","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2025-54502 — Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a…","description":"Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution.","indicators":{"cves":["CVE-2025-54502"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T20:16:37.393Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-7054.html","label":"psirt@amd.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35469","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-35469 — spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and bel…","description":"spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count in…","indicators":{"cves":["CVE-2026-35469"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T22:16:37.920Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/moby/spdystream/releases/tag/v0.5.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-39313","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-39313 — mcp-framework is a framework for building Model Context Protocol (MCP) servers. In versions 0.2.21 a…","description":"mcp-framework is a framework for building Model Context Protocol (MCP) servers. In versions 0.2.21 and below, the readRequestBody() function in the HTTP transport concatenates request body chunks into a string with no size limit. Although a maxMessageSize configuration value exists, it is never enfo…","indicators":{"cves":["CVE-2026-39313"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T22:16:38.073Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/QuantGeekDev/mcp-framework/commit/f97d2bb76d6359faf10cd1fc54b4911476b62524","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/QuantGeekDev/mcp-framework/security/advisories/GHSA-353c-v8x9-v7c3","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40308","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40308 — My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mc_…","description":"My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mc_ajax_mcjs_action AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments through parse_str() without validation, allowing injection of arbitrary parameters including a site…","indicators":{"cves":["CVE-2026-40308"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T22:16:38.940Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/joedolson/my-calendar/releases/tag/v3.7.7","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/joedolson/my-calendar/security/advisories/GHSA-2mvx-f5qm-v2ch","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/joedolson/my-calendar/security/advisories/GHSA-2mvx-f5qm-v2ch","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40260","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40260 — pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XM…","description":"pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has be…","indicators":{"cves":["CVE-2026-40260"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T01:17:39.733Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/py-pdf/pypdf/commit/b15a374e5ca648d4878e57c3b2c0551e7f8cc7f8","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/py-pdf/pypdf/pull/3724","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/py-pdf/pypdf/releases/tag/6.10.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-3crg-w4f6-42mx","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-21719","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-21719 — An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with…","description":"An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command.","indicators":{"cves":["CVE-2026-21719"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T06:16:29.430Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://community.cubecart.com/t/cubecart-6-6-0-released-the-biggest-update-in-years/62405","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://jvn.jp/en/jp/JVN78422311/","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35496","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-35496 — A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an adm…","description":"A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible.","indicators":{"cves":["CVE-2026-35496"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T06:16:29.867Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://community.cubecart.com/t/cubecart-6-6-0-released-the-biggest-update-in-years/62405","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://jvn.jp/en/jp/JVN78422311/","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6482","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-6482 — The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation attack t…","description":"The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standar…","indicators":{"cves":["CVE-2026-6482"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T06:16:30.593Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://docs.rapid7.com/insight/release-notes-2026-april/#improvements-and-fixes","label":"cve@rapid7.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-15622","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2025-15622 — Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Archit…","description":"Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication flow.","indicators":{"cves":["CVE-2025-15622"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T09:16:03.633Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://sparxsystems.com/products/ea/17.1/history.html","label":"db4dfee8-a97e-4877-bfae-eba6d14a2166","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-15623","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2025-15623 — Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System In…","description":"Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.\n\nUnauthenticated user can retrieve database password in plaintext in certain situations","indicators":{"cves":["CVE-2025-15623"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T09:16:04.593Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://sparxsystems.com/products/procloudserver/6.1/history.html","label":"db4dfee8-a97e-4877-bfae-eba6d14a2166","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-15624","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2025-15624 — Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a…","description":"Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. \nIn a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext.","indicators":{"cves":["CVE-2025-15624"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T09:16:04.723Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://sparxsystems.com/products/procloudserver/6.1/history.html","label":"db4dfee8-a97e-4877-bfae-eba6d14a2166","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-15625","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2025-15625 — Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in…","description":"Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases.","indicators":{"cves":["CVE-2025-15625"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T09:16:04.850Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://sparxsystems.com/products/procloudserver/6.1/history.html","label":"db4dfee8-a97e-4877-bfae-eba6d14a2166","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5131","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5131 — GREENmod uses named pipes for communication between plugins, the web portal, and the system service,…","description":"GREENmod uses named pipes for communication between plugins, the web portal, and the system service, but the access control lists for these pipes are configured incorrectly. This allows an attacker to communicate with the stream and upload any XML or JSON file, which will be processed by the named p…","indicators":{"cves":["CVE-2026-5131"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T11:16:11.000Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://cert.pl/posts/2026/04/CVE-2026-5131","label":"cvd@cert.pl","domainType":"other"},{"url":"https://www.nomios.pl/greenmod/","label":"cvd@cert.pl","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40319","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40319 — Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMa…","description":"Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search() without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking,…","indicators":{"cves":["CVE-2026-40319"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T18:16:32.063Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/Giskard-AI/giskard-oss/releases/tag/giskard-checks%2Fv1.0.2b1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/Giskard-AI/giskard-oss/security/advisories/GHSA-rq2q-4r55-9877","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40320","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40320 — Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the Conform…","description":"Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template() constructor, silently interpreting template expressions at runtime. If check definitions are loaded from an untrusted sou…","indicators":{"cves":["CVE-2026-40320"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T18:16:32.203Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/Giskard-AI/giskard-oss/releases/tag/giskard-checks%2Fv1.0.2b1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/Giskard-AI/giskard-oss/security/advisories/GHSA-7xjm-g8f4-rp26","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-32105","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-32105 — xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification…","description":"xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code (MAC) signature of encrypted RDP packets when using the \"Classic RDP Security\" layer. While the sender correctly generates signatures, the receiving logic lacks the…","indicators":{"cves":["CVE-2026-32105"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:33.517Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j2jm-c596-c5q3","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33516","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-33516 — xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerabili…","description":"xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can trigger this vulnerability b…","indicators":{"cves":["CVE-2026-33516"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:34.723Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-rvh9-9wm3-28c7","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33689","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-33689 — xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability…","description":"xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger this flaw by sending a specially crafted sequence of packets during the initial connection phase. Th…","indicators":{"cves":["CVE-2026-33689"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:32.963Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-92mr-6wpp-27jj","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35402","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-35402 — mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions…","description":"mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the read_only mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in ver…","indicators":{"cves":["CVE-2026-35402"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:33.170Z","fetchedAt":"2026-04-22T15:00:21.760Z","references":[{"url":"https://github.com/neo4j-contrib/mcp-neo4j/releases/tag/mcp-neo4j-cypher-v0.6.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/neo4j-contrib/mcp-neo4j/security/advisories/GHSA-x3cv-r3g3-fpg9","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35603","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-35603 — Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded th…","description":"Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\\ProgramData\\ClaudeCode\\managed-settings.json without validating directory ownership or access permissions. Because the ProgramData directory is writable by…","indicators":{"cves":["CVE-2026-35603"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:33.507Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/anthropics/claude-code/security/advisories/GHSA-5cwg-9f6j-9jvx","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40299","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40299 — next-intl provides internationalization for Next.js. Applications using the `next-intl` middleware p…","description":"next-intl provides internationalization for Next.js. Applications using the `next-intl` middleware prior to version 4.9.1with `localePrefix: 'as-needed'` could construct URLs where path handling and the WHATWG URL parser resolved a relative redirect target to another host (e.g. scheme-relative `//`…","indicators":{"cves":["CVE-2026-40299"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:34.707Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/amannn/next-intl/commit/1c80b668aa6d853f470319eec10a3f61e78a70e6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/amannn/next-intl/pull/2304","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/amannn/next-intl/releases/tag/v4.9.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/amannn/next-intl/security/advisories/GHSA-8f24-v5vv-gm5j","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-29013","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-29013 — libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling wher…","description":"libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malfo…","indicators":{"cves":["CVE-2026-29013"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T22:16:31.063Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/obgm/libcoap/commit/b7847c4dbb0dbee7c90b09a673d4cae256f03718","label":"disclosure@vulncheck.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40353","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40353 — wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the attribution_…","description":"wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the attribution_link property in AbstractLicenseModel constructs HTML by directly interpolating user-controlled license fields (such as license_author) without escaping, and templates render the result using Django's…","indicators":{"cves":["CVE-2026-40353"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T22:16:33.077Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/wger-project/wger/releases/tag/2.5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/wger-project/wger/security/advisories/GHSA-6f54-qjvm-wwq3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/wger-project/wger/security/advisories/GHSA-6f54-qjvm-wwq3","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40476","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40476 — graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCa…","description":"graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCanBeMerged validation rule performs O(n²) pairwise comparisons of fields sharing the same response name. An attacker can send a query with thousands of repeated identical fields, causing excessive CPU…","indicators":{"cves":["CVE-2026-40476"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T22:16:33.360Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/webonyx/graphql-php/releases/tag/v15.31.5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/webonyx/graphql-php/security/advisories/GHSA-68jq-c3rv-pcrr","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5720","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5720 — miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remot…","description":"miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting improp…","indicators":{"cves":["CVE-2026-5720"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T22:16:33.803Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/miniupnp/miniupnp/","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/miniupnp/miniupnp/commit/b5e5d2eb069822b7f00d56c8e61033b9d500e60c","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/miniupnpd-integer-underflow-soapaction-header-parsing","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40481","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40481 — monetr is a budgeting application for recurring expenses. In versions 1.12.3 and below, the public S…","description":"monetr is a budgeting application for recurring expenses. In versions 1.12.3 and below, the public Stripe webhook endpoint buffers the entire request body into memory before validating the Stripe signature. A remote unauthenticated attacker can send oversized POST payloads to cause uncontrolled memo…","indicators":{"cves":["CVE-2026-40481"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T23:16:12.457Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/monetr/monetr/releases/tag/v1.12.4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/monetr/monetr/security/advisories/GHSA-v7xq-3wx6-fqc2","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5250","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5250 — Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.","description":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.","indicators":{"cves":["CVE-2026-5250","CVE-2026-6056","CVE-2026-4872"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T23:16:12.730Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[],"feedLabel":null},{"id":"nvd-CVE-2026-40323","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40323 — SP1 is a zero‑knowledge virtual machine that proves the correct execution of programs compiled for t…","description":"SP1 is a zero‑knowledge virtual machine that proves the correct execution of programs compiled for the RISC-V architecture. In versions 6.0.0 through 6.0.2, a soundness vulnerability in the SP1 V6 recursive shard verifier allows a malicious prover to construct a recursive proof from a shard proof th…","indicators":{"cves":["CVE-2026-40323"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:36.767Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/succinctlabs/sp1/releases/tag/v6.1.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/succinctlabs/sp1/security/advisories/GHSA-63x8-x938-vx33","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40346","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40346 — NocoBase is an AI-powered no-code/low-code platform for building business applications and enterpris…","description":"NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.37, NocoBase's workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-provided URLs without any SSRF protection. An auth…","indicators":{"cves":["CVE-2026-40346"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:38.360Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/nocobase/nocobase/commit/2853368243ed07339c62c548b7d475f4eeaada59","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nocobase/nocobase/pull/9079","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nocobase/nocobase/releases/tag/v2.0.37","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nocobase/nocobase/security/advisories/GHSA-mvvv-v22x-xqwp","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40480","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40480 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the GET /api/perso…","description":"ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the GET /api/person/{personId} endpoint loads and returns person records without performing object-level authorization checks. Although the legacy PersonView.php page enforces canEditPerson() restrictions, the API laye…","indicators":{"cves":["CVE-2026-40480"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:38.960Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/ChurchCRM/CRM/commit/28ea7a2965fc2fe30e150fadb1ae38a97f8225c2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/issues/8617","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/pull/8616","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/security/advisories/GHSA-5w59-32c8-933v","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/security/advisories/GHSA-5w59-32c8-933v","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40482","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40482 — ChurchCRM is an open-source church management system. Versions prior to 7.2.0 have SQL injection in…","description":"ChurchCRM is an open-source church management system. Versions prior to 7.2.0 have SQL injection in FinancialService::getMemberByScanString() via unsanitized $routeAndAccount concatenated into raw SQL. This issue has been fixed in version 7.2.0.","indicators":{"cves":["CVE-2026-40482"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:39.110Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/ChurchCRM/CRM/commit/214694eb83778e1f5e52b3dfa2a99d0e965c1850","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/pull/8607","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/security/advisories/GHSA-hc37-vx3w-34fg","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40582","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40582 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the /api/public/us…","description":"ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the /api/public/user/login endpoint validates only the username and password before returning the user's API key, bypassing the normal authentication flow that enforces account lockout and two-factor authentication che…","indicators":{"cves":["CVE-2026-40582"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:39.827Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/ChurchCRM/CRM/commit/214694eb83778e1f5e52b3dfa2a99d0e965c1850","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/pull/8607","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/security/advisories/GHSA-8cwr-x83m-mh9x","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40489","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40489 — editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsi…","description":"editorconfig-core-c  is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ec_glob() that allows an attacker to crash any application using libeditorconfig by providing a specially crafted direct…","indicators":{"cves":["CVE-2026-40489"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T02:16:11.827Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/editorconfig/editorconfig-core-c/commit/5159be88ad50641d9843289adda791ba300421ff","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/editorconfig/editorconfig-core-c/releases/tag/v0.12.11","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/editorconfig/editorconfig-core-c/security/advisories/GHSA-97xg-vrcq-254h","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41242","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41242 — protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1…","description":"protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the \"type\" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the is…","indicators":{"cves":["CVE-2026-41242"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T17:16:13.983Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://github.com/protobufjs/protobuf.js/commit/535df444ac060243722ac5d672db205e5c531d75","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-xq3m-2v4x-88gg","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-32963","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-32963 — SD-330AC and AMC Manager provided by silex technology, Inc. contain a reflected cross-site scripting…","description":"SD-330AC and AMC Manager provided by silex technology, Inc. contain a reflected cross-site scripting vulnerability. When a user logs in to the affected device and access some crafted web page, arbitrary script may be executed on the user's browser.","indicators":{"cves":["CVE-2026-32963"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T04:16:44.987Z","fetchedAt":"2026-04-22T15:00:21.761Z","references":[{"url":"https://jvn.jp/en/vu/JVNVU94271449/","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/en/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-39454","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-39454 — SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder…","description":"SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may be e…","indicators":{"cves":["CVE-2026-39454"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T09:16:08.933Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://jvn.jp/en/jp/JVN63376363/","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.skyseaclientview.net/news/260420_01/","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-13480","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2025-13480 — Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain a…","description":"Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings.\nThis vulnerability has been fixe…","indicators":{"cves":["CVE-2025-13480"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T10:16:16.060Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://cert.pl/en/posts/2026/04/CVE-2025-13480","label":"cvd@cert.pl","domainType":"other"},{"url":"https://download.fudosecurity.com/documentation/fudo/5_6/rn/RN_5.6.3.pdf","label":"cvd@cert.pl","domainType":"other"},{"url":"https://www.fudosecurity.com/product/enterprise","label":"cvd@cert.pl","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31429","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31429 — In the Linux kernel, the following vulnerability has been resolved: net: skb: fix cross-cache free o…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skb: fix cross-cache free of KFENCE-allocated skb head\n\nSKB_SMALL_HEAD_CACHE_SIZE is intentionally set to a non-power-of-2\nvalue (e.g. 704 on x86_64) to avoid collisions with generic kmalloc\nbucket sizes. This ensures that skb…","indicators":{"cves":["CVE-2026-31429"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T10:16:16.737Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://git.kernel.org/stable/c/0f42e3f4fe2a58394e37241d02d9ca6ab7b7d516","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/2d64618ea846d8d033477311f805ca487d6a6696","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/474e00b935db250cac320d10c1d3cf4e44b46721","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/60313768a8edc7094435975587c00c2d7b834083","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31430","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31430 — In the Linux kernel, the following vulnerability has been resolved: X.509: Fix out-of-bounds access…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nX.509: Fix out-of-bounds access when parsing extensions\n\nLeo reports an out-of-bounds access when parsing a certificate with\nempty Basic Constraints or Key Usage extension because the first byte of\nthe extension is read before chec…","indicators":{"cves":["CVE-2026-31430"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T10:16:16.877Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://git.kernel.org/stable/c/206121294b9cf27f0589857f80d64f87e496ffb2","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/30ab358fad0c7daa1d282ec48089901b21b36a20","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/672b526def1f94c1be8eb11b885b803da0d8c2f1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7fb4dadc2734f4020d7543d688b8d49c8e569c61","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d702c3408213bb12bd570bb97204d8340d141c51","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5958","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5958 — When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file(…","description":"When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file() performs two separate, non-atomic filesystem operations on the same path: \n1. resolves symlink to its target and stores the resolved path for determining when output is written,\n2. opens the origina…","indicators":{"cves":["CVE-2026-5958"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T12:16:08.433Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://cert.pl/en/posts/2026/04/CVE-2026-5958","label":"cvd@cert.pl","domainType":"other"},{"url":"https://www.gnu.org/software/sed/","label":"cvd@cert.pl","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6369","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-6369 — An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.…","description":"An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by sending an unauthenticated request to the livepatchd.sock Unix domain socket. This vulnerability is expl…","indicators":{"cves":["CVE-2026-6369"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T14:16:22.380Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://discourse.ubuntu.com/t/security-notice-canonical-livepatch-client-snap-vulnerability/80662","label":"security@ubuntu.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3219","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-3219 — pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is…","description":"pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing \"incorrect\" files according to the filename of the archive. New behavior only proceeds with i…","indicators":{"cves":["CVE-2026-3219"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:16:45.430Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/pypa/pip/pull/13870","label":"cna@python.org","domainType":"primary"},{"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ/","label":"cna@python.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/20/8","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-23758","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-23758 — GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the ticket subjec…","description":"GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the ticket subject field that allows authenticated staff members to inject malicious JavaScript by manipulating the editsubject POST parameter. Attackers can inject XSS payloads through inadequate sanitization in Cont…","indicators":{"cves":["CVE-2026-23758"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T18:16:24.643Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://gfi.ai/products-and-solutions/email-and-messaging-solutions/helpdesk/resources/product-releases","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://www.vulncheck.com/advisories/gfi-helpdesk-stored-xss-via-editsubject-parameter","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-11249","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2025-11249 — Rejected reason: This CVE id was assigned as a duplicate of CVE-2025-66414.","description":"Rejected reason: This CVE id was assigned as a duplicate of CVE-2025-66414.","indicators":{"cves":["CVE-2025-11249"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T19:16:07.780Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[],"feedLabel":null},{"id":"nvd-CVE-2026-32135","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-32135 — NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.11 have…","description":"NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.11 have a remotely triggerable heap buffer overflow in the `uri_param_parse` function of NanoMQ's REST API. The vulnerability occurs due to an off-by-one error when allocating memory for query parameter keys…","indicators":{"cves":["CVE-2026-32135"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T20:16:48.510Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/nanomq/nanomq/commit/69a97b3b39cc218f044f1c8896f4d3d8757bb394","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nanomq/nanomq/issues/2247","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nanomq/nanomq/security/advisories/GHSA-6w96-9qw7-m599","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-32311","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-32311 — Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, tr…","description":"Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are comprised of nodes and relat…","indicators":{"cves":["CVE-2026-32311"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T20:16:48.653Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/reconurge/flowsint/commit/b52cbbb904c8013b74308d58af88bc7dbb1b055c","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/reconurge/flowsint/security/advisories/GHSA-9g44-8xv2-f2m9","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/reconurge/flowsint/security/advisories/GHSA-9g44-8xv2-f2m9","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33031","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-33031 — Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, a user who was di…","description":"Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, a user who was disabled by an administrator can use previously issued API tokens for up to the token lifetime. In practice, disabling a compromised account does not actually terminate that user’s access, so an attacke…","indicators":{"cves":["CVE-2026-33031"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:32.783Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-x234-x5vq-cc2v","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33431","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-33431 — Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to vers…","description":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the POST /config/<service>/show API endpoint accepts a configver parameter that is directly appended to a base directory path to construct a local file path, which is subsequently opened…","indicators":{"cves":["CVE-2026-33431"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:34.823Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/roxy-wi/roxy-wi/commit/d4d100067dd0ee04317f05d3b51be8fcfdc3f802","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-w3c9-36jf-qrw4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-w3c9-36jf-qrw4","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33432","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-33432 — Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions u…","description":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions up to and including 8.2.8.2, when LDAP authentication is enabled, Roxy-WI constructs an LDAP search filter by directly concatenating the user-supplied login username into the filter string without esca…","indicators":{"cves":["CVE-2026-33432"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:34.970Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/roxy-wi/roxy-wi/blob/v8.2.8.2/app/modules/roxywi/auth.py","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-hv3x-4w38-r92m","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-hv3x-4w38-r92m","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-34403","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-34403 — Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket end…","description":"Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with CheckOrigin unconditionally returning true, allowing Cross-Site WebSocket Hijacking (CSWSH). Combined with the fact that authentication tokens…","indicators":{"cves":["CVE-2026-34403"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:36.267Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/0xJacky/nginx-ui/releases/tag/v2.3.5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-78mf-482w-62qj","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5358","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5358 — Rejected reason: REJECTED: CVE-2026-5358 is rejected for two reasons. Firstly it has been discovered…","description":"Rejected reason: REJECTED: CVE-2026-5358 is rejected for two reasons. Firstly it has been discovered that no NIS+ client or server was ever released for any Linux-based OS distributions and as such this makes the API provisional and unused.  Secondly it has been discovered that the NIS+ cold start c…","indicators":{"cves":["CVE-2026-5358"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:36.713Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[],"feedLabel":null},{"id":"nvd-CVE-2026-0930","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-0930 — Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request.…","description":"Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output.","indicators":{"cves":["CVE-2026-0930"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T22:16:23.210Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/wolfssl/wolfssh/pull/846","label":"facts@wolfssl.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-22051","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-22051 — StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.13 and 12.0.0.6 are susceptible…","description":"StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.13 and 12.0.0.6 are susceptible to a Information Disclosure vulnerability. Successful exploit could allow an authenticated attacker with low privileges to run arbitrary metrics queries, revealing metric results that they do not hav…","indicators":{"cves":["CVE-2026-22051"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T22:16:23.367Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://security.netapp.com/advisory/ntap-20260420-0001","label":"security-alert@netapp.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34082","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-34082 — Dify is an open-source LLM app development platform. Prior to 1.13.1, the method `DELETE /console/ap…","description":"Dify is an open-source LLM app development platform. Prior to 1.13.1, the method `DELETE /console/api/installed-apps/<appId>/conversations/<conversationId>` has poor authorization checking and allows any Dify-authenticated user to delete someone else's chat history. Version 1.13.1 patches the issue.","indicators":{"cves":["CVE-2026-34082"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T23:16:24.250Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/langgenius/dify/releases/tag/1.13.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/langgenius/dify/security/advisories/GHSA-fxq3-hh7x-c63p","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/langgenius/dify/security/advisories/GHSA-fxq3-hh7x-c63p","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-34839","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-34839 — Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Glances…","description":"Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Glances web server exposes a REST API (`/api/4/*`) that is accessible without authentication and allows cross-origin requests from any origin due to a permissive CORS policy (`Access-Control-Allow-Origin: *`…","indicators":{"cves":["CVE-2026-34839"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:27.910Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/nicolargo/glances/commit/fdfb977b1d91b5e410bc06c4e19f8bedb0005ce9","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nicolargo/glances/security/advisories/GHSA-gfc2-9qmw-w7vh","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nicolargo/glances/security/advisories/GHSA-gfc2-9qmw-w7vh","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35587","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-35587 — Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Si…","description":"Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery (SSRF) vulnerability exists in the Glances IP plugin due to improper validation of the public_api configuration parameter. The value of public_api is used directly in outbound HTTP…","indicators":{"cves":["CVE-2026-35587"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:29.030Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/nicolargo/glances/commit/d6808be66728956477cc4b544bab1acd71ac65fb","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nicolargo/glances/security/advisories/GHSA-g5pq-48mj-jvw8","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nicolargo/glances/security/advisories/GHSA-g5pq-48mj-jvw8","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-39388","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-39388 — OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao'…","description":"OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and `disable_binding=true` is set, attempts to verify the current request's presented mTLS certificate matches the original. Toke…","indicators":{"cves":["CVE-2026-39388"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T01:16:06.357Z","fetchedAt":"2026-04-22T15:00:21.762Z","references":[{"url":"https://github.com/openbao/openbao/security/advisories/GHSA-7ccv-rp6m-rffr","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-39861","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-39861 — Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not preven…","description":"Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace. When Claude Code subsequently wrote to a path within such a symlink, its unsandboxed process followed the syml…","indicators":{"cves":["CVE-2026-39861"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T01:16:06.647Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/anthropics/claude-code/security/advisories/GHSA-vp62-r36r-9xqp","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-39946","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-39946 — OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when Ope…","description":"OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when OpenBao revoked privileges on a role in the PostgreSQL database secrets engine, OpenBao failed to use proper database quoting on schema names provided by PostgreSQL. This could lead to role revocation fa…","indicators":{"cves":["CVE-2026-39946"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T01:16:06.790Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/openbao/openbao/security/advisories/GHSA-6vgr-cp5c-ffx3","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40264","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40264 — OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide mul…","description":"OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. This is addressed in v2.5.3.","indicators":{"cves":["CVE-2026-40264"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T01:16:06.917Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/openbao/openbao/security/advisories/GHSA-p49j-v9wc-wg57","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-39866","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-39866 — Lawnchair is a free, open-source home app for Android. Prior to commit fcba413f55dd47f8a392144525284…","description":"Lawnchair is a free, open-source home app for Android. Prior to commit fcba413f55dd47f8a3921445252849126c6266b2, command injection in release_update.yml workflow dispatch input allows arbitrary code execution. Commit fcba413f55dd47f8a3921445252849126c6266b2 patches the issue.","indicators":{"cves":["CVE-2026-39866"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T02:16:06.807Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/LawnchairLauncher/lawnchair/commit/fcba413f55dd47f8a3921445252849126c6266b2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/LawnchairLauncher/lawnchair/security/advisories/GHSA-9prc-pp2c-3427","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/LawnchairLauncher/lawnchair/security/advisories/GHSA-9prc-pp2c-3427","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40496","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40496 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment d…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment download tokens are generated using a weak and predictable formula: `md5(APP_KEY + attachment_id + size)`. Since attachment_id is sequential and size can be brute-forced in a small range, an unauthenti…","indicators":{"cves":["CVE-2026-40496"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T02:16:08.350Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/dbdf8f2260b43a21818255c70f0b61b9de9cd555","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.213","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-2783-wxmm-wmwr","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2025-13826","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2025-13826 — Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset req…","description":"Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attacker can exploit this vulnerability by sending malicious requests. If the vulnerability is successfull…","indicators":{"cves":["CVE-2025-13826"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T09:16:06.087Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-input-validation-zervit-portable-httpweb-server","label":"cve-coordination@incibe.es","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3317","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-3317 — Reflected Cross-Site Scripting (XSS) vulnerability in Navigate Content Management System. The vulner…","description":"Reflected Cross-Site Scripting (XSS) vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker to…","indicators":{"cves":["CVE-2026-3317"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T10:16:30.623Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-navigate-cms-application","label":"cve-coordination@incibe.es","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41037","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41037 — This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protec…","description":"This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative credenti…","indicators":{"cves":["CVE-2026-41037"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T10:16:30.957Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0200","label":"vdisclose@cert-in.org.in","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6553","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-6553 — Changing backend users' passwords via the user settings module results in storing the cleartext pass…","description":"Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0.","indicators":{"cves":["CVE-2026-6553"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T10:16:31.220Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/TYPO3/typo3/commit/9a6e913f70767f63b322ae3e2d2f4e302624c291","label":"f4fb688c-4412-4426-b4b8-421ecf27b14a","domainType":"primary"},{"url":"https://typo3.org/security/advisory/typo3-core-sa-2026-005","label":"f4fb688c-4412-4426-b4b8-421ecf27b14a","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41038","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41038 — This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password p…","description":"This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing password guessing or brute-force attacks against user accounts, leading to…","indicators":{"cves":["CVE-2026-41038"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T11:16:20.160Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0200","label":"vdisclose@cert-in.org.in","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41039","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41039 — This vulnerability exists in Quantum Networks router due to improper access control and insecure def…","description":"This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could exploit this vulnerability by accessing exposed API endpoints on the targeted device.\n\nSuccessful exploitati…","indicators":{"cves":["CVE-2026-41039"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T11:16:20.287Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0200","label":"vdisclose@cert-in.org.in","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-32147","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-32147 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erla…","description":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to modify file attributes outside the configured chroot directory.\n\nThe SFTP daemon (ssh_sftpd) stores the raw, user-supplied path in fi…","indicators":{"cves":["CVE-2026-32147"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:15:58.800Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://cna.erlef.org/cves/CVE-2026-32147.html","label":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","domainType":"other"},{"url":"https://github.com/erlang/otp/commit/28c5d5a6c5f873dc701b597276271763e7d1c004","label":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","domainType":"primary"},{"url":"https://github.com/erlang/otp/security/advisories/GHSA-28jg-mw9x-hpm5","label":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","domainType":"primary"},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-32147","label":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","domainType":"other"},{"url":"https://www.erlang.org/doc/system/versions.html#order-of-versions","label":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6756","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-6756 — Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150.","description":"Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150.","indicators":{"cves":["CVE-2026-6756"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:21.593Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1992585","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6757","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-6757 — Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 15…","description":"Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6757"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:21.690Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013588","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6762","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-6762 — Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firef…","description":"Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6762"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:22.137Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021080","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-10354","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2025-10354 — Cross-Site Scripting (XSS) vulnerability reflected in Semantic MediaWiki. This vulnerability allows…","description":"Cross-Site Scripting (XSS) vulnerability reflected in Semantic MediaWiki. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the '/index.php/Speciaal:GefacetteerdZoeken' endpoint parameter. This vulnerability can be exploite…","indicators":{"cves":["CVE-2025-10354"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:16:34.290Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-semantic-mediawiki","label":"cve-coordination@incibe.es","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3298","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-3298 — The method \"sock_recvfrom_into()\" of \"asyncio.ProacterEventLoop\" (Windows only) was missing a bounda…","description":"The method \"sock_recvfrom_into()\" of \"asyncio.ProacterEventLoop\" (Windows only) was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected.","indicators":{"cves":["CVE-2026-3298"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:16:37.047Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/python/cpython/commit/1274766d3c29007ab77245a72abbf8dce2a9db4d","label":"cna@python.org","domainType":"primary"},{"url":"https://github.com/python/cpython/commit/27522b7d6e6588f03e61099dd858cd5a9314e2f2","label":"cna@python.org","domainType":"primary"},{"url":"https://github.com/python/cpython/commit/95633d2aad4721e25e4dfd9f43dfb6e1edcbd741","label":"cna@python.org","domainType":"primary"},{"url":"https://github.com/python/cpython/issues/148808","label":"cna@python.org","domainType":"primary"},{"url":"https://github.com/python/cpython/pull/148809","label":"cna@python.org","domainType":"primary"},{"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/KWTPIQBOOOUNQP7UFSLBI437NJDFLA3F/","label":"cna@python.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5789","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5789 — Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a loca…","description":"Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path (C:\\Program Files\\CivetWeb\\CivetWeb.…","indicators":{"cves":["CVE-2026-5789"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:16:37.713Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/search-path-without-quotes-civetweb","label":"cve-coordination@incibe.es","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-41011","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2025-41011 — HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to re…","description":"HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a request to '/reports/generate/specific_customer', ussing 'start_date_formatted' y 'end_date_formatted' p…","indicators":{"cves":["CVE-2025-41011"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T16:16:19.143Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/html-injection-php-point-sale-0","label":"cve-coordination@incibe.es","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-41029","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2025-41029 — SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an at…","description":"SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameter 'phonenumber' in '/private/continue-upload.php'.","indicators":{"cves":["CVE-2025-41029"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T16:16:19.350Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-zeon-academy-pro-zeon-global-tech","label":"cve-coordination@incibe.es","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-30452","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-30452 — Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management syste…","description":"Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management system that allows authenticated users with low privileges to modify articles owned by users with higher privileges. By manipulating the article ID parameter during the duplicate-and-save workflow in textp…","indicators":{"cves":["CVE-2026-30452"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:36.303Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/textpattern/textpattern","label":"cve@mitre.org","domainType":"primary"},{"url":"https://textpattern.com/weblog/textpattern-491-released-security-fixes-patches-and-tweaks","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-38835","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-38835 — Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSB…","description":"Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.","indicators":{"cves":["CVE-2026-38835"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:53.357Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/jsjbcyber/repo/blob/main/rep_2.md","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40570","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40570 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the `load_cu…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the `load_customer_info` action in `POST /conversation/ajax` returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retr…","indicators":{"cves":["CVE-2026-40570"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:55.593Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/f35b4249c72d9bdac6ab1ea4e288f5894be34057","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.213","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-w77q-wjfp-c822","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-w77q-wjfp-c822","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40583","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40583 — UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit…","description":"UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit a signed SmartOp::Vote transaction that passes signature, nonce, and balance prechecks, but fails authorization only after state mutation has already occurred.","indicators":{"cves":["CVE-2026-40583"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:56.083Z","fetchedAt":"2026-04-22T15:00:21.763Z","references":[{"url":"https://github.com/UltraDAGcom/core/commit/2f5a3a237ea519b48d71e6e3093c89f60694c7be","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/UltraDAGcom/core/commit/45bcf7064741897319b6196d3d9f9e1307093511","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/UltraDAGcom/core/security/advisories/GHSA-q8wx-2crx-c7pp","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/UltraDAGcom/core/security/advisories/GHSA-q8wx-2crx-c7pp","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40599","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40599 — ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies.…","description":"ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.5, ClearanceKit incorrectly treats a process with an empty Team ID and a non-empty Signing ID as an Apple platform binary. This bug allows a malicious software to impersonate an apple pr…","indicators":{"cves":["CVE-2026-40599","CVE-2026-40604"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:16:51.693Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/craigjbass/clearancekit/security/advisories/GHSA-w253-42qp-5f2x","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/craigjbass/clearancekit/security/advisories/GHSA-5r9w-9fg6-266q","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40614","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40614 — PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier,…","description":"PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is a buffer overflow when decoding Opus audio frames due to insufficient buffer size validation in the Opus codec decode path. The FEC decode buffers (dec_frame[].buf) were allocated based on a…","indicators":{"cves":["CVE-2026-40614","CVE-2026-40892"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T19:16:17.880Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/pjsip/pjproject/commit/17897e835818f8ee03b1806ddcd7b95ea16d2c0e","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-j59p-4xrr-fp8g","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/pjsip/pjproject/commit/c82123ea6f3c3652bbc9ebd5e9e658c301451687","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-2wcg-w3c4-48r7","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40865","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40865 — Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure dir…","description":"Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR f…","indicators":{"cves":["CVE-2026-40865","CVE-2026-40866"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T19:16:18.017Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/horilla/horilla-hr/security/advisories/GHSA-85cj-fwjh-fjv7","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/horilla/horilla-hr/security/advisories/GHSA-q2qh-v828-r4p7","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40867","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40867 — Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, a broken access…","description":"Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, a broken access control vulnerability in the helpdesk attachment viewer allows any authenticated user to view attachments from other tickets by changing the attachment ID. This can expose sensitive support files and…","indicators":{"cves":["CVE-2026-40867"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T19:16:18.293Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/horilla/horilla-hr/security/advisories/GHSA-j6qp-j853-qrff","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/horilla/horilla-hr/security/advisories/GHSA-j6qp-j853-qrff","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41456","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41456 — Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the se…","description":"Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit crafte…","indicators":{"cves":["CVE-2026-41456"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T19:16:18.557Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://gist.github.com/thepiyushkumarshukla/36b213cdb3c7d603e23fd23605cd681e","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/bludit/bludit/commit/6732ddedda8b73ce0a017a1b6adf685100244e01","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/bludit/bludit/pull/1691","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/bludit-cms-reflected-xss-via-search-plugin","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33813","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-33813 — Parsing a WEBP image with an invalid, large size panics on 32-bit platforms.","description":"Parsing a WEBP image with an invalid, large size panics on 32-bit platforms.","indicators":{"cves":["CVE-2026-33813"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:16:56.387Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://go.dev/cl/759860","label":"security@golang.org","domainType":"other"},{"url":"https://go.dev/issue/78407","label":"security@golang.org","domainType":"other"},{"url":"https://pkg.go.dev/vuln/GO-2026-4961","label":"security@golang.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40872","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40872 — mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 20…","description":"mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover logs render the EMailAddress value (logged as the \"user\" field) without HTML escaping. By submitting an unauthenticated Autodiscover request with a crafted E…","indicators":{"cves":["CVE-2026-40872","CVE-2026-40873","CVE-2026-40874","CVE-2026-40875","CVE-2026-40878"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:00.673Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-f9xf-vc72-rcgm","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-2xjc-rg88-jvpp","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-jjxh-rm7p-hjc3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-jprq-w83q-q62h","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-xv9r-j862-5hqf","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40876","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40876 — goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP root escape…","description":"goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP root escape caused by prefix-based path validation. An authenticated SFTP user can read from and write to filesystem paths outside the configured SFTP root, which breaks the intended jail boundary and can expose…","indicators":{"cves":["CVE-2026-40876"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:01.263Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/patrickhener/goshs/security/advisories/GHSA-5h6h-7rc9-3824","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/patrickhener/goshs/security/advisories/GHSA-5h6h-7rc9-3824","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40880","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40880 — ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus ve…","description":"ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus version 5.0.2, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By carefully submitting a transaction that is valid for height H+1 but i…","indicators":{"cves":["CVE-2026-40880"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:01.687Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-xvj8-ph7x-65gf","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40881","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40881 — ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-network vers…","description":"ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-network version 5.0.1, when deserializing addr or addrv2 messages, which contain vectors of addresses, Zebra would fully deserialize them up to a maximum length (over 233,000) that was derived from the 2 MiB mess…","indicators":{"cves":["CVE-2026-40881"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:01.850Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-xr93-pcq3-pxf8","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-xr93-pcq3-pxf8","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40883","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40883 — goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs contains a cross…","description":"goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs contains a cross-site request forgery issue in its state-changing HTTP GET routes. An external attacker can cause an already authenticated browser to trigger destructive actions such as ?delete and ?mkdir because gos…","indicators":{"cves":["CVE-2026-40883"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:01.983Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/patrickhener/goshs/security/advisories/GHSA-jrq5-hg6x-j6g3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/patrickhener/goshs/security/advisories/GHSA-jrq5-hg6x-j6g3","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40888","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40888 — Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.1 an…","description":"Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting certain api endpoint. Versions 15.58.1 and 16.4.1 contain a patch. No known workarounds are availabl…","indicators":{"cves":["CVE-2026-40888"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:02.537Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"https://github.com/frappe/hrms/releases/tag/v15.58.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/frappe/hrms/releases/tag/v16.4.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/frappe/hrms/security/advisories/GHSA-4375-7rxj-9hfx","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2025-70420","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2025-70420 — A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated at…","description":"A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated attacker to execute arbitrary SQL queries against the backend database. The vulnerability is caused by unsanitized user-supplied input being concatenated directly into SQL statements.","indicators":{"cves":["CVE-2025-70420"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:22.900Z","fetchedAt":"2026-04-22T15:00:21.764Z","references":[{"url":"http://genesys.com","label":"cve@mitre.org","domainType":"other"},{"url":"https://okunsec.com/research/cve-2025-70420","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40895","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40895 — follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that a…","description":"follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. Prior to 1.16.0, when an HTTP request follows a cross-domain redirect (301/302/307/308), follow-redirects only strips authorization, proxy-authorization, and cookie hea…","indicators":{"cves":["CVE-2026-40895"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:44.337Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40939","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40939 — The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and F…","description":"The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. This…","indicators":{"cves":["CVE-2026-40939","CVE-2026-40942"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T22:16:19.547Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://dsf.dev/operations/v2.1.0/bpe/oidc.html","label":"security-advisories@github.com","domainType":"other"},{"url":"https://dsf.dev/operations/v2.1.0/fhir/oidc.html","label":"security-advisories@github.com","domainType":"other"},{"url":"https://github.com/datasharingframework/dsf/commit/f4ecb002f7d12642f92da6b79371ed367d0140e7","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/datasharingframework/dsf/security/advisories/GHSA-gj7p-595x-qwf5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/datasharingframework/dsf/commit/31c2e974dfd4351756104ee8c53dbcd666192fef","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/datasharingframework/dsf/commit/d3ca59b4daccde16a006fedeccce28fd1f826908","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/datasharingframework/dsf/security/advisories/GHSA-xmj9-7625-f634","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40943","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40943 — Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session…","description":"Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session heartbeat processing and session closure can cause the server to panic with send on closed channel. The heartbeat() method uses a blocking channel send while holding a mutex, and under specific timing…","indicators":{"cves":["CVE-2026-40943"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T22:16:19.847Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/oxia-db/oxia/security/advisories/GHSA-5gqc-qhrj-9xw8","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40944","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40944 — Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool() function in…","description":"Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool() function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates (e.g., intermediate + root CA), only the first certificate is loaded.…","indicators":{"cves":["CVE-2026-40944"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T22:16:19.980Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/oxia-db/oxia/security/advisories/GHSA-7jrq-q4pq-rhm6","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40945","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40945 — Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, t…","description":"Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. This vulnera…","indicators":{"cves":["CVE-2026-40945"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T22:16:20.107Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/oxia-db/oxia/security/advisories/GHSA-pm7q-rjjx-979p","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40946","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40946 — Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider…","description":"Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling the standard audience (aud) claim validation at the library level. This allows tokens issued for unrelated…","indicators":{"cves":["CVE-2026-40946"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T22:16:20.230Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/oxia-db/oxia/security/advisories/GHSA-fhvp-9hcj-6m33","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-3307","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-3307 — An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an att…","description":"An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the owner_id parameter in the request body.…","indicators":{"cves":["CVE-2026-3307"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:19.950Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.25","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.20","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.16","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.13","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.7","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.4","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.1","label":"product-cna@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-4296","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-4296 — An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowe…","description":"An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An attacker with knowledge of a first-party OAuth application's registered callback URL could craft a malicious authorization link that, when cli…","indicators":{"cves":["CVE-2026-4296"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:21.807Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.26","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.21","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.17","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.14","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.8","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.5","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.1","label":"product-cna@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-4821","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-4821 — An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Ser…","description":"An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Management Console administrator to execute arbitrary OS commands via shell metacharacter injection in proxy configuration fields such as http_proxy. Exploitation of…","indicators":{"cves":["CVE-2026-4821"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:22.037Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.24","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.21","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.17","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.14","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.8","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.5","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.1","label":"product-cna@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5512","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5512 — An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an a…","description":"An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and validation error messa…","indicators":{"cves":["CVE-2026-5512"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:22.297Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.26","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.21","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.17","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.14","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.8","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.5","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.1","label":"product-cna@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5845","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5845 — An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHu…","description":"An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write operations, via an authorization fallback that trea…","indicators":{"cves":["CVE-2026-5845"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:22.473Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.26","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.21","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.17","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.14","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.8","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.5","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.1","label":"product-cna@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5921","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5921 — A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that a…","description":"A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing side-channel attack against the notebook rendering service. When private mode was disabled, the noteboo…","indicators":{"cves":["CVE-2026-5921"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:22.667Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.26","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.21","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.17","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.14","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.8","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.5","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.1","label":"product-cna@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40343","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40343 — free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generat…","description":"free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.2, a fail-open request handling flaw in the UDR service causes the `/nudr-dr/v2/policy-data/subs-to-notify` POST handler to continue…","indicators":{"cves":["CVE-2026-40343"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T00:16:27.670Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-jwch-w7wh-gqjm","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41128","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41128 — Craft CMS is a content management system (CMS). In versions 5.6.0 through 5.9.14, the `actionSavePer…","description":"Craft CMS is a content management system (CMS). In versions 5.6.0 through 5.9.14, the `actionSavePermissions()` endpoint allows a user with only `viewUsers` permission to remove arbitrary users from all user groups. While `_saveUserGroups()` enforces per-group authorization for additions, it perform…","indicators":{"cves":["CVE-2026-41128"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T00:16:28.593Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/craftcms/cms/commit/b135384808ad43fcf8836a9dd9b877fb0087bc27","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/craftcms/cms/security/advisories/GHSA-jq2f-59pj-p3m3","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41129","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41129 — Craft CMS is a content management system (CMS). Versions on the 4.x branch through 4.17.8 and the 5.…","description":"Craft CMS is a content management system (CMS). Versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14 are vulnerable to Server-Side Request Forgery. The exploitation requires a few permissions to be enabled in the used GraphQL schema: \"Edit assets in the <VolumeName> volume\" an…","indicators":{"cves":["CVE-2026-41129"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T00:16:28.733Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/craftcms/cms/commit/d20aecfaa0eae076c4154be3b17e1f9fa05ce46f","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/craftcms/cms/security/advisories/GHSA-3m9m-24vh-39wx","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41130","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41130 — Craft CMS is a content management system (CMS). In versions on the 4.x branch through 4.17.8 and the…","description":"Craft CMS is a content management system (CMS). In versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14, the `resource-js` endpoint in Craft CMS allows unauthenticated requests to proxy remote JavaScript resources. \nWhen `trustedHosts` is not explicitly restricted (default con…","indicators":{"cves":["CVE-2026-41130"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T00:16:28.880Z","fetchedAt":"2026-04-22T15:00:21.765Z","references":[{"url":"https://github.com/craftcms/cms/commit/ebe7e85f1c89700d64332f72492be2e9a594e783","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/craftcms/cms/security/advisories/GHSA-95wr-3f2v-v2wh","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41136","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41136 — free5GC AMF provides Access & Mobility Management Function (AMF) for free5GC, an an open-source proj…","description":"free5GC AMF provides Access & Mobility Management Function (AMF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. Prior to version 1.4.3, the `HTTPUEContextTransfer` handler in `internal/sbi/api_communication.go` does not include a `default` case in the `Content-T…","indicators":{"cves":["CVE-2026-41136"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T00:16:29.423Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://github.com/free5gc/amf/releases/tag/v1.4.3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-r99v-75p9-xqm5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-r99v-75p9-xqm5","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40344","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40344 — MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prio…","description":"MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler (`PutObjectExtractHandler`) allows any user who knows a valid access key to write arb…","indicators":{"cves":["CVE-2026-40344","CVE-2026-41145"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T01:16:05.430Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://github.com/minio/minio/commit/76913a9fd5c6e5c2dbd4e8c7faf56ed9e9e24091","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/minio/minio/pull/16484","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/minio/minio/security/advisories/GHSA-9c4q-hq6p-c237","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/minio/minio/security/advisories/GHSA-hv4r-mvr4-25vw","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41146","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41146 — facil.io is a C micro-framework for web applications. Prior to commit 5128747363055201d3ecf0e29bf0a9…","description":"facil.io is a C micro-framework for web applications. Prior to commit 5128747363055201d3ecf0e29bf0a961703c9fa0, `fio_json_parse` can enter an infinite loop when it encounters a nested JSON value starting with `i` or `I`. The process spins in user space and pegs one CPU core at ~100% instead of retur…","indicators":{"cves":["CVE-2026-41146"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T02:16:02.237Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://github.com/boazsegev/facil.io/commit/5128747363055201d3ecf0e29bf0a961703c9fa0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/boazsegev/facil.io/security/advisories/GHSA-2x79-gwq3-vxxm","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/boazsegev/facil.io/security/advisories/GHSA-2x79-gwq3-vxxm","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41457","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41457 — OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and fi…","description":"OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit in…","indicators":{"cves":["CVE-2026-41457"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T03:16:00.613Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://github.com/owntone/owntone-server/commit/d4784ebf2099ed1a4203333aee957e5c7553c217","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/owntone-server-sql-injection-via-query-and-filter-parameters","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41458","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41458 — OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login h…","description":"OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login handler that allows unauthenticated attackers to crash the server by exploiting unsynchronized access to the global DAAP session list. Attackers can flood the DAAP /login endpoint with concurrent reque…","indicators":{"cves":["CVE-2026-41458"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T03:16:01.067Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://github.com/owntone/owntone-server/commit/dca94641a5ed66500822dd51281774794cdb6c22","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/owntone/owntone-server/pull/1980","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/owntone-server-race-condition-dos-via-daap-login","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5398","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5398 — The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the c…","description":"The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the calling process' session.  If the invoking process then exits, the terminal structure may end up containing a pointer to freed memory.\n\nA malicious process can abuse the dan…","indicators":{"cves":["CVE-2026-5398"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T03:16:01.213Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://security.freebsd.org/advisories/FreeBSD-SA-26:10.tty.asc","label":"secteam@freebsd.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6386","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-6386 — In order to apply a particular protection key to an address range, the kernel must update the corres…","description":"In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries.  The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shm_create_largepage(3) interface.  In particular, i…","indicators":{"cves":["CVE-2026-6386"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T03:16:01.313Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://security.freebsd.org/advisories/FreeBSD-SA-26:11.amd64.asc","label":"secteam@freebsd.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40451","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40451 — DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vuln…","description":"DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vulnerability, which allows an attacker to execute arbitrary script in a user's browser, and inject malicious HTML into web pages viewed by the user.","indicators":{"cves":["CVE-2026-40451"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T05:16:23.253Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://github.com/DeepLcom/deepl-chrome-extension/security/advisories/GHSA-4x2r-q3p9-xhx4","label":"vultures@jpcert.or.jp","domainType":"primary"},{"url":"https://jvn.jp/en/jp/JVN37524771/","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40542","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40542 — Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the cli…","description":"Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue.","indicators":{"cves":["CVE-2026-40542"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:16:12.780Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://lists.apache.org/thread/tfmgv86xr0z1y096vs3z0y315t1v3o97","label":"security@apache.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31431","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31431 — In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to o…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination…","indicators":{"cves":["CVE-2026-31431"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:21.270Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31432","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31432 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix OOB write in QUERY_IN…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix OOB write in QUERY_INFO for compound requests\n\nWhen a compound request such as READ + QUERY_INFO(Security) is received,\nand the first command (READ) consumes most of the response buffer,\nksmbd could write beyond the allo…","indicators":{"cves":["CVE-2026-31432"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:21.410Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://git.kernel.org/stable/c/075ea208c648cc2bcd616295b711d3637c61de45","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/515c2daab46021221bdf406bef19bc90a44ec617","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d48c64fb80ad78b3dd29fb7d79b6ec7bd72bfc09","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/fda9522ed6afaec45cabc198d8492270c394c7bc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31433","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31433 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial OOB in get_…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix potencial OOB in get_file_all_info() for compound requests\n\nWhen a compound request consists of QUERY_DIRECTORY + QUERY_INFO\n(FILE_ALL_INFORMATION) and the first command consumes nearly the entire\nmax_trans_size, get_fil…","indicators":{"cves":["CVE-2026-31433"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:21.573Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://git.kernel.org/stable/c/358cdaa1f7fbf2712cb4c5f6b59cb9a5c673c5fe","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3a852f9d1c981fb14f6bf4e24999e0ea8088a7d7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4cca3eff2099b18672934a39cee70aed835d652c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7aec5a769d2356cbf344d85bcfd36de592ac96a5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9d7032851d6f5adbe2739601ca456c0ad3b422f0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/b0cd9725fe2bcc9f37d096b132318a9060373f5d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/beef2634f81f1c086208191f7228bce1d366493d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-0539","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-0539 — Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local att…","description":"Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NT\\SYSTEM privileges on boot. This issue affects all ve…","indicators":{"cves":["CVE-2026-0539"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:30.317Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://labs.infoguard.ch/advisories/cve-2026-0539_pcvisit_local-privilege-escalation/","label":"vulnerability@ncsc.ch","domainType":"other"},{"url":"https://www.pcvisit.de/kundenbereich/release-notes","label":"vulnerability@ncsc.ch","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31192","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31192 — Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5.6.…","description":"Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5.6.76.0 allows attackers to obtain sensitive user data via a crafted request.","indicators":{"cves":["CVE-2026-31192"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:36.420Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS","label":"cve@mitre.org","domainType":"other"},{"url":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Origin","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/incoggeek/vulnerability-research/tree/master/CVE-2026-31192","label":"cve@mitre.org","domainType":"primary"},{"url":"https://support.google.com/chrome_webstore/answer/2664769?hl=en","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31434","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31434 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix leak of kobject name…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix leak of kobject name for sub-group space_info\n\nWhen create_space_info_sub_group() allocates elements of\nspace_info->sub_group[], kobject_init_and_add() is called for each\nelement via btrfs_sysfs_add_space_info_type(). Ho…","indicators":{"cves":["CVE-2026-31434"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:36.533Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://git.kernel.org/stable/c/1737ddeafbb1304f41ec2eede4f7366082e7c96a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3c645c6f7e5470debbb81666b230056de48f36dc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3c844d01f9874a43004c82970d8da94f9aba8949","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/416484f21a9d1280cf6daa7ebc10c79b59c46e48","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/94054ffd311a1f76b7093ba8ebf50bdb0d28337c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a4376d9a5d4c9610e69def3fc0b32c86a7ab7a41","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31435","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31435 — In the Linux kernel, the following vulnerability has been resolved: netfs: Fix read abandonment duri…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix read abandonment during retry\n\nUnder certain circumstances, all the remaining subrequests from a read\nrequest will get abandoned during retry.  The abandonment process expects\nthe 'subreq' variable to be set to the place…","indicators":{"cves":["CVE-2026-31435"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:36.710Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://git.kernel.org/stable/c/3e5fd8f53b575ff2188f82071da19c977ca56c41","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7e57523490cd2efb52b1ea97f2e0a74c0fb634cd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8f2f2bd128a8d9edbc1e785760da54ada3df69b7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31436","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31436 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wr…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc()\n\nAt the end of this function, d is the traversal cursor of flist, but the\ncode completes found instead. This can lead to issues such as NULL pointer\nde…","indicators":{"cves":["CVE-2026-31436"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:36.843Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://git.kernel.org/stable/c/0e4f43779d550e559be13a5cdb763bad92c4cc99","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/82656e8daf8de00935ae91b91bed43f4d6e0d644","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e1c9866173c5f8521f2d0768547a01508cb9ff27","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e21da2ad8844585040fe4b82be1ad2fe99d40074","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31437","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31437 — In the Linux kernel, the following vulnerability has been resolved: netfs: Fix NULL pointer derefere…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix NULL pointer dereference in netfs_unbuffered_write() on retry\n\nWhen a write subrequest is marked NETFS_SREQ_NEED_RETRY, the retry path\nin netfs_unbuffered_write() unconditionally calls stream->prepare_write()\nwithout che…","indicators":{"cves":["CVE-2026-31437"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:36.980Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://git.kernel.org/stable/c/7a5482f5ce891decbf36f2e6fab1e9fc4a76a684","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a4d1b4ba9754bac3efebd06f583a44a7af52c0ab","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e9075e420a1eb3b52c60f3b95893a55e77419ce8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31438","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31438 — In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel BUG in netfs_l…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix kernel BUG in netfs_limit_iter() for ITER_KVEC iterators\n\nWhen a process crashes and the kernel writes a core dump to a 9P\nfilesystem, __kernel_write() creates an ITER_KVEC iterator. This\niterator reaches netfs_limit_ite…","indicators":{"cves":["CVE-2026-31438"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:37.100Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://git.kernel.org/stable/c/00d6df7115f6972370974212de9088087820802e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/18c2e20b42dd21db599e42d05ddaeeb647b2bb6d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4bc2d72c7695cedf6d4e1a558924903c2b28a78e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/67e467a11f62ff64ad219dc6aa5459e132c79d14","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31439","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31439 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix reg…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: xilinx: xdma: Fix regmap init error handling\n\ndevm_regmap_init_mmio returns an ERR_PTR() upon error, not NULL.\nFix the error check and also fix the error message. Use the error code\nfrom ERR_PTR() instead of the wrong va…","indicators":{"cves":["CVE-2026-31439"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:37.240Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://git.kernel.org/stable/c/4b6e1da50b22e5528b9003f376a3cecccce4decc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/59f6ccd0f3345be2e8a78bdef2103e93f180633a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9787b3d9b908785b40bc3f2e6d7082fdb8fdd98a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e0adbf74e2a0455a6bc9628726ba87bcd0b42bf8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f27197ccfd2ecd2c71f27fd57c6d507e892ad24d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31440","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31440 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix leaking eve…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix leaking event log memory\n\nDuring the device remove process, the device is reset, causing the\nconfiguration registers to go back to their default state, which is\nzero. As the driver is checking if the event log…","indicators":{"cves":["CVE-2026-31440"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:37.390Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://git.kernel.org/stable/c/9dfa00967e6ef43a9dd0887fe5c3a721a39da92e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d94f9b0ba28a205caf95902ee88b42bdb8af83d0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ee66bc29578391c9b48523dc9119af67bd5c7c0f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/facd0012708e942fc12890708738aebde497564e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31441","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31441 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix memory leak…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix memory leak when a wq is reset\n\nidxd_wq_disable_cleanup() which is called from the reset path for a\nworkqueue, sets the wq type to NONE, which for other parts of the\ndriver mean that the wq is empty (all its re…","indicators":{"cves":["CVE-2026-31441"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:37.530Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://git.kernel.org/stable/c/0c3d3ac57e3c52b570b8c695903306bff07e04c8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/39c1504e0e76bcfb93991fd94288a83e05d13b51","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/54d77cc0c40ca2f894859dc7b3c52997574f1a2a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a16098a2f0c11ee5e04e23aa7478ca1fcfb0f658","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a9e7815d38629bcf59d3005001f1f315424a58de","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d9cfb5193a047a92a4d3c0e91ea4cc87c8f7c478","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31442","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31442 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix possible in…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix possible invalid memory access after FLR\n\nIn the case that the first Function Level Reset (FLR) concludes\ncorrectly, but in the second FLR the scratch area for the saved\nconfiguration cannot be allocated, it's…","indicators":{"cves":["CVE-2026-31442"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:37.703Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://git.kernel.org/stable/c/504c0e6751001ac46917c73e703f2b1b92cfc026","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/867d0c801f21370d561420fa32f2ea1a7dc3a22d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d6077df7b75d26e4edf98983836c05d00ebabd8d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31443","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31443 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix crash when…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix crash when the event log is disabled\n\nIf reporting errors to the event log is not supported by the hardware,\nand an error that causes Function Level Reset (FLR) is received, the\ndriver will try to restore the e…","indicators":{"cves":["CVE-2026-31443"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:37.860Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://git.kernel.org/stable/c/0e761079d653c25f838380cf7cef2730832110cc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/52d2edea0d63c935e82631e4b9e4a94eccf97b5b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/aa0ffc6d3990ec35976308a068dc23178037e564","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31444","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31444 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free and NU…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free and NULL deref in smb_grant_oplock()\n\nsmb_grant_oplock() has two issues in the oplock publication sequence:\n\n1) opinfo is linked into ci->m_op_list (via opinfo_add) before\n   add_lease_global_list() is cal…","indicators":{"cves":["CVE-2026-31444"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:38.010Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://git.kernel.org/stable/c/48623ec358c1c600fa1e38368746f933e0f1a617","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6d7e5a918c1d0aad06db0e17677b66fc9a471021","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7de55bba69cbf0f9280daaea385daf08bc076121","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9e785f004cbc56390479b77375726ea9b0d1a8a6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a5c6f6d6ceefed2d5210ee420fb75f8362461f46","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31445","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31445 — In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: avoid use of half…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/core: avoid use of half-online-committed context\n\nOne major usage of damon_call() is online DAMON parameters update.  It is\ndone by calling damon_commit_ctx() inside the damon_call() callback\nfunction.  damon_commit_ctx()…","indicators":{"cves":["CVE-2026-31445"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:38.177Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://git.kernel.org/stable/c/1b247cd0654a3a306996fa80741d79296c683a56","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/26f775a054c3cda86ad465a64141894a90a9e145","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9c495f9d3781cd692bd199531cabd4627155e8cd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31446","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31446 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in upda…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix use-after-free in update_super_work when racing with umount\n\nCommit b98535d09179 (\"ext4: fix bug_on in start_this_handle during umount\nfilesystem\") moved ext4_unregister_sysfs() before flushing s_sb_upd_work\nto prevent ne…","indicators":{"cves":["CVE-2026-31446"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:38.340Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://git.kernel.org/stable/c/034053378dd81837fd6c7a43b37ee2e58d4f0b4e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/08b10e6f37fc533a759e9833af0692242e8b3f93","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9449f99ba04f5dd1c8423ad8a90b3651d7240d1d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c4d829737329f2290dd41e290b7d75effdb2a7ff","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c8fe17a1b308c3d8c703ebfb049b325f844342c3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c97e282f7bfd0c3554c63d289964a5ca6a1d2ffe","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d15e4b0a418537aafa56b2cb80d44add83e83697","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31447","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31447 — In the Linux kernel, the following vulnerability has been resolved: ext4: reject mount if bigalloc w…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: reject mount if bigalloc with s_first_data_block != 0\n\nbigalloc with s_first_data_block != 0 is not supported, reject mounting\nit.","indicators":{"cves":["CVE-2026-31447"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:38.577Z","fetchedAt":"2026-04-22T15:00:21.766Z","references":[{"url":"https://git.kernel.org/stable/c/3822743dc20386d9897e999dbb990befa3a5b3f8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3a926957cc95899ef88529710836edadc03c71a1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5ad6d994255e27a3254079dfb50ca861fc31f2d0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7b58c110b4e1f028eb38eec9ed3555e9be81c8b0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7d5b04290156c3fc316eecc86a4f9d201ab7d44a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ad1f6d608f33f59d21a3d025615d6786a6443998","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/b77de3fceafbb39f30e4ff5dc986f863d5456417","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d787d3ae96648dc14a3b7ca8fde817177e82c1c7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31448","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31448 — In the Linux kernel, the following vulnerability has been resolved: ext4: avoid infinite loops cause…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid infinite loops caused by residual data\n\nOn the mkdir/mknod path, when mapping logical blocks to physical blocks,\nif inserting a new extent into the extent tree fails (in this example,\nbecause the file system disabled th…","indicators":{"cves":["CVE-2026-31448"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:38.760Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/3a7667595bcad84da53fc156a418e110267c3412","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/416c86f30f91b4fb2642ef6b102596ca898f41a5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5422fe71d26d42af6c454ca9527faaad4e677d6c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/64f425b06b3bea9abc8977fd3982779b3ad070c9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c66545e83a802c3851d9be27a41c0479dd29ff0c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ecc50bfca9b5c2ee6aeef998181689b80477367b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31449","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31449 — In the Linux kernel, the following vulnerability has been resolved: ext4: validate p_idx bounds in e…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: validate p_idx bounds in ext4_ext_correct_indexes\n\next4_ext_correct_indexes() walks up the extent tree correcting\nindex entries when the first extent in a leaf is modified. Before\naccessing path[k].p_idx->ei_block, there is n…","indicators":{"cves":["CVE-2026-31449"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:38.933Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/01bf1e0b997d82c0e353b51ed74ef99698043c33","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/2acb5c12ebd860f30e4faf67e6cc8c44ddfe5fe8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/407c944f217c17d4343148011acafebc604d55e1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/93f2e975ed658ce09db4d4c2877ca2c06540df83","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31451","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31451 — In the Linux kernel, the following vulnerability has been resolved: ext4: replace BUG_ON with proper…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: replace BUG_ON with proper error handling in ext4_read_inline_folio\n\nReplace BUG_ON() with proper error handling when inline data size\nexceeds PAGE_SIZE. This prevents kernel panic and allows the system to\ncontinue running wh…","indicators":{"cves":["CVE-2026-31451"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:39.310Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/356227096eb66e41b23caf7045e6304877322edf","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/65c6c30ce6362c1c684568744ea510c921a756cd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/823849a26af089ffc5dfdd2ae4b9d446b46a0cda","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a7d600e04732a7d29b107c91fe3aec64cf6ce7f2","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d4b3f370c3d8f7ce565d4a718572c9f7c12f77ed","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31452","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31452 — In the Linux kernel, the following vulnerability has been resolved: ext4: convert inline data to ext…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: convert inline data to extents when truncate exceeds inline size\n\nAdd a check in ext4_setattr() to convert files from inline data storage\nto extent-based storage when truncate() grows the file size beyond the\ninline capacity.…","indicators":{"cves":["CVE-2026-31452"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:39.460Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/07c1a31af18290054da3d18221b8bf58983c5d3a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/110d7ef602659ce4d7947c5480f7ca2779696aaf","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/699bac4d4c951974d55b045c983d1de777215949","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7920dcc571cef3d8aa9ee109c136125d61d41669","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/93cb2d103e5c707de0f7ad58a39b7f0fddc27aa6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c047332be7195833a5c5126816c2502df8269fe4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ed9356a30e59c7cc3198e7fc46cfedf3767b9b17","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f53a5d9f32924bc2a810d2df243b7714da58b636","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31453","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31453 — In the Linux kernel, the following vulnerability has been resolved: xfs: avoid dereferencing log ite…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: avoid dereferencing log items after push callbacks\n\nAfter xfsaild_push_item() calls iop_push(), the log item may have been\nfreed if the AIL lock was dropped during the push. Background inode\nreclaim or the dquot shrinker can f…","indicators":{"cves":["CVE-2026-31453"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:39.653Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/451c6329d9afa45862c36fe6677eb7750db60617","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7121b22b0bac89394cc4c6a54b5aebc15347bdf5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/79ef34ec0554ec04bdbafafbc9836423734e1bd6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/95fb5d643cc70959baa54cd17f52f80ffc3295e7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c4d603e8e58a3bf35480135ccca2b4f7238abda5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c8a2ab339b88d10fc34a3318c92f07d8a467019d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31454","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31454 — In the Linux kernel, the following vulnerability has been resolved: xfs: save ailp before dropping t…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: save ailp before dropping the AIL lock in push callbacks\n\nIn xfs_inode_item_push() and xfs_qm_dquot_logitem_push(), the AIL lock\nis dropped to perform buffer IO. Once the cluster buffer no longer\nprotects the log item from rec…","indicators":{"cves":["CVE-2026-31454"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:39.823Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/19437e4f7bb909afde832b39372aa2f3ce3cfd88","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/394d70b86fae9fe865e7e6d9540b7696f73aa9b6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4c7d50147316cf049462f327c4a3e9dc2b7f1dd0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/50f5f056807b7bed74f4f307f2ca0ed92f3e556d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6dbe17f19c290a72ce57d5abc70e1fad0c3e14e5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/75669e987137f49c99ca44406bf0200d1892dd16","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d8fc60bbaf5aea1604bf9f4ed565da6a1ac7a87d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/edd1637d4e3911ab6c760f553f2040fe72f61a13","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31455","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31455 — In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushing…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: stop reclaim before pushing AIL during unmount\n\nThe unmount sequence in xfs_unmount_flush_inodes() pushed the AIL while\nbackground reclaim and inodegc are still running. This is broken\nindependently of any use-after-free issue…","indicators":{"cves":["CVE-2026-31455"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:40.013Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/239d734c00644072862fa833805c4471573b1445","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4f24a767e3d64a5f58c595b5c29b6063a201f1e3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/558e3275d8a3b101be18a7fe7d1634053e9d9b07","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8147e304d7d32fd5c3e943babc296ce2873dc279","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a89434a6188d8430ea31120da96e3e4cefb58686","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/bda27fc0b4eb3a425d9a18475c4cb94fbe862c60","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d38135af04a3ad8a585c899d176efc8e97853115","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e6cc490048f78b009259a5f032acead9f789c34c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31457","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31457 — In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts->…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs: check contexts->nr in repeat_call_fn\n\ndamon_sysfs_repeat_call_fn() calls damon_sysfs_upd_tuned_intervals(),\ndamon_sysfs_upd_schemes_stats(), and\ndamon_sysfs_upd_schemes_effective_quotas() without checking contexts->…","indicators":{"cves":["CVE-2026-31457","CVE-2026-31458"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:41.133Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/3527e9fdc38570cea0f6ddb7a2c9303d4044b217","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/652cd0641a763dd0e846b0d12814977fadb2b7d8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6557004a8b59c7701e695f02be03c7e20ed1cc15","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/1bfe9fb5ed2667fb075682408b776b5273162615","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/1e8da792672481d603fa7cd0d815577220a3ee27","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/708033c231bd782858f4ddbb46ee874a5a5fbdab","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/aba546061341b56e9ffb37e1eb661a3628b6ec12","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/bbe03ad3fb9e714191757ca7b41582f930be7be2","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31459","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31459 — In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fix param_ctx le…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs: fix param_ctx leak on damon_sysfs_new_test_ctx() failure\n\nPatch series \"mm/damon/sysfs: fix memory leak and NULL dereference\nissues\", v4.\n\nDAMON_SYSFS can leak memory under allocation failure, and do NULL pointer\nde…","indicators":{"cves":["CVE-2026-31459"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:41.417Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/7fe000eb32904758a85e62f6ea9483f89d5dabfc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e9de9f3ce06b133a348006668bc8d25c6e504867","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f76f0a964bc3d7b7e253b43c669c41356bc54e71","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31462","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31462 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: prevent immediate PA…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: prevent immediate PASID reuse case\n\nPASID resue could cause interrupt issue when process\nimmediately runs into hw state left by previous\nprocess exited with the same PASID, it's possible that\npage faults are still pendi…","indicators":{"cves":["CVE-2026-31462"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:41.787Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/14b81abe7bdc25f8097906fc2f91276ffedb2d26","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/51ccaf0e30c303149244c34820def83d74c86288","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9e5ebfe99b223bb0eb9c50a125c9c02f4ef4c71b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c0b3882836de8ac991b626823966f385555bbcff","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31463","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31463 — In the Linux kernel, the following vulnerability has been resolved: iomap: fix invalid folio access…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\niomap: fix invalid folio access when i_blkbits differs from I/O granularity\n\nCommit aa35dd5cbc06 (\"iomap: fix invalid folio access after\nfolio_end_read()\") partially addressed invalid folio access for folios\nwithout an ifs attached…","indicators":{"cves":["CVE-2026-31463"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:42.323Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/4a927f670cdb0def226f9f85f42a9f19d9e09c88","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/bd71fb3fea9945987053968f028a948997cba8cc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31464","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31464 — In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Fix OOB access in…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done()\n\nA malicious or compromised VIO server can return a num_written value in the\ndiscover targets MAD response that exceeds max_targets. This value is\nstored directly in vh…","indicators":{"cves":["CVE-2026-31464"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:42.450Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/394a1cac3c12fdd7d77f19ccfd222ab5ff87ef89","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4ed727e35b0ab17d3eeeb1e8023768396e2be161","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/61d099ac4a7a8fb11ebdb6e2ec8d77f38e77362f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/786f10b1966e485046839f992e89f2c18cbd1983","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a007246cb6c9ebdc93dafbf63cc2d43d98f402cc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/bae4df0a643fa7f84663473aa3082a9c2ed139db","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d1466bf991b2343cf2ba8336e440c8faf3cbb780","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d842348f8a00d5b1d7358f207eb34ffcf5b16df3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31465","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31465 — In the Linux kernel, the following vulnerability has been resolved: writeback: don't block sync for…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nwriteback: don't block sync for filesystems with no data integrity guarantees\n\nAdd a SB_I_NO_DATA_INTEGRITY superblock flag for filesystems that cannot\nguarantee data persistence on sync (eg fuse). For superblocks with this\nflag se…","indicators":{"cves":["CVE-2026-31465"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:42.633Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/5c24a13d8a0466ca0446e58309e51f2606520164","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/76f9377cd2ab7a9220c25d33940d9ca20d368172","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/83800f8ef358ea2fc9b1ae4986b83f2bc24be927","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31466","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31466 — In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix folio isn't…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/huge_memory: fix folio isn't locked in softleaf_to_folio()\n\nOn arm64 server, we found folio that get from migration entry isn't locked\nin softleaf_to_folio().  This issue triggers when mTHP splitting and\nzap_nonpresent_ptes() ra…","indicators":{"cves":["CVE-2026-31466"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:42.780Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/426ee10711586617da869c8bb798214965337617","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4c5e7f0fcd592801c9cc18f29f80fbee84eb8669","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/722cfaf6b31d31123439e67b5deac6b1261a3dea","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7ad1997b9bc8032603df8f091761114479285769","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7ddcf4a245c1c5a91fdd9698757e3d95179ffe41","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8bfb8414e9f2ce6f5f2f0e3d0da52f2d132128e7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/b8c49ad888892ad7b77062b9c102b799a3e9b4f8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f1acf5887c2bbaf998dc3fe32c72b7a8b84a3ddd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31467","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31467 — In the Linux kernel, the following vulnerability has been resolved: erofs: add GFP_NOIO in the bio c…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: add GFP_NOIO in the bio completion if needed\n\nThe bio completion path in the process context (e.g. dm-verity)\nwill directly call into decompression rather than trigger another\nworkqueue context for minimal scheduling latenci…","indicators":{"cves":["CVE-2026-31467"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:42.977Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/378949f46e897204384f3f5f91e42e93e3f87568","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5c8ecdcfbfb0b0c6a82a4ebadc1ddea61609b902","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c23df30915f83e7257c8625b690a1cece94142a0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d6565ea662e17d45a577184b0011bd69de22dc2b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d9d8360cb66e3b599d89d2526e7da8b530ebf2ff","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/da40464064599eefe78749f75cd2bba371044c04","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e83e20b82859f0588e9a52a6fa9fea704a2061cf","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31468","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31468 — In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Fix double free in dma…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Fix double free in dma-buf feature\n\nThe error path through vfio_pci_core_feature_dma_buf() ignores its\nown advice to only use dma_buf_put() after dma_buf_export(), instead\nfalling through the entire unwind chain.  In the…","indicators":{"cves":["CVE-2026-31468"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:43.143Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/83ad334afc9a645cef1062f5346526b1e36d6516","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e98137f0a874ab36d0946de4707aa48cb7137d1c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31469","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31469 — In the Linux kernel, the following vulnerability has been resolved: virtio_net: Fix UAF on dst_ops w…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false\n\nA UAF issue occurs when the virtio_net driver is configured with napi_tx=N\nand the device's IFF_XMIT_DST_RELEASE flag is cleared\n(e.g., durin…","indicators":{"cves":["CVE-2026-31469"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:43.260Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/63d45077b97bb0e0fe0c75931acbbca7a47af141","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8a4790850e710fd6771e4d2112168ed1dd6c0e54","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9a18629f2525781f0f3dda7be72b204e4cf77d08","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ba8bda9a0896746053aa97ac6c3e08168729172c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/be0e63f3b97bbaf453c542e8a15ba2a536e2ac01","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c1ec36cb3768574b916f20d2d7415fd14fa1bf12","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f04733c4dc40c43899c3d1c97afbae5831a3770f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/fedd2e1630cac920844997227ccbe7b26a76375a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31470","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31470 — In the Linux kernel, the following vulnerability has been resolved: virt: tdx-guest: Fix handling of…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nvirt: tdx-guest: Fix handling of host controlled 'quote' buffer length\n\nValidate host controlled value `quote_buf->out_len` that determines how\nmany bytes of the quote are copied out to guest userspace. In TDX\nenvironments with rem…","indicators":{"cves":["CVE-2026-31470"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:43.473Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/02ca2d9d197723696cb9cc0cb159eb7e8bf5f89b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6f3c8795ae9ba74fa10fe979293d1904712d3fb1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a079a62883e3365de592cea9f7a669d8115433b0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c3fd16c3b98ed726294feab2f94f876290bf7b61","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31471","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31471 — In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: only publish mode_d…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: iptfs: only publish mode_data after clone setup\n\niptfs_clone_state() stores x->mode_data before allocating the reorder\nwindow. If that allocation fails, the code frees the cloned state and\nreturns -ENOMEM, leaving x->mode_dat…","indicators":{"cves":["CVE-2026-31471"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:43.610Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/371a43c4ac70cac0de9f9b1fc5b1660b9565b9f1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5784a1e2889c9525a8f036cb586930e232170bf7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d849a2f7309fc0616e79d13b008b0a47e0458b6e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31472","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31472 — In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: validate inner IPv4…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: iptfs: validate inner IPv4 header length in IPTFS payload\n\nAdd validation of the inner IPv4 packet tot_len and ihl fields parsed\nfrom decrypted IPTFS payloads in __input_process_payload(). A crafted\nESP packet containing an i…","indicators":{"cves":["CVE-2026-31472"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:43.740Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/0d10393d5eac33cbd92f7a41fddca12c41d3cb7e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3db7d4f777a00164582061ccaa99569cd85011a3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/de6d8e8ce5187f7402c9859b443355e7120c5f09","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31473","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31473 — In the Linux kernel, the following vulnerability has been resolved: media: mc, v4l2: serialize REINI…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex\n\nMEDIA_REQUEST_IOC_REINIT can run concurrently with VIDIOC_REQBUFS(0)\nqueue teardown paths. This can race request object cleanup against vb2\nqueue cancellation and…","indicators":{"cves":["CVE-2026-31473"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:43.863Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/1a0d9083c24fbd5d22f7100f09d11e4d696a5f01","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/2c685e99efb3b3bd2b78699fba6b1cf321975db0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/331242998a7ade5c2f65e14988901614629f3db5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/585fd9a2063dacce8b2820f675ef23d5d17434c5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/72b9e81e0203f03c40f3adb457f55bd4c8eb112d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/bef4f4a88b73e4cc550d25f665b8a9952af22773","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/cf2023e84f0888f96f4b65dc0804e7f3651969c1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d8549a453d5bdc0a71de66ad47a1106703406a56","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31474","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31474 — In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix tx.buf use-after…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ncan: isotp: fix tx.buf use-after-free in isotp_sendmsg()\n\nisotp_sendmsg() uses only cmpxchg() on so->tx.state to serialize access\nto so->tx.buf. isotp_release() waits for ISOTP_IDLE via\nwait_event_interruptible() and then calls kfr…","indicators":{"cves":["CVE-2026-31474"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:44.053Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/2e62e7051eca75a7f2e3d52d62ec10d7d7aa358c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/424e95d62110cdbc8fd12b40918f37e408e35a92","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9649d051e54413049c009638ec1dc23962c884a4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/cb3d6efa78460e6d50bf68806d0db66265709f64","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/eec8a1b18a79600bd4419079dc0026c1db72a830","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31475","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31475 — In the Linux kernel, the following vulnerability has been resolved: ASoC: sma1307: fix double free o…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: sma1307: fix double free of devm_kzalloc() memory\n\nA previous change added NULL checks and cleanup for allocation\nfailures in sma1307_setting_loaded().\n\nHowever, the cleanup for mode_set entries is wrong. Those entries are\nal…","indicators":{"cves":["CVE-2026-31475"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:44.207Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/1a82c3272626db9006f4c2cad3adf2916417aed6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d472d1a52985211b92883bb64bbe710b45980190","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/fe757092d2329c397ecb32f2bf68a5b1c4bd9193","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31476","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31476 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: do not expire session on…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: do not expire session on binding failure\n\nWhen a multichannel session binding request fails (e.g. wrong password),\nthe error path unconditionally sets sess->state = SMB2_SESSION_EXPIRED.\nHowever, during binding, sess points…","indicators":{"cves":["CVE-2026-31476"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:44.337Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/1d1888b4a7aec518b707f6eca0bf08992c0e8da3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6fafc4c4238e538969f1375f9ecdc6587c53f1cc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9bbb19d21ded7d78645506f20d8c44895e3d0fb9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a897064a457056acb976e20e3007cdf553de340f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e0e5edc81b241c70355217de7e120c97c3429deb","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f5300690c23c5ac860499bb37dbc09cf43fd62e6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31477","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31477 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leaks and NULL…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix memory leaks and NULL deref in smb2_lock()\n\nsmb2_lock() has three error handling issues after list_del() detaches\nsmb_lock from lock_list at no_check_cl:\n\n1) If vfs_lock_file() returns an unexpected error in the non-UNLO…","indicators":{"cves":["CVE-2026-31477"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:44.440Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/309b44ed684496ed3f9c5715d10b899338623512","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3cdacd11b41569ce75b3162142240f2355e04900","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/91aeaa7256006d79a37298f5a1df23325db91599","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/aab42f0795620cf0d3955a520f571f697d0f9a2a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c9b95ef6f5039f19e46c3a521a4fe1752d91dfe9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/cdac6f7e7e428dc70e3b5898ac6999a72ed13993","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31478","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31478 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: replace hardcoded hdr2_le…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()\n\nAfter this commit (e2b76ab8b5c9 \"ksmbd: add support for read compound\"),\nresponse buffer management was changed to use dynamic iov array.\nIn the new…","indicators":{"cves":["CVE-2026-31478"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:44.630Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/0e55f63dd08f09651d39e1b709a91705a8a0ddcb","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4cb537ae4f37d7d0f617815ed4bed7173fb50861","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6aef1765d6807e0f027cd87f6ac973eb0879a46d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/70b4c414889492c522b6e4331562360f49be2361","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/80824c7e527b70cf9039534e60aff592e8f209d1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9a7166f0ef8cbb7bb48dd05e2471d995566003f5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c3a89e3ec1ccf64fa6a34e391e1581ebbcba8683","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31480","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31480 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix potential deadlock…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix potential deadlock in cpu hotplug with osnoise\n\nThe following sequence may leads deadlock in cpu hotplug:\n\n    task1        task2        task3\n    -----        -----        -----\n\n mutex_lock(&interface_lock)…","indicators":{"cves":["CVE-2026-31480"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:45.170Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/03474a01c199de17a8e2d39b51df6beb9c76e831","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/1f9885732248d22f788e4992c739a98c88ab8a55","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7a41d4633cd2c15eb5ed31e8f3b16910e50a8c9f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7aa095ce7d224308cb6979956f0de8607df93d4f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/cf929c21eeed5bd39873fb14bfdfff963fa6f1da","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ef41a85a55022e27cdaebf22a6676910b66f65aa","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f278b8ebf7eba2a1699cfc7bf30dd3ef898d60d7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31481","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31481 — In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Drain deferred trigger frees if kthread creation fails\n\nBoot-time trigger registration can fail before the trigger-data cleanup\nkthread exists. Deferring those frees until late init is fine, but the\npost-boot fallback must…","indicators":{"cves":["CVE-2026-31481"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:45.340Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/250ab25391edeeab8462b68be42e4904506c409c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/771624b7884a83bb9f922ae64ee41a5f8b7576c9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31482","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31482 — In the Linux kernel, the following vulnerability has been resolved: s390/entry: Scrub r12 register o…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ns390/entry: Scrub r12 register on kernel entry\n\nBefore commit f33f2d4c7c80 (\"s390/bp: remove TIF_ISOLATE_BP\"),\nall entry handlers loaded r12 with the current task pointer\n(lg %r12,__LC_CURRENT) for use by the BPENTER/BPEXIT macros.…","indicators":{"cves":["CVE-2026-31482"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:45.457Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/0738d395aab8fae3b5a3ad3fc640630c91693c27","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7f4e3233faa8470dd0627bc49b2809f2bfebd909","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/95c899cd791803a5bf7b73e5994fbbe1cc1a9c36","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/99a8b420f3f0e162eb9c9c9253929d4d23f9bd30","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a58d298a83a3a9b7ca99ded9d60a1e77231159ef","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31483","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31483 — In the Linux kernel, the following vulnerability has been resolved: s390/syscalls: Add spectre bound…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ns390/syscalls: Add spectre boundary for syscall dispatch table\n\nThe s390 syscall number is directly controlled by userspace, but does\nnot have an array_index_nospec() boundary to prevent access past the\nsyscall function pointer tab…","indicators":{"cves":["CVE-2026-31483"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:45.627Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/1cb9c7bc9025c637564fabc7fcc3c9343949e310","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3c3b97064764899c39a0abbd35a6caa031e70333","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/48b8814e25d073dd84daf990a879a820bad2bcbd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4d05dd18d867d58c6952a3bc260d244899da7256","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7a5260fbc6e79a1595328ec5c6aa3f937504a1f0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/87776f02449e3bded95b2ccbd6b012e9ae64e6f3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f8c444b918d639e1f9a621ee20fe481c1d10dfc4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31484","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31484 — In the Linux kernel, the following vulnerability has been resolved: io_uring/fdinfo: fix OOB read in…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/fdinfo: fix OOB read in SQE_MIXED wrap check\n\n__io_uring_show_fdinfo() iterates over pending SQEs and, for 128-byte\nSQEs on an IORING_SETUP_SQE_MIXED ring, needs to detect when the second\nhalf of the SQE would be past the…","indicators":{"cves":["CVE-2026-31484"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:45.800Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/5170efd9c344c68a8075dcb8ed38d3f8a60e7ed4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ba21ab247a5be5382da7464b95afbe5f0e9aa503","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31485","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31485 — In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-lpspi: fix teardown…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-fsl-lpspi: fix teardown order issue (UAF)\n\nThere is a teardown order issue in the driver. The SPI controller is\nregistered using devm_spi_register_controller(), which delays\nunregistration of the SPI controller until after…","indicators":{"cves":["CVE-2026-31485"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:45.923Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/15650dfbaeeb14bcaaf053b93cf631db8d465300","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/adb25339b66112393fd6892ceff926765feb5b86","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/b341c1176f2e001b3adf0b47154fc31589f7410e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ca4483f36ac1b62e69f8b182c5b8f059e0abecfb","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d5d01f24bc6fbde40b4e567ef9160194b61267bc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e3fd54f8b0317fbccc103961ddd660f2a32dcf0b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e89e2b97253c124d37bf88e96e5e8ce5c3aeeec3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/fbe6f40caeebb0b1ea9dfedc259124c1d3cda7a6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31486","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31486 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (pmbus/core) Protect regu…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (pmbus/core) Protect regulator operations with mutex\n\nThe regulator operations pmbus_regulator_get_voltage(),\npmbus_regulator_set_voltage(), and pmbus_regulator_list_voltage()\naccess PMBus registers and shared data but were…","indicators":{"cves":["CVE-2026-31486"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:46.160Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/2c77ae315f3ce9d2c8e1609be74c9358c1fe4e07","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4e9d723d9f198b86f6882a84c501ba1f39e8d055","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/754bd2b4a084b90b5e7b630e1f423061a9b9b761","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31487","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31487 — In the Linux kernel, the following vulnerability has been resolved: spi: use generic driver_override…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: use generic driver_override infrastructure\n\nWhen a driver is probed through __driver_attach(), the bus' match()\ncallback is called without the device lock held, thus accessing the\ndriver_override field without a lock, which ca…","indicators":{"cves":["CVE-2026-31487"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:46.307Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/c73a58661a760373d08a6883af4f0bb5cc991a67","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/cc34d77dd48708d810c12bfd6f5bf03304f6c824","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e0ae367a2de06c49aa1de6ec9b1ab6860bbb2cf0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/eedf220442d13b6d97294e5b0ac8a2c38ee1a1a0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31489","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31489 — In the Linux kernel, the following vulnerability has been resolved: spi: meson-spicc: Fix double-put…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: meson-spicc: Fix double-put in remove path\n\nmeson_spicc_probe() registers the controller with\ndevm_spi_register_controller(), so teardown already drops the\ncontroller reference via devm cleanup.\n\nCalling spi_controller_put() a…","indicators":{"cves":["CVE-2026-31489"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:46.603Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/40ad0334c17b23d8b66b1082ad1478a6202e90e2","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/63542bb402b7013171c9f621c28b609eda4dbf1f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9b812ceb75a6260c17c91db4b9e74ead8cfa06f5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/da06a104f0486355073ff0d1bcb1fcbebb7080d6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31490","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31490 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix use-after-free in…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/pf: Fix use-after-free in migration restore\n\nWhen an error is returned from xe_sriov_pf_migration_restore_produce(),\nthe data pointer is not set to NULL, which can trigger use-after-free\nin subsequent .write() calls.\nSet the…","indicators":{"cves":["CVE-2026-31490"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:46.763Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/87997b6c6516e049cbaf2fc6810b213d587a06b1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e28552b4ddea5cb4725380dd08237831af835124","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31491","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31491 — In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Harden depth calcula…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Harden depth calculation functions\n\nAn issue was exposed where OS can pass in U32_MAX for SQ/RQ/SRQ size.\nThis can cause integer overflow and truncation of SQ/RQ/SRQ depth\nreturning a success when it should have failed.…","indicators":{"cves":["CVE-2026-31491"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:46.880Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/3f08351de5ca4f2f724b86ad252fbc21289467e1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/cbd852f5700eb3f64392452faf693ac45cae8281","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e37afcb56ae070477741fe2d6e61fc0c542cce2d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31492","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31492 — In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Initialize free_qp c…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Initialize free_qp completion before using it\n\nIn irdma_create_qp, if ib_copy_to_udata fails, it will call\nirdma_destroy_qp to clean up which will attempt to wait on\nthe free_qp completion, which is not initialized yet.…","indicators":{"cves":["CVE-2026-31492"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:47.010Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/11a95521fb93c91e2d4ef9d53dc80ef0a755549b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3cb88c12461b71c7d9c604aa2e6a9a477ecfa147","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ac1da7bd224d406b6f1b84414f0f652ab43b6bd8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/af310407f79d5816fc0ab3638e1588b6193316dd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/cd1534c8f4984432382c240f6784408497f5bb0a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f72996834f7bdefc2b95e3eec30447ee195df44e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31493","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31493 — In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix use of completion…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/efa: Fix use of completion ctx after free\n\nOn admin queue completion handling, if the admin command completed with\nerror we print data from the completion context. The issue is that we\nalready freed the completion context in p…","indicators":{"cves":["CVE-2026-31493"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:47.170Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/0dd98aea1c0c45987fa2dd92f988b0eb1a72c125","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/1cf95fe5dc5471efea947b4c6f8913da6bc7976e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ef3b06742c8a201d0e83edc9a33a89a4fe3009f8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31494","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31494 — In the Linux kernel, the following vulnerability has been resolved: net: macb: use the current queue…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: macb: use the current queue number for stats\n\nThere's a potential mismatch between the memory reserved for statistics\nand the amount of memory written.\n\ngem_get_sset_count() correctly computes the number of stats based on the…","indicators":{"cves":["CVE-2026-31494"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:47.293Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/240c5302eed83e34e98db18f6795ee5f40814024","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/72d96e4e24bbefdcfbc68bdb9341a05d8f5cb6e5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7ff87da099210856cbfe2f2f7f52ddfa57af4f0c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/95246341945163ad9a250a87ca5bd1c1252777ae","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9596759a84e1dbf2670518d85e969208960041f9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9738be665544281aa624842812c2fbfed6f88226","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9d74d10e4e26672e139a8bcf8bf95957bf2d160f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e182fe273cdf5a8931592228196ef514ffac392b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31495","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31495 — In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use netlin…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: use netlink policy range checks\n\nReplace manual range and mask validations with netlink policy\nannotations in ctnetlink code paths, so that the netlink core rejects\ninvalid values early and can generate extack…","indicators":{"cves":["CVE-2026-31495"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:47.500Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/2ef71307c86a9f866d6e28f1a0c06e2e9d794474","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/435b576cd2faa75154777868f8cbb73bf71644d3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/45c33e79ae705b7af97e3117672b6cd258dd0b1b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4f7d25f3f0786402ba48ff7d13b6241d77d975f5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/675c913b940488a84effdeeac5a1cfb657b59804","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8f15b5071b4548b0aafc03b366eb45c9c6566704","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c6cb41eaae875501eaaa487b8db6539feb092292","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/fcec5ce2d73a41668b24e3f18c803541602a59f6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31496","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31496 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_expect:…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conntrack_expect: skip expectations in other netns via proc\n\nSkip expectations that do not reside in this netns.\n\nSimilar to e77e6ff502ea (\"netfilter: conntrack: do not dump other netns's\nconntrack entries via proc\").","indicators":{"cves":["CVE-2026-31496"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:47.693Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/168145c87444619e3e649322bbe7719ecd00d411","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/2028405ea6987b4448784e439413202cfe19f43f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3265ad619987cb551edaf797ed056d80ac450225","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3db5647984de03d9cae0dcddb509b058351f0ee4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9ca8c7452493d915f9bbf2f39331e6c583d07a23","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/dcfcd95b3ae7683e8ae55c92284b3430ce614bc7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31497","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31497 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: clamp SCO alts…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btusb: clamp SCO altsetting table indices\n\nbtusb_work() maps the number of active SCO links to USB alternate\nsettings through a three-entry lookup table when CVSD traffic uses\ntransparent voice settings. The lookup curre…","indicators":{"cves":["CVE-2026-31497"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:47.857Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/1019028eb124564cf7bca58a16f1df8a1ca30726","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/129fa608b6ad08b8ab7178eeb2ec272c993aaccc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/21c254202f9d78abe0fcd642a92966deb92bd226","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/312c4450fe23014665c163f480edd5ad2e27bbb8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/476c9262b430c38c6a701a3b8176a3f48689085b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6fba3c3d48c927e55611a0f5ea34da88138ed0ff","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/834cf890d2c3d29cbfa1ee2376c40469c28ec297","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9dd13a8641de79bc1bc93da55cdd35259a002683","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31498","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31498 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix ERTM re-in…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop\n\nl2cap_config_req() processes CONFIG_REQ for channels in BT_CONNECTED\nstate to support L2CAP reconfiguration (e.g. MTU changes). However,\nsince both CONF_INPUT_DONE…","indicators":{"cves":["CVE-2026-31498"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:48.067Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/042e2cd4bb11e5313b19b87593616524949e4c52","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/25f420a0d4cfd61d3d23ec4b9c56d9f443d91377","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/52667c859fe33f70c2e711cb81bbd505d5eb8e75","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/900e4db5385ec2cacd372345a80ab9c8e105b3a3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9760b83cfd24b38caee663f429011a0dd6064fa9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9a21a631ee034b1573dce14b572a24943dbfd7ae","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/de37e2655b7abc3f59254c6b72256840f39fc6d5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e7aab23b7df89a3d754a5f0a7d2237548b328bd0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31499","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31499 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix deadlock i…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix deadlock in l2cap_conn_del()\n\nl2cap_conn_del() calls cancel_delayed_work_sync() for both info_timer\nand id_addr_timer while holding conn->lock. However, the work functions\nl2cap_info_timeout() and l2cap_conn_u…","indicators":{"cves":["CVE-2026-31499"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:48.283Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/00fdebbbc557a2fc21321ff2eaa22fd70c078608","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3f26ecbd9cde621dd94be7ef252c7210b965a5c7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d008460de352e534f6721de829b093368564ec66","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31500","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31500 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: serialize bt…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock\n\nbtintel_hw_error() issues two __hci_cmd_sync() calls (HCI_OP_RESET\nand Intel exception-info retrieval) without holding\nhci_req_sync_lock().  This lets it race…","indicators":{"cves":["CVE-2026-31500"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:48.427Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/5f84e845648dfa86e42de5487f1a774b42f0444d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/66696648af477dc87859e5e4b607112f5f29d010","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/94d8e6fe5d0818e9300e514e095a200bd5ff93ae","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e10a4cb72468686ffbe8bb2b0520e37f6be1a0c5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f7d84737663ad4a120d2d8ef1561a4df91282c2e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31501","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31501 — In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix use-a…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ti: icssg-prueth: fix use-after-free of CPPI descriptor in RX path\n\ncppi5_hdesc_get_psdata() returns a pointer into the CPPI descriptor.\nIn both emac_rx_packet() and emac_rx_packet_zc(), the descriptor is\nfreed via k3_cppi_des…","indicators":{"cves":["CVE-2026-31501"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:48.597Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/d5827316debcb677679bb014885d7be92c410e11","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/eb8c426c9803beb171f89d15fea17505eb517714","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31502","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31502 — In the Linux kernel, the following vulnerability has been resolved: team: fix header_ops type confus…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nteam: fix header_ops type confusion with non-Ethernet ports\n\nSimilar to commit 950803f72547 (\"bonding: fix type confusion in\nbond_setup_by_slave()\") team has the same class of header_ops type\nconfusion.\n\nFor non-Ethernet ports, tea…","indicators":{"cves":["CVE-2026-31502"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:48.713Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/0a7468ed49a6b65d34abcc6eb60e15f7f6d34da0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/20491d384d973a63fbdaf7a71e38d69b0659ea55","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/425000dbf17373a4ab8be9428f5dc055ef870a56","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6d3161fa3eee64d46b766fb0db33ec7f300ef52d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31503","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31503 — In the Linux kernel, the following vulnerability has been resolved: udp: Fix wildcard bind conflict…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nudp: Fix wildcard bind conflict check when using hash2\n\nWhen binding a udp_sock to a local address and port, UDP uses\ntwo hashes (udptable->hash and udptable->hash2) for collision\ndetection. The current code switches to \"hash2\" whe…","indicators":{"cves":["CVE-2026-31503"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:48.863Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/0a360f7f73a06ac88f18917055fbcc79694252d7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/18d84c45def3671d5c89fbdd5d4ab8a3217fe4b4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/2297e38114316b26ae02f2d205c49b5511c5ed55","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d6ace0dbcbb7fd285738bb87b42b71b01858c952","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e537dd15d0d4ad989d56a1021290f0c674dd8b28","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f1bed05a832ae79be5f7a105da56810eaa59a5f1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31504","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31504 — In the Linux kernel, the following vulnerability has been resolved: net: fix fanout UAF in packet_re…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix fanout UAF in packet_release() via NETDEV_UP race\n\n`packet_release()` has a race window where `NETDEV_UP` can re-register a\nsocket into a fanout group's `arr[]` array. The re-registration is not\ncleaned up by `fanout_relea…","indicators":{"cves":["CVE-2026-31504"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:49.040Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/1b4c03f8892d955385c202009af7485364731bb9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/42156f93d123436f2a27c468f18c966b7e5db796","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/42cfd7898eeed290c9fb73f732af1f7d6b0a703e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/654386baef228c2992dbf604c819e4c7c35fc71b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/75fe6db23705a1d55160081f7b37db9665b1880b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ceccbfc6de720ad633519a226715989cfb065af1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d0c7cdc15fdf8c4f91aca1928e52295d175b6ec6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ee642b1962caa9aa231c01abbd58bc453ae6b66e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31505","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31505 — In the Linux kernel, the following vulnerability has been resolved: iavf: fix out-of-bounds writes i…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\niavf: fix out-of-bounds writes in iavf_get_ethtool_stats()\n\niavf incorrectly uses real_num_tx_queues for ETH_SS_STATS. Since the\nvalue could change in runtime, we should use num_tx_queues instead.\n\nMoreover iavf_get_ethtool_stats()…","indicators":{"cves":["CVE-2026-31505"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:49.233Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/1f931dee5b726df1940348ec31614d64bac03aa6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/bb85741d2dc2be207353a412f51b83697fcbefcf","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/fdf902bf86a80bf15792a1d20a67a5302498d7f1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/fecacfc95f195b99c71c579a472120d0b4ed65fa","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31506","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31506 — In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix double free of…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bcmasp: fix double free of WoL irq\n\nWe do not need to free wol_irq since it was instantiated with\ndevm_request_irq(). So devres will free for us.","indicators":{"cves":["CVE-2026-31506"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:49.397Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/121a6ad9cd42ba3bfc57deae93e3326515c2afe1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8a30509ce6a29bdf18e0802383c524a7b2357ec0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9e5f5c07cc7d66522f8c9676c28605eba5d4a20e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/cbfa5be2bf64511d49b854a0f9fd6d0b5118621f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31507","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31507 — In the Linux kernel, the following vulnerability has been resolved: net/smc: fix double-free of smc_…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer\n\nsmc_rx_splice() allocates one smc_spd_priv per pipe_buffer and stores\nthe pointer in pipe_buffer.private.  The pipe_buf_operations for these\nbuffers…","indicators":{"cves":["CVE-2026-31507"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:49.523Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/24dd586bb4cbba1889a50abe74143817a095c1c9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3cc76380fea749280c026f410af56a28aaac388a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/54c87a730157868543ebdfa0ecb21b4590ed23a5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7bcb974c771c863e8588cea0012ac204443a7126","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7e8916f46c2f48607f907fd401590093753a6bc5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/81acbd345d405994875d419d43b319fee0b9ad62","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/98ba5cb274768146e25ffbfde47753652c1c20d3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ae5575e660410c8d2c5d38fb28a0f37aea945676","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31508","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31508 — In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Avoid releasin…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: Avoid releasing netdev before teardown completes\n\nThe patch cited in the Fixes tag below changed the teardown code for\nOVS ports to no longer unconditionally take the RTNL. After this change,\nthe netdev_destroy()…","indicators":{"cves":["CVE-2026-31508"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:49.727Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/33609454be4f582e686a4bf13d4482a5ca0f6c4b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/43579baa17270aa51f93eb09b6e4af6e047b7f6e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4c3e25a7b711a402fcbbbcfbbdf2868ece1ae7c8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5fdeaf591a0942772c2d18ff3563697a49ad01c6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/755a6300afbd743cda4b102f24f343380ec0e0ff","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7c770dadfda5cbbde6aa3c4363ed513f1d212bf8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/95265232b49765a4d00f4d028c100bb7185600f4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/df3c95be76103604e752131d9495a24814915ece","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31509","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31509 — In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix circular locking d…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: fix circular locking dependency in nci_close_device\n\nnci_close_device() flushes rx_wq and tx_wq while holding req_lock.\nThis causes a circular locking dependency because nci_rx_work()\nrunning on rx_wq can end up taking re…","indicators":{"cves":["CVE-2026-31509"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:49.947Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/09143c0e8f3b03517e6233aad42f45c794d8df8e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/1edc12d2bbcb7a8d0f1088e6fccb9d8c01bb1289","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4527025d440ce84bf56e75ce1df2e84cb8178616","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5eef9ebec7f5738f12cadede3545c05b34bf5ac3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7ed00a3edc8597fe2333f524401e2889aa1b5edf","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ca54e904a071aa65ef3ad46ba42d51aaac6b73b4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d89b74bf08f067b55c03d7f999ba0a0e73177eb3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/eb435d150ca74b4d40f77f1a2266f3636ed64a79","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31511","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31511 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix dangling po…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete\n\nThis fixes the condition checking so mgmt_pending_valid is executed\nwhenever status != -ECANCELED otherwise calling mgmt_pending_free(cmd)\nwould kfree…","indicators":{"cves":["CVE-2026-31511"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:50.343Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/340666172cf747de58c283d2eef1f335f050538b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3a89c33deffb3cb7877a7ea2e50734cd12b064f2","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5f5fa4cd35f707344f65ce9e225b6528691dbbaa","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/bafec9325d4de26b6c49db75b5d5172de652aae0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31512","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31512 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate PDU l…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()\n\nl2cap_ecred_data_rcv() reads the SDU length field from skb->data using\nget_unaligned_le16() without first verifying that skb contains at lea…","indicators":{"cves":["CVE-2026-31512"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:50.490Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/3340be2bafdcc806f048273ea6d8e82a6597aa1b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/40c7f7eea2f4d9cb0b3e924254c8c9053372168f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/477ad4976072056c348937e94f24583321938df4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5ad981249be52f5e4e92e0e97b436b569071cb86","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8c96f3bd4ae0802db90630be8e9851827e9c9209","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c65bd945d1c08c3db756821b6bf9f1c4a77b29c6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/cef09691cfb61f6c91cc27c3d69634f81c8ab949","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e47315b84d0eb188772c3ff5cf073cdbdefca6b4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31513","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31513 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix stack-out-…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix stack-out-of-bounds read in l2cap_ecred_conn_req\n\nSyzbot reported a KASAN stack-out-of-bounds read in l2cap_build_cmd()\nthat is triggered by a malformed Enhanced Credit Based Connection Request.\n\nThe vulnerabi…","indicators":{"cves":["CVE-2026-31513"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:50.673Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/5b35f8211a913cfe7ab9d54fa36a272d2059a588","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9d87cb22195b2c67405f5485d525190747ad5493","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a3d9c50d69785ae02e153f000da1b5fd6dbfdf1b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c8e1a27edb8b4e5afb56b384acd7b6c2dec1b7cc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31514","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31514 — In the Linux kernel, the following vulnerability has been resolved: erofs: set fileio bio failed in…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: set fileio bio failed in short read case\n\nFor file-backed mount, IO requests are handled by vfs_iocb_iter_read().\nHowever, it can be interrupted by SIGKILL, returning the number of\nbytes actually copied. Unused folios in bio…","indicators":{"cves":["CVE-2026-31514"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:50.810Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/5a5f23ef5431639db1ac3a0b274aef3a84cc413c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5cf3972c8221abdb1b464a14ccf8103d840b9085","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d1ba7d6b3cd1757b108d7b6856c92ae661d6c323","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/eade54040384f54b7fb330e4b0975c5734850b3c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31515","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31515 — In the Linux kernel, the following vulnerability has been resolved: af_key: validate families in pfk…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\naf_key: validate families in pfkey_send_migrate()\n\nsyzbot was able to trigger a crash in skb_put() [1]\n\nIssue is that pfkey_send_migrate() does not check old/new families,\nand that set_ipsecrequest() @family argument was truncated,…","indicators":{"cves":["CVE-2026-31515"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:50.940Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/7b18692c59afb8e5c364c8e3ac01e51dd6b52028","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/83f644ea92987c100b82d8481ae2230faeed3d34","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8ddf8de7e758f6888988467af9ffc8adf589fb16","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d0c5aa8dd38887714f1aad04236a3620b56a5e4e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d3225e6b9bd51ec177970a628fe4b11237ce87d5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e06b596fc4eb01936a2e5dccad17c946d660bab8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/eb2d16a7d599dc9d4df391b5e660df9949963786","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ee836e820a40e2ca4da8af7310bff92d586772d4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31516","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31516 — In the Linux kernel, the following vulnerability has been resolved: xfrm: prevent policy_hthresh.wor…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: prevent policy_hthresh.work from racing with netns teardown\n\nA XFRM_MSG_NEWSPDINFO request can queue the per-net work item\npolicy_hthresh.work onto the system workqueue.\n\nThe queued callback, xfrm_hash_rebuild(), retrieves th…","indicators":{"cves":["CVE-2026-31516"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:51.130Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/29fe3a61bcdce398ee3955101c39f89c01a8a77e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4e2e77843fef473ef47e322d52436d8308582a96","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/56ea2257b83ee29a543f158159e3d1abc1e3e4fe","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8854e9367465d784046362698731c1111e3b39b8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31517","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31517 — In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix skb_put() panic…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: iptfs: fix skb_put() panic on non-linear skb during reassembly\n\nIn iptfs_reassem_cont(), IP-TFS attempts to append data to the new inner\npacket 'newskb' that is being reassembled. First a zero-copy approach is\ntried if it suc…","indicators":{"cves":["CVE-2026-31517"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:51.273Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/0b352f83cabfefdaafa806d6471f0eca117dc7d5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/33a7b36268933c75bdc355e5531951e0ea9f1951","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7fdfe8f6efeb0e1200e22a903f2471539f54522b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31518","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31518 — In the Linux kernel, the following vulnerability has been resolved: esp: fix skb leak with espintcp…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nesp: fix skb leak with espintcp and async crypto\n\nWhen the TX queue for espintcp is full, esp_output_tail_tcp will\nreturn an error and not free the skb, because with synchronous crypto,\nthe common xfrm output code will drop the pac…","indicators":{"cves":["CVE-2026-31518"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:51.410Z","fetchedAt":"2026-04-22T15:00:21.767Z","references":[{"url":"https://git.kernel.org/stable/c/0c0eef8ccd2413b0a10eb6bbd3442333b1e64dd2","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/41aafca57de4a4c026701622bd4648f112a9edcd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4820847e036ff1035b01b69ad68dfc17e7028fe9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6a3ec6efbc4f90e0ccb2e71574f07351f19996f4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6aa9841d917532d0f2d932d1ff2f3a94305aaf47","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/88d386243ed374ac969dabd3bbc1409a31d81818","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/aca3ad0c262f54a5b5c95dda80a48365997d1224","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/df6f995358dc1f3c42484f5cfe241d7bd3e1cd15","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31519","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31519 — In the Linux kernel, the following vulnerability has been resolved: btrfs: set BTRFS_ROOT_ORPHAN_CLE…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create\n\nWe have recently observed a number of subvolumes with broken dentries.\nls-ing the parent dir looks like:\n\ndrwxrwxrwt 1 root root 16 Jan 23 16:49 .\ndrwxr-xr-x 1 root root 24…","indicators":{"cves":["CVE-2026-31519"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:51.580Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://git.kernel.org/stable/c/2ec578e6452138ab76f6c9a9c18711fcd197649f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5131fa077f9bb386a1b901bf5b247041f0ec8f80","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/696683f214495db3cdacab9a713efaaced8660f8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a41a9b8d19a98b45591528c6e54d31cc66271d1e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c57276ced3c3207f42182dfa2f0d8e860357e111","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d43da8de0ed376abafbad8a245a1835e8f66cb0f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31520","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31520 — In the Linux kernel, the following vulnerability has been resolved: HID: apple: avoid memory leak in…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nHID: apple: avoid memory leak in apple_report_fixup()\n\nThe apple_report_fixup() function was returning a\nnewly kmemdup()-allocated buffer, but never freeing it.\n\nThe caller of report_fixup() does not take ownership of the returned…","indicators":{"cves":["CVE-2026-31520"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:51.770Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://git.kernel.org/stable/c/239c15116d80f67d32f00acc34575f1a6b699613","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/2635d0c715f3fb177e0f80ecd5fa48feb6bf3884","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/31860c3f7ac66ab897a8c90dc4e74fa17ca0b624","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/be1a341c161430282acdfe2ac99b413271575cf1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e2f090aeb7b9930a964e151910f4d45b04c8a7e5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e652ebd29928181c3e6820e303da25873e9917d4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31521","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31521 — In the Linux kernel, the following vulnerability has been resolved: module: Fix kernel panic when a…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nmodule: Fix kernel panic when a symbol st_shndx is out of bounds\n\nThe module loader doesn't check for bounds of the ELF section index in\nsimplify_symbols():\n\n       for (i = 1; i < symsec->sh_size / sizeof(Elf_Sym); i++) {\n\t\tconst…","indicators":{"cves":["CVE-2026-31521"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:51.930Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://git.kernel.org/stable/c/082f15d2887329e0f43fd3727e69365f5bfe5d2c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4bbdb0e48176fd281c2b9a211b110db6fd94e175","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5d16f519b6eb1d071807e57efe0df2baa8d32ad6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6ba6957c640f58dc8ef046981a045da43e47ea23","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ec2b22a58073f80739013588af448ff6e2ab906f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ef75dc1401d8e797ee51559a0dd0336c225e1776","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f9d69d5e7bde2295eb7488a56f094ac8f5383b92","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31522","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31522 — In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: avoid memory le…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nHID: magicmouse: avoid memory leak in magicmouse_report_fixup()\n\nThe magicmouse_report_fixup() function was returning a\nnewly kmemdup()-allocated buffer, but never freeing it.\n\nThe caller of report_fixup() does not take ownership o…","indicators":{"cves":["CVE-2026-31522"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:52.100Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://git.kernel.org/stable/c/136f605e246b4bfe7ac2259471d1ff814aed0084","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/579c4c9857acdc8380fa99803f355f878bd766cb","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/79e5dcc95d9abed6f8203cfd529f4ec71f0e505d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7edfe4346b052b708645d0acc0f186425766b785","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/91e8c6e601bdc1ccdf886479b6513c01c7e51c2c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d84c21aabaab517b9aaf9bc1d785922cb9db2f31","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/fa95b0146358b49f9858139b67314591fd5871b0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31523","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31523 — In the Linux kernel, the following vulnerability has been resolved: nvme-pci: ensure we're polling a…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: ensure we're polling a polled queue\n\nA user can change the polled queue count at run time. There's a brief\nwindow during a reset where a hipri task may try to poll that queue\nbefore the block layer has updated the queue m…","indicators":{"cves":["CVE-2026-31523"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:52.263Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://git.kernel.org/stable/c/0685dd9cb855ab77fcf3577b4702ba1d6df1c98d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/166e31d7dbf6aa44829b98aa446bda5c9580f12a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6f12734c4b619f923a4df0b1a46b8098b187d324","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/965e2c943f065122f14282a88d70a8a92e12a4da","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/acbc72dd1a09df53cafcf577259f4678be6afd6d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/b222680ba55e018426c4535067a008f1d81a5d21","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/b96c7b25eb1b748f3e3b1832ebf028b0b223d7e3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ba167d5982e2eb6ff9356d409eca592ce99555da","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31524","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31524 — In the Linux kernel, the following vulnerability has been resolved: HID: asus: avoid memory leak in…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nHID: asus: avoid memory leak in asus_report_fixup()\n\nThe asus_report_fixup() function was returning a newly allocated\nkmemdup()-allocated buffer, but never freeing it.  Switch to\ndevm_kzalloc() to ensure the memory is managed and f…","indicators":{"cves":["CVE-2026-31524"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:52.430Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://git.kernel.org/stable/c/2bad24c17742fc88973d6aea526ce1353f5334a3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/2e4fe6b15c2f390c023b20d728b1a3fe7ea4f973","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/726765b43deb2b4723869d673cc5fc6f7a3b2059","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7a6d6e4d8af044f94fa97e97af5ff2771e1fbebd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/84724ac4821a160d47b84289adf139023027bdbb","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a41cc7c1668e44ff2c2d36f9a6353253ffc43e3c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ede95cfcab8064d9a08813fbd7ed42cea8843dcf","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f20f17cffbe34fb330267e0f8084f5565f807444","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31525","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31525 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix undefined behavior in i…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN\n\nThe BPF interpreter's signed 32-bit division and modulo handlers use\nthe kernel abs() macro on s32 operands. The abs() macro documentation\n(include/linux/math.h) exp…","indicators":{"cves":["CVE-2026-31525"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:52.607Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://git.kernel.org/stable/c/0d5d8c3ce45c734aaf3c51cbef59155a6746157d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/694ea55f1b1c74f9942d91ec366ae9e822422e42","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9ab1227765c446942f290c83382f0b19887c55cf","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c77b30bd1dcb61f66c640ff7d2757816210c7cb0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f14ca604c0ff274fba19f73f1f0485c0047c1396","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31526","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31526 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix exception exit lock che…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix exception exit lock checking for subprogs\n\nprocess_bpf_exit_full() passes check_lock = !curframe to\ncheck_resource_leak(), which is false in cases when bpf_throw() is\ncalled from a static subprog. This makes check_resource…","indicators":{"cves":["CVE-2026-31526"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:52.763Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://git.kernel.org/stable/c/5a399f3117642494e35545f6ca397d3e177c1f9b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6c2128505f61b504c79a20b89596feba61388112","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c0281da1f2aa5c2fca3a05f79b86bea96591c358","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31527","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31527 — In the Linux kernel, the following vulnerability has been resolved: driver core: platform: use gener…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: platform: use generic driver_override infrastructure\n\nWhen a driver is probed through __driver_attach(), the bus' match()\ncallback is called without the device lock held, thus accessing the\ndriver_override field withou…","indicators":{"cves":["CVE-2026-31527"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:52.903Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://git.kernel.org/stable/c/2b38efc05bf7a8568ec74bfffea0f5cfa62bc01d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7c02a9bd7d14a89065fcf672b86d8e1d1a41d3b1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9a6086d2a828dd2ff74cf9abcae456670febd71f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/edee7ee5a14c3b33f6d54641f5af5c5e9180992d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31528","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31528 — In the Linux kernel, the following vulnerability has been resolved: perf: Make sure to use pmu_ctx->…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Make sure to use pmu_ctx->pmu for groups\n\nOliver reported that x86_pmu_del() ended up doing an out-of-bound memory access\nwhen group_sched_in() fails and needs to roll back.\n\nThis *should* be handled by the transaction callba…","indicators":{"cves":["CVE-2026-31528"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:53.040Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://git.kernel.org/stable/c/35f7914e54fe7f13654c22ee045b05e4b6d8062b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3a696e84a8b1fafdd774bb30d62919faf844d9e4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4b9ce671960627b2505b3f64742544ae9801df97","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4c759446046500a1a6785b25725725c3ff087ace","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/656f35b463995bee024d948440128230aacd81e1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31529","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31529 — In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix leakage in __con…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/region: Fix leakage in __construct_region()\n\nFailing the first sysfs_update_group() needs to explicitly\nkfree the resource as it is too early for cxl_region_iomem_release()\nto do so.","indicators":{"cves":["CVE-2026-31529"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:53.183Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://git.kernel.org/stable/c/77b310bb7b5ff8c017524df83292e0242ba89791","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f1b4741adf08b0063291ec1b0dfa9c3d55644933","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31530","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31530 — In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use after free of…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/port: Fix use after free of parent_port in cxl_detach_ep()\n\ncxl_detach_ep() is called during bottom-up removal when all CXL memory\ndevices beneath a switch port have been removed. For each port in the\nhierarchy it locks both th…","indicators":{"cves":["CVE-2026-31530"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:53.293Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://git.kernel.org/stable/c/19d2f0b97a131198efc2c4ca3eb7f980bba8c2b4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/2c32141462045cf93d54a5146a0ba572b83533dd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d216a4bd138eb57cc4ae7c43b2f709e3482af7e2","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f7dc6f381a1e5f068333f1faa9265d6af1df4235","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5749","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5749 — Inadequate access control in the registration process in Fullstep V5, which could allow unauthentica…","description":"Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact with authenticated API resources. Successful exploitation of this vulnerability could allow an unauthenticated attacker to compromise the c…","indicators":{"cves":["CVE-2026-5749"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:17:05.993Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fullstep","label":"cve-coordination@incibe.es","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5750","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5750 — An insecure direct object reference (IDOR) vulnerability in the Fullstep V5 registration process all…","description":"An insecure direct object reference (IDOR) vulnerability in the Fullstep V5 registration process allows authenticated users to access data belonging to other registered users through various vulnerable authenticated resources in the application. The vulnerable endpoints result from: '/api/suppliers/…","indicators":{"cves":["CVE-2026-5750"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:17:06.173Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fullstep","label":"cve-coordination@incibe.es","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6355","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-6355 — A vulnerability in the web application allows unauthorized users to access and manipulate sensitive…","description":"A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This could lead to unauthorized access to sensitive information and unauthorized changes to the tenant's configuration.","indicators":{"cves":["CVE-2026-6355"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:17:06.627Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://github.com/Penguinsecq/CVE-2026-6355/","label":"cret@cert.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6356","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-6356 — A vulnerability in the web application allows standard users to escalate their privileges to those o…","description":"A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive information.","indicators":{"cves":["CVE-2026-6356"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:17:06.720Z","fetchedAt":"2026-04-22T15:00:21.768Z","references":[{"url":"https://github.com/Penguinsecq/CVE-2026-6356/","label":"cret@cert.org","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-32223-windows-usb-printing-stack-usbprint-sys-elevation-of-privilege-vu","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-32223 Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability","description":"Acknowledgement added. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T14:00:00.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32223","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-26168-windows-ancillary-function-driver-for-winsock-elevation-of-privil","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","description":"Acknowledgement added. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T14:00:00.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26168","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-40372-asp-net-core-elevation-of-privilege-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-40372 ASP.NET Core Elevation of Privilege Vulnerability","description":"Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T14:00:00.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40372","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-32288-unbounded-allocation-for-old-gnu-sparse-in-archive-tar","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T08:40:30.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32288","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-41254","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-41254 ","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T08:01:24.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41254","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-32077-windows-upnp-device-host-elevation-of-privilege-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-32077 Windows UPnP Device Host Elevation of Privilege Vulnerability","description":"Added Security Only packages to Windows Server 2012 security updates. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T14:00:00.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32077","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-26149-microsoft-power-apps-spoofing-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-26149 Microsoft Power Apps Spoofing Vulnerability","description":"","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T14:00:00.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26149","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-5160","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-5160 ","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T08:01:39.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5160","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-6100-use-after-free-in-lzma-lzmadecompressor-bz2-bz2decompressor-and-gz","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T08:01:45.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6100","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-4786-incomplete-mitigation-of-cve-2026-4519-action-expansion-for-comman","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T08:01:53.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-4786","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-33056-tar-rs-unpack-in-can-chmod-arbitrary-directories-by-following-sym","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T08:01:24.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33056","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-33055-tar-rs-incorrectly-ignores-pax-size-headers-if-header-size-is-non","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T08:01:18.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33055","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6296-heap-buffer-overflow-in-angle","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6296 Heap buffer overflow in ANGLE","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:46.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6296","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6363-type-confusion-in-v8","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6363 Type Confusion in V8","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:13.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6363","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6359-use-after-free-in-video","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6359 Use after free in Video","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:09.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6359","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6302","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6364-out-of-bounds-read-in-skia","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6364 Out of bounds read in Skia","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:14.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6364","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6362-use-after-free-in-codecs","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6362 Use after free in Codecs","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:12.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6362","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6318","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6303","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6313-insufficient-policy-enforcement-in-cors","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6313 Insufficient policy enforcement in CORS","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:04.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6313","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6314-out-of-bounds-write-in-gpu","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6314 Out of bounds write in GPU","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:05.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6314","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6361-heap-buffer-overflow-in-pdfium","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6361 Heap buffer overflow in PDFium","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:11.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6361","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6306","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6305","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6310-use-after-free-in-dawn","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6310 Use after free in Dawn","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:02.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6310","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6360-use-after-free-in-filesystem","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6360 Use after free in FileSystem","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:10.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6360","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6316-use-after-free-in-forms","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6316 Use after free in Forms","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:06.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6316","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6309-use-after-free-in-viz","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6309 Use after free in Viz","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:01.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6309","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6311-uninitialized-use-in-accessibility","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6311 Uninitialized Use in Accessibility","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:03.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6311","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6307-type-confusion-in-turbofan","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6307 Type Confusion in Turbofan","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:59.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6307","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6301","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6308-out-of-bounds-read-in-media","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6308 Out of bounds read in Media","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:00.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6308","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6300-use-after-free-in-css","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6300 Use after free in CSS","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:52.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6300","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6304-use-after-free-in-graphite","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6304 Use after free in Graphite","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:56.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6304","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6317-use-after-free-in-cast","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6317 Use after free in Cast","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:08.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6317","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6312-insufficient-policy-enforcement-in-passwords","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6312 Insufficient policy enforcement in Passwords","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:04.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6312","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6298-heap-buffer-overflow-in-skia","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6298 Heap buffer overflow in Skia","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:50.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6298","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6297-use-after-free-in-proxy","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6297 Use after free in Proxy","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:49.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6297","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6299-use-after-free-in-prerender","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6299 Use after free in Prerender","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:51.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6299","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-33948-jq-embedded-nul-truncation-in-cli-json-input-path-causes-prefix-o","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-33948 jq: Embedded-NUL Truncation in CLI JSON Input Path Causes Prefix-Only Validation of Malformed Input","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:01:34.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33948","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-40164-jq-algorithmic-complexity-dos-via-hardcoded-murmurhash3-seed","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-40164 jq: Algorithmic complexity DoS via hardcoded MurmurHash3 seed","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:01:51.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40164","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-35469-spdystream-dos-on-cri","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-35469 SpdyStream: DOS on CRI","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:01:59.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35469","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-39956-jq-missing-runtime-type-checks-for-strindices-lead-to-crash-and-l","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-39956 jq: Missing runtime type checks for _strindices lead to crash and limited memory disclosure","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:02:19.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-39956","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-35201-discount-has-an-out-of-bounds-read-in-rdiscount","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-35201 Discount has an Out-of-bounds Read in rdiscount","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:40:21.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35201","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-32316-jq-integer-overflow-in-jvp-string-append-allows-heap-based-buffer","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-32316 jq: Integer overflow in jvp_string_append() allows Heap-based Buffer Overflow","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:01:17.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32316","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-33947-jq-unbounded-recursion-in-jv-setpath-jv-getpath-and-delpaths-sort","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-33947 jq: Unbounded Recursion in jv_setpath(), jv_getpath() and delpaths_sorted()","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:01:26.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33947","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-39979-jq-out-of-bounds-read-in-jv-parse-sized-error-formatting-for-non-","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-39979 jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counted Buffers","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:01:42.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-39979","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-41035","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-41035 ","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:02:04.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41035","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-35199-symcrypt-symcryptxmsssign-function-heap-overflow-via-64-32-bit-le","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-35199 SymCrypt SymCryptXmssSign function - Heap overflow via 64->32-bit leaf-count truncation","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:02:11.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35199","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2025-14821-libssh-libssh-insecure-default-configuration-leads-to-local-man-i","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2025-14821 Libssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windows","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:02:27.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-14821","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-40179-prometheus-stored-xss-via-metric-names-and-label-values-in-web-ui","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-40179 Prometheus: Stored XSS via metric names and label values in web UI tooltips and metrics explorer","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:02:33.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40179","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-2673-openssl-tls-1-3-server-may-choose-unexpected-key-agreement-group","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:02:38.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2673","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2025-64669-windows-admin-center-elevation-of-privilege-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2025-64669 Windows Admin Center Elevation of Privilege Vulnerability","description":"Acknowledgement added. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T14:00:00.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64669","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-bad-apples-weaponizing-native-macos-primitives-for-movement-and-execution","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Bad Apples: Weaponizing native macOS primitives for movement and execution","description":"Cisco Talos documents several macOS living-off-the-land (LOTL) techniques, demonstrating that native pathways for movement and execution remain accessible to those who understand the underlying architecture.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T10:00:29.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://blog.talosintelligence.com/bad-apples-weaponizing-native-macos-primitives-for-movement-and-execution/","label":"Cisco Talos","domainType":"other"}],"feedLabel":null},{"id":"vendor-foxit-libraw-vulnerabilities","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Foxit, LibRaw vulnerabilities","description":"Cisco Talos’ Vulnerability Discovery & Research team recently disclosed one Foxit Reader vulnerability, and six LibRaw file reader vulnerabilities.\nThe vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability dis…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T19:00:24.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://blog.talosintelligence.com/foxit-libraw-vulnerabilities/","label":"Cisco Talos","domainType":"other"}],"feedLabel":null},{"id":"vendor-the-q1-vulnerability-pulse","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"The Q1 vulnerability pulse","description":"Thor provides an overview of the Q1 2026 vulnerability statistics, highlighting key trends in legacy CVEs and the evolving impact of AI on the threat landscape.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T18:00:31.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://blog.talosintelligence.com/the-q1-vulnerability-pulse/","label":"Cisco Talos","domainType":"other"}],"feedLabel":null},{"id":"vendor-more-than-pretty-pictures-wendy-bishop-on-visual-storytelling-in-tech","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"More than pretty pictures: Wendy Bishop on visual storytelling in tech","description":"Wendy shares the unique challenges and rewards of bridging the gap between artistic expression and highly technical research.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T10:00:28.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://blog.talosintelligence.com/more-than-pretty-pictures-wendy-bishop-on-visual-storytelling-in-tech/","label":"Cisco Talos","domainType":"other"}],"feedLabel":null},{"id":"vendor-ssh-brings-privx-ot-to-nokia-industrial-edge-to-secure-remote-access-in-ot-envir","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"SSH brings PrivX OT to Nokia Industrial Edge to secure remote access in OT environments","description":"SSH Communications Security, a defensive cybersecurity company for humans, systems, and networks, announced on Tuesday that its PrivX...\nThe post SSH brings PrivX OT to Nokia Industrial Edge to secure remote access in OT environments appeared first on Industrial Cyber.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T16:15:48.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://industrialcyber.co/news/ssh-brings-privx-ot-to-nokia-industrial-edge-to-secure-remote-access-in-ot-environments/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"vendor-txone-introduces-stellar-discover-to-extend-ot-security-from-discovery-to-risk-i","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"TXOne introduces Stellar Discover to extend OT security from discovery to risk insight","description":"TXOne Networks, an operations-first OT security partner, announced preview of Stellar Discover, a lightweight endpoint sensor designed to...\nThe post TXOne introduces Stellar Discover to extend OT security from discovery to risk insight appeared first on Industrial Cyber.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T16:15:14.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://industrialcyber.co/news/txone-introduces-stellar-discover-to-extend-ot-security-from-discovery-to-risk-insight/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"vendor-industrial-defender-partners-with-kyron-to-boost-ot-resilience-and-nis2-readines","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Industrial Defender partners with KYrON to boost OT resilience and NIS2 readiness in France","description":"Industrial Defender, vendor of OT asset visibility and risk management, announced a partnership with KYrON, a cybersecurity integration...\nThe post Industrial Defender partners with KYrON to boost OT resilience and NIS2 readiness in France appeared first on Industrial Cyber.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T16:14:56.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://industrialcyber.co/news/industrial-defender-partners-with-kyron-to-boost-ot-resilience-and-nis2-readiness-in-france/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"vendor-semperis-extends-purple-knight-identity-security-assessment-tool-to-us-federal-d","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Semperis extends Purple Knight identity security assessment tool to US federal, defense GCC High environments","description":"Semperis, an identity-driven cyber resilience and crisis response company, announced that Purple Knight, its free, community-driven Active Directory...\nThe post Semperis extends Purple Knight identity security assessment tool to US federal, defense GCC High environments appeared first on Industrial…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T16:14:37.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://industrialcyber.co/news/semperis-extends-purple-knight-identity-security-assessment-tool-to-us-federal-defense-gcc-high-environments/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"vendor-wef-urges-intelligence-sharing-as-port-cyber-threats-outpace-siloed-defences","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"WEF urges intelligence sharing as port cyber threats outpace siloed defences","description":"New analysis published by the World Economic Forum (WEF) argues that as ports become increasingly digitized and interconnected,...\nThe post WEF urges intelligence sharing as port cyber threats outpace siloed defences appeared first on Industrial Cyber.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T11:32:15.000Z","fetchedAt":"2026-04-22T15:00:08.170Z","references":[{"url":"https://industrialcyber.co/risk-management/wef-urges-intelligence-sharing-as-port-cyber-threats-outpace-siloed-defences/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"news-new-gogra-malware-for-linux-uses-microsoft-graph-api-for-comms","source":"general-news","category":"news","severity":"unknown","title":"New GoGra malware for Linux uses Microsoft Graph API for comms","description":"A Linux variant of the GoGra backdoor uses legitimate Microsoft infrastructure, relying on an Outlook inbox for stealthy payload delivery. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:00:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/new-gogra-malware-for-linux-uses-microsoft-graph-api-for-comms/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-microsoft-releases-emergency-patches-for-critical-asp-net-flaw","source":"general-news","category":"news","severity":"unknown","title":"Microsoft releases emergency patches for critical ASP.NET flaw","description":"Microsoft has released out-of-band (OOB) security updates to patch a critical ASP.NET Core privilege escalation vulnerability. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:08:16.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-security-updates-for-critical-aspnet-flaw/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-french-govt-agency-confirms-breach-as-hacker-offers-to-sell-data","source":"general-news","category":"news","severity":"unknown","title":"French govt agency confirms breach as hacker offers to sell data","description":"France Titres, the government agency in France for issuing and managince administrative documents has disclosed a data breach after a threat actor claimed the attack and stealing citizen data. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:46:04.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/french-govt-agency-confirms-breach-as-hacker-offers-to-sell-data/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-new-lotus-data-wiper-used-against-venezuelan-energy-utility-firms","source":"general-news","category":"news","severity":"unknown","title":"New Lotus data wiper used against Venezuelan energy, utility firms","description":"A previously undocumented data-wiping malware dubbed Lotus was used last year in targeted attacks against energy and utilities organizations in Venezuela. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:38:40.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/new-lotus-data-wiper-used-against-venezuelan-energy-utility-firms/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-cisa-flags-new-sd-wan-flaw-as-actively-exploited-in-attacks","source":"general-news","category":"news","severity":"unknown","title":"CISA flags new SD-WAN flaw as actively exploited in attacks","description":"​CISA has given U.S. government agencies four days to secure their systems against another Catalyst SD-WAN Manager vulnerability it flagged as actively exploited in attacks. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:30:50.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/cisa-flags-new-sd-wan-flaw-as-actively-exploited-in-attacks/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-actively-exploited-apache-activemq-flaw-impacts-6-400-servers","source":"general-news","category":"news","severity":"unknown","title":"Actively exploited Apache ActiveMQ flaw impacts 6,400 servers","description":"Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T11:17:51.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/actively-exploited-apache-activemq-flaw-impacts-6-400-servers/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-ngate-android-malware-uses-handypay-nfc-app-to-steal-card-data","source":"general-news","category":"news","severity":"unknown","title":"NGate Android malware uses HandyPay NFC app to steal card data","description":"A new variant of the NGate malware that steals NFC payment data is targeting Android users by hiding in a trojanized version of HandyPay, a legitimate mobile payments processing tool. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T09:00:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/ngate-android-malware-uses-handypay-nfc-app-to-steal-card-data/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-lotus-wiper-malware-targets-venezuelan-energy-systems-in-destructive-attack","source":"general-news","category":"news","severity":"unknown","title":"Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack","description":"Cybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last year and the start of 2026.\nDubbed Lotus Wiper, the novel file wiper has been used in a destructive campaign targeting the energy and utilities sector i…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:55:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://thehackernews.com/2026/04/lotus-wiper-malware-targets-venezuelan.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-toxic-combinations-when-cross-app-permissions-stack-into-risk","source":"general-news","category":"news","severity":"unknown","title":"Toxic Combinations: When Cross-App Permissions Stack into Risk","description":"On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses and 1.5 million agent API tokens across 770,000 active agents.\nThe more worrying part sat inside the private messages. Some of those conver…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:41:36.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://thehackernews.com/2026/04/toxic-combinations-when-cross-app.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-microsoft-patches-critical-asp-net-core-cve-2026-40372-privilege-escalation-bug","source":"general-news","category":"news","severity":"unknown","title":"Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug","description":"Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges.\nThe vulnerability, tracked as CVE-2026-40372, carries a CVSS score of 9.1 out of 10.0. It's rated Important in severity. An anonymous researcher has bee…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:29:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://thehackernews.com/2026/04/microsoft-patches-critical-aspnet-core.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-cohere-ai-terrarium-sandbox-flaw-enables-root-code-execution-container-escape","source":"general-news","category":"news","severity":"unknown","title":"Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape","description":"A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution.\nThe vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system.\n\"Sandbox escape vulnerability in Terrarium allows arbitrary code execut…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://thehackernews.com/2026/04/cohere-ai-terrarium-sandbox-flaw.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-22-bridge-break-flaws-expose-thousands-of-lantronix-and-silex-serial-to-ip-conve","source":"general-news","category":"news","severity":"unknown","title":"22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters","description":"Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged by them.\nThe vulnerabilities have been collectively codenamed BRIDGE:BREAK by Fo…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:46:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://thehackernews.com/2026/04/22-bridgebreak-flaws-expose-20000.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-ngate-campaign-targets-brazil-trojanizes-handypay-to-steal-nfc-data-and-pins","source":"general-news","category":"news","severity":"unknown","title":"NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs","description":"Cybersecurity researchers have discovered a new iteration of an Android malware family called NGate that has been found to abuse a legitimate application called HandyPay instead of NFCGate.\n\"The threat actors took the app, which is used to relay NFC data, and patched it with malicious code that appe…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:45:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://thehackernews.com/2026/04/ngate-campaign-targets-brazil.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-google-patches-antigravity-ide-flaw-enabling-prompt-injection-code-execution","source":"general-news","category":"news","severity":"unknown","title":"Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution","description":"Cybersecurity researchers have discovered a vulnerability in Google's agentic integrated development environment (IDE), Antigravity, that could be exploited to achieve code execution.\nThe flaw, since patched, combines Antigravity's permitted file-creation capabilities with an insufficient input sani…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T10:22:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://thehackernews.com/2026/04/google-patches-antigravity-ide-flaw.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-cisa-adds-8-exploited-flaws-to-kev-sets-april-may-2026-federal-deadlines","source":"general-news","category":"news","severity":"unknown","title":"CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines","description":"The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation.\nThe list of vulnerabilities is as fo…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T06:23:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://thehackernews.com/2026/04/cisa-adds-8-exploited-flaws-to-kev-sets.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-weekly-recap-vercel-hack-push-fraud-qemu-abused-new-android-rats-emerge-more","source":"general-news","category":"news","severity":"unknown","title":"⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More","description":"Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels are used to push pay…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T13:41:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://thehackernews.com/2026/04/weekly-recap-vercel-hack-push-fraud.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-vercel-breach-tied-to-context-ai-hack-exposes-limited-customer-credentials","source":"general-news","category":"news","severity":"unknown","title":"Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials","description":"Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to \"certain\" internal Vercel systems.\nThe incident stemmed from the compromise of Context.ai, a third-party artificial intelligence (AI) tool, that was used by an employee at the com…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T03:35:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://thehackernews.com/2026/04/vercel-breach-tied-to-context-ai-hack.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-13-74m-hack-shuts-down-sanctioned-grinex-exchange-after-intelligence-claims","source":"general-news","category":"news","severity":"unknown","title":"$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims","description":"Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending operations after it blamed Western intelligence agencies for a $13.74 million hack.\nThe exchange said it fell victim to what it described as a large-scale cyber attack that b…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T07:59:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://thehackernews.com/2026/04/1374m-hack-shuts-down-sanctioned-grinex.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-nist-limits-cve-enrichment-after-263-surge-in-vulnerability-submissions","source":"general-news","category":"news","severity":"unknown","title":"NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions","description":"The National Institute of Standards and Technology (NIST) has announced changes to the way it handles cybersecurity vulnerabilities and exposures (CVEs) listed in its National Vulnerability Database (NVD), stating it will only enrich those that fulfil certain conditions owing to an explosion in CVE…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T07:14:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://thehackernews.com/2026/04/nist-limits-cve-enrichment-after-263.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-apache-activemq-cve-2026-34197-added-to-cisa-kev-amid-active-exploitation","source":"general-news","category":"news","severity":"unknown","title":"Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation","description":"A recently disclosed high-severity security flaw in Apache ActiveMQ Classic has come under active exploitation in the wild, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA).\nTo that end, the agency has added the vulnerability, tracked as CVE-2026-34197 (CVSS score: 8.8), to its K…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T03:22:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://thehackernews.com/2026/04/apache-activemq-cve-2026-34197-added-to.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-cisco-patches-four-critical-identity-services-webex-flaws-enabling-code-executio","source":"general-news","category":"news","severity":"unknown","title":"Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution","description":"Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any user within the service.\nThe details of the vulnerabilities are below -\n\nCVE-2026-20184 (CVSS scor…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T11:27:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://thehackernews.com/2026/04/cisco-patches-four-critical-identity.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-uac-0247-targets-ukrainian-clinics-and-government-in-data-theft-malware-campaign","source":"general-news","category":"news","severity":"unknown","title":"UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign","description":"The Computer Emergencies Response Team of Ukraine (CERT-UA) has disclosed details of a new campaign that has targeted governments and municipal healthcare institutions, mainly clinics and emergency hospitals, to deliver malware capable of stealing sensitive data from Chromium-based web browsers and…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T06:20:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://thehackernews.com/2026/04/uac-0247-targets-ukrainian-clinics-and.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-dprk-fake-job-scams-self-propagate-in-contagious-interview","source":"general-news","category":"news","severity":"unknown","title":"DPRK Fake Job Scams Self-Propagate in 'Contagious Interview'","description":"A compromised developer's repository serves as a worm-like infection vector to spread remote access Trojans (RATs) and other malware.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:48:05.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.darkreading.com/cyberattacks-data-breaches/dprk-fake-job-scams-self-propagate-contagious-interview","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-exploits-turn-windows-defender-into-attacker-tool","source":"general-news","category":"news","severity":"unknown","title":"Exploits Turn Windows Defender Into Attacker Tool","description":"Three proof-of-concept exploits are being used in active attacks against Microsoft's built-in security platform; two are unpatched.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T19:12:40.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.darkreading.com/cyberattacks-data-breaches/exploits-turn-windows-defender-attacker-tool","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-vercel-employee-s-ai-tool-access-led-to-data-breach","source":"general-news","category":"news","severity":"unknown","title":"Vercel Employee's AI Tool Access Led to Data Breach","description":"Stolen OAuth tokens, which are at the root of these breaches, \"are the new attack surface, the new lateral movement,\" a researcher notes.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:01:31.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.darkreading.com/application-security/vercel-employees-ai-tool-access-data-breach","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-serial-to-ip-devices-hide-thousands-of-old-amp-new-bugs","source":"general-news","category":"news","severity":"unknown","title":"Serial-to-IP Devices Hide Thousands of Old &amp; New Bugs","description":"The OT devices that translate machine talk into Internet-speak are riddled with vulnerabilities and more frequently targeted for attacks, researchers say.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:00:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.darkreading.com/ics-ot-security/serial-ip-devices-thousands-of-bugs","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-whatsapp-leaks-user-metadata-to-attackers","source":"general-news","category":"news","severity":"unknown","title":"WhatsApp Leaks User Metadata to Attackers","description":"Strangers can infer limited info about you without knowing or messaging you, which could theoretically aid certain kinds of malicious activity.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T14:33:35.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.darkreading.com/endpoint-security/whatsapp-leaks-user-metadata","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-every-old-vulnerability-is-now-an-ai-vulnerability","source":"general-news","category":"news","severity":"unknown","title":"Every Old Vulnerability Is Now an AI Vulnerability","description":"AI's danger isn't that it's creating new bugs, it's that it's amplifying old ones.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:47:18.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.darkreading.com/vulnerabilities-threats/every-old-vulnerability-ai-vulnerability","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-coast-guard-s-new-cybersecurity-rules-offer-lessons-for-cisos","source":"general-news","category":"news","severity":"unknown","title":"Coast Guard's New Cybersecurity Rules Offer Lessons for CISOs","description":"The Maritime Transportation Security Act (MTSA) requires plans to protect OT systems, audits by independent third parties, and a hybrid OT-security role.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["transport"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T13:00:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.darkreading.com/cybersecurity-operations/coast-guards-cybersecurity-rules-lessons-cisos","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-nist-revamps-cve-framework-to-focus-on-high-impact-vulnerabilities","source":"general-news","category":"news","severity":"unknown","title":"NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities","description":"The National Institute of Standards and Technology is carving a new path for vulnerability remediation by changing the way it prioritizes software flaws.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T21:47:31.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.darkreading.com/vulnerabilities-threats/nist-revamps-cve-framework-to-focus-on-high-impact-vulnerabilities","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-north-korea-uses-clickfix-to-target-macos-users-data","source":"general-news","category":"news","severity":"unknown","title":"North Korea Uses ClickFix to Target macOS Users' Data","description":"Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials and sensitive data from Macs.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T19:42:45.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.darkreading.com/application-security/north-korea-clickfix-target-macos-users-data","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-harmless-global-adware-transforms-into-an-av-killer","source":"general-news","category":"news","severity":"unknown","title":"'Harmless' Global Adware Transforms Into an AV Killer","description":"A benign looking update Dragon Boss pushed out in March 2025 established persistence via scheduled tasks and arranged for future payloads to be excluded from Windows Defender.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T19:07:26.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.darkreading.com/cyberattacks-data-breaches/harmless-global-adware-av-killer","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-microsoft-s-original-windows-secure-boot-certificate-is-expiring","source":"general-news","category":"news","severity":"unknown","title":"Microsoft's Original Windows Secure Boot Certificate Is Expiring","description":"The Secure Boot refresh is one of the largest coordinated security maintenance efforts across the Windows ecosystem, Microsoft said. In other words, update those PCs soon.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T15:16:30.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.darkreading.com/endpoint-security/microsoftoriginal-windows-secure-boot-certificates-expire","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-critical-mcp-integration-flaw-puts-nginx-at-risk","source":"general-news","category":"news","severity":"unknown","title":"Critical MCP Integration Flaw Puts NGINX at Risk","description":"Attackers can abuse the near-maximum severity flaw in nginx-ui to restart, create, modify, and delete NGINX configuration files.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-15T21:45:18.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.darkreading.com/application-security/critical-mcp-integration-flaw-nginx-risk","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-after-bluesky-mastodon-targeted-in-ddos-attack","source":"general-news","category":"news","severity":"unknown","title":"After Bluesky, Mastodon Targeted in DDoS Attack","description":"The DDoS attack caused a major outage, but Mastodon mitigated it within a few hours.\nThe post After Bluesky, Mastodon Targeted in DDoS Attack appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:26:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.securityweek.com/after-bluesky-mastodon-targeted-in-ddos-attack/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-most-serious-cyberattacks-against-the-uk-now-from-russia-iran-and-china-cyber-ch","source":"general-news","category":"news","severity":"unknown","title":"Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says","description":"British businesses need to prepare themselves to defend against cyberattacks because the U.K. could be targeted “at scale,” if it became involved in an international conflict.\nThe post Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says appeared first on Securi…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T12:57:01.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.securityweek.com/most-serious-cyberattacks-against-the-uk-now-from-russia-iran-and-china-cyber-chief-says/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-new-wiper-malware-targeted-venezuelan-energy-sector-prior-to-us-intervention","source":"general-news","category":"news","severity":"unknown","title":"New Wiper Malware Targeted Venezuelan Energy Sector Prior to US Intervention ","description":"Dubbed Lotus Wiper, the malware targets recovery mechanisms, overwrites drives, and systematically deletes files.\nThe post New Wiper Malware Targeted Venezuelan Energy Sector Prior to US Intervention  appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T12:10:28.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.securityweek.com/new-wiper-malware-targeted-venezuelan-energy-sector-prior-to-us-intervention/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-north-korean-hackers-use-applescript-clickfix-in-fresh-macos-attacks","source":"general-news","category":"news","severity":"unknown","title":"North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks","description":"The campaigns focus on financial organizations, including cryptocurrency, venture capital, and blockchain entities.\nThe post North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:49:52.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.securityweek.com/north-korean-hackers-use-applescript-clickfix-in-fresh-macos-attacks/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-oracle-patches-450-vulnerabilities-with-april-2026-cpu","source":"general-news","category":"news","severity":"unknown","title":"Oracle Patches 450 Vulnerabilities With April 2026 CPU","description":"The company released 481 new security patches across 28 product families, including over 300 fixes for remotely exploitable, unauthenticated flaws.\nThe post Oracle Patches 450 Vulnerabilities With April 2026 CPU appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:41:10.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.securityweek.com/oracle-patches-450-vulnerabilities-with-april-2026-cpu/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-uk-faces-a-cyber-perfect-storm-driven-by-tech-advances-and-nation-state-threats-","source":"general-news","category":"news","severity":"unknown","title":"UK Faces a Cyber ‘Perfect Storm’ Driven by Tech Advances and Nation State Threats, NCSC Warns","description":"The convergence of global tensions and rapid technological change is driving a new era of cyber risk, the NCSC warns","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:07:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.infosecurity-magazine.com/news/uk-faces-a-cyber-perfect-storm-ncsc/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-trojanized-android-app-fuels-new-wave-of-nfc-fraud","source":"general-news","category":"news","severity":"unknown","title":"Trojanized Android App Fuels New Wave of NFC Fraud","description":"NGate malware abuses HandyPay app to steal NFC card data and PINs in Brazil","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T16:00:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.infosecurity-magazine.com/news/trojanized-android-handle-nfc/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-unchecked-ai-agents-cause-cybersecurity-incidents-at-two-thirds-of-firms","source":"general-news","category":"news","severity":"unknown","title":"Unchecked AI Agents Cause Cybersecurity Incidents at Two Thirds of Firms ","description":"Data exposure, operational disruption and financial losses among issues faced by businesses struggling with the rapid rise of AI agents, warns Cloud Security Alliance report","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:00:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.infosecurity-magazine.com/news/unchecked-ai-agents-cause/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-vercel-confirms-cyber-incident-after-sophisticated-attacker-exploits-third-party","source":"general-news","category":"news","severity":"unknown","title":"Vercel Confirms Cyber Incident After Sophisticated Attacker Exploits Third‑Party Tool","description":"Cloud app developer Vercel appears to have suffered a security breach","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T09:10:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.infosecurity-magazine.com/news/vercel-cyber-incident-threat-actor/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-formbook-malware-campaign-uses-multiple-obfuscation-techniques-to-avoid-detectio","source":"general-news","category":"news","severity":"unknown","title":"Formbook Malware Campaign Uses Multiple Obfuscation Techniques to Avoid Detection","description":"Formbook attacks use combination of DLL Side-Loading and Obfuscated JavaScript to stay hidden, researchers at WatchGuard have uncovered","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T15:01:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.infosecurity-magazine.com/news/formbook-malware-multiple/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-ncsc-outlines-coordinated-plan-to-boost-nhs-cyber-resilience","source":"general-news","category":"news","severity":"unknown","title":"NCSC Outlines Coordinated Plan to Boost NHS Cyber Resilience","description":"The National Cyber Security Centre has shared an update of its resilience-building efforts for the NHS","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T09:30:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.infosecurity-magazine.com/news/ncsc-plan-boost-nhs-cyber/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-commercial-ai-models-show-rapid-gains-in-vulnerability-research","source":"general-news","category":"news","severity":"unknown","title":"Commercial AI Models Show Rapid Gains in Vulnerability Research ","description":"AI models are making rapid gains in vulnerability research and exploit development, raising new cybersecurity risks, a Forescout study finds","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T13:20:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.infosecurity-magazine.com/news/ai-models-rapid-gains/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-apk-malformation-found-in-thousands-of-android-malware-samples","source":"general-news","category":"news","severity":"unknown","title":"APK Malformation Found in Thousands of Android Malware Samples","description":"APK malformation tactic now appears in over 3000 Android malware samples evading static analysis","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T15:45:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.infosecurity-magazine.com/news/apk-malformation-android-malware/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-nist-drops-nvd-enrichment-for-pre-march-2026-vulnerabilities","source":"general-news","category":"news","severity":"unknown","title":"NIST Drops NVD Enrichment for Pre-March 2026 Vulnerabilities","description":"NIST’s National Vulnerability Database will now prioritize enriching new and exploited flaws to address the record growth of reported CVEs","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T12:43:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.infosecurity-magazine.com/news/nvd-enrichment-premarch-2026/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-systemic-flaw-in-mcp-protocol-could-expose-150-million-downloads","source":"general-news","category":"news","severity":"unknown","title":"Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads","description":"Ox Security claims as many as 200,000 servers are exposed by newly discovered MCP vulnerability","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T09:40:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://www.infosecurity-magazine.com/news/systemic-flaw-mcp-expose-150/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-uk-cyber-agency-handling-four-major-incidents-a-week-as-nation-state-attacks-sur","source":"general-news","category":"news","severity":"unknown","title":"UK cyber agency handling four major incidents a week as nation-state attacks surge","description":"Britain's cybersecurity chief warned Tuesday that the country is handling four nationally significant cyber incidents every week, with the majority now traced back to hostile foreign governments rather than criminal hackers.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T12:45:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://therecord.media/UK-cyberattacks-ncsc-china","label":"The Record","domainType":"media"}],"feedLabel":null},{"id":"news-the-ai-era-demands-a-different-kind-of-ciso","source":"general-news","category":"news","severity":"unknown","title":"The AI era demands a different kind of CISO","description":"When attackers can discover and exploit vulnerabilities in minutes, last quarter's audit doesn't mean much. CISOs need to shift from static measurement to real-time awareness -- and fast.\nThe post The AI era demands a different kind of CISO appeared first on CyberScoop.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:00:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://cyberscoop.com/ciso-strategy-ai-real-time-risk-op-ed/","label":"CyberScoop","domainType":"media"}],"feedLabel":null},{"id":"news-scottish-man-pleads-guilty-to-attack-spree-that-created-scattered-spider-s-notor","source":"general-news","category":"news","severity":"unknown","title":"Scottish man pleads guilty to attack spree that created Scattered Spider’s notoriety","description":"Tyler Robert Buchanan “was the glue that held this gang together,” a cybercrime researcher said. He faces up to 22 years in federal prison.\nThe post Scottish man pleads guilty to attack spree that created Scattered Spider’s notoriety appeared first on CyberScoop.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:51:01.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://cyberscoop.com/the-com-scattered-spider-hacker-tyler-robert-buchanan-guilty-plea/","label":"CyberScoop","domainType":"media"}],"feedLabel":null},{"id":"news-mythos-can-find-the-vulnerability-it-can-t-tell-you-what-to-do-about-it","source":"general-news","category":"news","severity":"unknown","title":"Mythos can find the vulnerability. It can’t tell you what to do about it.","description":"Anthropic’s new model can find vulnerabilities faster and cheaper than ever. The hardest part is still everything that comes after.\nThe post Mythos can find the vulnerability. It can’t tell you what to do about it. appeared first on CyberScoop.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T10:00:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://cyberscoop.com/anthropic-mythos-vulnerability-discovery-op-ed/","label":"CyberScoop","domainType":"media"}],"feedLabel":null},{"id":"news-vercel-s-security-breach-started-with-malware-disguised-as-roblox-cheats","source":"general-news","category":"news","severity":"unknown","title":"Vercel’s security breach started with malware disguised as Roblox cheats","description":"The attack, which originated at Context.ai, showcases the pitfalls of interconnected cloud applications and SaaS integrations with overly privileged permissions. \nThe post Vercel’s security breach started with malware disguised as Roblox cheats appeared first on CyberScoop.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T20:24:40.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://cyberscoop.com/vercel-security-breach-third-party-attack-context-ai-lumma-stealer/","label":"CyberScoop","domainType":"media"}],"feedLabel":null},{"id":"news-network-background-noise-may-predict-the-next-big-edge-device-vulnerability","source":"general-news","category":"news","severity":"unknown","title":"Network ‘background noise’ may predict the next big edge-device vulnerability","description":"GreyNoise researchers spotted a consistent trend in forthcoming vulnerabilities affecting security tools, providing defenders an early-warning system for likely imminent attacks. \nThe post Network ‘background noise’ may predict the next big edge-device vulnerability appeared first on CyberScoop.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T10:00:00.000Z","fetchedAt":"2026-04-22T15:00:03.160Z","references":[{"url":"https://cyberscoop.com/greynoise-traffic-surge-early-warning-system-network-edge-device-vulnerabilities/","label":"CyberScoop","domainType":"media"}],"feedLabel":null}],"llmPrompt":"You are a cybersecurity analyst. Summarize this daily threat intelligence report for 2026-04-22.\nTotal items collected: 1383 from sources: cisa-kev: 7, cisa-advisories: 18, vendor-blogs: 81, nvd: 1129, malware-bazaar: 17, abuse-ipdb: 20, threatfox: 2, otx: 30, general-news: 94.\n\nTop threats by severity:\n1. [CRITICAL] Hardy Barth Salia EV Charge Controller\n2. [CRITICAL] Delta Electronics ASDA-Soft\n3. [CRITICAL] Anviz Multiple Products\n4. [CRITICAL] CVE-2026-1555 — The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type va…\n5. [CRITICAL] CVE-2026-39842 — OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expres…\n6. [CRITICAL] CVE-2026-3461 — The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all ver…\n7. [CRITICAL] CVE-2026-33807 — @fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that cau…\n8. [CRITICAL] CVE-2026-4682 — Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer…\n9. [CRITICAL] CVE-2026-30625 — Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functi…\n10. [CRITICAL] CVE-2026-20147 — A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to exec…\n\nProvide: (1) Executive summary (2-3 sentences), (2) Key threats to watch,\n(3) Recommended actions for security teams, (4) Notable trends.\nBe concise and actionable. Focus on what matters most to defenders."}