{"metadata":{"generatedAt":"2026-04-23T03:00:26.198Z","reportDate":"2026-04-23","totalItems":1334,"sourceBreakdown":{"cisa-kev":7,"otx":33,"cisa-advisories":18,"vendor-blogs":87,"nvd":1071,"malware-bazaar":16,"abuse-ipdb":20,"threatfox":2,"general-news":96},"categoryBreakdown":{"vulnerability":1078,"advisory":90,"malware":16,"ip-reputation":20,"threat-intel":34,"news":96},"fetchErrors":[]},"highlights":[{"id":"nvd-CVE-2026-4119","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-4119 — The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up t…","description":"The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers admin_post action hooks for creating tables (admin_post_add_table) and deleting tables (admin_post_delete_db_table) without implementing any capability chec…","indicators":{"cves":["CVE-2026-4119"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:23.330Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/tags/1.2.1/create-db-tables.php#L370","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/tags/1.2.1/create-db-tables.php#L376","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/tags/1.2.1/create-db-tables.php#L405","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/tags/1.2.1/create-db-tables.php#L408","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/tags/1.2.1/create-new-table.php#L14","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/tags/1.2.1/create-new-table.php#L69","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/trunk/create-db-tables.php#L370","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/trunk/create-db-tables.php#L376","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/trunk/create-db-tables.php#L405","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/trunk/create-db-tables.php#L408","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/trunk/create-new-table.php#L14","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/trunk/create-new-table.php#L69","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d1a3bc4b-cc17-4728-b242-13841b5f7660?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6235","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6235 — The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'ma…","description":"The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manage_admin_requests' function in all versions up to, and including, 1.0.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for…","indicators":{"cves":["CVE-2026-6235"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:26.263Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/sendmachine/tags/1.0.20/includes/sendmachine_email_manager.php#L39","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sendmachine/tags/1.0.20/sendmachine_wp_admin.php#L174","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sendmachine/tags/1.0.20/sendmachine_wp_admin.php#L183","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7889e071-84a8-46ec-abe5-5c98980ce275?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31460","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-31460 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check if ext_ca…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: check if ext_caps is valid in BL setup\n\nLVDS connectors don't have extended backlight caps so check\nif the pointer is valid before accessing it.\n\n(cherry picked from commit 3f797396d7f4eb9bb6eded184bbc6f033628a6f6)","indicators":{"cves":["CVE-2026-31460"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:41.550Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/60b0524bfb7d691ab378cdc788209f11cd34da89","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9da4f9964abcaeb6e19797d5e3b10faad338a786","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31461","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-31461 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix drm_edid le…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix drm_edid leak in amdgpu_dm\n\n[WHAT]\nWhen a sink is connected, aconnector->drm_edid was overwritten without\nfreeing the previous allocation, causing a memory leak on resume.\n\n[HOW]\nFree the previous drm_edid befo…","indicators":{"cves":["CVE-2026-31461"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:41.670Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/37c2caa167b0b8aca4f74c32404c5288b876a2a3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/52db857e94b9be4e6315586602b0257d1d2b165a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/eb95595194e4755b62360aa821f40a79b0953105","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31488","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-31488 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not skip unr…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Do not skip unrelated mode changes in DSC validation\n\nStarting with commit 17ce8a6907f7 (\"drm/amd/display: Add dsc pre-validation in\natomic check\"), amdgpu resets the CRTC state mode_changed flag to false when\nreco…","indicators":{"cves":["CVE-2026-31488"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:46.453Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/10862e344b4d6434642a48c87d765813fc0b0ba7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/111208b5b7ebcdadb3f922cc52d8425f0fa91b33","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8a5edc97fd9c6415ff2eff872748439a97e3c3d8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/aed3d041ab061ec8a64f50a3edda0f4db7280025","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6356","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6356 — A vulnerability in the web application allows standard users to escalate their privileges to those o…","description":"A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive information.","indicators":{"cves":["CVE-2026-6356"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:17:06.720Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/Penguinsecq/CVE-2026-6356/","label":"cret@cert.org","domainType":"primary"},{"url":"https://github.com/Penguinsecq/CVE-2026-6356/","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-34415","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-34415 — Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability…","description":"Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authentication…","indicators":{"cves":["CVE-2026-34415"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T19:17:04.253Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/commit/02661be88cc369325ea01b508086bde7fbfec805","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/commit/17e4f945fe6a3400fa88c01eda18c1075ee4a212","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/commit/507d55c5e91bf9310b5b1c7fad8aebfef902ad23","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/issues/1527","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/xerte-online-toolkits-file-upload-rce-via-elfinder-connector","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://xerte.org.uk/index.php/en/downloads-1/category/3-xerte-online-toolkits","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://xerte.org.uk/xertetoolkits_3.15_ChangeLog.html","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33471","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-33471 — nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::ve…","description":"nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::verify` computes its quorum check using `BitSet.len()`, then iterates `BitSet` indices and casts each `usize` index to `u16` (`slot as u16`) for slot lookup. Prior to version 1.3.0, if an attacker can g…","indicators":{"cves":["CVE-2026-33471"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T20:16:40.317Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/nimiq/core-rs-albatross/commit/d02059053181ed8ddad6b59a0adfd661ef5cd823","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-6973-8887-87ff","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33656","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-33656 — EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, Espo…","description":"EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formula scripting engine allowing updating attachment's sourceId thus allowing an authenticated admin to overwrite the `sourceId` field on `Attachment` entities. Because `sourceId` is c…","indicators":{"cves":["CVE-2026-33656"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T21:17:05.330Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/espocrm/espocrm/security/advisories/GHSA-7922-x7cf-j54x","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41167","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-41167 — Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple A…","description":"Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jellystat build SQL queries by interpolating unsanitized request-body fields directly into raw SQL strings. An authenticated user can inject arbitrary SQL via `POST /api/getUserDetails…","indicators":{"cves":["CVE-2026-41167"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T21:17:09.303Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/CyferShepard/Jellystat/commit/735fe7c6eb0e3e34e92a8a82fd21914d76693665","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/CyferShepard/Jellystat/security/advisories/GHSA-fj7c-2p5q-g56m","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null}],"items":[{"id":"nvd-CVE-2026-4119","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-4119 — The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up t…","description":"The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers admin_post action hooks for creating tables (admin_post_add_table) and deleting tables (admin_post_delete_db_table) without implementing any capability chec…","indicators":{"cves":["CVE-2026-4119"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:23.330Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/tags/1.2.1/create-db-tables.php#L370","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/tags/1.2.1/create-db-tables.php#L376","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/tags/1.2.1/create-db-tables.php#L405","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/tags/1.2.1/create-db-tables.php#L408","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/tags/1.2.1/create-new-table.php#L14","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/tags/1.2.1/create-new-table.php#L69","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/trunk/create-db-tables.php#L370","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/trunk/create-db-tables.php#L376","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/trunk/create-db-tables.php#L405","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/trunk/create-db-tables.php#L408","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/trunk/create-new-table.php#L14","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/trunk/create-new-table.php#L69","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d1a3bc4b-cc17-4728-b242-13841b5f7660?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6235","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6235 — The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'ma…","description":"The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manage_admin_requests' function in all versions up to, and including, 1.0.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for…","indicators":{"cves":["CVE-2026-6235"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:26.263Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/sendmachine/tags/1.0.20/includes/sendmachine_email_manager.php#L39","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sendmachine/tags/1.0.20/sendmachine_wp_admin.php#L174","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sendmachine/tags/1.0.20/sendmachine_wp_admin.php#L183","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7889e071-84a8-46ec-abe5-5c98980ce275?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31460","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-31460 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check if ext_ca…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: check if ext_caps is valid in BL setup\n\nLVDS connectors don't have extended backlight caps so check\nif the pointer is valid before accessing it.\n\n(cherry picked from commit 3f797396d7f4eb9bb6eded184bbc6f033628a6f6)","indicators":{"cves":["CVE-2026-31460"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:41.550Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/60b0524bfb7d691ab378cdc788209f11cd34da89","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9da4f9964abcaeb6e19797d5e3b10faad338a786","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31461","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-31461 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix drm_edid le…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix drm_edid leak in amdgpu_dm\n\n[WHAT]\nWhen a sink is connected, aconnector->drm_edid was overwritten without\nfreeing the previous allocation, causing a memory leak on resume.\n\n[HOW]\nFree the previous drm_edid befo…","indicators":{"cves":["CVE-2026-31461"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:41.670Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/37c2caa167b0b8aca4f74c32404c5288b876a2a3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/52db857e94b9be4e6315586602b0257d1d2b165a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/eb95595194e4755b62360aa821f40a79b0953105","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31488","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-31488 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not skip unr…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Do not skip unrelated mode changes in DSC validation\n\nStarting with commit 17ce8a6907f7 (\"drm/amd/display: Add dsc pre-validation in\natomic check\"), amdgpu resets the CRTC state mode_changed flag to false when\nreco…","indicators":{"cves":["CVE-2026-31488"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:46.453Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/10862e344b4d6434642a48c87d765813fc0b0ba7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/111208b5b7ebcdadb3f922cc52d8425f0fa91b33","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8a5edc97fd9c6415ff2eff872748439a97e3c3d8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/aed3d041ab061ec8a64f50a3edda0f4db7280025","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6356","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6356 — A vulnerability in the web application allows standard users to escalate their privileges to those o…","description":"A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive information.","indicators":{"cves":["CVE-2026-6356"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:17:06.720Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/Penguinsecq/CVE-2026-6356/","label":"cret@cert.org","domainType":"primary"},{"url":"https://github.com/Penguinsecq/CVE-2026-6356/","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-34415","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-34415 — Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability…","description":"Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authentication…","indicators":{"cves":["CVE-2026-34415"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T19:17:04.253Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/commit/02661be88cc369325ea01b508086bde7fbfec805","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/commit/17e4f945fe6a3400fa88c01eda18c1075ee4a212","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/commit/507d55c5e91bf9310b5b1c7fad8aebfef902ad23","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/issues/1527","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/xerte-online-toolkits-file-upload-rce-via-elfinder-connector","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://xerte.org.uk/index.php/en/downloads-1/category/3-xerte-online-toolkits","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://xerte.org.uk/xertetoolkits_3.15_ChangeLog.html","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33471","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-33471 — nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::ve…","description":"nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::verify` computes its quorum check using `BitSet.len()`, then iterates `BitSet` indices and casts each `usize` index to `u16` (`slot as u16`) for slot lookup. Prior to version 1.3.0, if an attacker can g…","indicators":{"cves":["CVE-2026-33471"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T20:16:40.317Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/nimiq/core-rs-albatross/commit/d02059053181ed8ddad6b59a0adfd661ef5cd823","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-6973-8887-87ff","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33656","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-33656 — EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, Espo…","description":"EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formula scripting engine allowing updating attachment's sourceId thus allowing an authenticated admin to overwrite the `sourceId` field on `Attachment` entities. Because `sourceId` is c…","indicators":{"cves":["CVE-2026-33656"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T21:17:05.330Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/espocrm/espocrm/security/advisories/GHSA-7922-x7cf-j54x","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41167","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-41167 — Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple A…","description":"Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jellystat build SQL queries by interpolating unsanitized request-body fields directly into raw SQL strings. An authenticated user can inject arbitrary SQL via `POST /api/getUserDetails…","indicators":{"cves":["CVE-2026-41167"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T21:17:09.303Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/CyferShepard/Jellystat/commit/735fe7c6eb0e3e34e92a8a82fd21914d76693665","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/CyferShepard/Jellystat/security/advisories/GHSA-fj7c-2p5q-g56m","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41208","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-41208 — Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business.…","description":"Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an attacker with an Agent API key to execute arbitrary OS commands on the Paperclip server…","indicators":{"cves":["CVE-2026-41208","CVE-2026-41679"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:18.670Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/paperclipai/paperclip/security/advisories/GHSA-265w-rf2w-cjh4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/paperclipai/paperclip/security/advisories/GHSA-68qg-g8mg-6pr7","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"vendor-zerofox-data-shows-ransomware-stabilizing-at-scale-with-manufacturing-absorbing-","source":"vendor-blogs","category":"advisory","severity":"critical","title":"ZeroFox data shows ransomware stabilizing at scale, with manufacturing absorbing nearly one in five attacks","description":"New ZeroFox data from the first quarter of this year paints a picture of a threat landscape that...\nThe post ZeroFox data shows ransomware stabilizing at scale, with manufacturing absorbing nearly one in five attacks appeared first on Industrial Cyber.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T16:07:00.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://industrialcyber.co/threat-landscape/zerofox-data-shows-ransomware-stabilizing-at-scale-with-manufacturing-absorbing-nearly-one-in-five-attacks/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"abuseip-195.178.110.26","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 195.178.110.26","description":"Country: NL | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["195.178.110.26"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:01.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/195.178.110.26","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-193.163.125.91","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 193.163.125.91","description":"Country: GB | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["193.163.125.91"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:01.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/193.163.125.91","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-88.214.25.121","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 88.214.25.121","description":"Country: DE | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["88.214.25.121"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:01.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/88.214.25.121","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-152.32.182.165","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 152.32.182.165","description":"Country: US | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["152.32.182.165"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:01.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/152.32.182.165","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-66.132.172.157","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 66.132.172.157","description":"Country: US | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["66.132.172.157"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:01.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/66.132.172.157","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-37.10.113.217","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 37.10.113.217","description":"Country: GB | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["37.10.113.217"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:01.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/37.10.113.217","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-213.209.159.231","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 213.209.159.231","description":"Country: DE | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["213.209.159.231"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:01.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/213.209.159.231","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-58.57.154.146","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 58.57.154.146","description":"Country: CN | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["58.57.154.146"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:01.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/58.57.154.146","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-45.148.10.151","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 45.148.10.151","description":"Country: NL | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["45.148.10.151"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:01.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/45.148.10.151","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-87.251.64.147","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 87.251.64.147","description":"Country: PL | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["87.251.64.147"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/87.251.64.147","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-92.118.39.196","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 92.118.39.196","description":"Country: RO | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["92.118.39.196"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/92.118.39.196","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-195.85.207.253","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 195.85.207.253","description":"Country: TR | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["195.85.207.253"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/195.85.207.253","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-174.138.29.13","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 174.138.29.13","description":"Country: SG | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["174.138.29.13"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/174.138.29.13","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-2.57.122.197","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 2.57.122.197","description":"Country: RO | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["2.57.122.197"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/2.57.122.197","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-45.40.57.23","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 45.40.57.23","description":"Country: IN | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["45.40.57.23"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/45.40.57.23","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-167.172.126.69","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 167.172.126.69","description":"Country: US | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["167.172.126.69"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/167.172.126.69","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-45.148.10.147","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 45.148.10.147","description":"Country: NL | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["45.148.10.147"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/45.148.10.147","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-64.62.156.203","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 64.62.156.203","description":"Country: US | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["64.62.156.203"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/64.62.156.203","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-222.239.251.12","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 222.239.251.12","description":"Country: KR | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["222.239.251.12"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/222.239.251.12","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-14.225.3.79","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 14.225.3.79","description":"Country: VN | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["14.225.3.79"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:16:59.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/14.225.3.79","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"threatfox-1796400","source":"threatfox","category":"threat-intel","severity":"critical","title":"payload_delivery: undefined","description":"https://infosec.exchange/@monitorsg/116451588423267418","indicators":{"cves":[],"ips":[""],"domains":[""],"urls":[""],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ClearFake","StrelaStealer","Mirai","ClickFix","compromised","etherhiding","Polygon","Vidar","WordPress","SocGholish","Loki","storj",".NET","VDSINA","SmartLoader","Kongtuke","darkcomet","CobaltStrike","drb-ra","ProxyBox","Socks5 Systemz","ACR Stealer","Mozi","c2","r88vry","LokiBot","Android","banker","Kutxabank","NFCGate","NGate","Spain","Unicaja","ndroid","phish","22April2026","Commandline","Windows","AS199968","DarkCloud","Internet Domain Service BS Corp.","IWS NETWORKS LLC","subdomain","CastleLoader","finger-delivery","tcp79","trojan","ViriBack","RAT","ValleyRAT","RedLineStealer","Agentemis","Beacon","Cobalt Strike","cobeacon","RapidStealer","remcos","Gafgyt","ConnectBack","glassworm","Wave3","wallet-trojan","calendar-c2","infostealer stealer","opiusra","EnmityStealer","1xxbot","ArechClient","SectopRAT","Stealc","CinaRAT","Quasar RAT","QuasarRAT","Yggdrasil","BotManager","MaskGramStealer","21April2026","conhost-headless","finger-tcp79","fingerfix","win.fingerfix","AS15169","hak5","AS14618","AS14061","AS9123","cs-watermark-987654321","cs-watermark-100000","Fake Zoom","ScreenConnect","VBScript","Fake Microsoft Teams","Fake Adobe","SSA","ErrTraffic","Lumma","XWorm","GDrive","grpc","msi","NodeJS","TOR","NanoCore","dcrat","Steal","RemcosRAT","ExtRat","Xtreme RAT","AS24940","CHAOS","Hetzner Online GmbH","kimwolf","Discord","cs-watermark-666666","macOS","stealer","FrostStealer","etherhide","polygon-contract-stored-c2","20April2026","Fake-Claude","Nancrat","NanoCore RAT","PureHVNC","PureRAT","AS202412","jarm-cluster","Omegatech","cluster25","sliver","clickfix-cluster","phishing","AS8075","Microsoft Corporation","Supershell","EXT","Fake Claude","ACRStealer","OffLoader","AISURU","exe","DGA","valleyrat_s2","REMPROXY","CrystalX","DeepLoad","AS205775","NEON CORE NETWORK LLC","Bot Manager","pw-ryos","DDNS","Fake Adobe Reader","Fake DocuSign","payload","Fake Google Meet","cs-watermark-305419896","cs-watermark-666666666","cs-watermark-391144938","DarkCrystal RAT","18April2026","AS216084","itystealer","Kerem Uluboy","Access2.IT Network","AS208258","zabbix","AS64439","borz","RocketCloud.ru","honeypot","WebDav","botnet","controller","ssh","Amnesia Panel","Web Panel","NetSupport","asyncrat","garble","go","midie","sideload-asus","AS56971","AS56971 Cloud","UNAM","Amos","asar","atomic","wallet-injection","applescript","keystone-persistence","Loader","Vjw0rm","PhantomGate","SantaStealer","rmm","simplehelp","deerstealer","njrat","a10fsw","SHubStealer","Farfli","APT","kimsuky","DPRK","Lazarus","ESP","geo","GCleaner","SilentNet","17April2026","KermitRAT","Breut","Fynloski","klovbot","Remvio","Socmer","tofsee","IClickFix","NetSupport RAT","ZigClipper","domain","Lumma Stealer","Mirax","16April2026","infostealer","AS328543","Sun Network Company Limited","RedTigerStealer","WeedHack","Havoc","d0b0p","Lorikazz","AS932","XNNET LLC","SmartApeSG","AgingFly","UKR","odiznrio","Patchwork","cs-watermark-1234567890","quasar","dropped-by-vidar","exfil","FlagStealer","15April2026","apt"],"malwareFamily":"ClearFake","confidence":100,"publishedAt":"2026-04-23T02:56:34Z","fetchedAt":"2026-04-23T03:00:05.010Z","references":[{"url":"https://infosec.exchange/@monitorsg/116451588423267418","label":"ThreatFox","domainType":"other"},{"url":"https://infosec.exchange/@monitorsg/116450645010297764","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/7e9a43686183b6cf6b9ac26c6c3de0176637799bf1b7ba348b31a7407cc3948a/","label":"ThreatFox","domainType":"primary"},{"url":"https://tria.ge/260422-y7xnvaew4k/behavioral2","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/613e5314a7ded3155cdec49fd34e852e181f4651d78bd8bf3adad2f4dbf22b0d/","label":"ThreatFox","domainType":"primary"},{"url":"https://www.virustotal.com/gui/file/e494ce6af136876cba1adfe3f9d6e151f1dcf9a38059897cfb509e30e12b8c7b/detection","label":"ThreatFox","domainType":"other"},{"url":"https://infosec.exchange/@monitorsg/116449703219645845","label":"ThreatFox","domainType":"other"},{"url":"https://tracker.viriback.com/index.php?q=mail.treysbeatend.com","label":"ThreatFox","domainType":"other"},{"url":"https://infosec.exchange/@monitorsg/116448535265098838","label":"ThreatFox","domainType":"other"},{"url":"https://app.any.run/tasks/35c37d6a-75d7-49b0-b74a-b08decf37ad9","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/ce1285f6f87bfc3c2a7f51f1f9f4829d94fed5504f9b892f7e2a62b6b4acf4bc/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/0f70443956f8340ec3a31ca44c34619a2ea1db1b07b68c06c5f4e72ae8581df8/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/7e8535101461b828c2d12888ab01fe2ead504d19c2e14c141ef029346bfe86d5/","label":"ThreatFox","domainType":"primary"},{"url":"https://codeberg.org/tip-o-deincognito/glassworm-writeup","label":"ThreatFox","domainType":"other"},{"url":"https://tria.ge/260422-mm74asc19k/behavioral1","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/217db70a30b60d6f855d9347251889c5c18ef895057619fb8480a31882c53ebe/","label":"ThreatFox","domainType":"primary"},{"url":"https://x.com/suyog41/status/2046592187606220864","label":"ThreatFox","domainType":"other"},{"url":"https://app.any.run/tasks/e3d0fd2c-5aa2-462e-a704-bfb99c24dbf1","label":"ThreatFox","domainType":"other"},{"url":"https://app.any.run/tasks/f2bfdd8e-687b-4dc7-96e1-3d37846c6710","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/778ca9816558ae85045ad676fd016bb7e0d586ff4b05a80472006c81180b0d4d/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/34b7d8e96a8156c53299589e69aa8b4e353ac9554f7ea109b3c652e805f74f97/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116444745795503961","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/amanullahstorellc.com","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/673d15c65f3c65d8bf7518d2a47907a59c5f26a8dd08fb954107d162c1b3721f","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116446151590680751","label":"ThreatFox","domainType":"other"},{"url":"https://x.com/solostalking/status/2046806549813989463?s=20","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/4804a8800007a70241a5e5b2e9f548d2cf56aa64800324a16818616950880945/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/c23f8dd49136a471a5d6632272ecc09041efec0503716f8a3e513a4e8e9eee26/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/4db60c88de6ae375433dc71b8fde1ff323ff5bc5425903a77324a321ac85029c/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/0ac8ef75974a1e69c74855aea131206598a060feab1790282b8ca1c431058fe0/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/bfaf3900078db99c433f5d6e1d58989ae2c7c5a81aabeebc4668a87a89790466/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116443576096335383","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/981083069928ba9c9ab6f5c00e08e39bce07449ef7415f58e962939edabdecd7/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/0a326c130fb55d6f158b793d4c1373aac4c5280bcd9d57f97d10ff7c4d2bd3c7/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/abee9e2c579bed2a9169e1c0b0cfcf910a941ba7a3e556a7cbb9716a90616cbd/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/543379e43bf62ccb4e702b46a5d37edc93ffe7fbc3c9a01efeb7ceee0ac96127/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/15887b4ba9168d51b22e75cf00a801787578e9d3d62064bd19bb8aed0afa3b90/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@netresec/116441345775251709","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/346627d7d58703c3da5b604372778175219e5f7f8c0998f742ebede838fa79e4/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/cfa65056a9accc2678480771e25891733787cf1f0ac46727e2663ca8383e3795/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116438604768924087","label":"ThreatFox","domainType":"other"},{"url":"https://app.any.run/tasks/17149906-1e74-4cdb-a523-8de8790384c2","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/07f008e9ebfb33b2ef8a7f9dcf1f27bed1687359eb321044db47f9ebf70ed129/","label":"ThreatFox","domainType":"primary"},{"url":"https://www.virustotal.com/gui/domain/frostapiv2.com/relations","label":"ThreatFox","domainType":"other"},{"url":"https://x.com/motuariki_/status/2046158360928768268","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/a1a15f6d3c172e29e991bcb274f6c47a2ee45614224ffbccfcec39113a3bd078/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/346edde3c594d4af0f607951ae38f21c8e5ad611419cc7c9e7a2e0c913896581/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/e41f1af836b7573725758186407dbc21293186683e75582563f6760f8aac1a46/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/be94ed15a50a3386f6ab466401d68faf13ead40a05f50c37f410414b57512d3c/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/a4b590be9e9c39b328b69285182e9b0c1dc742d8df854a147bf709a2b74b15c6/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/3cdb760342bc041252efe74188ba8b106b10484a3638b0a2d33830016611a2c8/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/4013853381bb2c28ddff061b1a208e886f2b52a31073cea40e4cdb5ec431d58b/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/d4fd4b65aea6fdd1968fd59046265a5d636f58309c28e12044a3abf145014f78/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/c61c5222e298bf632c0f701da32d74c1e2830a56e1baef37cfb8d212540c516b/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/c086065da56bda3b3654003d541b44f9721baec9894066768447d6c3841504ab/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/c03060e63d3a3a16312ea4d15393c38901ec7239d7290bd30f6b266316bc0b1e/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/9b434276b0af0ea43fdf71a09ca7687c0a45254ba1a0955a1cf04372d69de36d/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/b8342acd2dde4b63d58b11bb83626aa61cd4a7ed33ba42df5eec4b3ad3e934df/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/269ef9fd26667dfcae57ae29f559a327de0327e37c2dd5887ed7a453f7a04a07/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/14871ed0de7fb24775a7c51fb6c88c68a02d31a07050612e457b7f2b66a06285/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/0ef84c28fef31e4457241009cada38ee3ba37d7827b6755d046586d4e49159f4/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/28b74e0919f0e8f08ca698f7d4c897ce345f0ad1f2752e29450d0ef4fe1eaeff/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116437427332348292","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/a63a4bef804fd6e29dfb03780c4b68d353b848d952573465d4a019b452c56e51/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116437337022892373","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/9a824eccc370507893eb49881bc5222b0e76a439b78afabea228a08fb686e6aa/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/a111e77f244f7ced8fea48db8d7ea4648e0a12715b16de0e1473965084d65465/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/6993b775414c63276857ea4ebb6798d8609724ebe9e661ad47d7adb7f554b0de/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/53ce6a4f580b7b9d572bb0cc6c1b9814c2538aabf58429e3f258548a54f0514a/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/3884ca8ff0e82370fc831f4b38c4e7004f474ae1a0087ff58b160d5082f031c2/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/56316afa7cc9642c064f64f1572f8e0c6a70f207f31229609670a6c4515624ca/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/673d15c65f3c65d8bf7518d2a47907a59c5f26a8dd08fb954107d162c1b3721f/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/12eeb42b6c685304e9619f3988146b5a68db3fbe7f0ac28b1c5fda9481315c46/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/1b53dd85b7392738c1810b950552fda5c6b274c7dd2e5b731a1eb101e3946b78/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/858787b627c6e7dec417e1082c6776f0f028930a5482e35fd7f2e3fd6ae9cc5a/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/f37e60e60a3e504f555444ced745e7224cc83625a29582d29217b8a4ab7341a4/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/7fed823191f3c1381f63d43e74dee66f451c6cc6bcb1cf753996e13aaec7921d/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/edd7e88acbf5e866bf68fdb45d2dcb3fe19bb8c5014a4ddc65ff59703abd42da/","label":"ThreatFox","domainType":"primary"},{"url":"https://greedybear.honeynet.org","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/8d8b467cc8473f5a02df308943a7e87927d5e3c1b6f52f1916226a1687697c64/","label":"ThreatFox","domainType":"primary"},{"url":"https://urlhaus.abuse.ch/host/176.65.134.19/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/51a5a9e0f2f500a5f296cf3cfa45576bca995f0eeb5d4d263630902cd1c2fd73/","label":"ThreatFox","domainType":"primary"},{"url":"https://x.com/BreakGlassIntel/status/2045300165330837575","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/a8f92e521b958cc8c702ee5eddfeb77b571de2b4c23f88de69949a419956432d/","label":"ThreatFox","domainType":"primary"},{"url":"https://x.com/JAMESWT_WT/status/2045449296871321937","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/267b0b1dc0a99f9f3918f24f626518d23dde5e0caf1128f128f7857906e3ebf5/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/e9564236bdaac13cb38601b461a76c1b497ae21c85f524cd6f623587101b20e9/","label":"ThreatFox","domainType":"primary"},{"url":"https://tria.ge/260418-glp87shv3s","label":"ThreatFox","domainType":"other"},{"url":"https://infosec.exchange/@monitorsg/116422799712820736","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/2762f3e0a56d62e70157c398626856befead49f0926ba921f478bb599f10e2f6/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/c6e203c681d5ba9786a870a67b11dd784468a640816844c197a4b5a14a9bcf81/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/706bd2e1aac21fadfbcfe1e6639a6488c574f00b007e087718282c597bebf1c1/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/4828d141d7c6b23d0e150aa5e88b812edfaa80ed31fea8f7b6e960144e96f58f/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/bde2db917c40dba4f7d17cb508a3fe9d84e7b00453402c99db7929df7fa50e23/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/2907d74d4bb3ce573ed471b7ddd96f2c49c9dc2b7c7485940651cd9fc1542080/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/9ffadd20c3946d7a635f48a91ab2ca00e6374ff05bf3ac9344e5d2758d3302ba/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/971fa32e2c385f679da4df0b303d2fc484b68d1a1131d77cd4815fc2285249ba/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/4686b6e4902d8a89e97eaa78b4513344537e8031da2fa2b31dad8df30496a3fd/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/753e3923f63b122a65c886aac5932670d0dcd5c46a4cc4f5292da5c0dbea73ce/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/7d4fa8546533a2bc077b20560cd7c32bc240c456c9606478f6253372e48c07fc/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/f6ac3f6683fce33f2f376745b3f9dfe5e86d5d661c36c2ed8ae5a5f153f72c99/","label":"ThreatFox","domainType":"primary"},{"url":"https://x.com/suyog41/status/2045093863812112734","label":"ThreatFox","domainType":"other"},{"url":"https://x.com/K_N1kolenko/status/2045099146856599584","label":"ThreatFox","domainType":"other"},{"url":"https://x.com/K_N1kolenko/status/2045094677435584919","label":"ThreatFox","domainType":"other"},{"url":"https://x.com/skocherhan/status/2044874869871906854","label":"ThreatFox","domainType":"other"},{"url":"https://x.com/cyberwar_15/status/2044964550173409631","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/faaa4d005314440dfd7ed5fa2f522e1a2642f08ec3bf0c1e2779a39bf4268349/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/bf11196247528173195420fcac7cb78e58bec0af501e400f5830d82b9d031b67/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/6250f329e5f6311b857a7d6813269fb0f56d5916870dd0095cb7b87452f5592f/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/679ce9eb3e1bdba8ed58fa53690ae879ce50679be97fbc41e85cbb6a88bbeb0a/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/f9d4d9d8ba78742c1dfcc2d3ff38b13cdc2cba40843564b5919100601f23bad1/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/0c31586cd59ccfaf7fb8da14ae4aa28bd7300443b4e17a86aa59cfc921ecd62e/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/fe93882d49c90278bd15c2b5f02a3d278e41b6c98604210cea167042cec509ea/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/3e5d00fd22666970d708c6a0f8813f81689f21eb6e6d3ffbe01e19023562b630/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/eabd970c01299dc18e66e65a921b4d9045afd362771baeb0fa89e43257c4e4dd/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/82f28b2ecc7158d827089712f84c664c124aa94fde9ea353608b22ee110d73d7/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/73f5db0b04dfff8274ecb96dc3c10c8d4819627a20110dc763123d6ed3421fa9/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116418783762985803","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/454850749d874755a8e1e43e5a128a9fa39ffe49f5ffdbe9f264b5997ccb039c/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/153a90a38f3fe20786de448bce120bcc89c0a00761a55b01783e9b8345b5cb78/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/3442ef237e4be9b964e7922253482cdbe557d9c8c44c519ea6fecf1725cdeead/","label":"ThreatFox","domainType":"primary"},{"url":"https://urlhaus.abuse.ch/url/3823884/","label":"ThreatFox","domainType":"primary"},{"url":"https://www.cleafy.com/cleafy-labs/mirax-a-new-android-rat-turning-infected-devices-into-potential-residential-proxy-nodes","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/9d176e2a1d21e4b368cd06adfb0f38629781d4b7ca6ed7b738efb0745e77fa22/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/c132d2a4a97ba28b95d212d9b4dba6b375fc73a3b52f0a5b72703ee380e29cc8/","label":"ThreatFox","domainType":"primary"},{"url":"https://x.com/skocherhan/status/2044843064745681374","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/108bb28df7f64b83f8fda981664c6209a50cab9bb0eb13888410be30d2006bd6/","label":"ThreatFox","domainType":"primary"},{"url":"https://www.virustotal.com/gui/domain/friendlydomain.ru/relations","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/dd426a8f168871393bec760724228c0584e80519c5069b4969a663846afdb88e/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/aa589ef7e0ea27bed4ee87929117cfc5b28b68c343b3991209514db311c1a3ec/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/500f2453771722611010edab168211ad9eca0c0bf97936453855e8638e6d73fd/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/8e02b5ba983587779b3aeeaa2d50d9b2a965c578ec0a1242c58af34322d97e9f/","label":"ThreatFox","domainType":"primary"},{"url":"https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2026-04-13-LORIKAZZ-ANDROID-IOT.txt","label":"ThreatFox","domainType":"primary"},{"url":"https://x.com/500mk500/status/2044765712481239082","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/6ad0f9685ddaf9f39d9543f83be82874e050455e0fc6f3d20481cf595e23f02d/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116414303892382227","label":"ThreatFox","domainType":"other"},{"url":"https://cert.gov.ua/article/6288271","label":"ThreatFox","domainType":"other"},{"url":"https://therecord.media/aging-fly-espionage-campaign-targets-ukraine-emergency-services","label":"ThreatFox","domainType":"media"},{"url":"https://app.any.run/tasks/a365d025-2c6f-4ead-b419-e1285fcfcaae","label":"ThreatFox","domainType":"other"},{"url":"https://app.any.run/tasks/3d1280a9-8ba1-4f2e-aab9-213bb9639197","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/4bfd0b95c3baf8b621e009aec5b92344e4e236ebc12b34fad891d0a1996668c6/","label":"ThreatFox","domainType":"primary"},{"url":"https://x.com/500mk500/status/2044440829859643849","label":"ThreatFox","domainType":"other"},{"url":"https://x.com/salmanvsf/status/2044635908981604371","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/e9bf8b0cc4f99ab868fbdbf3e90a6adcb867a7041f6201007a7844414ba0cc55/","label":"ThreatFox","domainType":"primary"},{"url":"https://urlhaus.abuse.ch/url/3823147/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/b830f043076a12748b6a2dc0810ece85439ee77434d991ae7d84201b09ead756/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/ade9874ddc5fb64c27f3eecddeeabdddb4b62e341e1ec06f09fea29ac9e6baa5/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/9f9c4d0f6644abe7500325d2e387ff606a1d72f8d033bc164f984deee92d7d65/","label":"ThreatFox","domainType":"primary"},{"url":"https://clickfix.carsonww.com/domains/www.zeitdanach.ch","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/www.aircliniq.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/www.omnicoresolutions.net","label":"ThreatFox","domainType":"other"}],"feedLabel":null},{"id":"news-new-mirai-campaign-exploits-rce-flaw-in-eol-d-link-routers","source":"general-news","category":"news","severity":"critical","title":"New Mirai campaign exploits RCE flaw in EoL D-Link routers","description":"A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link DIR-823X routers, to enlist devices into the botnet. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet","rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T20:04:46.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/new-mirai-campaign-exploits-rce-flaw-in-eol-d-link-routers/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-kyber-ransomware-gang-toys-with-post-quantum-encryption-on-windows","source":"general-news","category":"news","severity":"critical","title":"Kyber ransomware gang toys with post-quantum encryption on Windows","description":"A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints in recent attacks, with one variant implementing Kyber1024 post-quantum encryption. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T18:52:29.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/kyber-ransomware-gang-toys-with-post-quantum-encryption-on-windows/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-over-1-300-microsoft-sharepoint-servers-vulnerable-to-spoofing-attacks","source":"general-news","category":"news","severity":"critical","title":"Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks","description":"Over 1,300 Microsoft SharePoint servers exposed online remain unpatched against a spoofing vulnerability that was exploited as a zero-day and is still being abused in ongoing attacks. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["zeroday"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T06:53:02.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/over-1-300-microsoft-sharepoint-servers-vulnerable-to-ongoing-attacks/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-mustang-panda-s-new-lotuslite-variant-targets-india-banks-south-korea-policy-cir","source":"general-news","category":"news","severity":"critical","title":"Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles","description":"Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that's distributed via a theme related to India's banking sector.\n\"The backdoor communicates with a dynamic DNS-based command-and-control server over HTTPS and supports remote shell access, file operations, a…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["apt","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:58:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/mustang-pandas-new-lotuslite-variant.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-the-gentlemen-rapidly-rises-to-ransomware-prominence","source":"general-news","category":"news","severity":"critical","title":"'The Gentlemen' Rapidly Rises to Ransomware Prominence","description":"Not nearly as polite as the name suggests, the ransomware gang has impressed researchers with its speed in scaling up operations — and its sophistication.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T20:51:55.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.darkreading.com/threat-intelligence/gentlemen-rapidly-rise-ransomware","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-google-antigravity-in-crosshairs-of-security-researchers-cybercriminals","source":"general-news","category":"news","severity":"critical","title":"Google Antigravity in Crosshairs of Security Researchers, Cybercriminals","description":"Researchers discovered a remote code execution vulnerability and cybercriminals are using its reputation to deliver malware.\nThe post Google Antigravity in Crosshairs of Security Researchers, Cybercriminals appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:53:05.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.securityweek.com/google-antigravity-in-crosshairs-of-security-researchers-cybercriminals/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-former-ransomware-negotiator-pleads-guilty-to-working-for-blackcat-cyber-gang","source":"general-news","category":"news","severity":"critical","title":"Former Ransomware Negotiator Pleads Guilty to Working For BlackCat Cyber Gang","description":"A former ransomware negotiator has pleaded guilty to abusing his position by working with noted cybercrime group BlackCat","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T11:00:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://www.infosecurity-magazine.com/news/former-ransomware-negotiator/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"nvd-CVE-2026-22753","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-22753 — Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a P…","description":"Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security components will not be exercised as intended by the applicatio…","indicators":{"cves":["CVE-2026-22753"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T06:16:04.160Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://spring.io/security/cve-2026-22753","label":"security@vmware.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22754","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-22754 — Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path=\"/se…","description":"Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path=\"/servlet-path\" pattern=\"/endpoint/**\"/> to define the servlet path for computing a path matcher, then the servlet path is not included and the related authorization rules are not exercised. This can lead…","indicators":{"cves":["CVE-2026-22754"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T06:16:04.270Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://spring.io/security/cve-2026-22754","label":"security@vmware.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40542","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40542 — Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the cli…","description":"Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue.","indicators":{"cves":["CVE-2026-40542"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:16:12.780Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://lists.apache.org/thread/tfmgv86xr0z1y096vs3z0y315t1v3o97","label":"security@apache.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/22/5","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6022","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6022 — In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resou…","description":"In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion.","indicators":{"cves":["CVE-2026-6022"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:16:12.903Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.telerik.com/products/aspnet-ajax/documentation/knowledge-base/kb-security-uncontrolled-resource-consumption-cve-2026-6022","label":"security@progress.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6023","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6023 — In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is…","description":"In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible.","indicators":{"cves":["CVE-2026-6023"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:16:13.040Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.telerik.com/products/aspnet-ajax/documentation/knowledge-base/kb-security-deserialization-of-untrusted-data-cve-2026-6023","label":"security@progress.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4132","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-4132 — The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading…","description":"The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution in all versions up to and including 1.19.2. This is due to insufficient validation of the file path stored in the 'hh_htpasswd_path' option and lack of sanitization on the 'h…","indicators":{"cves":["CVE-2026-4132"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:24.240Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/http-headers/tags/1.19.2/http-headers.php#L1296","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/tags/1.19.2/http-headers.php#L1298","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/tags/1.19.2/http-headers.php#L1403","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/tags/1.19.2/http-headers.php#L671","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/tags/1.19.2/http-headers.php#L722","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/tags/1.19.2/http-headers.php#L97","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/trunk/http-headers.php#L1296","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/trunk/http-headers.php#L1298","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/trunk/http-headers.php#L1403","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/trunk/http-headers.php#L671","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/trunk/http-headers.php#L722","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/trunk/http-headers.php#L97","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ce010c6f-16bd-4178-a621-31ba6378946a?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6846","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6846 — A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a speciall…","description":"A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution,…","indicators":{"cves":["CVE-2026-6846"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:27.607Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6846","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460006","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6855","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6855 — A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in th…","description":"A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in the chat session handler by manipulating the `logs_dir` parameter. This allows the attacker to create new directories and write files to arbitrary locations on the system, potentially leading to unautho…","indicators":{"cves":["CVE-2026-6855"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T13:16:22.410Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6855","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460013","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6857","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6857 — A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the Prot…","description":"A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to gain…","indicators":{"cves":["CVE-2026-6857"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T13:16:22.583Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6857","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460003","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31450","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-31450 — In the Linux kernel, the following vulnerability has been resolved: ext4: publish jinode after initi…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: publish jinode after initialization\n\next4_inode_attach_jinode() publishes ei->jinode to concurrent users.\nIt used to set ei->jinode before jbd2_journal_init_jbd_inode(),\nallowing a reader to observe a non-NULL jinode with i_v…","indicators":{"cves":["CVE-2026-31450"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:39.083Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/1aec30021edd410b986c156f195f3d23959a9d11","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/2d2b648960147d078b000b9a7494017082024366","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/33f486987af21531a7b18973d11795ede3da9ddd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4855a59e21789c79f003a9b5f4135c95a7495c6b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a070d5a872ffe0e0fe5c46eda6386140ded39adb","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/be54c0055407a73b60349c093c8ce621cb8fa232","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e4325e84727e539c8597bd5b8491349f57f7fb17","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e76bcb727e4874a2f9d0297f8e3f8eced89b0764","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31456","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-31456 — In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between co…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/pagewalk: fix race between concurrent split and refault\n\nThe splitting of a PUD entry in walk_pud_range() can race with a\nconcurrent thread refaulting the PUD leaf entry causing it to try walking\na PMD range that has disappeared…","indicators":{"cves":["CVE-2026-31456"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:40.203Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/38ec58670a0c5fc1edabdeccd857e586b7b3f318","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3b89863c3fa482912911cd65a12a3aeef662c250","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9bbbebd94dd5be25ec8c899d46ef01b33d5d22c0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31479","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-31479 — In the Linux kernel, the following vulnerability has been resolved: drm/xe: always keep track of rem…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: always keep track of remap prev/next\n\nDuring 3D workload, user is reporting hitting:\n\n[  413.361679] WARNING: drivers/gpu/drm/xe/xe_vm.c:1217 at vm_bind_ioctl_ops_unwind+0x1e2/0x2e0 [xe], CPU#7: vkd3d_queue/9925\n[  413.3619…","indicators":{"cves":["CVE-2026-31479"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:44.993Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/5eda8001ebb5269755608d678dd1f3928ab077c9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/bfe9e314d7574d1c5c851972e7aee342733819d2","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ccd41f110c608b3cc347b9be881c3e72cd634b2b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e6ba1749549e87b83c0c4885d84b543687c3740e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31510","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-31510 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-d…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb\n\nBefore using sk pointer, check if it is null.\n\nFix the following:\n\n KASAN: null-ptr-deref in range [0x0000000000000260-0x0000000000000267]\n CPU: 0 UID: 0 PID: 5985 Comm:…","indicators":{"cves":["CVE-2026-31510"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:50.130Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/03d4eafb0f3788239df63575951f6b4c97bbfda4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/0780f9333852971ca77d110019e3a66ce5a7b100","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/1dc6db047919ecd59493cd51248b37381bbabcbb","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3c821bc0fbeaa27910a20d0b43c6008d099792af","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/898b89c90ff9496e64b9331040778cc4e1b28c9d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a04a760c06bb591989db659439efdf106f0bae76","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/b6552e0503973daf6f23bd6ed9273ef131ee364f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d34776c7fa1f2c510f1cdd14823aba701babb4ad","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33593","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-33593 — A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.","description":"A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.","indicators":{"cves":["CVE-2026-33593"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:53.713Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33608","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-33608 — An attacker can send a notify request that causes a new secondary domain to be added to the bind bac…","description":"An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it.","indicators":{"cves":["CVE-2026-33608"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:54.650Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41651","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41651 — PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way us…","description":"PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that all…","indicators":{"cves":["CVE-2026-41651"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:17:04.617Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L2273-L2277","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L4036","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L873-L882","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/PackageKit/PackageKit/security/advisories/GHSA-f55j-vvr9-69xv","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html","label":"security-advisories@github.com","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/22/6","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"},{"url":"https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6859","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6859 — A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when…","description":"A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run `ilab train/download/generate` with a specially crafted malicious…","indicators":{"cves":["CVE-2026-6859"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:17:07.687Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6859","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2459998","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35548","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-35548 — An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5.2.1 (5.2.1…","description":"An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5.2.1 (5.2.1 is used in guardsix 7.9.0.0). A logic flaw allowed stored database credentials to be reused after modification of the target Host, IP address, or Port. When editing an existing Enrichment Source, prev…","indicators":{"cves":["CVE-2026-35548"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T15:16:16.100Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://guardsix.com/media-room#/pressreleases/logpoint-becomes-guardsix-as-europe-reassesses-sovereign-security-operations-3436974","label":"cve@mitre.org","domainType":"other"},{"url":"https://servicedesk.guardsix.com/hc/en-us/articles/35555683205021-SSRF-in-ODBC-Enrichment-Source","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35338","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-35338 — A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root…","description":"A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbolic…","indicators":{"cves":["CVE-2026-35338"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:35.583Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/pull/10033","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.6.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35341","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-35341 — A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions o…","description":"A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a file already exists at the target path, it fails to terminate the operation for that path and continues to execute a follow-up set_permis…","indicators":{"cves":["CVE-2026-35341"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:36.060Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/issues/10020","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/10020","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35352","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-35352 — A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mkfifo utility of uutils coreut…","description":"A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mkfifo utility of uutils coreutils. The utility creates a FIFO and then performs a path-based chmod to set permissions. A local attacker with write access to the parent directory can swap the newly created FIFO for a symbolic link…","indicators":{"cves":["CVE-2026-35352"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:37.597Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/issues/10020","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/10020","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35368","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-35368 — A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. T…","description":"A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam() after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch (NSS) to load…","indicators":{"cves":["CVE-2026-35368"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:40.560Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/issues/10327","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/10327","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-4922","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-4922 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.9.6, 18.10…","description":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection.","indicators":{"cves":["CVE-2026-4922"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:44.277Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/","label":"cve@gitlab.com","domainType":"other"},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/594937","label":"cve@gitlab.com","domainType":"other"},{"url":"https://hackerone.com/reports/3627285","label":"cve@gitlab.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5262","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5262 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18.…","description":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an unauthenticated user to access tokens in the Storybook development environment due to improper input val…","indicators":{"cves":["CVE-2026-5262"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:44.437Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/","label":"cve@gitlab.com","domainType":"other"},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/595332","label":"cve@gitlab.com","domainType":"other"},{"url":"https://hackerone.com/reports/3574642","label":"cve@gitlab.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5816","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5816 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and…","description":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions.","indicators":{"cves":["CVE-2026-5816"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:44.763Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/","label":"cve@gitlab.com","domainType":"other"},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/592816","label":"cve@gitlab.com","domainType":"other"},{"url":"https://hackerone.com/reports/3572231","label":"cve@gitlab.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-26354","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-26354 — Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1…","description":"Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain a stack-based Buffer Overflow vulnerability. An unauthenticated attacker…","indicators":{"cves":["CVE-2026-26354"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T19:17:00.677Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34413","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-34413 — Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in th…","description":"Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit() or die(), allowing PHP execution to continue and process the…","indicators":{"cves":["CVE-2026-34413"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T19:17:02.710Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/commit/02661be88cc369325ea01b508086bde7fbfec805","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/commit/17e4f945fe6a3400fa88c01eda18c1075ee4a212","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/commit/507d55c5e91bf9310b5b1c7fad8aebfef902ad23","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/issues/1527","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/xerte-online-toolkits-missing-authentication-via-connector-php","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://xerte.org.uk/index.php/en/downloads-1/category/3-xerte-online-toolkits","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://xerte.org.uk/xertetoolkits_3.15_ChangeLog.html","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34414","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-34414 — Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in t…","description":"Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where the name parameter in rename commands is not sanitized for path traversal sequences. Attackers can supply a name value contai…","indicators":{"cves":["CVE-2026-34414"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T19:17:04.033Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/commit/02661be88cc369325ea01b508086bde7fbfec805","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/commit/17e4f945fe6a3400fa88c01eda18c1075ee4a212","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/commit/507d55c5e91bf9310b5b1c7fad8aebfef902ad23","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/issues/1527","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/xerte-online-toolkits-path-traversal-via-connector-php","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://xerte.org.uk/index.php/en/downloads-1/category/3-xerte-online-toolkits","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://xerte.org.uk/xertetoolkits_3.15_ChangeLog.html","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41468","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41468 — Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbo…","description":"Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript execution…","indicators":{"cves":["CVE-2026-41468"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T19:17:08.813Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22191-POC.py","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22191-SicuroWeb-ATI-chain.txt","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.beghelli.it","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://www.boffsec-services.com/posts/sicuroweb-cve-2026-22191/","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://www.vulncheck.com/advisories/beghelli-sicuro24-sicuroweb-angularjs-sandbox-escape-via-template-injection","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34063","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-34063 — Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `n…","description":"Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `network-libp2p` discovery uses a libp2p `ConnectionHandler` state machine. the handler assumes there is at most one inbound and one outbound discovery substream per connection. if a remote peer opens/n…","indicators":{"cves":["CVE-2026-34063"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T20:16:40.713Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/nimiq/core-rs-albatross/commit/e0d4e01994f061bf41d3c2835bc74040d3c084f5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/pull/3666","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-74hp-mhfx-m45h","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-34065","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-34065 — nimiq-primitives contains primitives (e.g., block, account, transaction) to be used in Nimiq's Rust…","description":"nimiq-primitives contains primitives (e.g., block, account, transaction) to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can cause a node to panic by announcing an election macro block whose `validators` set contains an invalid compressed BLS voting key. Hash…","indicators":{"cves":["CVE-2026-34065"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T20:16:41.077Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/nimiq/core-rs-albatross/commit/e10eaebcd7774e5da6d0ff5e88ed13503474f0ff","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/pull/3662","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-7c4j-2m43-2mgh","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33733","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-33733 — EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the…","description":"EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management endpoints accept attacker-controlled `name` and `scope` values and pass them into template path construction without normalization or traversal filtering. As a result, an aut…","indicators":{"cves":["CVE-2026-33733"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T21:17:05.970Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/espocrm/espocrm/security/advisories/GHSA-44c3-xjfp-3jrh","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40882","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40882 — OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset…","description":"OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses attacker-controlled XML without explicit XXE hardening. An authenticated user who can call the import endpoint may trigger XML external entity processing, which can lead to server-s…","indicators":{"cves":["CVE-2026-40882"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T21:17:08.733Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/openremote/openremote/security/advisories/GHSA-g24f-mgc3-jwwc","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40937","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40937 — RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notif…","description":"RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notification target admin API endpoints in `rustfs/src/admin/handlers/event.rs` use a `check_permissions` helper that validates authentication only (access key + session token), without performing any admi…","indicators":{"cves":["CVE-2026-40937"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T21:17:08.877Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/rustfs/rustfs/releases/tag/1.0.0-alpha.94","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/rustfs/rustfs/security/advisories/GHSA-pfcq-4gjr-6gjm","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41166","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41166 — OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has `w…","description":"OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has `write:admin` in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, including `master`. The handler uses the `{realm}` path segment when talking to th…","indicators":{"cves":["CVE-2026-41166"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T21:17:09.167Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/openremote/openremote/releases/tag/1.22.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/openremote/openremote/security/advisories/GHSA-49vv-25qx-mg44","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40517","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40517 — radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars()…","description":"radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz…","indicators":{"cves":["CVE-2026-40517"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T22:16:31.183Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://blog.calif.io/p/mad-bugs-discovering-a-0-day-in-zero","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://github.com/radareorg/radare2/issues/25730","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/radareorg/radare2/pull/25731","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/radare2-command-injection-via-pdb-parser-symbol-names","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41175","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41175 — Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.20 and…","description":"Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.20 and 6.13.0, manipulating query parameters on Control Panel and REST API endpoints, or arguments in GraphQL queries, could result in the loss of content, assets, and user accounts. The Control Panel requi…","indicators":{"cves":["CVE-2026-41175"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T22:16:31.820Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/statamic/cms/security/advisories/GHSA-4jjr-vmv7-wh4w","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41454","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41454 — WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoin…","description":"WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs, create new integrations…","indicators":{"cves":["CVE-2026-41454"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T22:16:32.497Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/wekan/wekan/commit/2cd702f48df2b8aef0e7381685f8e089986a18a4","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/wekan/wekan/releases/tag/v8.35","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/wekan-missing-authorization-via-integration-rest-api","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41455","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41455 — WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL ha…","description":"WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the url schema field accepts any string without protocol restriction or destination validation. Attackers who can create or modify integrations can set webhook URLs to internal network ad…","indicators":{"cves":["CVE-2026-41455"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T22:16:32.677Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/wekan/wekan/commit/2cd702f48df2b8aef0e7381685f8e089986a18a4","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/wekan/wekan/releases/tag/v8.35","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/wekan-ssrf-via-webhook-url","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3621","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-3621 — IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Serve…","description":"IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deployed without authentication and authorization configured.","indicators":{"cves":["CVE-2026-3621"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:45.313Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://www.ibm.com/support/pages/node/7270437","label":"psirt@us.ibm.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5935","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5935 — IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow a…","description":"IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input.","indicators":{"cves":["CVE-2026-5935"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:46.900Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://www.ibm.com/support/pages/node/7270127","label":"psirt@us.ibm.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41180","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41180 — PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload…","description":"PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under `/files/:uploadId` validates the mounted request path using the still-encoded `req.path`, but the downstream tus handler later writes using the decoded `req.params.uploadId`. In depl…","indicators":{"cves":["CVE-2026-41180"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:15.977Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/psi-4ward/psitransfer/commit/8b547bf3e09757122efa00aab90281e3915aa0c6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/psi-4ward/psitransfer/releases/tag/v2.4.3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/psi-4ward/psitransfer/security/advisories/GHSA-533q-w4g6-5586","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-0671be8c3c90f4f70b4feef76edbf8f3fd8d8b9ceb191675b100912d70e82c22","source":"malware-bazaar","category":"malware","severity":"high","title":"sport.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"9f86a462681b343125415cee2ce30624","sha1":"5aaffe2fd4ad738032bcf35b960b575a778a97fe","sha256":"0671be8c3c90f4f70b4feef76edbf8f3fd8d8b9ceb191675b100912d70e82c22"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:58:56Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/0671be8c3c90f4f70b4feef76edbf8f3fd8d8b9ceb191675b100912d70e82c22/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-6a94e0e6917dac14fe32db0e46e328251ca2baa5551712ab5a9b6e008a0ebd6c","source":"malware-bazaar","category":"malware","severity":"high","title":"pace.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"54a8827f55792a6e0d3817e80ac2a318","sha1":"8b30ba6bca841026b199e955822b6459ad44d981","sha256":"6a94e0e6917dac14fe32db0e46e328251ca2baa5551712ab5a9b6e008a0ebd6c"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:58:39Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/6a94e0e6917dac14fe32db0e46e328251ca2baa5551712ab5a9b6e008a0ebd6c/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-6c403ed3119dae79cc5abf671489c6b1053ae5de11d249c74b3a9e9c01d86634","source":"malware-bazaar","category":"malware","severity":"high","title":"Indeed.bat","description":"File type: bat | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"61a5049fb91d6a8b1659c267dd2d8713","sha1":"17d136a21801102060dabe962c0c7f472ab5d194","sha256":"6c403ed3119dae79cc5abf671489c6b1053ae5de11d249c74b3a9e9c01d86634"}},"tags":["bat"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:58:30Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/6c403ed3119dae79cc5abf671489c6b1053ae5de11d249c74b3a9e9c01d86634/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-e178ec2c637f8340288d0928c5de1a852e5f6fdded6327cfb3fc2c752f0c88cd","source":"malware-bazaar","category":"malware","severity":"high","title":"ENJOY.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"f65cf754c315bc223fda4dee8ebc9a02","sha1":"e315db400b398c97ebdd9c76c9437908b6214722","sha256":"e178ec2c637f8340288d0928c5de1a852e5f6fdded6327cfb3fc2c752f0c88cd"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:58:20Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/e178ec2c637f8340288d0928c5de1a852e5f6fdded6327cfb3fc2c752f0c88cd/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-43d206a3928e1d6445113250bee9b2f8b0568b062280d28af8b496a5e76d4b78","source":"malware-bazaar","category":"malware","severity":"high","title":"SIMPLY.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"7fe9f680efb8660345b340df5c58e179","sha1":"4bbf34b61d35d5e60f19b61732950b91d5c4f22d","sha256":"43d206a3928e1d6445113250bee9b2f8b0568b062280d28af8b496a5e76d4b78"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:46:53Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/43d206a3928e1d6445113250bee9b2f8b0568b062280d28af8b496a5e76d4b78/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-7d8cf5a10104f02491f52f8d7314c729d30cdb469f18ff8c2f0766faf11c2c00","source":"malware-bazaar","category":"malware","severity":"high","title":"roughly.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"cb3af8617b37c043b9935a19ee2d24c0","sha1":"4510fb16cad04daf8fab3f7b5d6077b75d447944","sha256":"7d8cf5a10104f02491f52f8d7314c729d30cdb469f18ff8c2f0766faf11c2c00"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:46:45Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/7d8cf5a10104f02491f52f8d7314c729d30cdb469f18ff8c2f0766faf11c2c00/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-4f7d170b16f656a4bd09f5e1b8606eab8b8a5381a1230e2a716a01cc837c73f6","source":"malware-bazaar","category":"malware","severity":"high","title":"rail.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"f5612d481fc9e8c4a2b7ee7eb70c4dbb","sha1":"9fbc359d8cf4d07c86c3b809d01c4c4d7802b639","sha256":"4f7d170b16f656a4bd09f5e1b8606eab8b8a5381a1230e2a716a01cc837c73f6"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:46:37Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/4f7d170b16f656a4bd09f5e1b8606eab8b8a5381a1230e2a716a01cc837c73f6/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-5364a6db5cfb43f056be8dd0102124a425bd7b02c406b2f4af822b3e18106144","source":"malware-bazaar","category":"malware","severity":"high","title":"Lunch.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"249dc8a9dc96ef5f65a96277e2e022e2","sha1":"a773c006c415ba353cf197f9e254999d3860dbce","sha256":"5364a6db5cfb43f056be8dd0102124a425bd7b02c406b2f4af822b3e18106144"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:46:28Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/5364a6db5cfb43f056be8dd0102124a425bd7b02c406b2f4af822b3e18106144/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-22bdb406f852375a0dec9a309d923d39f3e38f7b465fb51ea0710d70b9eb3ba8","source":"malware-bazaar","category":"malware","severity":"high","title":"Jump.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"9cff319d04fe3ad5b7afdaa1c33aaa08","sha1":"40147a62b1f6bdc19a9db059f1c896495f65e12e","sha256":"22bdb406f852375a0dec9a309d923d39f3e38f7b465fb51ea0710d70b9eb3ba8"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:46:20Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/22bdb406f852375a0dec9a309d923d39f3e38f7b465fb51ea0710d70b9eb3ba8/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-2b9067eeb7909d5e78c83d9a37b379d6531a5b893d5a002b06c4f851edb1f402","source":"malware-bazaar","category":"malware","severity":"high","title":"Gold.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"13543fe2894ca8577f234c4641ae4890","sha1":"22d48c4483602f87e5d94764dc838cb403de31c0","sha256":"2b9067eeb7909d5e78c83d9a37b379d6531a5b893d5a002b06c4f851edb1f402"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:46:11Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/2b9067eeb7909d5e78c83d9a37b379d6531a5b893d5a002b06c4f851edb1f402/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-8057846b383074f436e035011f2b47ce14f4bdbf9b3d8146bdd3bfa47863ad0d","source":"malware-bazaar","category":"malware","severity":"high","title":"102214433.dll","description":"File type: exe | Reporter: seventh","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"da86876a180c98bde9151bb97bd82492","sha1":"c5bec0cb69878d2883067ec3760bfa0a4e8ebc37","sha256":"8057846b383074f436e035011f2b47ce14f4bdbf9b3d8146bdd3bfa47863ad0d"}},"tags":["exe","Generic"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:28:10Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/8057846b383074f436e035011f2b47ce14f4bdbf9b3d8146bdd3bfa47863ad0d/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-95b620de060eaaedf521423892275b8fe6f635e720c9f294704d1f1df5b46036","source":"malware-bazaar","category":"malware","severity":"high","title":"Earn.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"4725d3cc859e5ce08ae392596b497485","sha1":"d85c25d7d0dc38a7f7ce101b38dd1fb140768404","sha256":"95b620de060eaaedf521423892275b8fe6f635e720c9f294704d1f1df5b46036"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:15:55Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/95b620de060eaaedf521423892275b8fe6f635e720c9f294704d1f1df5b46036/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-ebe53bdc9a171b425a091131e45c9119a8652b57fd00c08c8f7de300a32092af","source":"malware-bazaar","category":"malware","severity":"high","title":"57E2D4450641AFB778B17A9348AE707F.exe","description":"File type: exe | Reporter: abuse_ch","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"57e2d4450641afb778b17a9348ae707f","sha1":"0e27a306c5405bdb305ff2a3e458f35340e11b4e","sha256":"ebe53bdc9a171b425a091131e45c9119a8652b57fd00c08c8f7de300a32092af"}},"tags":["exe","Loki"],"malwareFamily":"Loki","confidence":null,"publishedAt":"2026-04-23T02:10:17Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/ebe53bdc9a171b425a091131e45c9119a8652b57fd00c08c8f7de300a32092af/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-bc4398448cea0dce1a025b061145801b0ba27f7840f4298748ea9302408024b8","source":"malware-bazaar","category":"malware","severity":"high","title":"vpuuaqjs.dll","description":"File type: dll | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"53062a067d23ec46fba15b6d2cea672d","sha1":"12809654ca28bd7391d820ed34176755eb2561f4","sha256":"bc4398448cea0dce1a025b061145801b0ba27f7840f4298748ea9302408024b8"}},"tags":["dll"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:07:39Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/bc4398448cea0dce1a025b061145801b0ba27f7840f4298748ea9302408024b8/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-4f3ac17ca2c10d5129d7001d855b7ac073abccde991424cb2962a48ed3e8bb0b","source":"malware-bazaar","category":"malware","severity":"high","title":"perfect.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"202a45a94c6484ea89330c2075842933","sha1":"f9a9f87ae46e1df10176caaa5e75a452f3226036","sha256":"4f3ac17ca2c10d5129d7001d855b7ac073abccde991424cb2962a48ed3e8bb0b"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:07:32Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/4f3ac17ca2c10d5129d7001d855b7ac073abccde991424cb2962a48ed3e8bb0b/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-827954fcfe9efbda35968d9f5928b12d75f9e5c8ea0026df19296ccc4623b170","source":"malware-bazaar","category":"malware","severity":"high","title":"explorer.exe","description":"File type: exe | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"95267bdaef5c91708ee495af88a5b395","sha1":"cc31c02ee881ea5927984f9e7f2ceebe2d47b571","sha256":"827954fcfe9efbda35968d9f5928b12d75f9e5c8ea0026df19296ccc4623b170"}},"tags":["exe"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:07:26Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/827954fcfe9efbda35968d9f5928b12d75f9e5c8ea0026df19296ccc4623b170/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e8b27323474e048df8d7b1","source":"otx","category":"threat-intel","severity":"high","title":"APT Group Expands Toolset With New GoGra Linux Backdoor","description":"The Harvester APT group has developed a highly-evasive Linux version of its GoGra backdoor that leverages Microsoft Graph API and Outlook mailboxes as a covert command-and-control channel to bypass traditional network defenses. Initial VirusTotal submissions originated from India and Afghanistan, in…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"8f1af2175403195726957dc58fe64821","sha1":"c78c6f9b78e9503ab1a079010cf12a6182ec4d43","sha256":"d8d84eaba9b902045ae4fe044e9761ad0ce9051b85feea3f1cf9c80b59b2b123"}},"tags":["graphon","south asia espionage","cross-platform","gogra","linux backdoor","microsoft graph api","azure ad abuse","nation-state","apt","phishing","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T11:35:15.969Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e8b27323474e048df8d7b1","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e8c18ece091934fe2136f5","source":"otx","category":"threat-intel","severity":"high","title":"Kyber Ransomware Double Trouble: Windows and ESXi Attacks Explained","description":"Kyber ransomware represents a significant threat through dual-platform deployment capabilities targeting VMware ESXi virtualization infrastructure and Windows file systems. During a March 2026 incident response engagement, two Kyber payloads were recovered from the same environment. The ESXi variant…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"18498b1ff111ee9d9a037c280f75b720","sha1":"0e9a47782e39741a2c161bf639252d33ad3a428a","sha256":"6ccacb7567b6c0bd2ca8e68ff59d5ef21e8f47fc1af70d4d88a421f1fc5280fc"}},"tags":["rust","virtualization","chacha8","hyper-v","vmware","esxi","cross-platform","kyber","ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T12:39:42.119Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e8c18ece091934fe2136f5","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e8c1fb96869b14e2c565a2","source":"otx","category":"threat-intel","severity":"high","title":"TwizAdmin -- Multi-Stage Crypto Clipper, Infostealer & Ransomware Operation","description":"A sophisticated multi-stage malware operation was identified through an exposed C2 panel at 103.241.66[.]238:1337, combining cryptocurrency clipboard hijacking across eight chains, BIP-39 seed phrase theft, browser credential exfiltration, ransomware module (crpx0), and Java RAT builder managed via…","indicators":{"cves":[],"ips":["31.31.198.206"],"domains":["fanonlyatn.xyz","beboss34.ru","caribb.ru","mekhovaya-shuba.ru","secure-shard-091.of-cdn.com","www.fanonlyatn.xyz"],"urls":["https://fanonlyatn.xyz/files/","https://fanonlyatn.xyz","http://fanonlyatn.xyz/files/","https://beboss34.ru/crpx0/notify.php","https://caribb.ru/crpx0/notify.php","https://fanonlyatn.xyz/api.php","https://fanonlyatn.xyz/api_address_match.php","https://fanonlyatn.xyz/api_dropper_log.php","https://fanonlyatn.xyz/builds/","https://mekhovaya-shuba.ru/crpx0/notify.php"],"hashes":{"md5":null,"sha1":null,"sha256":"f7ddba605e3d04e06d2f7b0fc4a38027ae58ca65a69d800dd2f43c8e94ca8396"}},"tags":["crypto clipper","twizadmin","multi-platform","russian-speaking","infostealer","crpx0","maas","ransomware","cryptocurrency theft","phishing","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T12:41:31.240Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e8c1fb96869b14e2c565a2","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"news-new-npm-supply-chain-attack-self-spreads-to-steal-auth-tokens","source":"general-news","category":"news","severity":"high","title":"New npm supply-chain attack self-spreads to steal auth tokens","description":"A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T12:57:42.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/new-npm-supply-chain-attack-self-spreads-to-steal-auth-tokens/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-malicious-kics-docker-images-and-vs-code-extensions-hit-checkmarx-supply-chain","source":"general-news","category":"news","severity":"high","title":"Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain","description":"Cybersecurity researchers have warned of malicious images pushed to the official \"checkmarx/kics\" Docker Hub repository.\nIn an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2.1.20 and alp…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:55:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/malicious-kics-docker-images-and-vs.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-self-propagating-supply-chain-worm-hijacks-npm-packages-to-steal-developer-token","source":"general-news","category":"news","severity":"high","title":"Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens","description":"Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens.\nThe supply chain worm has been detected by both Socket and StepSecurity, with the companies tracking the activi…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:33:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/self-propagating-supply-chain-worm.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-harvester-deploys-linux-gogra-backdoor-in-south-asia-using-microsoft-graph-api","source":"general-news","category":"news","severity":"high","title":"Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API","description":"The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia.\n\"The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T15:28:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/harvester-deploys-linux-gogra-backdoor.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-mirai-botnet-targets-flaw-in-discontinued-d-link-routers","source":"general-news","category":"news","severity":"high","title":"Mirai Botnet Targets Flaw in Discontinued D-Link Routers","description":"The exploitation of the command injection vulnerability started one year after public disclosure and PoC exploit code publication.\nThe post Mirai Botnet Targets Flaw in Discontinued D-Link Routers appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T11:44:07.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.securityweek.com/mirai-botnet-targets-flaw-in-discontinued-d-link-routers/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-are-sboms-failing-supply-chain-attacks-rise-as-security-teams-struggle-with-sbom","source":"general-news","category":"news","severity":"high","title":"Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data","description":"Researcher says the missing piece is a governance-driven intelligence layer that turns SBOM and VEX data into explainable security decisions.\nThe post Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T11:30:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.securityweek.com/are-sboms-failing-supply-chain-attacks-rise-as-security-teams-struggle-with-sbom-data/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"nvd-CVE-2026-6833","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6833 — The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote atta…","description":"The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.","indicators":{"cves":["CVE-2026-6833"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T04:16:07.303Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.twcert.org.tw/en/cp-139-10834-eb3ee-2.html","label":"twcert@cert.org.tw","domainType":"other"},{"url":"https://www.twcert.org.tw/tw/cp-132-10833-e3a53-1.html","label":"twcert@cert.org.tw","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6834","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6834 — The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated rem…","description":"The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method.","indicators":{"cves":["CVE-2026-6834"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T04:16:09.307Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.twcert.org.tw/en/cp-139-10834-eb3ee-2.html","label":"twcert@cert.org.tw","domainType":"other"},{"url":"https://www.twcert.org.tw/tw/cp-132-10833-e3a53-1.html","label":"twcert@cert.org.tw","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6835","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6835 — The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated…","description":"The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload arbitrary files to any path, including HTML documents, which may result in a XSS-like effect.","indicators":{"cves":["CVE-2026-6835"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T04:16:09.560Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.twcert.org.tw/en/cp-139-10836-ed15f-2.html","label":"twcert@cert.org.tw","domainType":"other"},{"url":"https://www.twcert.org.tw/tw/cp-132-10835-cb0c2-1.html","label":"twcert@cert.org.tw","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22747","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-22747 — Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle cer…","description":"Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user.\nThi…","indicators":{"cves":["CVE-2026-22747"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T06:16:03.933Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://spring.io/security/cve-2026-22747","label":"security@vmware.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22748","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-22748 — Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtD…","description":"Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder  or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator<Jwt> separately, for example by calling setJwtValidator.This issue affects Spring Security: from 6.3.0 through 6.3.14, fr…","indicators":{"cves":["CVE-2026-22748"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T06:16:04.040Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://spring.io/security/cve-2026-22748","label":"security@vmware.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40448","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40448 — Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory a…","description":"Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory allocation for large tensors in Samsung Open Source ONE.\nAffected version is prior to commit  1.30.0.","indicators":{"cves":["CVE-2026-40448"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:12.500Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/Samsung/ONE/pull/16481","label":"PSIRT@samsung.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40449","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40449 — Integer overflow in buffer size calculation could result in out of bounds memory access when handlin…","description":"Integer overflow in buffer size calculation could result in out of bounds memory access when handling large tensors in Samsung Open Source ONE.\nAffected version is prior to commit  1.30.0.","indicators":{"cves":["CVE-2026-40449"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:13.450Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/Samsung/ONE/pull/16481","label":"PSIRT@samsung.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40450","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40450 — Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incor…","description":"Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incorrect copy length and memory corruption for oversized tensors.\nAffected version is prior to commit  1.30.0.","indicators":{"cves":["CVE-2026-40450"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:13.553Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/Samsung/ONE/pull/16481","label":"PSIRT@samsung.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41664","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41664 — Integer overflow in memory copy size calculation in Samsung Open Source ONE could lead to invalid me…","description":"Integer overflow in memory copy size calculation in Samsung Open Source ONE could lead to invalid memory operations with large tensor shapes.\nAffected version is prior to commit  1.30.0.","indicators":{"cves":["CVE-2026-41664"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:13.657Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/Samsung/ONE/pull/16481","label":"PSIRT@samsung.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41665","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41665 — Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause…","description":"Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause incorrect memory initialization for large intermediate tensors.\nAffected version is prior to commit  1.30.0.","indicators":{"cves":["CVE-2026-41665"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:13.763Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/Samsung/ONE/pull/16481","label":"PSIRT@samsung.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41666","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41666 — Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bou…","description":"Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bounds access during loop state propagation.\nAffected version is prior to commit  1.30.0.","indicators":{"cves":["CVE-2026-41666"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:13.867Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/Samsung/ONE/pull/16481","label":"PSIRT@samsung.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41667","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41667 — Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause inc…","description":"Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large constant nodes.\nAffected version is prior to commit  1.30.0.","indicators":{"cves":["CVE-2026-41667"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:13.990Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/Samsung/ONE/pull/16481","label":"PSIRT@samsung.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6839","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6839 — Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out o…","description":"Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE\nAffected version is prior to commit  1.30.0.","indicators":{"cves":["CVE-2026-6839"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:14.957Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/Samsung/ONE/pull/16481","label":"PSIRT@samsung.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6840","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6840 — Missing bounds validation for operator could allow out of range operator-code lookup during model lo…","description":"Missing bounds validation for operator could  allow out of range operator-code lookup during model loading\nAffected version is prior to commit  1.30.0.","indicators":{"cves":["CVE-2026-6840"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:15.067Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/Samsung/ONE/pull/16481","label":"PSIRT@samsung.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-1379","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1379 — The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin setting…","description":"The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and…","indicators":{"cves":["CVE-2026-1379"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:19.667Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/http-headers/tags/1.19.2/views/manual.php#L18","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/trunk/views/manual.php#L18","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/02e63068-02a8-4106-b64e-430c24815e55?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1845","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1845 — The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin sett…","description":"The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an…","indicators":{"cves":["CVE-2026-1845"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:20.650Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://wordpress.org/plugins/re-pro/","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1978fd4f-f130-4e72-85df-24a6f9aebfe2?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-2714","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-2714 — The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '…","description":"The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Admi…","indicators":{"cves":["CVE-2026-2714"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:20.817Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/institute-management/tags/5.5/admin/inc/wl_im_settings.php#L47","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/institute-management/trunk/admin/inc/wl_im_settings.php#L47","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1fd62c3d-2c15-4d1c-9210-4c2aca379fe3?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-2717","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-2717 — The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and inc…","description":"The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and including, 1.19.2. This is due to insufficient sanitization of custom header name and value fields before writing them to the Apache .htaccess file via `insert_with_markers()`. This makes it possible for…","indicators":{"cves":["CVE-2026-2717"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:20.987Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/http-headers/tags/1.19.2/http-headers.php#L1098","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/tags/1.19.2/http-headers.php#L745","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/trunk/http-headers.php#L1098","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/trunk/http-headers.php#L745","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7716e77f-e899-4046-9421-86fc0c36c245?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-2719","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-2719 — The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exce…","description":"The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to, and including, 0.4.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-…","indicators":{"cves":["CVE-2026-2719"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:21.130Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/private-wp-suite/tags/0.4.1/private-wp-suite.php#L153","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/private-wp-suite/trunk/private-wp-suite.php#L153","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/af88a631-c4ec-47ec-ad9b-1ef38ea1be09?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3362","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3362 — The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '…","description":"The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Minimum Count' settings field in all versions up to and including 2.2. This is due to insufficient input sanitization (no sanitize callback on register_setting) and missing output escaping (no esc_att…","indicators":{"cves":["CVE-2026-3362"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:21.757Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/short-comment-filter/tags/2.2/classes/short-comment-filter-settings.php#L21","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/short-comment-filter/tags/2.2/classes/short-comment-filter-settings.php#L54","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/short-comment-filter/tags/2.2/classes/short-comment-filter-settings.php#L61","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/short-comment-filter/tags/2.2/views/settings.php#L25","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/short-comment-filter/trunk/classes/short-comment-filter-settings.php#L21","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/short-comment-filter/trunk/classes/short-comment-filter-settings.php#L54","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/short-comment-filter/trunk/classes/short-comment-filter-settings.php#L61","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/short-comment-filter/trunk/views/settings.php#L25","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4ba46475-bf54-49a8-9b0e-fae3fb4e1df9?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4074","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4074 — The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t…","description":"The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cheikh' and 'lang' shortcode attributes in all versions up to, and including, 1.0.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The q…","indicators":{"cves":["CVE-2026-4074"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:21.947Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/quran-live/tags/1.0.3/inc/Class_QuranLive.php#L191","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/tags/1.0.3/inc/Class_QuranLive.php#L216","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/tags/1.0.3/inc/Class_QuranLive.php#L217","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/tags/1.0.3/inc/Class_QuranLive.php#L245","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/tags/1.0.3/inc/Class_QuranLive.php#L246","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/tags/1.0.3/quran-live.php#L110","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/trunk/inc/Class_QuranLive.php#L191","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/trunk/inc/Class_QuranLive.php#L216","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/trunk/inc/Class_QuranLive.php#L217","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/trunk/inc/Class_QuranLive.php#L245","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/trunk/inc/Class_QuranLive.php#L246","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/trunk/quran-live.php#L110","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/883484dd-d48d-46f9-ae96-223626c50039?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4076","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4076 — The Slider Bootstrap Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via…","description":"The Slider Bootstrap Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'category' and 'template' shortcode attributes in all versions up to and including 1.0.7. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes.…","indicators":{"cves":["CVE-2026-4076"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:22.117Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/tags/1.0.7/includes/sbc-shortcode.php#L109","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/tags/1.0.7/includes/sbc-shortcode.php#L113","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/tags/1.0.7/includes/sbc-shortcode.php#L38","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/tags/1.0.7/includes/sbc-shortcode.php#L47","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/tags/1.0.7/includes/sbc-shortcode.php#L7","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/tags/1.0.7/includes/sbc-shortcode.php#L93","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/trunk/includes/sbc-shortcode.php#L109","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/trunk/includes/sbc-shortcode.php#L113","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/trunk/includes/sbc-shortcode.php#L38","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/trunk/includes/sbc-shortcode.php#L47","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/trunk/includes/sbc-shortcode.php#L7","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/trunk/includes/sbc-shortcode.php#L93","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/26fe0b7b-dbf8-467f-b5e2-86a858eeaf89?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4082","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4082 — The ER Swiffy Insert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [swif…","description":"The ER Swiffy Insert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [swiffy] shortcode in all versions up to and including 1.0.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes ('n', 'w', 'h'). These attributes are…","indicators":{"cves":["CVE-2026-4082"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:22.273Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/er-swiffy-insert/tags/1.0.0/er-swiffy-insert.php#L49","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/er-swiffy-insert/tags/1.0.0/er-swiffy-insert.php#L56","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/er-swiffy-insert/trunk/er-swiffy-insert.php#L49","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/er-swiffy-insert/trunk/er-swiffy-insert.php#L56","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/074d9712-9b26-47da-9e24-49854fd7257c?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4085","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4085 — The Easy Social Photos Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via…","description":"The Easy Social Photos Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapper_class' shortcode attribute of the 'my-instagram-feed' shortcode in all versions up to, and including, 3.1.2. This is due to insufficient input sanitization and output escaping on user su…","indicators":{"cves":["CVE-2026-4085"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:22.417Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/my-instagram-feed/tags/3.1.2/frontend/class-my-instagram-feed-frontend.php#L53","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/my-instagram-feed/tags/3.1.2/frontend/views/feed.php#L102","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/my-instagram-feed/trunk/frontend/class-my-instagram-feed-frontend.php#L53","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/my-instagram-feed/trunk/frontend/views/feed.php#L102","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8640724c-0bd4-4684-9fd1-027f2af64e67?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4088","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4088 — The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppw_c…","description":"The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppw_cta_box' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user-supplied post meta values including 'cta_box_button_link', 'cta_…","indicators":{"cves":["CVE-2026-4088"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:22.560Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/switch-cta-box/tags/1.1/inc/box_display_template.php#L14","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/switch-cta-box/tags/1.1/inc/box_display_template.php#L18","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/switch-cta-box/tags/1.1/inc/box_display_template.php#L2","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/switch-cta-box/tags/1.1/inc/shortcode_setup.php#L8","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/switch-cta-box/trunk/inc/box_display_template.php#L14","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/switch-cta-box/trunk/inc/box_display_template.php#L18","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/switch-cta-box/trunk/inc/box_display_template.php#L2","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/switch-cta-box/trunk/inc/shortcode_setup.php#L8","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/19a3fc90-b81c-4451-80e0-cead99a2dcd9?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4089","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4089 — The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id…","description":"The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in all versions up to and including 1.0.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The ttt_twittee_tweeter() fun…","indicators":{"cves":["CVE-2026-4089"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:22.713Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/twittee-text-tweet/tags/1.0.8/ttt-twittee-text-tweet.php#L55","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/twittee-text-tweet/tags/1.0.8/ttt-twittee-text-tweet.php#L87","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/twittee-text-tweet/trunk/ttt-twittee-text-tweet.php#L55","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/twittee-text-tweet/trunk/ttt-twittee-text-tweet.php#L87","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4d678e97-f466-4640-83ee-a3a24550e8d8?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4090","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4090 — The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up…","description":"The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in the rd_ic_settings_page function when processing settings form submissions. This makes it possible for unauthenticated attackers…","indicators":{"cves":["CVE-2026-4090"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:22.867Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/tags/0.0.0.0/includes/inquiry-cart-shortcode.php#L32","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/tags/0.0.0.0/includes/inquiry-cart-shortcode.php#L34","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/tags/0.0.0.0/includes/settings-page.php#L21","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/tags/0.0.0.0/includes/settings-page.php#L46","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/tags/0.0.0.0/includes/settings-page.php#L47","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/tags/0.0.0.0/includes/settings-page.php#L48","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/tags/0.0.0.0/includes/settings-page.php#L49","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/tags/0.0.0.0/includes/settings-page.php#L6","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/trunk/includes/inquiry-cart-shortcode.php#L32","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/trunk/includes/inquiry-cart-shortcode.php#L34","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/trunk/includes/settings-page.php#L21","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/trunk/includes/settings-page.php#L46","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/trunk/includes/settings-page.php#L47","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/trunk/includes/settings-page.php#L48","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/trunk/includes/settings-page.php#L49","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/trunk/includes/settings-page.php#L6","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/772e9b2b-b2d5-4950-804b-d0914004710c?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4117","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4117 — The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and incl…","description":"The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5. This is due to a missing capability check in the CalJSettingsPage class constructor, which processes the 'save-obtained-key' operation directly from POST data without verifying that the re…","indicators":{"cves":["CVE-2026-4117"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:23.027Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/calj/tags/1.5/CalJSettingsPage.php#L25","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/calj/tags/1.5/CalJSettingsPage.php#L30","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/calj/tags/1.5/calj.php#L17","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/calj/trunk/CalJSettingsPage.php#L25","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/calj/trunk/CalJSettingsPage.php#L30","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/calj/trunk/calj.php#L17","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d1c7df8e-2f82-4474-88ef-8c8ddaeb4656?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4118","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4118 — The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ve…","description":"The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.3. This is due to missing nonce validation in the cbox_options_page() function which handles saving, creating, and deleting plugin settings. The form rendered on the s…","indicators":{"cves":["CVE-2026-4118"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:23.180Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/call-to-action-plugin/tags/3.1.3/call-to-action-plugin.php#L41","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/call-to-action-plugin/tags/3.1.3/call-to-action-plugin.php#L55","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/call-to-action-plugin/tags/3.1.3/call-to-action-plugin.php#L69","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/call-to-action-plugin/tags/3.1.3/call-to-action-plugin.php#L76","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/call-to-action-plugin/trunk/call-to-action-plugin.php#L41","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/call-to-action-plugin/trunk/call-to-action-plugin.php#L55","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/call-to-action-plugin/trunk/call-to-action-plugin.php#L69","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/call-to-action-plugin/trunk/call-to-action-plugin.php#L76","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6d15f5de-9ec9-466d-aafe-6304356ccb39?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4121","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4121 — The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to…","description":"The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.1. This is due to missing nonce validation in the plugin's settings page handler (admin/setting.php). The settings form does not include a wp_nonce_field() and the form processing co…","indicators":{"cves":["CVE-2026-4121"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:23.490Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/kcaptcha/tags/1.0.1/admin/setting.php#L12","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/kcaptcha/tags/1.0.1/admin/setting.php#L30","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/kcaptcha/tags/1.0.1/admin/setting.php#L47","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/kcaptcha/trunk/admin/setting.php#L12","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/kcaptcha/trunk/admin/setting.php#L30","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/kcaptcha/trunk/admin/setting.php#L47","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a6c1c73b-76e3-4cb9-ad53-9d5d4e7519c9?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4125","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4125 — The WPMK Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' sho…","description":"The WPMK Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, in the wpmk_block_sh…","indicators":{"cves":["CVE-2026-4125"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:23.633Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/wpmk-block/tags/1.0.1/classes/wpmk-block-class.php#L82","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wpmk-block/tags/1.0.1/classes/wpmk-block-class.php#L97","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wpmk-block/trunk/classes/wpmk-block-class.php#L82","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wpmk-block/trunk/classes/wpmk-block-class.php#L97","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5e397c7a-2aef-4c23-a224-e324ea4bb4b1?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4126","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4126 — The Table Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versio…","description":"The Table Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0 via the 'table_manager' shortcode. The shortcode handler `tablemanager_render_table_shortcode()` takes a user-controlled `table` attribute, applies only `sanitize_key()`…","indicators":{"cves":["CVE-2026-4126"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:23.777Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/table-manager/tags/1.0.0/table-manager.php#L561","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/table-manager/tags/1.0.0/table-manager.php#L572","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/table-manager/tags/1.0.0/table-manager.php#L573","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/table-manager/trunk/table-manager.php#L561","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/table-manager/trunk/table-manager.php#L572","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/table-manager/trunk/table-manager.php#L573","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/25b3607c-f99e-4359-8228-0f3452f80aac?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4128","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4128 — The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing Authorization…","description":"The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. The delete_term() function, which handles the 'tpmcattt_delete_term' AJAX action, does not perform any capability check (e.g., current_user_can()) to veri…","indicators":{"cves":["CVE-2026-4128"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:23.930Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/tp-restore-categories-and-taxonomies/tags/1.0.1/admin/class-tp-move-categories-and-taxonomies-to-trash-admin.php#L474","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/tp-restore-categories-and-taxonomies/tags/1.0.1/includes/class-tp-move-categories-and-taxonomies-to-trash.php#L169","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/tp-restore-categories-and-taxonomies/trunk/admin/class-tp-move-categories-and-taxonomies-to-trash-admin.php#L474","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/tp-restore-categories-and-taxonomies/trunk/includes/class-tp-move-categories-and-taxonomies-to-trash.php#L169","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/53a0749f-86e9-4f62-9de2-a6759c78ba2f?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4131","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4131 — The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery in…","description":"The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.4. This is due to the settings form on the admin page (wpo_admin_page.php) lacking nonce generation (wp_nonce_field) and verification (wp_verify_nonce/check_admin_re…","indicators":{"cves":["CVE-2026-4131"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:24.080Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/tags/1.4/wp-popup-optin.php#L218","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/tags/1.4/wpo_admin_page.php#L103","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/tags/1.4/wpo_admin_page.php#L104","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/tags/1.4/wpo_admin_page.php#L15","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/tags/1.4/wpo_admin_page.php#L43","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/trunk/wp-popup-optin.php#L218","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/trunk/wpo_admin_page.php#L103","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/trunk/wpo_admin_page.php#L104","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/trunk/wpo_admin_page.php#L15","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/trunk/wpo_admin_page.php#L43","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0a8a49c4-21e8-447c-94da-8241c7d66c29?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4133","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4133 — The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all v…","description":"The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.7. This is due to missing nonce validation in the imTextP2POptionPage() function which processes settings updates. The form at line 314 does not include a wp_nonce_field(…","indicators":{"cves":["CVE-2026-4133"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:24.400Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/textp2p-texting-widget/tags/1.7/inc/admin/im-textp2p-options.php#L299","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/textp2p-texting-widget/tags/1.7/inc/admin/im-textp2p-options.php#L7","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/textp2p-texting-widget/trunk/inc/admin/im-textp2p-options.php#L299","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/textp2p-texting-widget/trunk/inc/admin/im-textp2p-options.php#L7","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2d36fa25-108b-462b-b84e-2e77943b1871?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4138","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4138 — The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all v…","description":"The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing nonce validation on the plugin's settings form in the dxuc-unanswered-comments-admin-page.php file. This makes it possible for unauthenticated…","indicators":{"cves":["CVE-2026-4138"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:24.547Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/dx-unanswered-comments/tags/1.7/dxuc-unanswered-comments-admin-page.php#L13","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/dx-unanswered-comments/tags/1.7/dxuc-unanswered-comments-admin-page.php#L21","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/dx-unanswered-comments/tags/1.7/dxuc-unanswered-comments-admin-page.php#L25","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/dx-unanswered-comments/tags/1.7/dxuc-unanswered-comments-admin-page.php#L40","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/dx-unanswered-comments/trunk/dxuc-unanswered-comments-admin-page.php#L13","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/dx-unanswered-comments/trunk/dxuc-unanswered-comments-admin-page.php#L21","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/dx-unanswered-comments/trunk/dxuc-unanswered-comments-admin-page.php#L25","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/dx-unanswered-comments/trunk/dxuc-unanswered-comments-admin-page.php#L40","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e44dbd0e-d6a7-438b-b1bf-a6628734fec4?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4139","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4139 — The mCatFilter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up t…","description":"The mCatFilter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.5.2. This is due to the complete absence of nonce verification and capability checks in the compute_post() function, which processes settings updates. The compute_post() function is…","indicators":{"cves":["CVE-2026-4139"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:24.707Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/mcatfilter/tags/0.5.2/mcatfilter.php#L138","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/mcatfilter/tags/0.5.2/mcatfilter.php#L320","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/mcatfilter/tags/0.5.2/mcatfilter.php#L339","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/mcatfilter/trunk/mcatfilter.php#L138","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/mcatfilter/trunk/mcatfilter.php#L320","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/mcatfilter/trunk/mcatfilter.php#L339","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/622ee6c8-7739-44ae-b88f-63a93c0a9b20?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4140","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4140 — The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in…","description":"The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.1.6. This is due to missing nonce validation in the ni_order_export_action() AJAX handler function. The handler processes settings updates when the 'page' parameter…","indicators":{"cves":["CVE-2026-4140"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:24.857Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/ni-woocommerce-order-export/tags/3.1.6/include/ni-order-export.php#L136","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/ni-woocommerce-order-export/tags/3.1.6/include/ni-order-setting.php#L59","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/ni-woocommerce-order-export/trunk/include/ni-order-export.php#L136","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/ni-woocommerce-order-export/trunk/include/ni-order-setting.php#L59","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2d62c49c-3a33-4865-abcc-22d8e38ac198?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4142","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4142 — The Sentence To SEO (keywords, description and tags) plugin for WordPress is vulnerable to Stored Cr…","description":"The Sentence To SEO (keywords, description and tags) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Permanent keywords' field in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping. The plugin reads user input via filte…","indicators":{"cves":["CVE-2026-4142"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:25.000Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php#L262","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php#L50","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php#L75","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php#L81","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php#L87","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php#L262","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php#L50","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php#L75","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php#L81","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php#L87","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7d11b2db-d097-433f-923c-f49ef2951c0e?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4279","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4279 — The Bread & Butter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'breadb…","description":"The Bread & Butter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'breadbutter-customevent-button' shortcode in all versions up to, and including, 8.2.0.25. This is due to insufficient input sanitization and output escaping on the 'event' shortcode attribute. The customEve…","indicators":{"cves":["CVE-2026-4279"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:25.160Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/bread-butter/tags/8.2.0.25/src/Base/Shortcode.php#L364","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/bread-butter/tags/8.2.0.25/src/Base/Shortcode.php#L380","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/bread-butter/trunk/src/Base/Shortcode.php#L364","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/bread-butter/trunk/src/Base/Shortcode.php#L380","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0728b42b-5ec7-46a2-a9a5-3316107e9324?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4280","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4280 — The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up t…","description":"The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwp_ajax_form AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwp_theme option…","indicators":{"cves":["CVE-2026-4280"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:25.310Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/breaking-news-wp/tags/1.3/breaking-news.php#L366","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/breaking-news-wp/tags/1.3/breaking-news.php#L372","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/breaking-news-wp/tags/1.3/breaking-news.php#L85","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/breaking-news-wp/trunk/breaking-news.php#L366","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/breaking-news-wp/trunk/breaking-news.php#L372","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/breaking-news-wp/trunk/breaking-news.php#L85","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4772b482-f5e5-4707-b012-aca70fc89e49?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4353","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4353 — The CI HUB Connector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id'…","description":"The CI HUB Connector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the `cihub_metadata` shortcode in all versions up to, and including, 1.2.106 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers…","indicators":{"cves":["CVE-2026-4353"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:25.457Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/ci-hub-connector/tags/1.2.106/ci-hub-wordpress-connector.php#L645","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/ci-hub-connector/trunk/ci-hub-wordpress-connector.php#L645","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f4b36468-319a-4de3-9112-bd4a3cf7d637?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5748","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5748 — The Text Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's…","description":"The Text Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ts` shortcode in all versions up to, and including, 0.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,…","indicators":{"cves":["CVE-2026-5748"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:25.700Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/text-snippet/tags/0.0.1/text-snippet.php#L78","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/text-snippet/trunk/text-snippet.php#L78","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8cc7a0f3-6a58-4e42-9341-aecf55d2ccb1?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5767","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5767 — The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin…","description":"The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `slideShowProSC` shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat…","indicators":{"cves":["CVE-2026-5767"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:25.840Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/slideshowpro-shortcode/tags/1.0.2/slideshowpro_sc.php#L287","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slideshowpro-shortcode/trunk/slideshowpro_sc.php#L287","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/51467cef-9624-4dd9-a368-d3b5fac7bb3d?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5820","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5820 — The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table o…","description":"The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 1.0.6. This is due to the front-end TOC rendering script reading heading text via `innerText` and inserting it into the page using `innerHTML` wi…","indicators":{"cves":["CVE-2026-5820"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:25.977Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/zypento-blocks/tags/1.0.6/assets/js/src/blocks/table-of-contents/view.js#L57","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/zypento-blocks/tags/1.0.6/assets/js/src/blocks/table-of-contents/view.js#L71","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/024a6a0f-f819-40e7-9618-71219c27aa64?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6041","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6041 — The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom…","description":"The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom Buzz Avatar' (buzz_comments_avatar_image) setting in all versions up to, and including, 0.9.4. This is due to insufficient input sanitization and output escaping. This makes it possible for authentica…","indicators":{"cves":["CVE-2026-6041"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:26.123Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/buzz-comments/trunk/admin.tpl.php#L36","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/buzz-comments/trunk/buzzComments_class.php#L187","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1516ebe7-4d16-4e97-9baa-bc5857f95126?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6236","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6236 — The Posts map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' short…","description":"The Posts map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' shortcode attribute in all versions up to, and including, 0.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, w…","indicators":{"cves":["CVE-2026-6236"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:26.400Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/posts-map/tags/0.1.3/posts-map.php#L33","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/posts-map/tags/0.1.3/posts-map.php#L78","label":"security@wordfence.com","domainType":"other"},{"url":"https://wordpress.org/plugins/posts-map/","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e02c5817-7a54-4958-a076-71e5e7729cda?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6246","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6246 — The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting…","description":"The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'container_right_width' attribute of the 'simple_random_posts' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping on user supplied a…","indicators":{"cves":["CVE-2026-6246"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:26.540Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/simple-random-posts-shortcode/tags/0.3/simple-random-posts-shortcode.php#L54","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/simple-random-posts-shortcode/trunk/simple-random-posts-shortcode.php#L54","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7d61e6ea-4975-452a-8f9c-1c6d428372ac?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6294","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6294 — The Google PageRank Display plugin for WordPress is vulnerable to Cross-Site Request Forgery in vers…","description":"The Google PageRank Display plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4. This is due to missing nonce validation in the gpdisplay_option() function, which handles the plugin settings page. The settings form does not include a wp_nonce_field(),…","indicators":{"cves":["CVE-2026-6294"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:26.677Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/google-pagerank-display/tags/1.4/gpdisplay.php#L32","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/google-pagerank-display/tags/1.4/gpdisplay.php#L56","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/google-pagerank-display/trunk/gpdisplay.php#L32","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/google-pagerank-display/trunk/gpdisplay.php#L56","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e39ebe27-7780-48b6-8dca-7da7a78fce69?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6396","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6396 — The Fast & Fancy Filter – 3F plugin for WordPress is vulnerable to Cross-Site Request Forgery in ver…","description":"The Fast & Fancy Filter – 3F plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce verification in the saveFields() function, which handles the fff_save_settins AJAX action. This makes it possible for unauthenticated atta…","indicators":{"cves":["CVE-2026-6396"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:26.810Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/fast-fancy-filter-3f/tags/1.2.2/includes/admin/class-admin.php#L24","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/fast-fancy-filter-3f/tags/1.2.2/includes/admin/class-admin.php#L419","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/fast-fancy-filter-3f/trunk/includes/admin/class-admin.php#L24","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/fast-fancy-filter-3f/trunk/includes/admin/class-admin.php#L419","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4b5fbf2c-1231-482f-b5a5-819f31da3524?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6843","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6843 — A flaw was found in nano. A local user could exploit a format string vulnerability in the `statuslin…","description":"A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application attempts to display this name, leading to a segmentation fault (SEGV). This results in a Denial of Se…","indicators":{"cves":["CVE-2026-6843"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:26.963Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6843","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460017","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6844","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6844 — A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit tw…","description":"A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable Format (ELF) file. One vulnerability, a resource exhaustion (CWE-400), can lead to an out-of-memory c…","indicators":{"cves":["CVE-2026-6844"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:27.140Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6844","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460016","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6845","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6845 — A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a…","description":"A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw can lead to the syste…","indicators":{"cves":["CVE-2026-6845"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:27.373Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6845","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460012","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1395","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1395 — The Gutentools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Slider…","description":"The Gutentools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Slider block's block_id attribute in all versions up to, and including, 1.1.3. This is due to insufficient input sanitization and output escaping combined with a custom unescaping routine that reintroduces…","indicators":{"cves":["CVE-2026-1395"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:50.437Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/gutentools/tags/1.1.3/core/blocks/post-slider.php#L232","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/gutentools/trunk/core/blocks/post-slider.php#L232","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/gutentools/trunk/core/gutentools_block.php#L123","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3476597/gutentools/trunk/core/blocks/post-slider.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b2683b4e-b993-4c84-b7cc-a2cb511b4097?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1913","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1913 — The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t…","description":"The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login_link shortcode in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the 'prefix' attribute. This makes it possible for authentica…","indicators":{"cves":["CVE-2026-1913"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:50.853Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/gallagher-website-design/tags/2.6.4/gallagher-website-design.php#L203","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/gallagher-website-design/trunk/gallagher-website-design.php#L203","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3454227%40gallagher-website-design&new=3454227%40gallagher-website-design&sfp_email=&sfph_mail=","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d8d013ae-a512-454a-bcfc-8725a6928fee?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1930","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1930 — The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a missi…","description":"The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the page_options_ajax_disconnect() function in all versions up to, and including, 3.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and abo…","indicators":{"cves":["CVE-2026-1930"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:51.000Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/emailchef/tags/3.5.1/admin/class-emailchef-admin.php#L121","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/emailchef/tags/3.5.1/admin/class-emailchef-admin.php#L200","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/emailchef/trunk/admin/class-emailchef-admin.php#L121","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/emailchef/trunk/admin/class-emailchef-admin.php#L200","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3474353%40emailchef&new=3474353%40emailchef&sfp_email=&sfph_mail=","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3ae02595-17f0-472d-bc4f-6169cce7a583?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33256","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33256 — An attacker can send a web request that causes unlimited memory allocation in the internal web serve…","description":"An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.","indicators":{"cves":["CVE-2026-33256","CVE-2026-33257","CVE-2026-33260"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:51.193Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","label":"security@open-xchange.com","domainType":"other"},{"url":"https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html","label":"security@open-xchange.com","domainType":"other"},{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33258","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33258 — By publishing and querying a crafted zone an attacker can cause allocation of large entries in the n…","description":"By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC(3) caches.","indicators":{"cves":["CVE-2026-33258"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:51.460Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33259","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33259 — Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free a…","description":"Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur with a malfunctioning RPZ provider.","indicators":{"cves":["CVE-2026-33259"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:51.580Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33261","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33261 — A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of s…","description":"A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service.","indicators":{"cves":["CVE-2026-33261"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:51.857Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33262","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33262 — An attacker can send replies that result in a null pointer dereference, caused by a missing consiste…","description":"An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are disabled by default.","indicators":{"cves":["CVE-2026-33262"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:51.997Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33600","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33600 — An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by…","description":"An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.","indicators":{"cves":["CVE-2026-33600"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:52.107Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33601","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33601 — If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zo…","description":"If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.","indicators":{"cves":["CVE-2026-33601"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:52.223Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6848","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6848 — A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive…","description":"A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with access to an idle authent…","indicators":{"cves":["CVE-2026-6848"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:52.347Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6848","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460119","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31192","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-31192 — Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5.6.…","description":"Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5.6.76.0 allows attackers to obtain sensitive user data via a crafted request.","indicators":{"cves":["CVE-2026-31192"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:36.420Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS","label":"cve@mitre.org","domainType":"other"},{"url":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Origin","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/incoggeek/vulnerability-research/tree/master/CVE-2026-31192","label":"cve@mitre.org","domainType":"primary"},{"url":"https://support.google.com/chrome_webstore/answer/2664769?hl=en","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33254","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33254 — An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memor…","description":"An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default.","indicators":{"cves":["CVE-2026-33254"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:53.520Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33594","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33594 — A client can trigger excessive memory allocation by generating a lot of queries that are routed to a…","description":"A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released until the end of the connection.","indicators":{"cves":["CVE-2026-33594"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:53.837Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33595","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33595 — A client can trigger excessive memory allocation by generating a lot of errors responses over a sing…","description":"A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection.","indicators":{"cves":["CVE-2026-33595"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:53.950Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33598","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33598 — A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAd…","description":"A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress() or getAddressListByDomain() on a packet cache.","indicators":{"cves":["CVE-2026-33598"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:54.303Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33602","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33602 — A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum co…","description":"A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service.","indicators":{"cves":["CVE-2026-33602"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:54.537Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33609","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33609 — Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queri…","description":"Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees.","indicators":{"cves":["CVE-2026-33609"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:54.770Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33610","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33610 — A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when…","description":"A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it.","indicators":{"cves":["CVE-2026-33610"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:54.887Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33611","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33611 — An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS…","description":"An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend.","indicators":{"cves":["CVE-2026-33611"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:55.000Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6355","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6355 — A vulnerability in the web application allows unauthorized users to access and manipulate sensitive…","description":"A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This could lead to unauthorized access to sensitive information and unauthorized changes to the tenant's configuration.","indicators":{"cves":["CVE-2026-6355"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:17:06.627Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/Penguinsecq/CVE-2026-6355/","label":"cret@cert.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6861","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6861 — A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs proc…","description":"A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG (Scalable Vector Graphics) CSS (Cascading Style Sheets) data. A local user could exploit this by convincing a victim to open a malicious SVG file, which may lead to a denia…","indicators":{"cves":["CVE-2026-6861"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:17:07.860Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6861","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2459992","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6862","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6862 — A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fai…","description":"A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI (Extensible Firmware Interface) device path node header. A local user could exploit this vulnerab…","indicators":{"cves":["CVE-2026-6862"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:17:08.060Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6862","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2459982","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-58922","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-58922 — Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request Forge…","description":"Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2.","indicators":{"cves":["CVE-2025-58922"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T16:16:51.963Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://patchstack.com/database/wordpress/theme/avada/vulnerability/wordpress-avada-theme-7-13-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve","label":"audit@patchstack.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-30139","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-30139 — A reflected cross-site scripting (XSS) vulnerability in the AdvancedSearch functionality of Silverpe…","description":"A reflected cross-site scripting (XSS) vulnerability in the AdvancedSearch functionality of Silverpeas Core before version 6.4.6 allows attackers to execute arbitrary JavaScript in the context of a user's browser via crafted input.","indicators":{"cves":["CVE-2026-30139"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T16:16:53.367Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/Silverpeas/Silverpeas-Core/pull/1421","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/bodd1593/CVEs-huyle/tree/main/CVE-2026-30139","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/bodd1593/CVEs-huyle/tree/main/CVE-2026-30139","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2025-0186","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-0186 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.9.6, 18.10…","description":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service under certain conditions by exhausting server resources by making crafted requests to…","indicators":{"cves":["CVE-2025-0186"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:32.950Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/","label":"cve@gitlab.com","domainType":"other"},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/511312","label":"cve@gitlab.com","domainType":"other"},{"url":"https://hackerone.com/reports/2915694","label":"cve@gitlab.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-3922","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-3922 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.4 before 18.9.6, 18.10…","description":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.4 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service by overwhelming system resources under certain conditions due to insufficient resourc…","indicators":{"cves":["CVE-2025-3922"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:33.123Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/","label":"cve@gitlab.com","domainType":"other"},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/537422","label":"cve@gitlab.com","domainType":"other"},{"url":"https://hackerone.com/reports/3098035","label":"cve@gitlab.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-6016","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-6016 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.9.6, 18.10…","description":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service due to insufficient resource allocation limits when retrieving notes under certain con…","indicators":{"cves":["CVE-2025-6016"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:33.410Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/","label":"cve@gitlab.com","domainType":"other"},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/548940","label":"cve@gitlab.com","domainType":"other"},{"url":"https://hackerone.com/reports/3160363","label":"cve@gitlab.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1660","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1660 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10…","description":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to cause denial of service when importing issues due to improper input validation.","indicators":{"cves":["CVE-2026-1660"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:33.697Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/","label":"cve@gitlab.com","domainType":"other"},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/588200","label":"cve@gitlab.com","domainType":"other"},{"url":"https://hackerone.com/reports/3518743","label":"cve@gitlab.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-32885","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-32885 — DDEV is an open-source tool for running local web development environments for PHP and Node.js. Vers…","description":"DDEV is an open-source tool for running local web development environments for PHP and Node.js. Versions prior to 1.25.2 have unsanitized extraction in both `Untar()` and `Unzip()` functions in `pkg/archive/archive.go`. Downloads and extracts archives from remote sources without path validation. Ver…","indicators":{"cves":["CVE-2026-32885"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:34.770Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/ddev/ddev/releases/tag/v1.25.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ddev/ddev/security/advisories/GHSA-x2xq-qhjf-5mvg","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ddev/ddev/security/advisories/GHSA-x2xq-qhjf-5mvg","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35339","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35339 — The recursive mode (-R) of the chmod utility in uutils coreutils incorrectly handles exit codes when…","description":"The recursive mode (-R) of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determined solely by the success or failure of the last file processed. This allows the command to return an exit code of 0 (success) even if erro…","indicators":{"cves":["CVE-2026-35339"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:35.767Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/pull/9793","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.6.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35340","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35340 — A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return…","description":"A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even if earlier ownership o…","indicators":{"cves":["CVE-2026-35340"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:35.923Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/pull/10035","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.6.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35345","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35345 — A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive fil…","description":"A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU tail, the uutils implementation continues to monitor a path after it has been replaced by a symbolic link, subsequently outputting the conten…","indicators":{"cves":["CVE-2026-35345"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:36.627Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/issues/10328","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/10328","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35347","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35347 — The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before p…","description":"The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The are_files_identical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input path…","indicators":{"cves":["CVE-2026-35347"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:36.903Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/pull/9545","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.6.0","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/pull/9545","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35348","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35348 — The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from o…","description":"The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces UTF-8 encoding and utilizes expect(), causing an immediate crash when encountering valid but non-UTF-8 paths. This diverge…","indicators":{"cves":["CVE-2026-35348"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:37.040Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/issues/9696","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/9696","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35349","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35349 — A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protect…","description":"A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to identify the root directory. An attacker or accidental user can bypass this safeguard by using a symb…","indicators":{"cves":["CVE-2026-35349"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:37.190Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/pull/9706","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.7.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35350","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35350 — The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership pr…","description":"The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p (preserve) flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origina…","indicators":{"cves":["CVE-2026-35350"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:37.327Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/issues/9750","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/9750","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35351","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35351 — The mv utility in uutils coreutils fails to preserve file ownership during moves across different fi…","description":"The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and mi…","indicators":{"cves":["CVE-2026-35351"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:37.457Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/issues/9714","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/9714","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35354","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35354 — A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the mv utility of uutils coreutils d…","description":"A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute (xattr) preservation logic uses multiple path-based system calls that perform fresh path-to-inode lookups for each operation. A local attacker with wri…","indicators":{"cves":["CVE-2026-35354"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:37.867Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/issues/10014","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/10014","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35355","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35355 — The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) rac…","description":"The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition during file installation. The implementation unlinks an existing destination file and then recreates it using a path-based operation without the O_EXCL flag. A local attacker can exploit t…","indicators":{"cves":["CVE-2026-35355"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:37.993Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/pull/10067","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.6.0","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/pull/10067","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35356","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35356 — A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the install utility of uutils coreut…","description":"A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent directories and subsequently performs a second path resolution to create the target file, neither of which is anchored to a directory file descri…","indicators":{"cves":["CVE-2026-35356"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:38.130Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/pull/10140","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.7.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35357","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35357 — The cp utility in uutils coreutils is vulnerable to an information disclosure race condition. Destin…","description":"The cp utility in uutils coreutils is vulnerable to an information disclosure race condition. Destination files are initially created with umask-derived permissions (e.g., 0644) before being restricted to their final mode (e.g., 0600) later in the process. A local attacker can race to open the file…","indicators":{"cves":["CVE-2026-35357"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:38.267Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/issues/10011","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/10011","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35358","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35358 — The cp utility in uutils coreutils, when performing recursive copies (-R), incorrectly treats charac…","description":"The cp utility in uutils coreutils, when performing recursive copies (-R), incorrectly treats character and block device nodes as stream sources rather than preserving them. Because the implementation reads bytes into regular files at the destination instead of using mknod, device semantics are dest…","indicators":{"cves":["CVE-2026-35358"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:38.393Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/issues/9746","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/pull/11163","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.7.0","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/9746","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35359","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35359 — A Time-of-Check to Time-of-Use (TOCTOU) vulnerability in the cp utility of uutils coreutils allows a…","description":"A Time-of-Check to Time-of-Use (TOCTOU) vulnerability in the cp utility of uutils coreutils allows an attacker to bypass no-dereference intent. The utility checks if a source path is a symbolic link using path-based metadata but subsequently opens it without the O_NOFOLLOW flag. An attacker with con…","indicators":{"cves":["CVE-2026-35359"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:38.537Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/issues/10017","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/10017","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35360","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35360 — The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race…","description":"The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition during file creation. When the utility identifies a missing path, it later attempts creation using File::create(), which internally uses O_TRUNC. An attacker can exploit this window to creat…","indicators":{"cves":["CVE-2026-35360"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:38.673Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/issues/10019","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/10019","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35363","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35363 — A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms inte…","description":"A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fails to recognize equivalent paths with trailing slashes, such as ./ or .///. An accidental or malicio…","indicators":{"cves":["CVE-2026-35363"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:39.120Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/issues/9749","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35364","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35364 — A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mv utility of uutils coreutils…","description":"A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the destination path before recreating it through a copy operation. A local attacker with write access to the destination directory can exploit this…","indicators":{"cves":["CVE-2026-35364"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:39.737Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/issues/10015","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/10015","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35365","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35365 — The mv utility in uutils coreutils improperly handles directory trees containing symbolic links duri…","description":"The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to res…","indicators":{"cves":["CVE-2026-35365"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:39.900Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/pull/10546","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.7.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35366","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35366 — The printenv utility in uutils coreutils fails to display environment variables containing invalid U…","description":"The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows ma…","indicators":{"cves":["CVE-2026-35366"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:40.167Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/issues/9701","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/pull/9728","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.6.0","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/9701","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35369","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35369 — An argument parsing error in the kill utility of uutils coreutils incorrectly interprets kill -1 as…","description":"An argument parsing error in the kill utility of uutils coreutils incorrectly interprets kill -1 as a request to send the default signal (SIGTERM) to PID -1. Sending a signal to PID -1 causes the kernel to terminate all processes visible to the caller, potentially leading to a system crash or massiv…","indicators":{"cves":["CVE-2026-35369"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:40.687Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/pull/9700","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.6.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35370","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35370 — The id utility in uutils coreutils miscalculates the groups= section of its output. The implementati…","description":"The id utility in uutils coreutils miscalculates the groups= section of its output. The implementation uses a user's real GID instead of their effective GID to compute the group list, leading to potentially divergent output compared to GNU coreutils. Because many scripts and automated processes rely…","indicators":{"cves":["CVE-2026-35370"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:40.833Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/issues/10006","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/10006","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35372","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35372 — A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic lin…","description":"A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic link target even when the --no-dereference (or -n) flag is explicitly provided. The implementation previously only honored the \"no-dereference\" intent if the --force (overwrite) mode was also enabled. Th…","indicators":{"cves":["CVE-2026-35372"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:41.850Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/pull/11253","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.8.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35374","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35374 — A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the split utility of uutils coreutil…","description":"A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the split utility of uutils coreutils. The program attempts to prevent data loss by checking for identity between input and output files using their file paths before initiating the split operation. However, the utility subsequently ope…","indicators":{"cves":["CVE-2026-35374"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:42.127Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/pull/11401","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35376","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35376 — A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the chcon utility of uutils coreutil…","description":"A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the chcon utility of uutils coreutils during recursive operations. The implementation resolves recursive targets using a fresh path lookup (via fts_accpath) rather than binding the traversal and label application to the specific directo…","indicators":{"cves":["CVE-2026-35376"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:42.430Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/pull/11402","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.8.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35380","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35380 — A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret the…","description":"A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret the literal two-byte string '' (two single quotes) as an empty delimiter. The implementation mistakenly maps this string to the NUL character for both the -d (delimiter) and --output-delimiter options. T…","indicators":{"cves":["CVE-2026-35380"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:43.047Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/pull/11399","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.8.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-3254","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3254 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that…","description":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into another user's browser due to improper input validation in the Mermaid sandbox.","indicators":{"cves":["CVE-2026-3254","CVE-2026-5377"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:43.433Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/591587","label":"cve@gitlab.com","domainType":"other"},{"url":"https://hackerone.com/reports/3572752","label":"cve@gitlab.com","domainType":"other"},{"url":"https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/","label":"cve@gitlab.com","domainType":"other"},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/595553","label":"cve@gitlab.com","domainType":"other"},{"url":"https://hackerone.com/reports/3640688","label":"cve@gitlab.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6515","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6515 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10…","description":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions.","indicators":{"cves":["CVE-2026-6515"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:44.923Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/","label":"cve@gitlab.com","domainType":"other"},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/595993","label":"cve@gitlab.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41459","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41459 — Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that…","description":"Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed root_path value re…","indicators":{"cves":["CVE-2026-41459"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T19:17:08.643Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/commit/f063e942b4a9bf77a06829e844c2c70316bc45e8","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/issues/1527","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/xerte-online-toolkits-path-disclosure-via-setup","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://xerte.org.uk/index.php/en/downloads-1/category/3-xerte-online-toolkits","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://xerte.org.uk/xertetoolkits_3.15_ChangeLog.html","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41469","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41469 — Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted loadin…","description":"Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted loading of external JavaScript resources from attacker-controlled origins. When chained with the template injection and sandbox escape vulnerabilities present in the same application, the absence of CSP rem…","indicators":{"cves":["CVE-2026-41469"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T19:17:09.000Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22191-POC.py","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22191-SicuroWeb-ATI-chain.txt","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.beghelli.it","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://www.boffsec-services.com/posts/sicuroweb-cve-2026-22191/","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://www.vulncheck.com/advisories/beghelli-sicuro24-sicuroweb-missing-content-security-policy","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34062","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34062 — nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `MessageCode…","description":"nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `MessageCodec::read_request` and `read_response` call `read_to_end()` on inbound substreams, so a remote peer can send only a partial frame and keep the substream open. because `Behaviour::new` also sets `with_ma…","indicators":{"cves":["CVE-2026-34062"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T20:16:40.530Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/nimiq/core-rs-albatross/commit/c021a5337b808c73571b44999f9753051bac7508","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-gh7r-qh4p-q4fr","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-34064","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34064 — nimiq-account contains account primitives to be used in Nimiq's Rust implementation. Prior to versio…","description":"nimiq-account contains account primitives to be used in Nimiq's Rust implementation. Prior to version 1.3.0, `VestingContract::can_change_balance` returns `AccountError::InsufficientFunds` when `new_balance < min_cap`, but it constructs the error using `balance: self.balance - min_cap`. `Coin::sub`…","indicators":{"cves":["CVE-2026-34064"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T20:16:40.900Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/nimiq/core-rs-albatross/commit/4d01946f0b3d6c6e31786f91cdfb3eb902908da0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/pull/3658","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-vc34-39q2-m6q3","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-34066","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34066 — nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version…","description":"nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, `HistoryStore::put_historic_txns` uses an `assert!` to enforce invariants about `HistoricTransaction.block_number` (must be within the macro block being pushed and within the same epoch). Duri…","indicators":{"cves":["CVE-2026-34066"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T20:16:41.237Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/nimiq/core-rs-albatross/commit/6f5511309c199d84b012fe6b9aba7e5582892c50","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/pull/3656","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-j99g-7rqw-q9jg","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-34067","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34067 — nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prio…","description":"nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, `HistoryTreeProof::verify` panics on a malformed proof where `history.len() != positions.len()` due to `assert_eq!(history.len(), positions.len())`. The proof object is derived fro…","indicators":{"cves":["CVE-2026-34067","CVE-2026-34068"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T21:17:07.760Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/nimiq/core-rs-albatross/commit/6ff0800e8e031363e787c827d8d033e5694e4e6a","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/pull/3659","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-264v-m8fm-76jm","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/commit/e7f0ab7d2115e17d6e5548ddc60f10df1a5d645f","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/pull/3654","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-pf4j-pf3w-95f9","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41170","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41170 — Squidex is an open source headless content management system and content management hub. Prior to ve…","description":"Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the `RestoreController.PostRestoreJob` endpoint allows an administrator to supply an arbitrary URL for downloading backup archives. This URL is fetched using the \"Backup\" `HttpClient` wi…","indicators":{"cves":["CVE-2026-41170","CVE-2026-41172","CVE-2026-41177"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T22:16:31.377Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/Squidex/squidex/commit/b81d75e1d9c1a8e30993c2ee59b350002b9aeda4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/Squidex/squidex/security/advisories/GHSA-6q6m-7h5j-jq4g","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/Squidex/squidex/security/advisories/GHSA-x7cq-4f4c-8qcv","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/Squidex/squidex/security/advisories/GHSA-45fq-w37p-qfw5","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2025-36074","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-36074 — IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory coul…","description":"IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload malicious files into the system that can be sent to victims for performing further attacks against…","indicators":{"cves":["CVE-2025-36074"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:43.093Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://www.ibm.com/support/pages/node/7268907","label":"psirt@us.ibm.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1274","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1274 — IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic vulnerabi…","description":"IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic vulnerability in the access management control panel.","indicators":{"cves":["CVE-2026-1274"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:44.583Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://www.ibm.com/support/pages/node/7269445","label":"psirt@us.ibm.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1352","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1352 — IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 C…","description":"IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic.","indicators":{"cves":["CVE-2026-1352"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:44.753Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://www.ibm.com/support/pages/node/7269433","label":"psirt@us.ibm.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4917","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4917 — IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the…","description":"IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to write arbitrary files on the system.","indicators":{"cves":["CVE-2026-4917"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:46.293Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://www.ibm.com/support/pages/node/7270422","label":"psirt@us.ibm.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4918","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4918 — IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability a…","description":"IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.","indicators":{"cves":["CVE-2026-4918"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:46.443Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://www.ibm.com/support/pages/node/7270422","label":"psirt@us.ibm.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4919","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4919 — IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows a…","description":"IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.","indicators":{"cves":["CVE-2026-4919"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:46.590Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://www.ibm.com/support/pages/node/7270422","label":"psirt@us.ibm.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5926","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5926 — IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10…","description":"IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 uses weaker than expected cryptographic algorithms that could allow an attac…","indicators":{"cves":["CVE-2026-5926"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:46.743Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://www.ibm.com/support/pages/node/7269372","label":"psirt@us.ibm.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6874","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6874 — A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function…","description":"A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The exploit…","indicators":{"cves":["CVE-2026-6874"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:47.050Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/August829/CVEP/issues/32","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/795212","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/359039","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/359039/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6878","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6878 — A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of…","description":"A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be di…","indicators":{"cves":["CVE-2026-6878"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:47.233Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/zast-ai/vulnerability-reports/blob/main/bytedance/verl_rce.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/795257","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/359040","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/359040/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1923","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1923 — The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Sc…","description":"The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscr…","indicators":{"cves":["CVE-2026-1923"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:15.737Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3467694/social-rocket","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d92fc04e-201e-4fc3-bbf0-4f2f3de3ee95?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41182","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41182 — LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.…","description":"LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redaction controls (hideOutputs in JS, hide_outputs in Python) do not apply to streaming token events. When…","indicators":{"cves":["CVE-2026-41182"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:16.123Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/langchain-ai/langsmith-sdk/security/advisories/GHSA-rr7j-v2q5-chgv","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"vendor-ir-trends-q1-2026-phishing-reemerges-as-top-initial-access-vector-as-attacks-tar","source":"vendor-blogs","category":"advisory","severity":"medium","title":"IR Trends Q1 2026: Phishing reemerges as top initial access vector, as attacks targeting public administration persist","description":"Phishing reemerged as the most observed means of gaining initial access, accounting for over a third of the engagements where initial access could be determined. Phishing has not been the top vertical for initial access since Q2 2025.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:00:34.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://blog.talosintelligence.com/ir-trends-q1-2026/","label":"Cisco Talos","domainType":"other"}],"feedLabel":null},{"id":"threatfox-1796370","source":"threatfox","category":"threat-intel","severity":"medium","title":"payload: undefined","description":"https://x.com/suyog41/status/2046592187606220864","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[".NET","stage3","CLR-host","stage2","ClickFix","garble","go","EnmityStealer","finger-tcp79","fingerfix","win.fingerfix","finger-delivery","Mirax"],"malwareFamily":"Unknown malware","confidence":100,"publishedAt":"2026-04-23T01:03:34Z","fetchedAt":"2026-04-23T03:00:05.010Z","references":[{"url":"https://x.com/suyog41/status/2046592187606220864","label":"ThreatFox","domainType":"other"},{"url":"https://www.cleafy.com/cleafy-labs/mirax-a-new-android-rat-turning-infected-devices-into-potential-residential-proxy-nodes","label":"ThreatFox","domainType":"other"}],"feedLabel":null},{"id":"otx-69e8c267419390d6722afdd5","source":"otx","category":"threat-intel","severity":"medium","title":"FormBook Malware Uses Phishing, DLL Side-Loading, JavaScript","description":"Two distinct phishing campaigns have been identified targeting companies in Greece, Spain, Slovenia, Bosnia and Central American countries to deliver FormBook data-stealing malware. The first campaign uses RAR attachments containing legitimate executables like Sandboxie ImBox.exe, TikTok desktop, Ad…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"ab0d213d4df3de06bbd2db524fb73282","sha1":"3d1eaf0777aac4c76ff406b9ecf82af7d045b8f3","sha256":"4140d26ecad2fd8a3ea326ee49f5dd8bda3696e0d1ae6e756db6d61d70bf3af4"}},"tags":["formbook","mandark","syscall evasion","obfuscated javascript","data-stealing","panthomvai","mandark loader","ntdll mapping","phishing campaigns","dll side-loading","phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T12:43:19.377Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e8c267419390d6722afdd5","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e8c2ea19756cc9d2899dea","source":"otx","category":"threat-intel","severity":"medium","title":"Dissecting FudCrypt: A Real-World Malware Crypting Service Analysis","description":"FudCrypt is a Cryptor-as-a-Service platform offering subscription-based malware obfuscation for $800 to $2,000 monthly. The service wraps customer payloads in multi-stage deployment packages featuring DLL sideloading, AMSI and ETW interference, silent UAC elevation via CMSTPLUA, and Windows Defender…","indicators":{"cves":[],"ips":[],"domains":["fudcrypt.net","hijacklibs.net","mstelemetrycloud.com","dl.admin334577joagj13.com","advapi32.lib","shell32.lib","winhttp.lib","admin.fudcrypt.net","api.fudcrypt.net","monitoring.fudcrypt.net"],"urls":["http://mstelemetrycloud.com/agent","http://dl.admin334577joagj13.com:443"],"hashes":{"md5":"ffd52dffdfb8340a2dda27fcab828fd1","sha1":"fd491feeaa6c88cfd3bf2a52cb3bb50bdf20026e","sha256":"ff2a0e8e8d8a536bd506d9b79b9db5f2435dc20060f724e040838c1a71b39600"}},"tags":["cmstplua-uac-bypass","azure-trusted-signing","cryptor-as-a-service","dll-sideloading","etw-patching","amsi-bypass","screenconnect","fudcrypt","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T12:45:30.748Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e8c2ea19756cc9d2899dea","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e8738326fb86b891dd3c1f","source":"otx","category":"threat-intel","severity":"medium","title":"March 2026 Phishing Email Trends Report","description":"In March 2026, trojans represented 21% of attachment-based threats, while phishing attacks using fake pages dropped from 42% to 15% month-over-month. Script-based malware increased significantly, with HTML at 14% and JavaScript at 11%. Compressed files including ZIP (14%), RAR (8%), and 7Z (5%) were…","indicators":{"cves":[],"ips":[],"domains":["controller.airdns.org","ccp11nl.hyperhost.ua"],"urls":[],"hashes":{"md5":"0e9bd0c9991b21b13eddb518dee0eecf","sha1":null,"sha256":null}},"tags":["agenttesla","phishing email","trojan campaigns","fake invoices","remcosrat","script-based attacks","credential theft","html phishing","phishing","botnet","infostealer"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:06:43.012Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e8738326fb86b891dd3c1f","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"news-surge-in-silent-subject-phishing-attacks-targets-vip-users","source":"general-news","category":"news","severity":"medium","title":"Surge in Silent Subject Phishing Attacks Targets VIP Users","description":"Null subject phishing campaigns bypass filters and target VIPs with QR code and RMM abuse","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T13:00:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://www.infosecurity-magazine.com/news/silent-subject-phishing-campaigns/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"nvd-CVE-2026-22746","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-22746 — Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAc…","description":"Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAccountNonExpired, or #isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, o…","indicators":{"cves":["CVE-2026-22746"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T06:16:02.780Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://spring.io/security/cve-2026-22746","label":"security@vmware.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6842","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6842 — A flaw was found in nano. In environments with permissive umask settings, a local attacker can explo…","description":"A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions (0777 instead of 0700) for the `~/.local` directory. This allows the attacker to inject a malicious `.desktop` launcher, which could lead to unintended actions or in…","indicators":{"cves":["CVE-2026-6842"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:16:13.170Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6842","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460018","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33596","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-33596 — A client might theoretically be able to cause a mismatch between queries sent to a backend and the r…","description":"A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DNS over TLS backend.","indicators":{"cves":["CVE-2026-33596"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:54.073Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33597","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-33597 — PRSD detection denial of service","description":"PRSD detection denial of service","indicators":{"cves":["CVE-2026-33597"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:54.187Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33599","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-33599 — A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, whe…","description":"A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade (Lua) option to newServer or auto_upgrade (YAML) settings. DDR upgrade is not enabled by default.","indicators":{"cves":["CVE-2026-33599"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:54.410Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-9957","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2025-9957 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10…","description":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user with project owner permissions to bypass group fork prevention settings due to improper…","indicators":{"cves":["CVE-2025-9957"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:33.557Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/","label":"cve@gitlab.com","domainType":"other"},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/567781","label":"cve@gitlab.com","domainType":"other"},{"url":"https://hackerone.com/reports/3275222","label":"cve@gitlab.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35342","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35342 — The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable…","description":"The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the curren…","indicators":{"cves":["CVE-2026-35342"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:36.217Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/pull/10566","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.6.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35343","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35343 — The cut utility in uutils coreutils incorrectly handles the -s (only-delimited) option when a newlin…","description":"The cut utility in uutils coreutils incorrectly handles the -s (only-delimited) option when a newline character is specified as the delimiter. The implementation fails to verify the only_delimited flag in the cut_fields_newline_char_delim function, causing the utility to print non-delimited lines th…","indicators":{"cves":["CVE-2026-35343"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:36.357Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/pull/11143","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.7.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35344","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35344 — The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditio…","description":"The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok() on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular files and directories…","indicators":{"cves":["CVE-2026-35344"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:36.490Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/issues/9745","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35346","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35346 — The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on…","description":"The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::from_utf8_lossy(), which replaces invalid UTF-8 byte sequences with the Unicode replacement character (U+FFFD). This behavior differs from GNU comm, w…","indicators":{"cves":["CVE-2026-35346"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:36.760Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/issues/10192","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/pull/10206","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.6.0","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/10192","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35353","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35353 — The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by crea…","description":"The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions (typically 0755) before subsequently changing them to the requested mode via a separate chmod system call. In multi-user environments, this introduces a…","indicators":{"cves":["CVE-2026-35353"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:37.723Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/pull/10036","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.6.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35361","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35361 — The mknod utility in uutils coreutils fails to handle security labels atomically by creating device…","description":"The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::remove_dir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind with…","indicators":{"cves":["CVE-2026-35361"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:38.827Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/pull/10582","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.6.0","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/pull/10582","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35362","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35362 — The safe_traversal module in uutils coreutils, which provides protection against Time-of-Check to Ti…","description":"The safe_traversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of-Use (TOCTOU) symlink races using file-descriptor-relative syscalls, is incorrectly limited to Linux targets. On other Unix-like systems such as macOS and FreeBSD, the utility fails to utilize th…","indicators":{"cves":["CVE-2026-35362"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:38.960Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/pull/9792","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.6.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35367","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35367 — The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying…","description":"The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file (0644). In multi-user environments, this allows any user on the…","indicators":{"cves":["CVE-2026-35367"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:40.423Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/issues/10021","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/10021","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35371","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35371 — The id utility in uutils coreutils exhibits incorrect behavior in its \"pretty print\" output when the…","description":"The id utility in uutils coreutils exhibits incorrect behavior in its \"pretty print\" output when the real UID and effective UID differ. The implementation incorrectly uses the effective GID instead of the effective UID when performing a name lookup for the effective user. This results in misleading…","indicators":{"cves":["CVE-2026-35371"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:40.987Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/issues/10006","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/10006","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35373","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35373 — A logic error in the ln utility of uutils coreutils causes the program to reject source paths contai…","description":"A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms (e.g., ln SOURCE... DIRECTORY). While GNU ln treats filenames as raw bytes and creates the links correctly, the uutils implementation en…","indicators":{"cves":["CVE-2026-35373"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:41.997Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/pull/11403","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35375","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35375 — A logic error in the split utility of uutils coreutils causes the corruption of output filenames whe…","description":"A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes to_string_lossy() when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8 r…","indicators":{"cves":["CVE-2026-35375"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:42.293Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/pull/11397","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.8.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35377","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35377 — A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-lin…","description":"A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S (split-string) option. In GNU env, backslashes within single quotes are treated literally (with the exceptions of \\\\ and \\'). However, the uutils implementation incor…","indicators":{"cves":["CVE-2026-35377"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:42.577Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/pull/11512","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35378","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35378 — A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized s…","description":"A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR (|) and AND (&) operatio…","indicators":{"cves":["CVE-2026-35378"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:42.730Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/pull/11395","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.8.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35379","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35379 — A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the [:g…","description":"A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the [:graph:] and [:print:] character classes. The implementation mistakenly includes the ASCII space character (0x20) in the [:graph:] class and excludes it from the [:print:] class, effectively reversing t…","indicators":{"cves":["CVE-2026-35379"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:42.887Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/pull/11405","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.8.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35381","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35381 — A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s (only-delim…","description":"A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s (only-delimited) flag when using the -z (null-terminated) and -d '' (empty delimiter) options together. The implementation incorrectly routes this specific combination through a specialized newline-delimiter cod…","indicators":{"cves":["CVE-2026-35381"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:43.200Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/pull/11394","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.8.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-1272","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-1272 — IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnera…","description":"IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel.","indicators":{"cves":["CVE-2026-1272"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:44.407Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://www.ibm.com/support/pages/node/7269445","label":"psirt@us.ibm.com","domainType":"other"}],"feedLabel":null},{"id":"cisa-adv-cisa-adds-one-known-exploited-vulnerability-to-catalog","source":"cisa-advisories","category":"advisory","severity":"unknown","title":"CISA Adds One Known Exploited Vulnerability to Catalog","description":"CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.\nCVE-2026-33825 Microsoft Defender Insufficient Granularity of Access Control Vulnerability\nThis type of vulnerability is a frequent attack vector for malicious cyber a…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T12:00:00.000Z","fetchedAt":"2026-04-23T03:00:00.173Z","references":[{"url":"https://www.cisa.gov/news-events/alerts/2026/04/22/cisa-adds-one-known-exploited-vulnerability-catalog","label":"CISA Advisory","domainType":"primary"},{"url":"https://www.cisa.gov/news-events/alerts/2026/04/16/cisa-adds-one-known-exploited-vulnerability-catalog","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40451","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40451 — DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vuln…","description":"DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vulnerability, which allows an attacker to execute arbitrary script in a user's browser, and inject malicious HTML into web pages viewed by the user.","indicators":{"cves":["CVE-2026-40451"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T05:16:23.253Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/DeepLcom/deepl-chrome-extension/security/advisories/GHSA-4x2r-q3p9-xhx4","label":"vultures@jpcert.or.jp","domainType":"primary"},{"url":"https://jvn.jp/en/jp/JVN37524771/","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31431","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31431 — In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to o…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination…","indicators":{"cves":["CVE-2026-31431"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:21.270Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31432","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31432 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix OOB write in QUERY_IN…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix OOB write in QUERY_INFO for compound requests\n\nWhen a compound request such as READ + QUERY_INFO(Security) is received,\nand the first command (READ) consumes most of the response buffer,\nksmbd could write beyond the allo…","indicators":{"cves":["CVE-2026-31432"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:21.410Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/075ea208c648cc2bcd616295b711d3637c61de45","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/515c2daab46021221bdf406bef19bc90a44ec617","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d48c64fb80ad78b3dd29fb7d79b6ec7bd72bfc09","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/fda9522ed6afaec45cabc198d8492270c394c7bc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31433","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31433 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial OOB in get_…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix potencial OOB in get_file_all_info() for compound requests\n\nWhen a compound request consists of QUERY_DIRECTORY + QUERY_INFO\n(FILE_ALL_INFORMATION) and the first command consumes nearly the entire\nmax_trans_size, get_fil…","indicators":{"cves":["CVE-2026-31433"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:21.573Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/358cdaa1f7fbf2712cb4c5f6b59cb9a5c673c5fe","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3a852f9d1c981fb14f6bf4e24999e0ea8088a7d7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4cca3eff2099b18672934a39cee70aed835d652c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7aec5a769d2356cbf344d85bcfd36de592ac96a5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9d7032851d6f5adbe2739601ca456c0ad3b422f0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/b0cd9725fe2bcc9f37d096b132318a9060373f5d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/beef2634f81f1c086208191f7228bce1d366493d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-0539","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-0539 — Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local att…","description":"Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NT\\SYSTEM privileges on boot. This issue affects all ve…","indicators":{"cves":["CVE-2026-0539"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:30.317Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://labs.infoguard.ch/advisories/cve-2026-0539_pcvisit_local-privilege-escalation/","label":"vulnerability@ncsc.ch","domainType":"other"},{"url":"https://www.pcvisit.de/kundenbereich/release-notes","label":"vulnerability@ncsc.ch","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31434","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31434 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix leak of kobject name…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix leak of kobject name for sub-group space_info\n\nWhen create_space_info_sub_group() allocates elements of\nspace_info->sub_group[], kobject_init_and_add() is called for each\nelement via btrfs_sysfs_add_space_info_type(). Ho…","indicators":{"cves":["CVE-2026-31434"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:36.533Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/1737ddeafbb1304f41ec2eede4f7366082e7c96a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3c645c6f7e5470debbb81666b230056de48f36dc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3c844d01f9874a43004c82970d8da94f9aba8949","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/416484f21a9d1280cf6daa7ebc10c79b59c46e48","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/94054ffd311a1f76b7093ba8ebf50bdb0d28337c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a4376d9a5d4c9610e69def3fc0b32c86a7ab7a41","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31435","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31435 — In the Linux kernel, the following vulnerability has been resolved: netfs: Fix read abandonment duri…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix read abandonment during retry\n\nUnder certain circumstances, all the remaining subrequests from a read\nrequest will get abandoned during retry.  The abandonment process expects\nthe 'subreq' variable to be set to the place…","indicators":{"cves":["CVE-2026-31435"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:36.710Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/3e5fd8f53b575ff2188f82071da19c977ca56c41","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7e57523490cd2efb52b1ea97f2e0a74c0fb634cd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8f2f2bd128a8d9edbc1e785760da54ada3df69b7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31436","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31436 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wr…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc()\n\nAt the end of this function, d is the traversal cursor of flist, but the\ncode completes found instead. This can lead to issues such as NULL pointer\nde…","indicators":{"cves":["CVE-2026-31436"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:36.843Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/0e4f43779d550e559be13a5cdb763bad92c4cc99","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/82656e8daf8de00935ae91b91bed43f4d6e0d644","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e1c9866173c5f8521f2d0768547a01508cb9ff27","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e21da2ad8844585040fe4b82be1ad2fe99d40074","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31437","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31437 — In the Linux kernel, the following vulnerability has been resolved: netfs: Fix NULL pointer derefere…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix NULL pointer dereference in netfs_unbuffered_write() on retry\n\nWhen a write subrequest is marked NETFS_SREQ_NEED_RETRY, the retry path\nin netfs_unbuffered_write() unconditionally calls stream->prepare_write()\nwithout che…","indicators":{"cves":["CVE-2026-31437"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:36.980Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/7a5482f5ce891decbf36f2e6fab1e9fc4a76a684","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a4d1b4ba9754bac3efebd06f583a44a7af52c0ab","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e9075e420a1eb3b52c60f3b95893a55e77419ce8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31438","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31438 — In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel BUG in netfs_l…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix kernel BUG in netfs_limit_iter() for ITER_KVEC iterators\n\nWhen a process crashes and the kernel writes a core dump to a 9P\nfilesystem, __kernel_write() creates an ITER_KVEC iterator. This\niterator reaches netfs_limit_ite…","indicators":{"cves":["CVE-2026-31438"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:37.100Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/00d6df7115f6972370974212de9088087820802e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/18c2e20b42dd21db599e42d05ddaeeb647b2bb6d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4bc2d72c7695cedf6d4e1a558924903c2b28a78e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/67e467a11f62ff64ad219dc6aa5459e132c79d14","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31439","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31439 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix reg…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: xilinx: xdma: Fix regmap init error handling\n\ndevm_regmap_init_mmio returns an ERR_PTR() upon error, not NULL.\nFix the error check and also fix the error message. Use the error code\nfrom ERR_PTR() instead of the wrong va…","indicators":{"cves":["CVE-2026-31439"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:37.240Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/4b6e1da50b22e5528b9003f376a3cecccce4decc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/59f6ccd0f3345be2e8a78bdef2103e93f180633a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9787b3d9b908785b40bc3f2e6d7082fdb8fdd98a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e0adbf74e2a0455a6bc9628726ba87bcd0b42bf8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f27197ccfd2ecd2c71f27fd57c6d507e892ad24d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31440","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31440 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix leaking eve…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix leaking event log memory\n\nDuring the device remove process, the device is reset, causing the\nconfiguration registers to go back to their default state, which is\nzero. As the driver is checking if the event log…","indicators":{"cves":["CVE-2026-31440"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:37.390Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/9dfa00967e6ef43a9dd0887fe5c3a721a39da92e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d94f9b0ba28a205caf95902ee88b42bdb8af83d0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ee66bc29578391c9b48523dc9119af67bd5c7c0f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/facd0012708e942fc12890708738aebde497564e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31441","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31441 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix memory leak…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix memory leak when a wq is reset\n\nidxd_wq_disable_cleanup() which is called from the reset path for a\nworkqueue, sets the wq type to NONE, which for other parts of the\ndriver mean that the wq is empty (all its re…","indicators":{"cves":["CVE-2026-31441"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:37.530Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/0c3d3ac57e3c52b570b8c695903306bff07e04c8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/39c1504e0e76bcfb93991fd94288a83e05d13b51","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/54d77cc0c40ca2f894859dc7b3c52997574f1a2a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a16098a2f0c11ee5e04e23aa7478ca1fcfb0f658","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a9e7815d38629bcf59d3005001f1f315424a58de","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d9cfb5193a047a92a4d3c0e91ea4cc87c8f7c478","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31442","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31442 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix possible in…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix possible invalid memory access after FLR\n\nIn the case that the first Function Level Reset (FLR) concludes\ncorrectly, but in the second FLR the scratch area for the saved\nconfiguration cannot be allocated, it's…","indicators":{"cves":["CVE-2026-31442"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:37.703Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/504c0e6751001ac46917c73e703f2b1b92cfc026","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/867d0c801f21370d561420fa32f2ea1a7dc3a22d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d6077df7b75d26e4edf98983836c05d00ebabd8d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31443","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31443 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix crash when…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix crash when the event log is disabled\n\nIf reporting errors to the event log is not supported by the hardware,\nand an error that causes Function Level Reset (FLR) is received, the\ndriver will try to restore the e…","indicators":{"cves":["CVE-2026-31443"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:37.860Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/0e761079d653c25f838380cf7cef2730832110cc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/52d2edea0d63c935e82631e4b9e4a94eccf97b5b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/aa0ffc6d3990ec35976308a068dc23178037e564","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31444","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31444 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free and NU…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free and NULL deref in smb_grant_oplock()\n\nsmb_grant_oplock() has two issues in the oplock publication sequence:\n\n1) opinfo is linked into ci->m_op_list (via opinfo_add) before\n   add_lease_global_list() is cal…","indicators":{"cves":["CVE-2026-31444"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:38.010Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/48623ec358c1c600fa1e38368746f933e0f1a617","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6d7e5a918c1d0aad06db0e17677b66fc9a471021","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7de55bba69cbf0f9280daaea385daf08bc076121","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9e785f004cbc56390479b77375726ea9b0d1a8a6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a5c6f6d6ceefed2d5210ee420fb75f8362461f46","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31445","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31445 — In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: avoid use of half…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/core: avoid use of half-online-committed context\n\nOne major usage of damon_call() is online DAMON parameters update.  It is\ndone by calling damon_commit_ctx() inside the damon_call() callback\nfunction.  damon_commit_ctx()…","indicators":{"cves":["CVE-2026-31445"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:38.177Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/1b247cd0654a3a306996fa80741d79296c683a56","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/26f775a054c3cda86ad465a64141894a90a9e145","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9c495f9d3781cd692bd199531cabd4627155e8cd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31446","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31446 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in upda…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix use-after-free in update_super_work when racing with umount\n\nCommit b98535d09179 (\"ext4: fix bug_on in start_this_handle during umount\nfilesystem\") moved ext4_unregister_sysfs() before flushing s_sb_upd_work\nto prevent ne…","indicators":{"cves":["CVE-2026-31446"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:38.340Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/034053378dd81837fd6c7a43b37ee2e58d4f0b4e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/08b10e6f37fc533a759e9833af0692242e8b3f93","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9449f99ba04f5dd1c8423ad8a90b3651d7240d1d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c4d829737329f2290dd41e290b7d75effdb2a7ff","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c8fe17a1b308c3d8c703ebfb049b325f844342c3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c97e282f7bfd0c3554c63d289964a5ca6a1d2ffe","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d15e4b0a418537aafa56b2cb80d44add83e83697","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31447","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31447 — In the Linux kernel, the following vulnerability has been resolved: ext4: reject mount if bigalloc w…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: reject mount if bigalloc with s_first_data_block != 0\n\nbigalloc with s_first_data_block != 0 is not supported, reject mounting\nit.","indicators":{"cves":["CVE-2026-31447"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:38.577Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/3822743dc20386d9897e999dbb990befa3a5b3f8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3a926957cc95899ef88529710836edadc03c71a1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5ad6d994255e27a3254079dfb50ca861fc31f2d0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7b58c110b4e1f028eb38eec9ed3555e9be81c8b0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7d5b04290156c3fc316eecc86a4f9d201ab7d44a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ad1f6d608f33f59d21a3d025615d6786a6443998","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/b77de3fceafbb39f30e4ff5dc986f863d5456417","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d787d3ae96648dc14a3b7ca8fde817177e82c1c7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31448","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31448 — In the Linux kernel, the following vulnerability has been resolved: ext4: avoid infinite loops cause…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid infinite loops caused by residual data\n\nOn the mkdir/mknod path, when mapping logical blocks to physical blocks,\nif inserting a new extent into the extent tree fails (in this example,\nbecause the file system disabled th…","indicators":{"cves":["CVE-2026-31448"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:38.760Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/3a7667595bcad84da53fc156a418e110267c3412","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/416c86f30f91b4fb2642ef6b102596ca898f41a5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5422fe71d26d42af6c454ca9527faaad4e677d6c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/64f425b06b3bea9abc8977fd3982779b3ad070c9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c66545e83a802c3851d9be27a41c0479dd29ff0c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ecc50bfca9b5c2ee6aeef998181689b80477367b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31449","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31449 — In the Linux kernel, the following vulnerability has been resolved: ext4: validate p_idx bounds in e…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: validate p_idx bounds in ext4_ext_correct_indexes\n\next4_ext_correct_indexes() walks up the extent tree correcting\nindex entries when the first extent in a leaf is modified. Before\naccessing path[k].p_idx->ei_block, there is n…","indicators":{"cves":["CVE-2026-31449"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:38.933Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/01bf1e0b997d82c0e353b51ed74ef99698043c33","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/2acb5c12ebd860f30e4faf67e6cc8c44ddfe5fe8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/407c944f217c17d4343148011acafebc604d55e1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/93f2e975ed658ce09db4d4c2877ca2c06540df83","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31451","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31451 — In the Linux kernel, the following vulnerability has been resolved: ext4: replace BUG_ON with proper…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: replace BUG_ON with proper error handling in ext4_read_inline_folio\n\nReplace BUG_ON() with proper error handling when inline data size\nexceeds PAGE_SIZE. This prevents kernel panic and allows the system to\ncontinue running wh…","indicators":{"cves":["CVE-2026-31451"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:39.310Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/356227096eb66e41b23caf7045e6304877322edf","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/65c6c30ce6362c1c684568744ea510c921a756cd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/823849a26af089ffc5dfdd2ae4b9d446b46a0cda","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a7d600e04732a7d29b107c91fe3aec64cf6ce7f2","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d4b3f370c3d8f7ce565d4a718572c9f7c12f77ed","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31452","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31452 — In the Linux kernel, the following vulnerability has been resolved: ext4: convert inline data to ext…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: convert inline data to extents when truncate exceeds inline size\n\nAdd a check in ext4_setattr() to convert files from inline data storage\nto extent-based storage when truncate() grows the file size beyond the\ninline capacity.…","indicators":{"cves":["CVE-2026-31452"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:39.460Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/07c1a31af18290054da3d18221b8bf58983c5d3a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/110d7ef602659ce4d7947c5480f7ca2779696aaf","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/699bac4d4c951974d55b045c983d1de777215949","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7920dcc571cef3d8aa9ee109c136125d61d41669","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/93cb2d103e5c707de0f7ad58a39b7f0fddc27aa6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c047332be7195833a5c5126816c2502df8269fe4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ed9356a30e59c7cc3198e7fc46cfedf3767b9b17","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f53a5d9f32924bc2a810d2df243b7714da58b636","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31453","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31453 — In the Linux kernel, the following vulnerability has been resolved: xfs: avoid dereferencing log ite…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: avoid dereferencing log items after push callbacks\n\nAfter xfsaild_push_item() calls iop_push(), the log item may have been\nfreed if the AIL lock was dropped during the push. Background inode\nreclaim or the dquot shrinker can f…","indicators":{"cves":["CVE-2026-31453"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:39.653Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/451c6329d9afa45862c36fe6677eb7750db60617","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7121b22b0bac89394cc4c6a54b5aebc15347bdf5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/79ef34ec0554ec04bdbafafbc9836423734e1bd6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/95fb5d643cc70959baa54cd17f52f80ffc3295e7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c4d603e8e58a3bf35480135ccca2b4f7238abda5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c8a2ab339b88d10fc34a3318c92f07d8a467019d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31454","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31454 — In the Linux kernel, the following vulnerability has been resolved: xfs: save ailp before dropping t…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: save ailp before dropping the AIL lock in push callbacks\n\nIn xfs_inode_item_push() and xfs_qm_dquot_logitem_push(), the AIL lock\nis dropped to perform buffer IO. Once the cluster buffer no longer\nprotects the log item from rec…","indicators":{"cves":["CVE-2026-31454"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:39.823Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/19437e4f7bb909afde832b39372aa2f3ce3cfd88","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/394d70b86fae9fe865e7e6d9540b7696f73aa9b6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4c7d50147316cf049462f327c4a3e9dc2b7f1dd0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/50f5f056807b7bed74f4f307f2ca0ed92f3e556d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6dbe17f19c290a72ce57d5abc70e1fad0c3e14e5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/75669e987137f49c99ca44406bf0200d1892dd16","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d8fc60bbaf5aea1604bf9f4ed565da6a1ac7a87d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/edd1637d4e3911ab6c760f553f2040fe72f61a13","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31455","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31455 — In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushing…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: stop reclaim before pushing AIL during unmount\n\nThe unmount sequence in xfs_unmount_flush_inodes() pushed the AIL while\nbackground reclaim and inodegc are still running. This is broken\nindependently of any use-after-free issue…","indicators":{"cves":["CVE-2026-31455"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:40.013Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/239d734c00644072862fa833805c4471573b1445","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4f24a767e3d64a5f58c595b5c29b6063a201f1e3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/558e3275d8a3b101be18a7fe7d1634053e9d9b07","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8147e304d7d32fd5c3e943babc296ce2873dc279","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a89434a6188d8430ea31120da96e3e4cefb58686","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/bda27fc0b4eb3a425d9a18475c4cb94fbe862c60","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d38135af04a3ad8a585c899d176efc8e97853115","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e6cc490048f78b009259a5f032acead9f789c34c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31457","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31457 — In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts->…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs: check contexts->nr in repeat_call_fn\n\ndamon_sysfs_repeat_call_fn() calls damon_sysfs_upd_tuned_intervals(),\ndamon_sysfs_upd_schemes_stats(), and\ndamon_sysfs_upd_schemes_effective_quotas() without checking contexts->…","indicators":{"cves":["CVE-2026-31457","CVE-2026-31458"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:41.133Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/3527e9fdc38570cea0f6ddb7a2c9303d4044b217","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/652cd0641a763dd0e846b0d12814977fadb2b7d8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6557004a8b59c7701e695f02be03c7e20ed1cc15","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/1bfe9fb5ed2667fb075682408b776b5273162615","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/1e8da792672481d603fa7cd0d815577220a3ee27","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/708033c231bd782858f4ddbb46ee874a5a5fbdab","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/aba546061341b56e9ffb37e1eb661a3628b6ec12","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/bbe03ad3fb9e714191757ca7b41582f930be7be2","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31459","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31459 — In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fix param_ctx le…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs: fix param_ctx leak on damon_sysfs_new_test_ctx() failure\n\nPatch series \"mm/damon/sysfs: fix memory leak and NULL dereference\nissues\", v4.\n\nDAMON_SYSFS can leak memory under allocation failure, and do NULL pointer\nde…","indicators":{"cves":["CVE-2026-31459"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:41.417Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/7fe000eb32904758a85e62f6ea9483f89d5dabfc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e9de9f3ce06b133a348006668bc8d25c6e504867","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f76f0a964bc3d7b7e253b43c669c41356bc54e71","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31462","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31462 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: prevent immediate PA…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: prevent immediate PASID reuse case\n\nPASID resue could cause interrupt issue when process\nimmediately runs into hw state left by previous\nprocess exited with the same PASID, it's possible that\npage faults are still pendi…","indicators":{"cves":["CVE-2026-31462"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:41.787Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/14b81abe7bdc25f8097906fc2f91276ffedb2d26","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/51ccaf0e30c303149244c34820def83d74c86288","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9e5ebfe99b223bb0eb9c50a125c9c02f4ef4c71b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c0b3882836de8ac991b626823966f385555bbcff","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31463","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31463 — In the Linux kernel, the following vulnerability has been resolved: iomap: fix invalid folio access…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\niomap: fix invalid folio access when i_blkbits differs from I/O granularity\n\nCommit aa35dd5cbc06 (\"iomap: fix invalid folio access after\nfolio_end_read()\") partially addressed invalid folio access for folios\nwithout an ifs attached…","indicators":{"cves":["CVE-2026-31463"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:42.323Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/4a927f670cdb0def226f9f85f42a9f19d9e09c88","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/bd71fb3fea9945987053968f028a948997cba8cc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31464","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31464 — In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Fix OOB access in…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done()\n\nA malicious or compromised VIO server can return a num_written value in the\ndiscover targets MAD response that exceeds max_targets. This value is\nstored directly in vh…","indicators":{"cves":["CVE-2026-31464"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:42.450Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/394a1cac3c12fdd7d77f19ccfd222ab5ff87ef89","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4ed727e35b0ab17d3eeeb1e8023768396e2be161","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/61d099ac4a7a8fb11ebdb6e2ec8d77f38e77362f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/786f10b1966e485046839f992e89f2c18cbd1983","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a007246cb6c9ebdc93dafbf63cc2d43d98f402cc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/bae4df0a643fa7f84663473aa3082a9c2ed139db","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d1466bf991b2343cf2ba8336e440c8faf3cbb780","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d842348f8a00d5b1d7358f207eb34ffcf5b16df3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31465","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31465 — In the Linux kernel, the following vulnerability has been resolved: writeback: don't block sync for…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nwriteback: don't block sync for filesystems with no data integrity guarantees\n\nAdd a SB_I_NO_DATA_INTEGRITY superblock flag for filesystems that cannot\nguarantee data persistence on sync (eg fuse). For superblocks with this\nflag se…","indicators":{"cves":["CVE-2026-31465"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:42.633Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/5c24a13d8a0466ca0446e58309e51f2606520164","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/76f9377cd2ab7a9220c25d33940d9ca20d368172","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/83800f8ef358ea2fc9b1ae4986b83f2bc24be927","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31466","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31466 — In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix folio isn't…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/huge_memory: fix folio isn't locked in softleaf_to_folio()\n\nOn arm64 server, we found folio that get from migration entry isn't locked\nin softleaf_to_folio().  This issue triggers when mTHP splitting and\nzap_nonpresent_ptes() ra…","indicators":{"cves":["CVE-2026-31466"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:42.780Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/426ee10711586617da869c8bb798214965337617","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4c5e7f0fcd592801c9cc18f29f80fbee84eb8669","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/722cfaf6b31d31123439e67b5deac6b1261a3dea","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7ad1997b9bc8032603df8f091761114479285769","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7ddcf4a245c1c5a91fdd9698757e3d95179ffe41","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8bfb8414e9f2ce6f5f2f0e3d0da52f2d132128e7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/b8c49ad888892ad7b77062b9c102b799a3e9b4f8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f1acf5887c2bbaf998dc3fe32c72b7a8b84a3ddd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31467","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31467 — In the Linux kernel, the following vulnerability has been resolved: erofs: add GFP_NOIO in the bio c…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: add GFP_NOIO in the bio completion if needed\n\nThe bio completion path in the process context (e.g. dm-verity)\nwill directly call into decompression rather than trigger another\nworkqueue context for minimal scheduling latenci…","indicators":{"cves":["CVE-2026-31467"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:42.977Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/378949f46e897204384f3f5f91e42e93e3f87568","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5c8ecdcfbfb0b0c6a82a4ebadc1ddea61609b902","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c23df30915f83e7257c8625b690a1cece94142a0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d6565ea662e17d45a577184b0011bd69de22dc2b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d9d8360cb66e3b599d89d2526e7da8b530ebf2ff","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/da40464064599eefe78749f75cd2bba371044c04","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e83e20b82859f0588e9a52a6fa9fea704a2061cf","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31468","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31468 — In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Fix double free in dma…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Fix double free in dma-buf feature\n\nThe error path through vfio_pci_core_feature_dma_buf() ignores its\nown advice to only use dma_buf_put() after dma_buf_export(), instead\nfalling through the entire unwind chain.  In the…","indicators":{"cves":["CVE-2026-31468"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:43.143Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/83ad334afc9a645cef1062f5346526b1e36d6516","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e98137f0a874ab36d0946de4707aa48cb7137d1c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31469","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31469 — In the Linux kernel, the following vulnerability has been resolved: virtio_net: Fix UAF on dst_ops w…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false\n\nA UAF issue occurs when the virtio_net driver is configured with napi_tx=N\nand the device's IFF_XMIT_DST_RELEASE flag is cleared\n(e.g., durin…","indicators":{"cves":["CVE-2026-31469"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:43.260Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/63d45077b97bb0e0fe0c75931acbbca7a47af141","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8a4790850e710fd6771e4d2112168ed1dd6c0e54","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9a18629f2525781f0f3dda7be72b204e4cf77d08","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ba8bda9a0896746053aa97ac6c3e08168729172c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/be0e63f3b97bbaf453c542e8a15ba2a536e2ac01","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c1ec36cb3768574b916f20d2d7415fd14fa1bf12","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f04733c4dc40c43899c3d1c97afbae5831a3770f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/fedd2e1630cac920844997227ccbe7b26a76375a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31470","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31470 — In the Linux kernel, the following vulnerability has been resolved: virt: tdx-guest: Fix handling of…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nvirt: tdx-guest: Fix handling of host controlled 'quote' buffer length\n\nValidate host controlled value `quote_buf->out_len` that determines how\nmany bytes of the quote are copied out to guest userspace. In TDX\nenvironments with rem…","indicators":{"cves":["CVE-2026-31470"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:43.473Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/02ca2d9d197723696cb9cc0cb159eb7e8bf5f89b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6f3c8795ae9ba74fa10fe979293d1904712d3fb1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a079a62883e3365de592cea9f7a669d8115433b0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c3fd16c3b98ed726294feab2f94f876290bf7b61","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31471","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31471 — In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: only publish mode_d…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: iptfs: only publish mode_data after clone setup\n\niptfs_clone_state() stores x->mode_data before allocating the reorder\nwindow. If that allocation fails, the code frees the cloned state and\nreturns -ENOMEM, leaving x->mode_dat…","indicators":{"cves":["CVE-2026-31471"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:43.610Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/371a43c4ac70cac0de9f9b1fc5b1660b9565b9f1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5784a1e2889c9525a8f036cb586930e232170bf7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d849a2f7309fc0616e79d13b008b0a47e0458b6e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31472","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31472 — In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: validate inner IPv4…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: iptfs: validate inner IPv4 header length in IPTFS payload\n\nAdd validation of the inner IPv4 packet tot_len and ihl fields parsed\nfrom decrypted IPTFS payloads in __input_process_payload(). A crafted\nESP packet containing an i…","indicators":{"cves":["CVE-2026-31472"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:43.740Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/0d10393d5eac33cbd92f7a41fddca12c41d3cb7e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3db7d4f777a00164582061ccaa99569cd85011a3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/de6d8e8ce5187f7402c9859b443355e7120c5f09","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31473","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31473 — In the Linux kernel, the following vulnerability has been resolved: media: mc, v4l2: serialize REINI…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex\n\nMEDIA_REQUEST_IOC_REINIT can run concurrently with VIDIOC_REQBUFS(0)\nqueue teardown paths. This can race request object cleanup against vb2\nqueue cancellation and…","indicators":{"cves":["CVE-2026-31473"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:43.863Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/1a0d9083c24fbd5d22f7100f09d11e4d696a5f01","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/2c685e99efb3b3bd2b78699fba6b1cf321975db0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/331242998a7ade5c2f65e14988901614629f3db5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/585fd9a2063dacce8b2820f675ef23d5d17434c5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/72b9e81e0203f03c40f3adb457f55bd4c8eb112d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/bef4f4a88b73e4cc550d25f665b8a9952af22773","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/cf2023e84f0888f96f4b65dc0804e7f3651969c1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d8549a453d5bdc0a71de66ad47a1106703406a56","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31474","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31474 — In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix tx.buf use-after…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ncan: isotp: fix tx.buf use-after-free in isotp_sendmsg()\n\nisotp_sendmsg() uses only cmpxchg() on so->tx.state to serialize access\nto so->tx.buf. isotp_release() waits for ISOTP_IDLE via\nwait_event_interruptible() and then calls kfr…","indicators":{"cves":["CVE-2026-31474"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:44.053Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/2e62e7051eca75a7f2e3d52d62ec10d7d7aa358c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/424e95d62110cdbc8fd12b40918f37e408e35a92","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9649d051e54413049c009638ec1dc23962c884a4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/cb3d6efa78460e6d50bf68806d0db66265709f64","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/eec8a1b18a79600bd4419079dc0026c1db72a830","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31475","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31475 — In the Linux kernel, the following vulnerability has been resolved: ASoC: sma1307: fix double free o…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: sma1307: fix double free of devm_kzalloc() memory\n\nA previous change added NULL checks and cleanup for allocation\nfailures in sma1307_setting_loaded().\n\nHowever, the cleanup for mode_set entries is wrong. Those entries are\nal…","indicators":{"cves":["CVE-2026-31475"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:44.207Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/1a82c3272626db9006f4c2cad3adf2916417aed6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d472d1a52985211b92883bb64bbe710b45980190","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/fe757092d2329c397ecb32f2bf68a5b1c4bd9193","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31476","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31476 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: do not expire session on…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: do not expire session on binding failure\n\nWhen a multichannel session binding request fails (e.g. wrong password),\nthe error path unconditionally sets sess->state = SMB2_SESSION_EXPIRED.\nHowever, during binding, sess points…","indicators":{"cves":["CVE-2026-31476"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:44.337Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/1d1888b4a7aec518b707f6eca0bf08992c0e8da3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6fafc4c4238e538969f1375f9ecdc6587c53f1cc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9bbb19d21ded7d78645506f20d8c44895e3d0fb9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a897064a457056acb976e20e3007cdf553de340f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e0e5edc81b241c70355217de7e120c97c3429deb","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f5300690c23c5ac860499bb37dbc09cf43fd62e6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31477","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31477 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leaks and NULL…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix memory leaks and NULL deref in smb2_lock()\n\nsmb2_lock() has three error handling issues after list_del() detaches\nsmb_lock from lock_list at no_check_cl:\n\n1) If vfs_lock_file() returns an unexpected error in the non-UNLO…","indicators":{"cves":["CVE-2026-31477"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:44.440Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/309b44ed684496ed3f9c5715d10b899338623512","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3cdacd11b41569ce75b3162142240f2355e04900","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/91aeaa7256006d79a37298f5a1df23325db91599","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/aab42f0795620cf0d3955a520f571f697d0f9a2a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c9b95ef6f5039f19e46c3a521a4fe1752d91dfe9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/cdac6f7e7e428dc70e3b5898ac6999a72ed13993","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31478","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31478 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: replace hardcoded hdr2_le…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()\n\nAfter this commit (e2b76ab8b5c9 \"ksmbd: add support for read compound\"),\nresponse buffer management was changed to use dynamic iov array.\nIn the new…","indicators":{"cves":["CVE-2026-31478"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:44.630Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/0e55f63dd08f09651d39e1b709a91705a8a0ddcb","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4cb537ae4f37d7d0f617815ed4bed7173fb50861","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6aef1765d6807e0f027cd87f6ac973eb0879a46d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/70b4c414889492c522b6e4331562360f49be2361","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/80824c7e527b70cf9039534e60aff592e8f209d1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9a7166f0ef8cbb7bb48dd05e2471d995566003f5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c3a89e3ec1ccf64fa6a34e391e1581ebbcba8683","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31480","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31480 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix potential deadlock…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix potential deadlock in cpu hotplug with osnoise\n\nThe following sequence may leads deadlock in cpu hotplug:\n\n    task1        task2        task3\n    -----        -----        -----\n\n mutex_lock(&interface_lock)…","indicators":{"cves":["CVE-2026-31480"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:45.170Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/03474a01c199de17a8e2d39b51df6beb9c76e831","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/1f9885732248d22f788e4992c739a98c88ab8a55","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7a41d4633cd2c15eb5ed31e8f3b16910e50a8c9f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7aa095ce7d224308cb6979956f0de8607df93d4f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/cf929c21eeed5bd39873fb14bfdfff963fa6f1da","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ef41a85a55022e27cdaebf22a6676910b66f65aa","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f278b8ebf7eba2a1699cfc7bf30dd3ef898d60d7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31481","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31481 — In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Drain deferred trigger frees if kthread creation fails\n\nBoot-time trigger registration can fail before the trigger-data cleanup\nkthread exists. Deferring those frees until late init is fine, but the\npost-boot fallback must…","indicators":{"cves":["CVE-2026-31481"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:45.340Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/250ab25391edeeab8462b68be42e4904506c409c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/771624b7884a83bb9f922ae64ee41a5f8b7576c9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31482","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31482 — In the Linux kernel, the following vulnerability has been resolved: s390/entry: Scrub r12 register o…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ns390/entry: Scrub r12 register on kernel entry\n\nBefore commit f33f2d4c7c80 (\"s390/bp: remove TIF_ISOLATE_BP\"),\nall entry handlers loaded r12 with the current task pointer\n(lg %r12,__LC_CURRENT) for use by the BPENTER/BPEXIT macros.…","indicators":{"cves":["CVE-2026-31482"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:45.457Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/0738d395aab8fae3b5a3ad3fc640630c91693c27","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7f4e3233faa8470dd0627bc49b2809f2bfebd909","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/95c899cd791803a5bf7b73e5994fbbe1cc1a9c36","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/99a8b420f3f0e162eb9c9c9253929d4d23f9bd30","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a58d298a83a3a9b7ca99ded9d60a1e77231159ef","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31483","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31483 — In the Linux kernel, the following vulnerability has been resolved: s390/syscalls: Add spectre bound…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ns390/syscalls: Add spectre boundary for syscall dispatch table\n\nThe s390 syscall number is directly controlled by userspace, but does\nnot have an array_index_nospec() boundary to prevent access past the\nsyscall function pointer tab…","indicators":{"cves":["CVE-2026-31483"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:45.627Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/1cb9c7bc9025c637564fabc7fcc3c9343949e310","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3c3b97064764899c39a0abbd35a6caa031e70333","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/48b8814e25d073dd84daf990a879a820bad2bcbd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4d05dd18d867d58c6952a3bc260d244899da7256","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7a5260fbc6e79a1595328ec5c6aa3f937504a1f0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/87776f02449e3bded95b2ccbd6b012e9ae64e6f3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f8c444b918d639e1f9a621ee20fe481c1d10dfc4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31484","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31484 — In the Linux kernel, the following vulnerability has been resolved: io_uring/fdinfo: fix OOB read in…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/fdinfo: fix OOB read in SQE_MIXED wrap check\n\n__io_uring_show_fdinfo() iterates over pending SQEs and, for 128-byte\nSQEs on an IORING_SETUP_SQE_MIXED ring, needs to detect when the second\nhalf of the SQE would be past the…","indicators":{"cves":["CVE-2026-31484"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:45.800Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/5170efd9c344c68a8075dcb8ed38d3f8a60e7ed4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ba21ab247a5be5382da7464b95afbe5f0e9aa503","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31485","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31485 — In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-lpspi: fix teardown…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-fsl-lpspi: fix teardown order issue (UAF)\n\nThere is a teardown order issue in the driver. The SPI controller is\nregistered using devm_spi_register_controller(), which delays\nunregistration of the SPI controller until after…","indicators":{"cves":["CVE-2026-31485"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:45.923Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/15650dfbaeeb14bcaaf053b93cf631db8d465300","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/adb25339b66112393fd6892ceff926765feb5b86","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/b341c1176f2e001b3adf0b47154fc31589f7410e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ca4483f36ac1b62e69f8b182c5b8f059e0abecfb","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d5d01f24bc6fbde40b4e567ef9160194b61267bc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e3fd54f8b0317fbccc103961ddd660f2a32dcf0b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e89e2b97253c124d37bf88e96e5e8ce5c3aeeec3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/fbe6f40caeebb0b1ea9dfedc259124c1d3cda7a6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31486","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31486 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (pmbus/core) Protect regu…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (pmbus/core) Protect regulator operations with mutex\n\nThe regulator operations pmbus_regulator_get_voltage(),\npmbus_regulator_set_voltage(), and pmbus_regulator_list_voltage()\naccess PMBus registers and shared data but were…","indicators":{"cves":["CVE-2026-31486"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:46.160Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/2c77ae315f3ce9d2c8e1609be74c9358c1fe4e07","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4e9d723d9f198b86f6882a84c501ba1f39e8d055","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/754bd2b4a084b90b5e7b630e1f423061a9b9b761","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31487","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31487 — In the Linux kernel, the following vulnerability has been resolved: spi: use generic driver_override…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: use generic driver_override infrastructure\n\nWhen a driver is probed through __driver_attach(), the bus' match()\ncallback is called without the device lock held, thus accessing the\ndriver_override field without a lock, which ca…","indicators":{"cves":["CVE-2026-31487"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:46.307Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/c73a58661a760373d08a6883af4f0bb5cc991a67","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/cc34d77dd48708d810c12bfd6f5bf03304f6c824","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e0ae367a2de06c49aa1de6ec9b1ab6860bbb2cf0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/eedf220442d13b6d97294e5b0ac8a2c38ee1a1a0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31489","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31489 — In the Linux kernel, the following vulnerability has been resolved: spi: meson-spicc: Fix double-put…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: meson-spicc: Fix double-put in remove path\n\nmeson_spicc_probe() registers the controller with\ndevm_spi_register_controller(), so teardown already drops the\ncontroller reference via devm cleanup.\n\nCalling spi_controller_put() a…","indicators":{"cves":["CVE-2026-31489"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:46.603Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/40ad0334c17b23d8b66b1082ad1478a6202e90e2","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/63542bb402b7013171c9f621c28b609eda4dbf1f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9b812ceb75a6260c17c91db4b9e74ead8cfa06f5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/da06a104f0486355073ff0d1bcb1fcbebb7080d6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31490","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31490 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix use-after-free in…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/pf: Fix use-after-free in migration restore\n\nWhen an error is returned from xe_sriov_pf_migration_restore_produce(),\nthe data pointer is not set to NULL, which can trigger use-after-free\nin subsequent .write() calls.\nSet the…","indicators":{"cves":["CVE-2026-31490"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:46.763Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/87997b6c6516e049cbaf2fc6810b213d587a06b1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e28552b4ddea5cb4725380dd08237831af835124","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31491","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31491 — In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Harden depth calcula…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Harden depth calculation functions\n\nAn issue was exposed where OS can pass in U32_MAX for SQ/RQ/SRQ size.\nThis can cause integer overflow and truncation of SQ/RQ/SRQ depth\nreturning a success when it should have failed.…","indicators":{"cves":["CVE-2026-31491"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:46.880Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/3f08351de5ca4f2f724b86ad252fbc21289467e1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/cbd852f5700eb3f64392452faf693ac45cae8281","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e37afcb56ae070477741fe2d6e61fc0c542cce2d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31492","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31492 — In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Initialize free_qp c…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Initialize free_qp completion before using it\n\nIn irdma_create_qp, if ib_copy_to_udata fails, it will call\nirdma_destroy_qp to clean up which will attempt to wait on\nthe free_qp completion, which is not initialized yet.…","indicators":{"cves":["CVE-2026-31492"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:47.010Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/11a95521fb93c91e2d4ef9d53dc80ef0a755549b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3cb88c12461b71c7d9c604aa2e6a9a477ecfa147","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ac1da7bd224d406b6f1b84414f0f652ab43b6bd8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/af310407f79d5816fc0ab3638e1588b6193316dd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/cd1534c8f4984432382c240f6784408497f5bb0a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f72996834f7bdefc2b95e3eec30447ee195df44e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31493","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31493 — In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix use of completion…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/efa: Fix use of completion ctx after free\n\nOn admin queue completion handling, if the admin command completed with\nerror we print data from the completion context. The issue is that we\nalready freed the completion context in p…","indicators":{"cves":["CVE-2026-31493"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:47.170Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/0dd98aea1c0c45987fa2dd92f988b0eb1a72c125","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/1cf95fe5dc5471efea947b4c6f8913da6bc7976e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ef3b06742c8a201d0e83edc9a33a89a4fe3009f8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31494","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31494 — In the Linux kernel, the following vulnerability has been resolved: net: macb: use the current queue…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: macb: use the current queue number for stats\n\nThere's a potential mismatch between the memory reserved for statistics\nand the amount of memory written.\n\ngem_get_sset_count() correctly computes the number of stats based on the…","indicators":{"cves":["CVE-2026-31494"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:47.293Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/240c5302eed83e34e98db18f6795ee5f40814024","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/72d96e4e24bbefdcfbc68bdb9341a05d8f5cb6e5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7ff87da099210856cbfe2f2f7f52ddfa57af4f0c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/95246341945163ad9a250a87ca5bd1c1252777ae","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9596759a84e1dbf2670518d85e969208960041f9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9738be665544281aa624842812c2fbfed6f88226","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9d74d10e4e26672e139a8bcf8bf95957bf2d160f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e182fe273cdf5a8931592228196ef514ffac392b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31495","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31495 — In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use netlin…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: use netlink policy range checks\n\nReplace manual range and mask validations with netlink policy\nannotations in ctnetlink code paths, so that the netlink core rejects\ninvalid values early and can generate extack…","indicators":{"cves":["CVE-2026-31495"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:47.500Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/2ef71307c86a9f866d6e28f1a0c06e2e9d794474","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/435b576cd2faa75154777868f8cbb73bf71644d3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/45c33e79ae705b7af97e3117672b6cd258dd0b1b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4f7d25f3f0786402ba48ff7d13b6241d77d975f5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/675c913b940488a84effdeeac5a1cfb657b59804","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8f15b5071b4548b0aafc03b366eb45c9c6566704","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c6cb41eaae875501eaaa487b8db6539feb092292","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/fcec5ce2d73a41668b24e3f18c803541602a59f6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31496","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31496 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_expect:…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conntrack_expect: skip expectations in other netns via proc\n\nSkip expectations that do not reside in this netns.\n\nSimilar to e77e6ff502ea (\"netfilter: conntrack: do not dump other netns's\nconntrack entries via proc\").","indicators":{"cves":["CVE-2026-31496"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:47.693Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/168145c87444619e3e649322bbe7719ecd00d411","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/2028405ea6987b4448784e439413202cfe19f43f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3265ad619987cb551edaf797ed056d80ac450225","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3db5647984de03d9cae0dcddb509b058351f0ee4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9ca8c7452493d915f9bbf2f39331e6c583d07a23","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/dcfcd95b3ae7683e8ae55c92284b3430ce614bc7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31497","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31497 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: clamp SCO alts…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btusb: clamp SCO altsetting table indices\n\nbtusb_work() maps the number of active SCO links to USB alternate\nsettings through a three-entry lookup table when CVSD traffic uses\ntransparent voice settings. The lookup curre…","indicators":{"cves":["CVE-2026-31497"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:47.857Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/1019028eb124564cf7bca58a16f1df8a1ca30726","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/129fa608b6ad08b8ab7178eeb2ec272c993aaccc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/21c254202f9d78abe0fcd642a92966deb92bd226","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/312c4450fe23014665c163f480edd5ad2e27bbb8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/476c9262b430c38c6a701a3b8176a3f48689085b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6fba3c3d48c927e55611a0f5ea34da88138ed0ff","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/834cf890d2c3d29cbfa1ee2376c40469c28ec297","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9dd13a8641de79bc1bc93da55cdd35259a002683","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31498","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31498 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix ERTM re-in…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop\n\nl2cap_config_req() processes CONFIG_REQ for channels in BT_CONNECTED\nstate to support L2CAP reconfiguration (e.g. MTU changes). However,\nsince both CONF_INPUT_DONE…","indicators":{"cves":["CVE-2026-31498"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:48.067Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/042e2cd4bb11e5313b19b87593616524949e4c52","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/25f420a0d4cfd61d3d23ec4b9c56d9f443d91377","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/52667c859fe33f70c2e711cb81bbd505d5eb8e75","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/900e4db5385ec2cacd372345a80ab9c8e105b3a3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9760b83cfd24b38caee663f429011a0dd6064fa9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9a21a631ee034b1573dce14b572a24943dbfd7ae","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/de37e2655b7abc3f59254c6b72256840f39fc6d5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e7aab23b7df89a3d754a5f0a7d2237548b328bd0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31499","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31499 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix deadlock i…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix deadlock in l2cap_conn_del()\n\nl2cap_conn_del() calls cancel_delayed_work_sync() for both info_timer\nand id_addr_timer while holding conn->lock. However, the work functions\nl2cap_info_timeout() and l2cap_conn_u…","indicators":{"cves":["CVE-2026-31499"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:48.283Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/00fdebbbc557a2fc21321ff2eaa22fd70c078608","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3f26ecbd9cde621dd94be7ef252c7210b965a5c7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d008460de352e534f6721de829b093368564ec66","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31500","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31500 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: serialize bt…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock\n\nbtintel_hw_error() issues two __hci_cmd_sync() calls (HCI_OP_RESET\nand Intel exception-info retrieval) without holding\nhci_req_sync_lock().  This lets it race…","indicators":{"cves":["CVE-2026-31500"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:48.427Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/5f84e845648dfa86e42de5487f1a774b42f0444d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/66696648af477dc87859e5e4b607112f5f29d010","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/94d8e6fe5d0818e9300e514e095a200bd5ff93ae","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e10a4cb72468686ffbe8bb2b0520e37f6be1a0c5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f7d84737663ad4a120d2d8ef1561a4df91282c2e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31501","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31501 — In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix use-a…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ti: icssg-prueth: fix use-after-free of CPPI descriptor in RX path\n\ncppi5_hdesc_get_psdata() returns a pointer into the CPPI descriptor.\nIn both emac_rx_packet() and emac_rx_packet_zc(), the descriptor is\nfreed via k3_cppi_des…","indicators":{"cves":["CVE-2026-31501"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:48.597Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/d5827316debcb677679bb014885d7be92c410e11","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/eb8c426c9803beb171f89d15fea17505eb517714","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31502","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31502 — In the Linux kernel, the following vulnerability has been resolved: team: fix header_ops type confus…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nteam: fix header_ops type confusion with non-Ethernet ports\n\nSimilar to commit 950803f72547 (\"bonding: fix type confusion in\nbond_setup_by_slave()\") team has the same class of header_ops type\nconfusion.\n\nFor non-Ethernet ports, tea…","indicators":{"cves":["CVE-2026-31502"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:48.713Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/0a7468ed49a6b65d34abcc6eb60e15f7f6d34da0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/20491d384d973a63fbdaf7a71e38d69b0659ea55","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/425000dbf17373a4ab8be9428f5dc055ef870a56","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6d3161fa3eee64d46b766fb0db33ec7f300ef52d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31503","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31503 — In the Linux kernel, the following vulnerability has been resolved: udp: Fix wildcard bind conflict…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nudp: Fix wildcard bind conflict check when using hash2\n\nWhen binding a udp_sock to a local address and port, UDP uses\ntwo hashes (udptable->hash and udptable->hash2) for collision\ndetection. The current code switches to \"hash2\" whe…","indicators":{"cves":["CVE-2026-31503"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:48.863Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/0a360f7f73a06ac88f18917055fbcc79694252d7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/18d84c45def3671d5c89fbdd5d4ab8a3217fe4b4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/2297e38114316b26ae02f2d205c49b5511c5ed55","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d6ace0dbcbb7fd285738bb87b42b71b01858c952","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e537dd15d0d4ad989d56a1021290f0c674dd8b28","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f1bed05a832ae79be5f7a105da56810eaa59a5f1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31504","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31504 — In the Linux kernel, the following vulnerability has been resolved: net: fix fanout UAF in packet_re…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix fanout UAF in packet_release() via NETDEV_UP race\n\n`packet_release()` has a race window where `NETDEV_UP` can re-register a\nsocket into a fanout group's `arr[]` array. The re-registration is not\ncleaned up by `fanout_relea…","indicators":{"cves":["CVE-2026-31504"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:49.040Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/1b4c03f8892d955385c202009af7485364731bb9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/42156f93d123436f2a27c468f18c966b7e5db796","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/42cfd7898eeed290c9fb73f732af1f7d6b0a703e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/654386baef228c2992dbf604c819e4c7c35fc71b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/75fe6db23705a1d55160081f7b37db9665b1880b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ceccbfc6de720ad633519a226715989cfb065af1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d0c7cdc15fdf8c4f91aca1928e52295d175b6ec6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ee642b1962caa9aa231c01abbd58bc453ae6b66e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31505","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31505 — In the Linux kernel, the following vulnerability has been resolved: iavf: fix out-of-bounds writes i…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\niavf: fix out-of-bounds writes in iavf_get_ethtool_stats()\n\niavf incorrectly uses real_num_tx_queues for ETH_SS_STATS. Since the\nvalue could change in runtime, we should use num_tx_queues instead.\n\nMoreover iavf_get_ethtool_stats()…","indicators":{"cves":["CVE-2026-31505"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:49.233Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/1f931dee5b726df1940348ec31614d64bac03aa6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/bb85741d2dc2be207353a412f51b83697fcbefcf","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/fdf902bf86a80bf15792a1d20a67a5302498d7f1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/fecacfc95f195b99c71c579a472120d0b4ed65fa","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31506","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31506 — In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix double free of…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bcmasp: fix double free of WoL irq\n\nWe do not need to free wol_irq since it was instantiated with\ndevm_request_irq(). So devres will free for us.","indicators":{"cves":["CVE-2026-31506"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:49.397Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/121a6ad9cd42ba3bfc57deae93e3326515c2afe1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8a30509ce6a29bdf18e0802383c524a7b2357ec0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9e5f5c07cc7d66522f8c9676c28605eba5d4a20e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/cbfa5be2bf64511d49b854a0f9fd6d0b5118621f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31507","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31507 — In the Linux kernel, the following vulnerability has been resolved: net/smc: fix double-free of smc_…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer\n\nsmc_rx_splice() allocates one smc_spd_priv per pipe_buffer and stores\nthe pointer in pipe_buffer.private.  The pipe_buf_operations for these\nbuffers…","indicators":{"cves":["CVE-2026-31507"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:49.523Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/24dd586bb4cbba1889a50abe74143817a095c1c9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3cc76380fea749280c026f410af56a28aaac388a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/54c87a730157868543ebdfa0ecb21b4590ed23a5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7bcb974c771c863e8588cea0012ac204443a7126","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7e8916f46c2f48607f907fd401590093753a6bc5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/81acbd345d405994875d419d43b319fee0b9ad62","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/98ba5cb274768146e25ffbfde47753652c1c20d3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ae5575e660410c8d2c5d38fb28a0f37aea945676","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31508","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31508 — In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Avoid releasin…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: Avoid releasing netdev before teardown completes\n\nThe patch cited in the Fixes tag below changed the teardown code for\nOVS ports to no longer unconditionally take the RTNL. After this change,\nthe netdev_destroy()…","indicators":{"cves":["CVE-2026-31508"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:49.727Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/33609454be4f582e686a4bf13d4482a5ca0f6c4b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/43579baa17270aa51f93eb09b6e4af6e047b7f6e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4c3e25a7b711a402fcbbbcfbbdf2868ece1ae7c8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5fdeaf591a0942772c2d18ff3563697a49ad01c6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/755a6300afbd743cda4b102f24f343380ec0e0ff","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7c770dadfda5cbbde6aa3c4363ed513f1d212bf8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/95265232b49765a4d00f4d028c100bb7185600f4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/df3c95be76103604e752131d9495a24814915ece","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31509","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31509 — In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix circular locking d…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: fix circular locking dependency in nci_close_device\n\nnci_close_device() flushes rx_wq and tx_wq while holding req_lock.\nThis causes a circular locking dependency because nci_rx_work()\nrunning on rx_wq can end up taking re…","indicators":{"cves":["CVE-2026-31509"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:49.947Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/09143c0e8f3b03517e6233aad42f45c794d8df8e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/1edc12d2bbcb7a8d0f1088e6fccb9d8c01bb1289","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4527025d440ce84bf56e75ce1df2e84cb8178616","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5eef9ebec7f5738f12cadede3545c05b34bf5ac3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7ed00a3edc8597fe2333f524401e2889aa1b5edf","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ca54e904a071aa65ef3ad46ba42d51aaac6b73b4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d89b74bf08f067b55c03d7f999ba0a0e73177eb3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/eb435d150ca74b4d40f77f1a2266f3636ed64a79","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31511","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31511 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix dangling po…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete\n\nThis fixes the condition checking so mgmt_pending_valid is executed\nwhenever status != -ECANCELED otherwise calling mgmt_pending_free(cmd)\nwould kfree…","indicators":{"cves":["CVE-2026-31511"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:50.343Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/340666172cf747de58c283d2eef1f335f050538b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3a89c33deffb3cb7877a7ea2e50734cd12b064f2","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5f5fa4cd35f707344f65ce9e225b6528691dbbaa","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/bafec9325d4de26b6c49db75b5d5172de652aae0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31512","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31512 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate PDU l…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()\n\nl2cap_ecred_data_rcv() reads the SDU length field from skb->data using\nget_unaligned_le16() without first verifying that skb contains at lea…","indicators":{"cves":["CVE-2026-31512"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:50.490Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/3340be2bafdcc806f048273ea6d8e82a6597aa1b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/40c7f7eea2f4d9cb0b3e924254c8c9053372168f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/477ad4976072056c348937e94f24583321938df4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5ad981249be52f5e4e92e0e97b436b569071cb86","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8c96f3bd4ae0802db90630be8e9851827e9c9209","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c65bd945d1c08c3db756821b6bf9f1c4a77b29c6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/cef09691cfb61f6c91cc27c3d69634f81c8ab949","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e47315b84d0eb188772c3ff5cf073cdbdefca6b4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31513","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31513 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix stack-out-…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix stack-out-of-bounds read in l2cap_ecred_conn_req\n\nSyzbot reported a KASAN stack-out-of-bounds read in l2cap_build_cmd()\nthat is triggered by a malformed Enhanced Credit Based Connection Request.\n\nThe vulnerabi…","indicators":{"cves":["CVE-2026-31513"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:50.673Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/5b35f8211a913cfe7ab9d54fa36a272d2059a588","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9d87cb22195b2c67405f5485d525190747ad5493","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a3d9c50d69785ae02e153f000da1b5fd6dbfdf1b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c8e1a27edb8b4e5afb56b384acd7b6c2dec1b7cc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31514","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31514 — In the Linux kernel, the following vulnerability has been resolved: erofs: set fileio bio failed in…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: set fileio bio failed in short read case\n\nFor file-backed mount, IO requests are handled by vfs_iocb_iter_read().\nHowever, it can be interrupted by SIGKILL, returning the number of\nbytes actually copied. Unused folios in bio…","indicators":{"cves":["CVE-2026-31514"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:50.810Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/5a5f23ef5431639db1ac3a0b274aef3a84cc413c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5cf3972c8221abdb1b464a14ccf8103d840b9085","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d1ba7d6b3cd1757b108d7b6856c92ae661d6c323","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/eade54040384f54b7fb330e4b0975c5734850b3c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31515","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31515 — In the Linux kernel, the following vulnerability has been resolved: af_key: validate families in pfk…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\naf_key: validate families in pfkey_send_migrate()\n\nsyzbot was able to trigger a crash in skb_put() [1]\n\nIssue is that pfkey_send_migrate() does not check old/new families,\nand that set_ipsecrequest() @family argument was truncated,…","indicators":{"cves":["CVE-2026-31515"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:50.940Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/7b18692c59afb8e5c364c8e3ac01e51dd6b52028","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/83f644ea92987c100b82d8481ae2230faeed3d34","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8ddf8de7e758f6888988467af9ffc8adf589fb16","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d0c5aa8dd38887714f1aad04236a3620b56a5e4e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d3225e6b9bd51ec177970a628fe4b11237ce87d5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e06b596fc4eb01936a2e5dccad17c946d660bab8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/eb2d16a7d599dc9d4df391b5e660df9949963786","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ee836e820a40e2ca4da8af7310bff92d586772d4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31516","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31516 — In the Linux kernel, the following vulnerability has been resolved: xfrm: prevent policy_hthresh.wor…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: prevent policy_hthresh.work from racing with netns teardown\n\nA XFRM_MSG_NEWSPDINFO request can queue the per-net work item\npolicy_hthresh.work onto the system workqueue.\n\nThe queued callback, xfrm_hash_rebuild(), retrieves th…","indicators":{"cves":["CVE-2026-31516"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:51.130Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/29fe3a61bcdce398ee3955101c39f89c01a8a77e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4e2e77843fef473ef47e322d52436d8308582a96","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/56ea2257b83ee29a543f158159e3d1abc1e3e4fe","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8854e9367465d784046362698731c1111e3b39b8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31517","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31517 — In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix skb_put() panic…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: iptfs: fix skb_put() panic on non-linear skb during reassembly\n\nIn iptfs_reassem_cont(), IP-TFS attempts to append data to the new inner\npacket 'newskb' that is being reassembled. First a zero-copy approach is\ntried if it suc…","indicators":{"cves":["CVE-2026-31517"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:51.273Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/0b352f83cabfefdaafa806d6471f0eca117dc7d5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/33a7b36268933c75bdc355e5531951e0ea9f1951","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7fdfe8f6efeb0e1200e22a903f2471539f54522b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31518","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31518 — In the Linux kernel, the following vulnerability has been resolved: esp: fix skb leak with espintcp…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nesp: fix skb leak with espintcp and async crypto\n\nWhen the TX queue for espintcp is full, esp_output_tail_tcp will\nreturn an error and not free the skb, because with synchronous crypto,\nthe common xfrm output code will drop the pac…","indicators":{"cves":["CVE-2026-31518"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:51.410Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/0c0eef8ccd2413b0a10eb6bbd3442333b1e64dd2","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/41aafca57de4a4c026701622bd4648f112a9edcd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4820847e036ff1035b01b69ad68dfc17e7028fe9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6a3ec6efbc4f90e0ccb2e71574f07351f19996f4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6aa9841d917532d0f2d932d1ff2f3a94305aaf47","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/88d386243ed374ac969dabd3bbc1409a31d81818","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/aca3ad0c262f54a5b5c95dda80a48365997d1224","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/df6f995358dc1f3c42484f5cfe241d7bd3e1cd15","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31519","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31519 — In the Linux kernel, the following vulnerability has been resolved: btrfs: set BTRFS_ROOT_ORPHAN_CLE…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create\n\nWe have recently observed a number of subvolumes with broken dentries.\nls-ing the parent dir looks like:\n\ndrwxrwxrwt 1 root root 16 Jan 23 16:49 .\ndrwxr-xr-x 1 root root 24…","indicators":{"cves":["CVE-2026-31519"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:51.580Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/2ec578e6452138ab76f6c9a9c18711fcd197649f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5131fa077f9bb386a1b901bf5b247041f0ec8f80","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/696683f214495db3cdacab9a713efaaced8660f8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a41a9b8d19a98b45591528c6e54d31cc66271d1e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c57276ced3c3207f42182dfa2f0d8e860357e111","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d43da8de0ed376abafbad8a245a1835e8f66cb0f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31520","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31520 — In the Linux kernel, the following vulnerability has been resolved: HID: apple: avoid memory leak in…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nHID: apple: avoid memory leak in apple_report_fixup()\n\nThe apple_report_fixup() function was returning a\nnewly kmemdup()-allocated buffer, but never freeing it.\n\nThe caller of report_fixup() does not take ownership of the returned…","indicators":{"cves":["CVE-2026-31520"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:51.770Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/239c15116d80f67d32f00acc34575f1a6b699613","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/2635d0c715f3fb177e0f80ecd5fa48feb6bf3884","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/31860c3f7ac66ab897a8c90dc4e74fa17ca0b624","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/be1a341c161430282acdfe2ac99b413271575cf1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e2f090aeb7b9930a964e151910f4d45b04c8a7e5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e652ebd29928181c3e6820e303da25873e9917d4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31521","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31521 — In the Linux kernel, the following vulnerability has been resolved: module: Fix kernel panic when a…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nmodule: Fix kernel panic when a symbol st_shndx is out of bounds\n\nThe module loader doesn't check for bounds of the ELF section index in\nsimplify_symbols():\n\n       for (i = 1; i < symsec->sh_size / sizeof(Elf_Sym); i++) {\n\t\tconst…","indicators":{"cves":["CVE-2026-31521"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:51.930Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/082f15d2887329e0f43fd3727e69365f5bfe5d2c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4bbdb0e48176fd281c2b9a211b110db6fd94e175","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5d16f519b6eb1d071807e57efe0df2baa8d32ad6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6ba6957c640f58dc8ef046981a045da43e47ea23","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ec2b22a58073f80739013588af448ff6e2ab906f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ef75dc1401d8e797ee51559a0dd0336c225e1776","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f9d69d5e7bde2295eb7488a56f094ac8f5383b92","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31522","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31522 — In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: avoid memory le…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nHID: magicmouse: avoid memory leak in magicmouse_report_fixup()\n\nThe magicmouse_report_fixup() function was returning a\nnewly kmemdup()-allocated buffer, but never freeing it.\n\nThe caller of report_fixup() does not take ownership o…","indicators":{"cves":["CVE-2026-31522"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:52.100Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/136f605e246b4bfe7ac2259471d1ff814aed0084","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/579c4c9857acdc8380fa99803f355f878bd766cb","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/79e5dcc95d9abed6f8203cfd529f4ec71f0e505d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7edfe4346b052b708645d0acc0f186425766b785","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/91e8c6e601bdc1ccdf886479b6513c01c7e51c2c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d84c21aabaab517b9aaf9bc1d785922cb9db2f31","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/fa95b0146358b49f9858139b67314591fd5871b0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31523","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31523 — In the Linux kernel, the following vulnerability has been resolved: nvme-pci: ensure we're polling a…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: ensure we're polling a polled queue\n\nA user can change the polled queue count at run time. There's a brief\nwindow during a reset where a hipri task may try to poll that queue\nbefore the block layer has updated the queue m…","indicators":{"cves":["CVE-2026-31523"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:52.263Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/0685dd9cb855ab77fcf3577b4702ba1d6df1c98d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/166e31d7dbf6aa44829b98aa446bda5c9580f12a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6f12734c4b619f923a4df0b1a46b8098b187d324","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/965e2c943f065122f14282a88d70a8a92e12a4da","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/acbc72dd1a09df53cafcf577259f4678be6afd6d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/b222680ba55e018426c4535067a008f1d81a5d21","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/b96c7b25eb1b748f3e3b1832ebf028b0b223d7e3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ba167d5982e2eb6ff9356d409eca592ce99555da","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31524","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31524 — In the Linux kernel, the following vulnerability has been resolved: HID: asus: avoid memory leak in…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nHID: asus: avoid memory leak in asus_report_fixup()\n\nThe asus_report_fixup() function was returning a newly allocated\nkmemdup()-allocated buffer, but never freeing it.  Switch to\ndevm_kzalloc() to ensure the memory is managed and f…","indicators":{"cves":["CVE-2026-31524"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:52.430Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/2bad24c17742fc88973d6aea526ce1353f5334a3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/2e4fe6b15c2f390c023b20d728b1a3fe7ea4f973","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/726765b43deb2b4723869d673cc5fc6f7a3b2059","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7a6d6e4d8af044f94fa97e97af5ff2771e1fbebd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/84724ac4821a160d47b84289adf139023027bdbb","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a41cc7c1668e44ff2c2d36f9a6353253ffc43e3c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ede95cfcab8064d9a08813fbd7ed42cea8843dcf","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f20f17cffbe34fb330267e0f8084f5565f807444","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31525","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31525 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix undefined behavior in i…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN\n\nThe BPF interpreter's signed 32-bit division and modulo handlers use\nthe kernel abs() macro on s32 operands. The abs() macro documentation\n(include/linux/math.h) exp…","indicators":{"cves":["CVE-2026-31525"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:52.607Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/0d5d8c3ce45c734aaf3c51cbef59155a6746157d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/694ea55f1b1c74f9942d91ec366ae9e822422e42","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9ab1227765c446942f290c83382f0b19887c55cf","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c77b30bd1dcb61f66c640ff7d2757816210c7cb0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f14ca604c0ff274fba19f73f1f0485c0047c1396","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31526","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31526 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix exception exit lock che…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix exception exit lock checking for subprogs\n\nprocess_bpf_exit_full() passes check_lock = !curframe to\ncheck_resource_leak(), which is false in cases when bpf_throw() is\ncalled from a static subprog. This makes check_resource…","indicators":{"cves":["CVE-2026-31526"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:52.763Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/5a399f3117642494e35545f6ca397d3e177c1f9b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6c2128505f61b504c79a20b89596feba61388112","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c0281da1f2aa5c2fca3a05f79b86bea96591c358","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31527","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31527 — In the Linux kernel, the following vulnerability has been resolved: driver core: platform: use gener…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: platform: use generic driver_override infrastructure\n\nWhen a driver is probed through __driver_attach(), the bus' match()\ncallback is called without the device lock held, thus accessing the\ndriver_override field withou…","indicators":{"cves":["CVE-2026-31527"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:52.903Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/2b38efc05bf7a8568ec74bfffea0f5cfa62bc01d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7c02a9bd7d14a89065fcf672b86d8e1d1a41d3b1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9a6086d2a828dd2ff74cf9abcae456670febd71f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/edee7ee5a14c3b33f6d54641f5af5c5e9180992d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31528","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31528 — In the Linux kernel, the following vulnerability has been resolved: perf: Make sure to use pmu_ctx->…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Make sure to use pmu_ctx->pmu for groups\n\nOliver reported that x86_pmu_del() ended up doing an out-of-bound memory access\nwhen group_sched_in() fails and needs to roll back.\n\nThis *should* be handled by the transaction callba…","indicators":{"cves":["CVE-2026-31528"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:53.040Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/35f7914e54fe7f13654c22ee045b05e4b6d8062b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3a696e84a8b1fafdd774bb30d62919faf844d9e4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4b9ce671960627b2505b3f64742544ae9801df97","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4c759446046500a1a6785b25725725c3ff087ace","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/656f35b463995bee024d948440128230aacd81e1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31529","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31529 — In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix leakage in __con…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/region: Fix leakage in __construct_region()\n\nFailing the first sysfs_update_group() needs to explicitly\nkfree the resource as it is too early for cxl_region_iomem_release()\nto do so.","indicators":{"cves":["CVE-2026-31529"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:53.183Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/77b310bb7b5ff8c017524df83292e0242ba89791","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f1b4741adf08b0063291ec1b0dfa9c3d55644933","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31530","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31530 — In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use after free of…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/port: Fix use after free of parent_port in cxl_detach_ep()\n\ncxl_detach_ep() is called during bottom-up removal when all CXL memory\ndevices beneath a switch port have been removed. For each port in the\nhierarchy it locks both th…","indicators":{"cves":["CVE-2026-31530"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:53.293Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/19d2f0b97a131198efc2c4ca3eb7f980bba8c2b4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/2c32141462045cf93d54a5146a0ba572b83533dd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d216a4bd138eb57cc4ae7c43b2f709e3482af7e2","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f7dc6f381a1e5f068333f1faa9265d6af1df4235","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5749","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5749 — Inadequate access control in the registration process in Fullstep V5, which could allow unauthentica…","description":"Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact with authenticated API resources. Successful exploitation of this vulnerability could allow an unauthenticated attacker to compromise the c…","indicators":{"cves":["CVE-2026-5749"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:17:05.993Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fullstep","label":"cve-coordination@incibe.es","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5750","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5750 — An insecure direct object reference (IDOR) vulnerability in the Fullstep V5 registration process all…","description":"An insecure direct object reference (IDOR) vulnerability in the Fullstep V5 registration process allows authenticated users to access data belonging to other registered users through various vulnerable authenticated resources in the application. The vulnerable endpoints result from: '/api/suppliers/…","indicators":{"cves":["CVE-2026-5750"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:17:06.173Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fullstep","label":"cve-coordination@incibe.es","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35382","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-35382 — Rejected reason: Voluntarily withdrawn","description":"Rejected reason: Voluntarily withdrawn","indicators":{"cves":["CVE-2026-35382"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:43.360Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[],"feedLabel":null},{"id":"nvd-CVE-2026-28950","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-28950 — A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iP…","description":"A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2. Notifications marked for deletion could be unexpectedly retained on the device.","indicators":{"cves":["CVE-2026-28950"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T19:17:00.847Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://support.apple.com/en-us/127002","label":"product-security@apple.com","domainType":"other"},{"url":"https://support.apple.com/en-us/127003","label":"product-security@apple.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3673","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-3673 — An authenticated attacker can store a crafted tag value in _user_tags and trigger JavaScript executi…","description":"An authenticated attacker can store a crafted tag value in _user_tags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interpolates tag content into HTML attributes and element content without escaping.\nThis issue affects Frap…","indicators":{"cves":["CVE-2026-3673"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T20:16:41.790Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://fluidattacks.com/es/advisories/silvio","label":"help@fluidattacks.com","domainType":"other"},{"url":"https://github.com/frappe/frappe","label":"help@fluidattacks.com","domainType":"primary"},{"url":"https://fluidattacks.com/es/advisories/silvio","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6019","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-6019 — http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes \" for JavaScript…","description":"http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes \" for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence </script> inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie v…","indicators":{"cves":["CVE-2026-6019"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T20:16:42.617Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/python/cpython/commit/76b3923d688c0efc580658476c5f525ec8735104","label":"cna@python.org","domainType":"primary"},{"url":"https://github.com/python/cpython/issues/90309","label":"cna@python.org","domainType":"primary"},{"url":"https://github.com/python/cpython/pull/148848","label":"cna@python.org","domainType":"primary"},{"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/IVNWGV2BBNC3RHQAFS22UP4DY56SAXX3/","label":"cna@python.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3837","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-3837 — An authenticated attacker can persist crafted values in multiple field types and trigger client-side…","description":"An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter implementations interpolate stored values into raw HTML attributes and element content without escapin…","indicators":{"cves":["CVE-2026-3837"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T21:17:08.523Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://fluidattacks.com/es/advisories/sabina","label":"help@fluidattacks.com","domainType":"other"},{"url":"https://github.com/frappe/frappe","label":"help@fluidattacks.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41134","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41134 — Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a cod…","description":"Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a code-generation literal injection vulnerability in multiple writer sinks (for example: serialization/deserialization keys, path/query parameter mappings, URL template metadata, enum/property metadata, an…","indicators":{"cves":["CVE-2026-41134"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T21:17:09.027Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/microsoft/kiota/security/advisories/GHSA-2hx3-vp6r-mg3f","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41168","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41168 — pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability presen…","description":"pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large `/Size` values or object streams with wrong large `/N` values. This h…","indicators":{"cves":["CVE-2026-41168","CVE-2026-41312","CVE-2026-41313","CVE-2026-41314"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T21:17:09.450Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/py-pdf/pypdf/commit/62338e9d36419cf193ccec7331784f45df1d70b3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/py-pdf/pypdf/pull/3733","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/py-pdf/pypdf/releases/tag/6.10.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-jj6c-8h6c-hppx","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/py-pdf/pypdf/pull/3734","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/py-pdf/pypdf/releases/tag/6.10.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-7gw9-cf7v-778f","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/py-pdf/pypdf/commit/c50a0104cf083356f7c7f5d61410466a57f5c88a","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/py-pdf/pypdf/pull/3735","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-4pxv-j86v-mhcw","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-x284-j5p8-9c5p","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41171","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41171 — Squidex is an open source headless content management system and content management hub. Versions pr…","description":"Squidex is an open source headless content management system and content management hub. Versions prior to 7.23.0 have a Server-Side Request Forgery (SSRF) vulnerability due to missing SSRF protection on the `Jint` HTTP client used by scripting engine functions (`getJSON`, `request`, etc.). An authe…","indicators":{"cves":["CVE-2026-41171"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T22:16:31.543Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/Squidex/squidex/commit/b81d75e1d9c1a8e30993c2ee59b350002b9aeda4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/Squidex/squidex/security/advisories/GHSA-4m22-gvqm-jv97","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-1726","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-1726 — IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1","description":"IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1","indicators":{"cves":["CVE-2026-1726"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:44.920Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://www.ibm.com/support/pages/node/7268697","label":"psirt@us.ibm.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-29198","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-29198 — In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injec…","description":"In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OAuth app is configured.","indicators":{"cves":["CVE-2026-29198"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:45.060Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/RocketChat/Rocket.Chat/pull/39492","label":"support@hackerone.com","domainType":"primary"},{"url":"https://hackerone.com/reports/3564655","label":"support@hackerone.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-32679","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-32679 — The installers of LiveOn Meet Client for Windows (Downloader5Installer.exe and Downloader5InstallerF…","description":"The installers of LiveOn Meet Client for Windows (Downloader5Installer.exe and Downloader5InstallerForAdmin.exe) and the installers of Canon Network Camera Plugin (CanonNWCamPlugin.exe and CanonNWCamPluginForAdmin.exe) insecurely load Dynamic Link Libraries (DLLs). If a malicious DLL is placed at th…","indicators":{"cves":["CVE-2026-32679"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:45.157Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://jvn.jp/en/jp/JVN45563482/","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://web.liveon.ne.jp/wp-content/uploads/2026/04/JMSSA2026-001.pdf","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40062","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40062 — A path Traversal vulnerability exists in Ziostation2 v2.9.8.7 and earlier. A remote unauthenticated…","description":"A path Traversal vulnerability exists in Ziostation2 v2.9.8.7 and earlier. A remote unauthenticated attacker may get sensitive information on the operating system.","indicators":{"cves":["CVE-2026-40062"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:45.467Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://jvn.jp/en/jp/JVN00575116/","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41176","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41176 — Rclone is a command-line program to sync files and directories to and from different cloud storage p…","description":"Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint `options/set` is exposed without `AuthRequired: true`, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pr…","indicators":{"cves":["CVE-2026-41176","CVE-2026-41179"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:45.800Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/rc/config.go","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/rc/rcserver/rcserver.go","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/rclone/rclone/security/advisories/GHSA-25qr-6mpr-f7qx","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/backend/webdav/webdav.go","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/operations/rc.go","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/rc/cache.go","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/rclone/rclone/security/advisories/GHSA-jfwf-28xr-xw6q","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41196","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41196 — Luanti (formerly Minetest) is an open source voxel game-creation platform. Starting in version 5.0.0…","description":"Luanti (formerly Minetest) is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the ser…","indicators":{"cves":["CVE-2026-41196"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:17.900Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/luanti-org/luanti/commit/8a929dfb97aa08337f49ba1bb96a56d6557dc896","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/luanti-org/luanti/security/advisories/GHSA-g596-mf82-w8c3","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41197","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41197 — Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compat…","description":"Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and Brillig is the bytecode ACIR uses for non-determinism. Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA instructi…","indicators":{"cves":["CVE-2026-41197"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:18.127Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/noir-lang/noir/releases/tag/v1.0.0-beta.19","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/noir-lang/noir/security/advisories/GHSA-jj7c-x25r-r8r3","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41200","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41200 — STIG Manager is an API and web client for managing Security Technical Implementation Guides (STIG) a…","description":"STIG Manager is an API and web client for managing  Security Technical Implementation Guides (STIG) assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting (XSS) vulnerability in the OIDC authentication error handling code in `src/init.js` and `public/…","indicators":{"cves":["CVE-2026-41200"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:18.333Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/NUWCDIVNPT/stig-manager/security/advisories/GHSA-wg33-j3rv-jq72","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41206","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41206 — PySpector is a static analysis security testing (SAST) Framework engineered for modern Python develo…","description":"PySpector is a static analysis security testing (SAST) Framework engineered for modern Python development workflows. The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. Prior to version 0.1.8, the blocklist implemented in…","indicators":{"cves":["CVE-2026-41206"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:18.533Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/ParzivalHack/PySpector/commit/3c9547157fc07396f22b26b3484a9a91eba98555","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ParzivalHack/PySpector/commit/4e279e078c53d760fd321ff9b698d683c65ccb8e","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ParzivalHack/PySpector/security/advisories/GHSA-vp22-38m5-r39r","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41211","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41211 — Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, `download…","description":"Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, `downloadPackageManager()` accepts an untrusted `version` string and uses it directly in filesystem paths. A caller can supply `../` segments or an absolute path to escape the `VP_HOME/package_manager/<pm>/` c…","indicators":{"cves":["CVE-2026-41211"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:18.860Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/voidzero-dev/vite-plus/security/advisories/GHSA-33r3-4whc-44c2","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41243","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41243 — OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0…","description":"OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when `safeMode` is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit 844b2…","indicators":{"cves":["CVE-2026-41243"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:19.040Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/siemvk/OpenLearn/commit/844b2a40a69d0c4911580fe501923f0b391313ab","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/siemvk/OpenLearn/security/advisories/GHSA-4rv3-hfh6-vqvm","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-26171-net-denial-of-service-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-26171 .NET Denial of Service Vulnerability","description":"The CVE was updated to include Powershell 7.6 and 7.5","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:00:00.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26171","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-5928-static-buffer-overflow-in-deprecated-nis-local-principal","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-5928 Static buffer overflow in deprecated nis_local_principal","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:01:18.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5928","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5358","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-5958-race-condition-in-gnu-sed","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-5958 Race Condition in GNU Sed","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:01:51.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5958","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2025-14821-libssh-libssh-insecure-default-configuration-leads-to-local-man-i","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2025-14821 Libssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windows","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:46:10.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-14821","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-4786-incomplete-mitigation-of-cve-2026-4519-action-expansion-for-comman","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:37:33.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-4786","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-5450-scanf-mc-off-by-one-heap-buffer-overflow","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-5450 scanf %mc off-by-one heap buffer overflow","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:01:30.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5450","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-31430-x-509-fix-out-of-bounds-access-when-parsing-extensions","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-31430 X.509: Fix out-of-bounds access when parsing extensions","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:01:36.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-31430","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-31429-net-skb-fix-cross-cache-free-of-kfence-allocated-skb-head","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-31429 net: skb: fix cross-cache free of KFENCE-allocated skb head","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:01:41.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-31429","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-ncsc-flags-widening-gap-between-cyber-threats-and-national-resilience-urges-acti","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"NCSC flags widening gap between cyber threats and national resilience, urges action as AI fuels rise in disruptive attacks","description":"The U.K.’s National Cyber Security Centre (NCSC) is warning that organizations delivering critical services must urgently prepare for...\nThe post NCSC flags widening gap between cyber threats and national resilience, urges action as AI fuels rise in disruptive attacks appeared first on Industrial Cy…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T16:11:32.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://industrialcyber.co/threat-landscape/ncsc-flags-widening-gap-between-cyber-threats-and-national-resilience-urges-action-as-ai-fuels-rise-in-disruptive-attacks/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"vendor-bridge-break-reveals-22-vulnerabilities-in-serial-to-ip-converters-enabling-disr","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"BRIDGE:BREAK reveals 22 vulnerabilities in serial-to-IP converters enabling disruption and lateral movement across OT","description":"New research from Forescout Technologies uncovers 22 previously unknown vulnerabilities in serial-to-IP converters, with thousands of exposed devices...\nThe post BRIDGE:BREAK reveals 22 vulnerabilities in serial-to-IP converters enabling disruption and lateral movement across OT appeared first on In…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T16:02:10.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://industrialcyber.co/reports/bridgebreak-reveals-22-vulnerabilities-in-serial-to-ip-converters-enabling-disruption-and-lateral-movement-across-ot/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"vendor-australia-s-cisc-tightens-cyber-reporting-rules-to-capture-ai-driven-incidents-i","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Australia’s CISC tightens cyber reporting rules to capture AI-driven incidents in critical infrastructure","description":"Australia’s Cyber and Infrastructure Security Centre (CISC) outlined how regulatory obligations under the Security of Critical Infrastructure Act...\nThe post Australia’s CISC tightens cyber reporting rules to capture AI-driven incidents in critical infrastructure appeared first on Industrial Cyber.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T15:59:24.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://industrialcyber.co/regulation-standards-and-compliance/australias-cisc-tightens-cyber-reporting-rules-to-capture-ai-driven-incidents-in-critical-infrastructure/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"vendor-servicenow-closes-armis-deal-to-extend-ai-powered-cyber-risk-visibility-across-o","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"ServiceNow closes Armis deal to extend AI-powered cyber risk visibility across OT and IoT","description":"ServiceNow completed its acquisition of Armis, a cyber exposure management and security company, delivering a comprehensive AI-powered solution...\nThe post ServiceNow closes Armis deal to extend AI-powered cyber risk visibility across OT and IoT appeared first on Industrial Cyber.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T15:22:38.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://industrialcyber.co/news/servicenow-closes-armis-deal-to-extend-ai-powered-cyber-risk-visibility-across-ot-and-iot/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"news-apple-fixes-ios-bug-that-retained-deleted-notification-data","source":"general-news","category":"news","severity":"unknown","title":"Apple fixes iOS bug that retained deleted notification data","description":"Apple has released out-of-band security updates for iPhone and iPad devices to fix a Notification Services flaw that could allow notifications marked for deletion to remain stored on the device. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T20:58:58.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/apple-fixes-ios-bug-that-retained-deleted-notification-data/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-new-gogra-malware-for-linux-uses-microsoft-graph-api-for-comms","source":"general-news","category":"news","severity":"unknown","title":"New GoGra malware for Linux uses Microsoft Graph API for comms","description":"A Linux variant of the GoGra backdoor uses legitimate Microsoft infrastructure, relying on an Outlook inbox for stealthy payload delivery. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:00:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/new-gogra-malware-for-linux-uses-microsoft-graph-api-for-comms/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-microsoft-releases-emergency-patches-for-critical-asp-net-flaw","source":"general-news","category":"news","severity":"unknown","title":"Microsoft releases emergency patches for critical ASP.NET flaw","description":"Microsoft has released out-of-band (OOB) security updates to patch a critical ASP.NET Core privilege escalation vulnerability. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:08:16.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-security-updates-for-critical-aspnet-flaw/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-lotus-wiper-malware-targets-venezuelan-energy-systems-in-destructive-attack","source":"general-news","category":"news","severity":"unknown","title":"Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack","description":"Cybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last year and the start of 2026.\nDubbed Lotus Wiper, the novel file wiper has been used in a destructive campaign targeting the energy and utilities sector i…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:55:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/lotus-wiper-malware-targets-venezuelan.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-toxic-combinations-when-cross-app-permissions-stack-into-risk","source":"general-news","category":"news","severity":"unknown","title":"Toxic Combinations: When Cross-App Permissions Stack into Risk","description":"On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses and 1.5 million agent API tokens across 770,000 active agents.\nThe more worrying part sat inside the private messages. Some of those conver…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:41:36.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/toxic-combinations-when-cross-app.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-microsoft-patches-critical-asp-net-core-cve-2026-40372-privilege-escalation-bug","source":"general-news","category":"news","severity":"unknown","title":"Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug","description":"Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges.\nThe vulnerability, tracked as CVE-2026-40372, carries a CVSS score of 9.1 out of 10.0. It's rated Important in severity. An anonymous researcher has bee…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:29:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/microsoft-patches-critical-aspnet-core.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-cohere-ai-terrarium-sandbox-flaw-enables-root-code-execution-container-escape","source":"general-news","category":"news","severity":"unknown","title":"Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape","description":"A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution.\nThe vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system.\n\"Sandbox escape vulnerability in Terrarium allows arbitrary code execut…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/cohere-ai-terrarium-sandbox-flaw.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-dprk-fake-job-scams-self-propagate-in-contagious-interview","source":"general-news","category":"news","severity":"unknown","title":"DPRK Fake Job Scams Self-Propagate in 'Contagious Interview'","description":"A compromised developer's repository serves as a worm-like infection vector to spread remote access Trojans (RATs) and other malware.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:48:05.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.darkreading.com/cyberattacks-data-breaches/dprk-fake-job-scams-self-propagate-contagious-interview","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-after-bluesky-mastodon-targeted-in-ddos-attack","source":"general-news","category":"news","severity":"unknown","title":"After Bluesky, Mastodon Targeted in DDoS Attack","description":"The DDoS attack caused a major outage, but Mastodon mitigated it within a few hours.\nThe post After Bluesky, Mastodon Targeted in DDoS Attack appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:26:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.securityweek.com/after-bluesky-mastodon-targeted-in-ddos-attack/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-most-serious-cyberattacks-against-the-uk-now-from-russia-iran-and-china-cyber-ch","source":"general-news","category":"news","severity":"unknown","title":"Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says","description":"British businesses need to prepare themselves to defend against cyberattacks because the U.K. could be targeted “at scale,” if it became involved in an international conflict.\nThe post Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says appeared first on Securi…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T12:57:01.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.securityweek.com/most-serious-cyberattacks-against-the-uk-now-from-russia-iran-and-china-cyber-chief-says/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-new-wiper-malware-targeted-venezuelan-energy-sector-prior-to-us-intervention","source":"general-news","category":"news","severity":"unknown","title":"New Wiper Malware Targeted Venezuelan Energy Sector Prior to US Intervention ","description":"Dubbed Lotus Wiper, the malware targets recovery mechanisms, overwrites drives, and systematically deletes files.\nThe post New Wiper Malware Targeted Venezuelan Energy Sector Prior to US Intervention  appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T12:10:28.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.securityweek.com/new-wiper-malware-targeted-venezuelan-energy-sector-prior-to-us-intervention/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-north-korean-hackers-use-applescript-clickfix-in-fresh-macos-attacks","source":"general-news","category":"news","severity":"unknown","title":"North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks","description":"The campaigns focus on financial organizations, including cryptocurrency, venture capital, and blockchain entities.\nThe post North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:49:52.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.securityweek.com/north-korean-hackers-use-applescript-clickfix-in-fresh-macos-attacks/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-oracle-patches-450-vulnerabilities-with-april-2026-cpu","source":"general-news","category":"news","severity":"unknown","title":"Oracle Patches 450 Vulnerabilities With April 2026 CPU","description":"The company released 481 new security patches across 28 product families, including over 300 fixes for remotely exploitable, unauthenticated flaws.\nThe post Oracle Patches 450 Vulnerabilities With April 2026 CPU appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:41:10.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.securityweek.com/oracle-patches-450-vulnerabilities-with-april-2026-cpu/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-macos-native-tools-enable-stealthy-enterprise-attacks","source":"general-news","category":"news","severity":"unknown","title":"MacOS Native Tools Enable Stealthy Enterprise Attacks","description":"macOS LOTL techniques bypass detection using native tools and metadata abuse","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T16:30:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://www.infosecurity-magazine.com/news/macos-lotl-techniques-enterprise/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-ncsc-unveils-silentglass-a-plug-in-device-to-protect-monitors-from-cyber-attacks","source":"general-news","category":"news","severity":"unknown","title":"NCSC Unveils SilentGlass, a Plug-In Device to Protect Monitors from Cyber-Attacks","description":"The UK’s cybersecurity agency said the devices will be available for purchase by organizations around the world","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T15:00:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://www.infosecurity-magazine.com/news/ncsc-silentglass-a-plugin-stop/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-uk-faces-a-cyber-perfect-storm-driven-by-tech-advances-and-nation-state-threats-","source":"general-news","category":"news","severity":"unknown","title":"UK Faces a Cyber ‘Perfect Storm’ Driven by Tech Advances and Nation State Threats, NCSC Warns","description":"The convergence of global tensions and rapid technological change is driving a new era of cyber risk, the NCSC warns","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:07:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://www.infosecurity-magazine.com/news/uk-faces-a-cyber-perfect-storm-ncsc/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-north-korean-hackers-siphon-more-than-12-million-from-crypto-users-in-sprawling-","source":"general-news","category":"news","severity":"unknown","title":"North Korean hackers siphon more than $12 million from crypto users in sprawling campaign","description":"Researchers said the group stole up to $12 million in cryptocurrency in the first three months of 2026 through malware attacks on personal devices.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T20:48:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://therecord.media/north-korean-hackers-siphon-12-million-from-crypto-users","label":"The Record","domainType":"media"}],"feedLabel":null},{"id":"news-hackers-deployed-wiper-malware-in-destructive-attacks-on-venezuela-s-energy-sect","source":"general-news","category":"news","severity":"unknown","title":"Hackers deployed wiper malware in destructive attacks on Venezuela’s energy sector","description":"Hackers deployed a previously unknown wiper malware against Venezuela’s energy and utilities sector in an attack that appears to have been designed to destroy systems.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T19:00:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://therecord.media/hackers-venezuela-wiper-malware-oil","label":"The Record","domainType":"media"}],"feedLabel":null},{"id":"news-french-police-arrest-suspected-hacker-behind-dozens-of-data-breaches","source":"general-news","category":"news","severity":"unknown","title":"French police arrest suspected hacker behind dozens of data breaches","description":"French authorities have arrested a suspected hacker believed to be behind dozens of data breaches targeting public institutions, sports federations and private organizations across the country.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T15:30:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://therecord.media/french-hacker-cyberattacks-arrest","label":"The Record","domainType":"media"}],"feedLabel":null},{"id":"news-uk-cyber-agency-handling-four-major-incidents-a-week-as-nation-state-attacks-sur","source":"general-news","category":"news","severity":"unknown","title":"UK cyber agency handling four major incidents a week as nation-state attacks surge","description":"Britain's cybersecurity chief warned Tuesday that the country is handling four nationally significant cyber incidents every week, with the majority now traced back to hostile foreign governments rather than criminal hackers.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T12:45:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://therecord.media/UK-cyberattacks-ncsc-china","label":"The Record","domainType":"media"}],"feedLabel":null},{"id":"news-the-ai-era-demands-a-different-kind-of-ciso","source":"general-news","category":"news","severity":"unknown","title":"The AI era demands a different kind of CISO","description":"When attackers can discover and exploit vulnerabilities in minutes, last quarter's audit doesn't mean much. CISOs need to shift from static measurement to real-time awareness -- and fast.\nThe post The AI era demands a different kind of CISO appeared first on CyberScoop.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:00:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://cyberscoop.com/ciso-strategy-ai-real-time-risk-op-ed/","label":"CyberScoop","domainType":"media"}],"feedLabel":null}],"llmPrompt":"You are a cybersecurity analyst. Summarize this daily threat intelligence report for 2026-04-23.\nTotal items collected: 1334 from sources: cisa-kev: 7, otx: 33, cisa-advisories: 18, vendor-blogs: 87, nvd: 1071, malware-bazaar: 16, abuse-ipdb: 20, threatfox: 2, general-news: 96.\n\nTop threats by severity:\n1. [CRITICAL] CVE-2026-4119 — The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up t…\n2. [CRITICAL] CVE-2026-6235 — The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'ma…\n3. [CRITICAL] CVE-2026-31460 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check if ext_ca…\n4. [CRITICAL] CVE-2026-31461 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix drm_edid le…\n5. [CRITICAL] CVE-2026-31488 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not skip unr…\n6. [CRITICAL] CVE-2026-6356 — A vulnerability in the web application allows standard users to escalate their privileges to those o…\n7. [CRITICAL] CVE-2026-34415 — Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability…\n8. [CRITICAL] CVE-2026-33471 — nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::ve…\n9. [CRITICAL] CVE-2026-33656 — EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, Espo…\n10. [CRITICAL] CVE-2026-41167 — Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple A…\n\nProvide: (1) Executive summary (2-3 sentences), (2) Key threats to watch,\n(3) Recommended actions for security teams, (4) Notable trends.\nBe concise and actionable. Focus on what matters most to defenders."}