{"metadata":{"generatedAt":"2026-04-23T03:00:26.198Z","reportDate":"2026-04-23","totalItems":1334,"sourceBreakdown":{"cisa-kev":7,"otx":33,"cisa-advisories":18,"vendor-blogs":87,"nvd":1071,"malware-bazaar":16,"abuse-ipdb":20,"threatfox":2,"general-news":96},"categoryBreakdown":{"vulnerability":1078,"advisory":90,"malware":16,"ip-reputation":20,"threat-intel":34,"news":96},"fetchErrors":[]},"highlights":[{"id":"cisa-adv-hardy-barth-salia-ev-charge-controller","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"critical","title":"Hardy Barth Salia EV Charge Controller","description":"View CSAF\nSummary\nSuccessful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution.\nThe following versions of Hardy Barth Salia EV Charge Controller are affected:\nSalia Board Firmware <=2.3.81 (CVE-2025-5873, CVE-2025…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics","rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:00:00.000Z","fetchedAt":"2026-04-23T03:00:00.173Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-05","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-delta-electronics-asda-soft","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"critical","title":"Delta Electronics ASDA-Soft","description":"View CSAF\nSummary\nSuccessful exploitation of this vulnerability could allow an attacker to execute arbitrary code.\nThe following versions of Delta Electronics ASDA-Soft are affected:\nASDA-Soft <=V7.2.2.0\nCVSS\nVendor\nEquipment\nVulnerabilities\n\n\n\n\nv3 7.8\nDelta Electronics\nDelta Electronics ASDA-Soft\nS…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["zeroday","phishing","ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T12:00:00.000Z","fetchedAt":"2026-04-23T03:00:00.173Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-01","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-anviz-multiple-products","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"critical","title":"Anviz Multiple Products","description":"View CSAF\nSummary\nSuccessful exploitation of these vulnerabilities could allow attackers to conduct reconnaissance, capture or decrypt sensitive data, alter device configurations, gain unauthorized administrative or root‑level access, execute arbitrary code, compromise credentials or communications,…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics","rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T12:00:00.000Z","fetchedAt":"2026-04-23T03:00:00.173Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-4880","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-4880 — The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale)…","description":"The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication in all versions up to, and including, 1.11.0. This is due to the plugin trusting a user-supplied Bas…","indicators":{"cves":["CVE-2026-4880"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T00:16:29.393Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/trunk/src/Core.php?rev=3391688#L498","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3506824/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders#file30","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a213e844-a0d3-4123-9f72-caef7702804c?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40959","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40959 — Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.","description":"Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.","indicators":{"cves":["CVE-2026-40959"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T01:16:11.617Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://github.com/luanti-org/luanti/commit/53cef183e2a85a4daff84ac1a9a7946f940da8f8","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/luanti-org/luanti/commit/8a929dfb97aa08337f49ba1bb96a56d6557dc896","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/luanti-org/luanti/security/advisories/GHSA-g596-mf82-w8c3","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40504","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40504 — Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec f…","description":"Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravity_fiber_reassign(…","indicators":{"cves":["CVE-2026-40504"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T02:16:11.693Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://github.com/marcobambini/gravity/commit/18b9195598d9b944376754c6d1ad76e38a4adca1","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/marcobambini/gravity/issues/437","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/marcobambini/gravity/releases/tag/0.9.6","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/creolabs-gravity-heap-buffer-overflow-via-gravity-vm-exec","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6350","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6350 — MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing…","description":"MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.","indicators":{"cves":["CVE-2026-6350"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T03:16:30.847Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://www.twcert.org.tw/en/cp-139-10843-9ff91-2.html","label":"twcert@cert.org.tw","domainType":"other"},{"url":"https://www.twcert.org.tw/tw/cp-132-10844-1405d-1.html","label":"twcert@cert.org.tw","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3596","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-3596 — The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versi…","description":"The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.2. The plugin registers an unauthenticated AJAX action ('wp_ajax_nopriv_install-imprint') that maps to the ink_pd_add_option() function. This function reads 'option' and…","indicators":{"cves":["CVE-2026-3596"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T06:16:15.667Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L183","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L5045","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L5046","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L5047","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L5058","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L183","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L5045","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L5046","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L5047","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L5058","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/271a35fb-56b7-4d6b-bccc-fea1227d0913?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31843","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-31843 — The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/a…","description":"The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment hook files. The endpoint is exposed via Route::any() without authentication middleware, enabling rem…","indicators":{"cves":["CVE-2026-31843"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T13:16:48.473Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/goodoneuz/pay-uz/blob/master/src/Http/Controllers/ApiController.php","label":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","domainType":"primary"},{"url":"https://github.com/goodoneuz/pay-uz/blob/master/src/routes/web.php","label":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","domainType":"primary"},{"url":"https://github.com/shaxzodbek-uzb/pay-uz","label":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","domainType":"primary"},{"url":"https://packagist.org/packages/goodoneuz/pay-uz","label":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6270","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6270 — @fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child pl…","description":"@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent scope and then registers child plugins with @fastify/middie, the child scope does not inherit the pare…","indicators":{"cves":["CVE-2026-6270"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T14:16:19.433Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://cna.openjsf.org/security-advisories.html","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"other"},{"url":"https://github.com/fastify/fastify-express/security/advisories/GHSA-hrwm-hgmj-7p9c","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"primary"},{"url":"https://github.com/fastify/middie/security/advisories/GHSA-72c6-fx6q-fr5w","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"primary"}],"feedLabel":null}],"items":[{"id":"cisa-adv-hardy-barth-salia-ev-charge-controller","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"critical","title":"Hardy Barth Salia EV Charge Controller","description":"View CSAF\nSummary\nSuccessful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution.\nThe following versions of Hardy Barth Salia EV Charge Controller are affected:\nSalia Board Firmware <=2.3.81 (CVE-2025-5873, CVE-2025…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics","rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:00:00.000Z","fetchedAt":"2026-04-23T03:00:00.173Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-05","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-delta-electronics-asda-soft","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"critical","title":"Delta Electronics ASDA-Soft","description":"View CSAF\nSummary\nSuccessful exploitation of this vulnerability could allow an attacker to execute arbitrary code.\nThe following versions of Delta Electronics ASDA-Soft are affected:\nASDA-Soft <=V7.2.2.0\nCVSS\nVendor\nEquipment\nVulnerabilities\n\n\n\n\nv3 7.8\nDelta Electronics\nDelta Electronics ASDA-Soft\nS…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["zeroday","phishing","ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T12:00:00.000Z","fetchedAt":"2026-04-23T03:00:00.173Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-01","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-anviz-multiple-products","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"critical","title":"Anviz Multiple Products","description":"View CSAF\nSummary\nSuccessful exploitation of these vulnerabilities could allow attackers to conduct reconnaissance, capture or decrypt sensitive data, alter device configurations, gain unauthorized administrative or root‑level access, execute arbitrary code, compromise credentials or communications,…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics","rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T12:00:00.000Z","fetchedAt":"2026-04-23T03:00:00.173Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-4880","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-4880 — The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale)…","description":"The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication in all versions up to, and including, 1.11.0. This is due to the plugin trusting a user-supplied Bas…","indicators":{"cves":["CVE-2026-4880"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T00:16:29.393Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/trunk/src/Core.php?rev=3391688#L498","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3506824/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders#file30","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a213e844-a0d3-4123-9f72-caef7702804c?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40959","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40959 — Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.","description":"Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.","indicators":{"cves":["CVE-2026-40959"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T01:16:11.617Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://github.com/luanti-org/luanti/commit/53cef183e2a85a4daff84ac1a9a7946f940da8f8","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/luanti-org/luanti/commit/8a929dfb97aa08337f49ba1bb96a56d6557dc896","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/luanti-org/luanti/security/advisories/GHSA-g596-mf82-w8c3","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40504","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40504 — Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec f…","description":"Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravity_fiber_reassign(…","indicators":{"cves":["CVE-2026-40504"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T02:16:11.693Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://github.com/marcobambini/gravity/commit/18b9195598d9b944376754c6d1ad76e38a4adca1","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/marcobambini/gravity/issues/437","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/marcobambini/gravity/releases/tag/0.9.6","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/creolabs-gravity-heap-buffer-overflow-via-gravity-vm-exec","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6350","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6350 — MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing…","description":"MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.","indicators":{"cves":["CVE-2026-6350"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T03:16:30.847Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://www.twcert.org.tw/en/cp-139-10843-9ff91-2.html","label":"twcert@cert.org.tw","domainType":"other"},{"url":"https://www.twcert.org.tw/tw/cp-132-10844-1405d-1.html","label":"twcert@cert.org.tw","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3596","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-3596 — The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versi…","description":"The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.2. The plugin registers an unauthenticated AJAX action ('wp_ajax_nopriv_install-imprint') that maps to the ink_pd_add_option() function. This function reads 'option' and…","indicators":{"cves":["CVE-2026-3596"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T06:16:15.667Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L183","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L5045","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L5046","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L5047","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L5058","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L183","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L5045","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L5046","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L5047","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L5058","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/271a35fb-56b7-4d6b-bccc-fea1227d0913?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31843","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-31843 — The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/a…","description":"The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment hook files. The endpoint is exposed via Route::any() without authentication middleware, enabling rem…","indicators":{"cves":["CVE-2026-31843"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T13:16:48.473Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/goodoneuz/pay-uz/blob/master/src/Http/Controllers/ApiController.php","label":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","domainType":"primary"},{"url":"https://github.com/goodoneuz/pay-uz/blob/master/src/routes/web.php","label":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","domainType":"primary"},{"url":"https://github.com/shaxzodbek-uzb/pay-uz","label":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","domainType":"primary"},{"url":"https://packagist.org/packages/goodoneuz/pay-uz","label":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6270","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6270 — @fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child pl…","description":"@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent scope and then registers child plugins with @fastify/middie, the child scope does not inherit the pare…","indicators":{"cves":["CVE-2026-6270"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T14:16:19.433Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://cna.openjsf.org/security-advisories.html","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"other"},{"url":"https://github.com/fastify/fastify-express/security/advisories/GHSA-hrwm-hgmj-7p9c","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"primary"},{"url":"https://github.com/fastify/middie/security/advisories/GHSA-72c6-fx6q-fr5w","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-37336","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-37336 — SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /…","description":"SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_music.php.","indicators":{"cves":["CVE-2026-37336","CVE-2026-37337","CVE-2026-37338","CVE-2026-37339","CVE-2026-37340"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T15:17:36.460Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/mt-0505/cve-report/blob/main/sourcecodester/simple-music-cloud-community-system/SQL-1.md","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/mt-0505/cve-report/blob/main/sourcecodester/simple-music-cloud-community-system/SQL-2.md","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/mt-0505/cve-report/blob/main/sourcecodester/simple-music-cloud-community-system/SQL-4.md","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/mt-0505/cve-report/blob/main/sourcecodester/simple-music-cloud-community-system/SQL-3.md","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/mt-0505/cve-report/blob/main/sourcecodester/simple-music-cloud-community-system/SQL-5.md","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-37341","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-37341 — SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the fil…","description":"SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_category.php.","indicators":{"cves":["CVE-2026-37341","CVE-2026-37342","CVE-2026-37343","CVE-2026-37344","CVE-2026-37345"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T15:17:37.007Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/mt-0505/cve-report/blob/main/sourcecodester/vehicle-parking-area-management-system/SQL-1.md","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/mt-0505/cve-report/blob/main/sourcecodester/vehicle-parking-area-management-system/SQL-2.md","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/mt-0505/cve-report/blob/main/sourcecodester/vehicle-parking-area-management-system/SQL-4.md","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/mt-0505/cve-report/blob/main/sourcecodester/vehicle-parking-area-management-system/SQL-3.md","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/mt-0505/cve-report/blob/main/sourcecodester/vehicle-parking-area-management-system/SQL-5.md","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-37346","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-37346 — SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the…","description":"SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_account.php?emp_id=.","indicators":{"cves":["CVE-2026-37346","CVE-2026-37347"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T15:17:37.560Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/mt-0505/cve-report/blob/main/sourcecodester/payroll-management-and-information-system/SQL-1.md","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/mt-0505/cve-report/blob/main/sourcecodester/payroll-management-and-information-system/SQL-2.md","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33082","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-33082 — DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQ…","description":"DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and passed to WhereTree2St…","indicators":{"cves":["CVE-2026-33082"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T18:16:45.283Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/dataease/dataease/releases/tag/v2.10.21","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-xxpw-2c8q-g693","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33083","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-33083 — DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below con…","description":"DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLObj c…","indicators":{"cves":["CVE-2026-33083","CVE-2026-33084","CVE-2026-33121","CVE-2026-33122","CVE-2026-33207","CVE-2026-40899","CVE-2026-40900"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T18:16:45.433Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/dataease/dataease/releases/tag/v2.10.21","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-f443-95cf-m837","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-r897-r9q8-3p2x","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-fg4m-q7ch-jqv5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-28vg-3hv7-w92f","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-pgh3-rgw3-xjmm","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-944x-93jf-h3rx","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-vqxf-84ph-j3vx","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40322","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40322 — SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid…","description":"SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered with securityLevel set to \"loose\", and the resulting SVG is injected into the DOM via innerHTML. This allows attacker-controlled javascript: URLs in Mermaid code blocks to surviv…","indicators":{"cves":["CVE-2026-40322"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T23:16:33.733Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/siyuan-note/siyuan/releases/tag/v3.6.4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-x63q-3rcj-hhp5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-x63q-3rcj-hhp5","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-34018","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-34018 — An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to exe…","description":"An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product.","indicators":{"cves":["CVE-2026-34018"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T06:16:29.733Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://community.cubecart.com/t/cubecart-6-6-0-released-the-biggest-update-in-years/62405","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://jvn.jp/en/jp/JVN78422311/","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6443","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6443 — All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versi…","description":"All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a persisten…","indicators":{"cves":["CVE-2026-6443"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T07:16:03.160Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://anchor.host/someone-bought-30-wordpress-plugins-and-planted-a-backdoor-in-all-of-them/","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2597724a-9a39-4e46-b153-f42366f833ba?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-37749","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-37749 — A SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows remote un…","description":"A SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows remote unauthenticated attackers to bypass authentication via the username parameter in index.php.","indicators":{"cves":["CVE-2026-37749"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T15:16:51.763Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://codeastro.com/simple-attendance-management-system-in-php-with-source-code/","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/menevarad007/CVE-2026-37749","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6284","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6284 — An attacker with network access to the PLC is able to brute force discover passwords to gain unautho…","description":"An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.","indicators":{"cves":["CVE-2026-6284"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T16:17:07.620Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-02.json","label":"ics-cert@hq.dhs.gov","domainType":"primary"},{"url":"https://hornerautomation.com/cscape-software-free/cscape-software/","label":"ics-cert@hq.dhs.gov","domainType":"other"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-02","label":"ics-cert@hq.dhs.gov","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-27890","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-27890 — Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7…","description":"Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow()…","indicators":{"cves":["CVE-2026-27890","CVE-2026-28214","CVE-2026-28224","CVE-2026-33337","CVE-2026-34232","CVE-2026-35215","CVE-2026-40342"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T19:16:34.993Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6crx-4g37-7j49","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7cq5-994r-jhrf","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-xrcw-wpjx-pr95","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-89mq-229g-x47p","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7jq3-6j3c-5cm2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-g99w-prq5-29c6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7pxc-h3rv-r257","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40525","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40525 — OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot O…","description":"OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the api_key configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke privi…","indicators":{"cves":["CVE-2026-40525"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T19:16:39.017Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/volcengine/OpenViking/commit/c7bb1676f4d037609f041bf39e4e2bd52e8f9820","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/volcengine/OpenViking/pull/1447","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/volcengine/OpenViking/releases/tag/v0.3.9","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openviking-authentication-bypass-via-vikingbot-openapi","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-32623","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-32623 — xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vuln…","description":"xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled fragmented virtual channel data against its a…","indicators":{"cves":["CVE-2026-32623","CVE-2026-32624"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:33.953Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-phw3-qp59-x2v4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7q2g-6fjr-h6pp","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35546","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-35546 — Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archi…","description":"Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted \narchives to be accepted, enabling attackers to plant and execute code \nand obtain a reverse shell.","indicators":{"cves":["CVE-2026-35546"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:35.380Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json","label":"ics-cert@hq.dhs.gov","domainType":"primary"},{"url":"https://www.anviz.com/contact-us.html","label":"ics-cert@hq.dhs.gov","domainType":"other"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03","label":"ics-cert@hq.dhs.gov","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-23500","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-23500 — Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) softwar…","description":"Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates the MAIN_ODT_AS_PDF configuration constant directly into a shell command passed to exec() without san…","indicators":{"cves":["CVE-2026-23500"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:31.890Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/Dolibarr/dolibarr/releases/tag/23.0.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-w5j3-8fcr-h87w","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35512","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-35512 — xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the…","description":"xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX (graphics dynamic virtual channel) implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication exploit…","indicators":{"cves":["CVE-2026-35512"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:33.297Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-jg6p-7fg8-9hh6","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40258","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40258 — The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.…","description":"The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability (Zip Slip) in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with directory-tra…","indicators":{"cves":["CVE-2026-40258"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T22:16:32.067Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/gramps-project/gramps-web-api/commit/3ed4342711e3ec849552df09b1fe2fbf2ca5c29a","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gramps-project/gramps-web-api/releases/tag/v3.11.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gramps-project/gramps-web-api/security/advisories/GHSA-m5gr-86j6-99jp","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40351","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40351 — FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login en…","description":"FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attacker to pass a MongoDB query operator object (e.g., {\"$ne\": \"\"}) as the password field. This NoSQL inj…","indicators":{"cves":["CVE-2026-40351"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T22:16:32.793Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/labring/FastGPT/commit/bd966d479fbe414d02679cf79f9eaaab3d100a2d","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/labring/FastGPT/releases/tag/v4.14.9.5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/labring/FastGPT/security/advisories/GHSA-x8mx-2mr7-h9xg","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40477","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40477 — Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.…","description":"Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it fails to properly restric…","indicators":{"cves":["CVE-2026-40477","CVE-2026-40478"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T22:16:33.500Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/thymeleaf/thymeleaf/security/advisories/GHSA-r4v4-5mwr-2fwr","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/thymeleaf/thymeleaf/security/advisories/GHSA-xjw8-8c5c-9r79","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40324","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40324 — Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1…","description":"Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser `Utf8GraphQLParser` has no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types…","indicators":{"cves":["CVE-2026-40324"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:36.920Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/ChilliCream/graphql-platform/commit/08c0caa42ca33c121bbed49d2db892e5bf6fb541","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChilliCream/graphql-platform/commit/4cbaf67d366f800fc1e484bc5c06dfcf27b45023","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChilliCream/graphql-platform/commit/b185eb276c9ee227bd44616ff113be7f01a66c69","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChilliCream/graphql-platform/commit/b9271e6a500484c002fd528dcd34d1a9b445480f","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChilliCream/graphql-platform/pull/9528","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChilliCream/graphql-platform/pull/9530","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChilliCream/graphql-platform/pull/9531","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChilliCream/graphql-platform/releases/tag/12.22.7","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChilliCream/graphql-platform/releases/tag/13.9.16","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChilliCream/graphql-platform/releases/tag/14.3.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChilliCream/graphql-platform/releases/tag/15.1.14","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChilliCream/graphql-platform/security/advisories/GHSA-qr3m-xw4c-jqw3","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40484","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40484 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backu…","description":"ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts uploaded archive contents and copies files from the Images/ directory into the web-accessible document root using recursiveCopyDirectory(), which performs no file exte…","indicators":{"cves":["CVE-2026-40484"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:39.387Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/ChurchCRM/CRM/commit/68be1d12bc4cc1429575ae797ef05efe47030d39","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/pull/8610","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/security/advisories/GHSA-2932-77f9-62fx","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40317","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40317 — NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.…","description":"NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 12 (JumpToUser) accepts an arbitrary entry point address from user-space registers without validation, allowing any Ring 3 user-mode process to jump to kernel addresses and execute arbitra…","indicators":{"cves":["CVE-2026-40317","CVE-2026-40572"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T01:16:19.380Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/MinecAnton209/NovumOS/releases/tag/v0.24","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/MinecAnton209/NovumOS/security/advisories/GHSA-xjx3-gjh9-45fm","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/MinecAnton209/NovumOS/security/advisories/GHSA-rg7m-6vh7-f4v2","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40492","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40492 — SAIL is a cross-platform library for loading and saving images with support for animation, metadata,…","description":"SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on `pixmap_depth` but the byte-swap code uses `bits_per_pixel` independently. Whe…","indicators":{"cves":["CVE-2026-40492","CVE-2026-40493","CVE-2026-40494"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T03:16:13.300Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/HappySeaFox/sail/commit/36aa5c7ec8a2bb35f6fb867a1177a6f141156b02","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/HappySeaFox/sail/security/advisories/GHSA-526v-vm72-4v64","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/HappySeaFox/sail/commit/c930284445ea3ff94451ccd7a57c999eca3bc979","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/HappySeaFox/sail/security/advisories/GHSA-rcqx-gc76-r9mv","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/HappySeaFox/sail/commit/45d48d1f2e8e0d73e80bc1fd5310cb57f4547302","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/HappySeaFox/sail/security/advisories/GHSA-cp2j-rwh4-r46f","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-32956","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-32956 — SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vul…","description":"SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device.","indicators":{"cves":["CVE-2026-32956","CVE-2026-32961"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T04:16:34.810Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://jvn.jp/en/vu/JVNVU94271449/","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/en/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6643","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6643 — A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems…","description":"A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to ex…","indicators":{"cves":["CVE-2026-6643"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T07:16:16.543Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://www.asustor.com/security/security_advisory_detail?id=54","label":"security@asustor.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6644","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6644 — A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability al…","description":"A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted web environment and execute arbitrary code on the underlying operating system. This occurs due to insufficient validation of user-supplied in…","indicators":{"cves":["CVE-2026-6644"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T07:16:16.693Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://https://www.asustor.com/security/security_advisory_detail?id=55","label":"security@asustor.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5963","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-5963 — EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remot…","description":"EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.","indicators":{"cves":["CVE-2026-5963","CVE-2026-5964"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T08:16:10.653Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://www.twcert.org.tw/en/cp-139-10832-05f3a-2.html","label":"twcert@cert.org.tw","domainType":"other"},{"url":"https://www.twcert.org.tw/tw/cp-132-10831-a734d-1.html","label":"twcert@cert.org.tw","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33557","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-33557 — A possible security vulnerability has been identified in Apache Kafka. By default, the broker proper…","description":"A possible security vulnerability has been identified in Apache Kafka.\n\nBy default, the broker property `sasl.oauthbearer.jwt.validator.class` is set to `org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator`. It accepts any JWT token without validating its signature, issuer, or audience.…","indicators":{"cves":["CVE-2026-33557"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T14:16:18.780Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://kafka.apache.org/cve-list","label":"security@apache.org","domainType":"other"},{"url":"https://lists.apache.org/thread/v57o00hm6yszdpdnvqx2ss4561yh953h","label":"security@apache.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/17/2","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5760","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-5760 — SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file cont…","description":"SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment().","indicators":{"cves":["CVE-2026-5760"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T14:16:21.680Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/Stuub/SGLang-0.5.9-RCE","label":"cret@cert.org","domainType":"primary"},{"url":"https://www.kb.cert.org/vuls/id/915947","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-24467","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-24467 — OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber advers…","description":"OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's password reset implementation contains multiple security weaknesses that together allow reliable acc…","indicators":{"cves":["CVE-2026-24467","CVE-2026-24468"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:16:41.447Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/OpenAEV-Platform/openaev/blob/82fa7d0009017110c9b509d0dc1b3a78164259dd/openaev-api/src/main/java/io/openaev/rest/user/UserApi.java#L120","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/OpenAEV-Platform/openaev/commit/c09a4e71ea76d26fc28c9b51c76bca89a902df4f","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/OpenAEV-Platform/openaev/releases/tag/2.0.13","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/OpenAEV-Platform/openaev/security/advisories/GHSA-vcjx-vw28-25p2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/OpenAEV-Platform/openaev/commit/3430fe23a9244030d06fdf8e6771592e1f12ad52","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/OpenAEV-Platform/openaev/security/advisories/GHSA-v6rg-hf9w-f8ph","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-39918","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-39918 — Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where th…","description":"Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration file without escaping or validation. Attackers can inject arbitrary PHP code by breaking out of the string context in the…","indicators":{"cves":["CVE-2026-39918"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:16:45.243Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/givanz/Vvveb/commit/5162c1639130bd080ab63c7d856788cd59d6b3b7","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/givanz/Vvveb/releases/tag/1.0.8.1","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/vvveb-code-injection-via-installation-endpoint","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-30269","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-30269 — Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their o…","description":"Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/{username}. The `role` field is accepted by the update model without a manage_users permission check for self-updates, enabling privil…","indicators":{"cves":["CVE-2026-30269"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T17:16:33.483Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://blog.orxiain.life/archives/cve-2026-30269---improper-access-control-in-doorman-allows-privilege-escalation","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/apidoorman/doorman","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-39109","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-39109 — SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management Sy…","description":"SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the username parameter of the login page (index.php). This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve sensitive database c…","indicators":{"cves":["CVE-2026-39109","CVE-2026-39110","CVE-2026-39111"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T18:16:27.043Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/efekaanakkar/Apartment-Visitors-Management-System-CVEs/","label":"cve@mitre.org","domainType":"primary"},{"url":"https://phpgurukul.com/?sdm_process_download=1&download_id=21524","label":"cve@mitre.org","domainType":"other"},{"url":"https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-29649","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-29649 — NEMU contains an implementation flaw in its RISC-V Hypervisor CSR handling where henvcfg[7:4] (CBIE/…","description":"NEMU contains an implementation flaw in its RISC-V Hypervisor CSR handling where henvcfg[7:4] (CBIE/CBCFE/CBZE-related fields) is incorrectly masked/updated based on menvcfg[7:4], so a machine-mode write to menvcfg can implicitly modify the hypervisor's environment configuration. This can lead to in…","indicators":{"cves":["CVE-2026-29649"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T20:16:48.410Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://docs.riscv.org/reference/isa/priv/hypervisor.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://docs.riscv.org/reference/isa/priv/machine.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/OpenXiangShan/NEMU/issues/681","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/OpenXiangShan/NEMU/pull/689","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6257","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6257 — Vvveb CMS v1.0.8 contains a remote code execution vulnerability in its media management functionalit…","description":"Vvveb CMS v1.0.8 contains a remote code execution vulnerability in its media management functionality where a missing return statement in the file rename handler allows authenticated attackers to rename files to blocked extensions .php or .htaccess. Attackers can exploit this logic flaw by first upl…","indicators":{"cves":["CVE-2026-6257"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T20:16:49.107Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/givanz/Vvveb/commit/6fb8eaa998265e33e8802cbc220d8859dbc144f2","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/vvveb-cms-remote-code-execution-via-media-management","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-29646","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-29646 — In OpenXiangShan NEMU prior to 55295c4, when running with RVH (Hypervisor extension) enabled, a VS-m…","description":"In OpenXiangShan NEMU prior to 55295c4, when running with RVH (Hypervisor extension) enabled, a VS-mode guest write to the supervisor interrupt-enable CSR (sie) may be handled incorrectly and can influence machine-level interrupt enable state (mie). This breaks privilege/virtualization isolation and…","indicators":{"cves":["CVE-2026-29646"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:19.503Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://docs.riscv.org/reference/isa/priv/hypervisor.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://docs.riscv.org/reference/isa/priv/machine.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://docs.riscv.org/reference/isa/priv/supervisor.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://docs.riscv.org/reference/isa/unpriv/zicsr.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/OpenXiangShan/NEMU/issues/951","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/OpenXiangShan/NEMU/pull/938","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/OpenXiangShan/NEMU/pull/938/commits/55295c46580456d8d5a9d5736e1fda924b8825ab","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-32604","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-32604 — Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0…","description":"Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, remove files, or inject resources easily. Versions 2026…","indicators":{"cves":["CVE-2026-32604"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:32.457Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/spinnaker/spinnaker/releases/tag/spinnaker-release-2025.3.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/spinnaker/spinnaker/releases/tag/spinnaker-release-2025.4.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/spinnaker/spinnaker/releases/tag/spinnaker-release-2026.0.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/spinnaker/spinnaker/security/advisories/GHSA-x3j7-7pgj-h87r","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-32613","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-32613 — Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services…","description":"Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL (Spring Expression Language) to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike orca, it was NOT restr…","indicators":{"cves":["CVE-2026-32613"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:32.623Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/spinnaker/spinnaker/releases/tag/spinnaker-release-2025.3.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/spinnaker/spinnaker/releases/tag/spinnaker-release-2025.4.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/spinnaker/spinnaker/releases/tag/spinnaker-release-2026.0.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/spinnaker/spinnaker/security/advisories/GHSA-69rw-45wj-g4v6","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5450","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-5450 — Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library ver…","description":"Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.","indicators":{"cves":["CVE-2026-5450"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:36.850Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u","label":"3ff69d7a-14f2-4f67-a097-88dee7810d18","domainType":"other"},{"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450","label":"3ff69d7a-14f2-4f67-a097-88dee7810d18","domainType":"other"},{"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41329","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-41329 — OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate pri…","description":"OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and senderIsOwner parameter manipulation. Attackers can exploit improper context validation to bypass sandbox restrictions and achieve unauthorized privilege…","indicators":{"cves":["CVE-2026-41329"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:31.390Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/openclaw/openclaw/commit/a30214a624946fc5c85c9558a27c1580172374fd","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-g5cg-8x5w-7jpm","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-sandbox-bypass-via-heartbeat-context-inheritance-and-senderisowner-escalation","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5965","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-5965 — NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated l…","description":"NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.","indicators":{"cves":["CVE-2026-5965"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T04:16:13.443Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://www.twcert.org.tw/en/cp-139-10857-c46f7-2.html","label":"twcert@cert.org.tw","domainType":"other"},{"url":"https://www.twcert.org.tw/tw/cp-132-10856-4979f-1.html","label":"twcert@cert.org.tw","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41036","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-41036 — This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied…","description":"This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary OS commands on the targeted device.\n\nSuccessful exploitation of this vu…","indicators":{"cves":["CVE-2026-41036"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T10:16:30.800Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0200","label":"vdisclose@cert-in.org.in","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6748","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6748 — Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firef…","description":"Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6748","CVE-2026-6751"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:20.910Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022604","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2025883","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6750","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6750 — Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 1…","description":"Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6750"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:21.073Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023407","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6760","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6760 — Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150…","description":"Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.","indicators":{"cves":["CVE-2026-6760","CVE-2026-6768"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:21.950Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016923","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023615","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6771","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6771 — Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firef…","description":"Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6771"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:22.927Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2025067","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-15638","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2025-15638 — Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net::Dropb…","description":"Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt.\n\nNet::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include versions of libtomcrypt v1.18.1 or earlier, which is affected by CVE-2016-6129 and CVE-2018-12437.","indicators":{"cves":["CVE-2025-15638"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T16:16:19.030Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://metacpan.org/release/ATRODO/Net-Dropbear-0.14/source/dropbear/libtomcrypt/changes","label":"9b29abf9-4ab0-4765-b253-1875cd9b441e","domainType":"other"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-6129","label":"9b29abf9-4ab0-4765-b253-1875cd9b441e","domainType":"other"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-12437","label":"9b29abf9-4ab0-4765-b253-1875cd9b441e","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40498","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40498 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthent…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that should be restricted to administrators. The /system/cron endpoint relies on a static MD5 hash derived from the APP_KEY, which is exposed in…","indicators":{"cves":["CVE-2026-40498","CVE-2026-40567"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T16:16:20.240Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/b1d6c2c601a6ec3626ab13e679607b5084dfbd38","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.213","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-5jw5-q9j7-4rxc","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/commit/9131b16f80eade81002cb9809a2603f6b61981cf","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-q8v4-v62h-5528","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-21571","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-21571 — This Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0.0,…","description":"This Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0,\r\n11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center.\r\n \r\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 9.4 and a CVSS Vector of\r\nCVSS:4.0/AV:N/AC:L/AT:N/PR…","indicators":{"cves":["CVE-2026-21571"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:22.950Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://confluence.atlassian.com/pages/viewpage.action?pageId=1770913890","label":"security@atlassian.com","domainType":"other"},{"url":"https://jira.atlassian.com/browse/BAM-26364","label":"security@atlassian.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-38835","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-38835 — Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSB…","description":"Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.","indicators":{"cves":["CVE-2026-38835"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:53.357Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/jsjbcyber/repo/blob/main/rep_2.md","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/jsjbcyber/repo/blob/main/rep_2.md","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40050","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40050 — CrowdStrike has released security updates to address a critical unauthenticated path traversal vulne…","description":"CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability e…","indicators":{"cves":["CVE-2026-40050"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:53.610Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.crowdstrike.com/en-us/security-advisories/cve-2026-40050/","label":"13ddcd98-6f4a-40a8-8e24-29ca0aee4661","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40569","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40569 — FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection settings endpoints of FreeScout (`connectionIncomingSave()` at `app/Http/Controllers/MailboxesController.php:468` and `connectionOutgoingSave()` at l…","indicators":{"cves":["CVE-2026-40569"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware","phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:55.450Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/f45b9105d43b0352c08fcca154e8ae6177c3d860","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.213","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-hmqm-33wp-858j","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-hmqm-33wp-858j","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40576","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40576 — excel-mcp-server is a Model Context Protocol server for Excel file manipulation. A path traversal vu…","description":"excel-mcp-server is a Model Context Protocol server for Excel file manipulation. A path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or Streamable-HTTP transport mode (the documented way to use this server remotely), an unauthenticated at…","indicators":{"cves":["CVE-2026-40576"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:55.870Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/haris-musa/excel-mcp-server/security/advisories/GHSA-j98m-w3xp-9f56","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/haris-musa/excel-mcp-server/security/advisories/GHSA-j98m-w3xp-9f56","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40584","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40584 — RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.…","description":"RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.9.0, the API in the affected application improperly filters private location entries in website/web/api/genericapi.py. Because the code removes elements from a list while iterating over it, entries ma…","indicators":{"cves":["CVE-2026-40584"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:56.240Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/RansomLook/RansomLook/security/advisories/GHSA-hv66-vcqc-v87c","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://vulnerability.circl.lu/vuln/gcve-1-2026-0025","label":"security-advisories@github.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5652","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-5652 — An insecure direct object reference vulnerability in the Users API component of Crafty Controller al…","description":"An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation.","indicators":{"cves":["CVE-2026-5652"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:57.793Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://gitlab.com/crafty-controller/crafty-4/-/work_items/705","label":"cve@gitlab.com","domainType":"other"},{"url":"https://gitlab.com/crafty-controller/crafty-4/-/work_items/705","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41193","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-41193 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating file paths, allowing an authenticated admin to write files arbitrarily on the server filesystem via a specially crafted ZIP. Versio…","indicators":{"cves":["CVE-2026-41193"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:16:53.253Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/14f17a5cd22d217103a72b431b47b1f06996227b","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.215","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-r85m-5mc9-cc9w","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-r85m-5mc9-cc9w","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40372","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40372 — Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to…","description":"Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.","indicators":{"cves":["CVE-2026-40372"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:16:59.133Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40372","label":"secure@microsoft.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40884","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40884 — goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP authenticat…","description":"goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP authentication bypass when the documented empty-username basic-auth syntax is used. If the server is started with -b ':pass' together with -sftp, goshs accepts that configuration but does not install any SFTP pa…","indicators":{"cves":["CVE-2026-40884"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:02.107Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/patrickhener/goshs/security/advisories/GHSA-c29w-qq4m-2gcv","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/patrickhener/goshs/security/advisories/GHSA-c29w-qq4m-2gcv","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40885","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40885 — goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs leaks file-based…","description":"goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs leaks file-based ACL credentials through its public collaborator feed when the server is deployed without global basic auth. Requests to .goshs-protected folders are logged before authorization is enforced, and the c…","indicators":{"cves":["CVE-2026-40885"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:02.257Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/patrickhener/goshs/security/advisories/GHSA-7h3j-592v-jcrp","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/patrickhener/goshs/security/advisories/GHSA-7h3j-592v-jcrp","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40887","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40887 — Vendure is an open-source headless commerce platform. Starting in version 1.7.4 and prior to version…","description":"Vendure is an open-source headless commerce platform. Starting in version 1.7.4 and prior to versions 2.3.4, 3.5.7, and 3.6.2, an unauthenticated SQL injection vulnerability exists in the Vendure Shop API. A user-controlled query string parameter is interpolated directly into a raw SQL expression wi…","indicators":{"cves":["CVE-2026-40887"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:02.397Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/vendurehq/vendure/security/advisories/GHSA-9pp3-53p2-ww9v","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40903","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40903 — goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerabil…","description":"goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUB_TOKEN through workflow artifacts, even though the token is not present in the repository source code. This vulnerability is fixed in 2.0.0-beta.6.","indicators":{"cves":["CVE-2026-40903"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:02.947Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/patrickhener/goshs/security/advisories/GHSA-hpxj-9fgp-fhhf","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33518","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-33518 — An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and…","description":"An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected.","indicators":{"cves":["CVE-2026-33518"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:29.490Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/april2026_security_bulletin","label":"psirt@esri.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33519","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-33519 — An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Win…","description":"An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.","indicators":{"cves":["CVE-2026-33519"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:29.673Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/april2026_security_bulletin","label":"psirt@esri.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34275","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-34275 — Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component…","description":"Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component: Setup and Administration).  Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl…","indicators":{"cves":["CVE-2026-34275"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:31.550Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34279","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-34279 — Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (c…","description":"Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management).  Supported versions that are affected are 13.5 and  24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracl…","indicators":{"cves":["CVE-2026-34279"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:32.180Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34285","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-34285 — Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (componen…","description":"Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core).   The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager C…","indicators":{"cves":["CVE-2026-34285","CVE-2026-34286","CVE-2026-34287","CVE-2026-34288","CVE-2026-34289","CVE-2026-34290","CVE-2026-34294"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:33.130Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40906","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40906 — Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the order_by parameter in the Elect…","description":"Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the order_by parameter in the ElectricSQL /v1/shape API is vulnerable to error-based SQL injection, allowing any authenticated user to read, write, and destroy the full contents of the underlying PostgreSQL database through crafted ORD…","indicators":{"cves":["CVE-2026-40906"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:44.697Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/electric-sql/electric/pull/4081","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/electric-sql/electric/security/advisories/GHSA-h5rg-pxx7-r2hj","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/electric-sql/electric/security/advisories/GHSA-h5rg-pxx7-r2hj","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40911","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40911 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YPTSocket plugin's Web…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YPTSocket plugin's WebSocket server relays attacker-supplied JSON message bodies to every connected client without sanitizing the `msg` or `callback` fields. On the client side, `plugin/YPTSocket/script.js` contains two `e…","indicators":{"cves":["CVE-2026-40911"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:45.350Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/c08694bf6264eb4decceb78c711baee2609b4efd","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-gph2-j4c9-vhhr","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-gph2-j4c9-vhhr","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40933","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40933 — Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.…","description":"Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can add an MCP stdio server with an arbitrary command, achieving command execution. The vulnerability l…","indicators":{"cves":["CVE-2026-40933"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T22:16:19.383Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-c9gw-hvqq-f33r","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://www.ox.security/blog/mcp-supply-chain-advisory-rce-vulnerabilities-across-the-ai-ecosystem","label":"security-advisories@github.com","domainType":"other"},{"url":"https://www.ox.security/blog/the-mother-of-all-ai-supply-chains-critical-systemic-vulnerability-at-the-core-of-the-mcp","label":"security-advisories@github.com","domainType":"other"},{"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-c9gw-hvqq-f33r","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40575","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-40575 — OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0…","description":"OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied `X-Forwarded-Uri` header when `--reverse-proxy` is enabled and `--skip-auth-regex` or `--skip-auth-route` is configured. An attacker can spoof this header so…","indicators":{"cves":["CVE-2026-40575","CVE-2026-41059"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T00:16:27.817Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-7x63-xv5r-3p2x","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-pxq7-h93f-9jrg","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41064","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-41064 — WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fi…","description":"WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fix for AVideo's `test.php` adds `escapeshellarg` for wget but leaves the `file_get_contents` and `curl` code paths unsanitized, and the URL validation regex `/^http/` accepts strings like `httpevil[.]c…","indicators":{"cves":["CVE-2026-41064"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T00:16:28.187Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/1e6cf03e93b5a5318204b010ea28440b0d9a5ab3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/commit/78bccae74634ead68aa6528d631c9ec4fd7aa536","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-3fpm-8rjr-v5mc","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-pq8p-wc4f-vg7j","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-3fpm-8rjr-v5mc","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41304","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-41304 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the `cloneServer.json.php`…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and below, the `cloneServer.json.php` endpoint in the CloneSite plugin constructs shell commands using user-controlled input (`url` parameter) without proper sanitization. The input is directly concatenated into a `wget` command executed…","indicators":{"cves":["CVE-2026-41304"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet","rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T00:16:29.697Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/473c609fc2defdea8b937b00e86ce88eba1f15bb","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-xr6f-h4x7-r6qp","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-xr6f-h4x7-r6qp","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-4119","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-4119 — The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up t…","description":"The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers admin_post action hooks for creating tables (admin_post_add_table) and deleting tables (admin_post_delete_db_table) without implementing any capability chec…","indicators":{"cves":["CVE-2026-4119"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:23.330Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/tags/1.2.1/create-db-tables.php#L370","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/tags/1.2.1/create-db-tables.php#L376","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/tags/1.2.1/create-db-tables.php#L405","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/tags/1.2.1/create-db-tables.php#L408","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/tags/1.2.1/create-new-table.php#L14","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/tags/1.2.1/create-new-table.php#L69","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/trunk/create-db-tables.php#L370","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/trunk/create-db-tables.php#L376","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/trunk/create-db-tables.php#L405","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/trunk/create-db-tables.php#L408","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/trunk/create-new-table.php#L14","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/create-db-tables/trunk/create-new-table.php#L69","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d1a3bc4b-cc17-4728-b242-13841b5f7660?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6235","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6235 — The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'ma…","description":"The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manage_admin_requests' function in all versions up to, and including, 1.0.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for…","indicators":{"cves":["CVE-2026-6235"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:26.263Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/sendmachine/tags/1.0.20/includes/sendmachine_email_manager.php#L39","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sendmachine/tags/1.0.20/sendmachine_wp_admin.php#L174","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sendmachine/tags/1.0.20/sendmachine_wp_admin.php#L183","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7889e071-84a8-46ec-abe5-5c98980ce275?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31460","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-31460 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check if ext_ca…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: check if ext_caps is valid in BL setup\n\nLVDS connectors don't have extended backlight caps so check\nif the pointer is valid before accessing it.\n\n(cherry picked from commit 3f797396d7f4eb9bb6eded184bbc6f033628a6f6)","indicators":{"cves":["CVE-2026-31460"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:41.550Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/60b0524bfb7d691ab378cdc788209f11cd34da89","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9da4f9964abcaeb6e19797d5e3b10faad338a786","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31461","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-31461 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix drm_edid le…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix drm_edid leak in amdgpu_dm\n\n[WHAT]\nWhen a sink is connected, aconnector->drm_edid was overwritten without\nfreeing the previous allocation, causing a memory leak on resume.\n\n[HOW]\nFree the previous drm_edid befo…","indicators":{"cves":["CVE-2026-31461"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:41.670Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/37c2caa167b0b8aca4f74c32404c5288b876a2a3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/52db857e94b9be4e6315586602b0257d1d2b165a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/eb95595194e4755b62360aa821f40a79b0953105","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31488","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-31488 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not skip unr…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Do not skip unrelated mode changes in DSC validation\n\nStarting with commit 17ce8a6907f7 (\"drm/amd/display: Add dsc pre-validation in\natomic check\"), amdgpu resets the CRTC state mode_changed flag to false when\nreco…","indicators":{"cves":["CVE-2026-31488"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:46.453Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/10862e344b4d6434642a48c87d765813fc0b0ba7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/111208b5b7ebcdadb3f922cc52d8425f0fa91b33","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8a5edc97fd9c6415ff2eff872748439a97e3c3d8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/aed3d041ab061ec8a64f50a3edda0f4db7280025","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6356","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-6356 — A vulnerability in the web application allows standard users to escalate their privileges to those o…","description":"A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive information.","indicators":{"cves":["CVE-2026-6356"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:17:06.720Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/Penguinsecq/CVE-2026-6356/","label":"cret@cert.org","domainType":"primary"},{"url":"https://github.com/Penguinsecq/CVE-2026-6356/","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-34415","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-34415 — Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability…","description":"Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authentication…","indicators":{"cves":["CVE-2026-34415"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T19:17:04.253Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/commit/02661be88cc369325ea01b508086bde7fbfec805","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/commit/17e4f945fe6a3400fa88c01eda18c1075ee4a212","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/commit/507d55c5e91bf9310b5b1c7fad8aebfef902ad23","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/issues/1527","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/xerte-online-toolkits-file-upload-rce-via-elfinder-connector","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://xerte.org.uk/index.php/en/downloads-1/category/3-xerte-online-toolkits","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://xerte.org.uk/xertetoolkits_3.15_ChangeLog.html","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33471","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-33471 — nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::ve…","description":"nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::verify` computes its quorum check using `BitSet.len()`, then iterates `BitSet` indices and casts each `usize` index to `u16` (`slot as u16`) for slot lookup. Prior to version 1.3.0, if an attacker can g…","indicators":{"cves":["CVE-2026-33471"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T20:16:40.317Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/nimiq/core-rs-albatross/commit/d02059053181ed8ddad6b59a0adfd661ef5cd823","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-6973-8887-87ff","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33656","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-33656 — EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, Espo…","description":"EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formula scripting engine allowing updating attachment's sourceId thus allowing an authenticated admin to overwrite the `sourceId` field on `Attachment` entities. Because `sourceId` is c…","indicators":{"cves":["CVE-2026-33656"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T21:17:05.330Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/espocrm/espocrm/security/advisories/GHSA-7922-x7cf-j54x","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41167","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-41167 — Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple A…","description":"Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jellystat build SQL queries by interpolating unsanitized request-body fields directly into raw SQL strings. An authenticated user can inject arbitrary SQL via `POST /api/getUserDetails…","indicators":{"cves":["CVE-2026-41167"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T21:17:09.303Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/CyferShepard/Jellystat/commit/735fe7c6eb0e3e34e92a8a82fd21914d76693665","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/CyferShepard/Jellystat/security/advisories/GHSA-fj7c-2p5q-g56m","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41208","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-41208 — Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business.…","description":"Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an attacker with an Agent API key to execute arbitrary OS commands on the Paperclip server…","indicators":{"cves":["CVE-2026-41208","CVE-2026-41679"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:18.670Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/paperclipai/paperclip/security/advisories/GHSA-265w-rf2w-cjh4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/paperclipai/paperclip/security/advisories/GHSA-68qg-g8mg-6pr7","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-21523-github-copilot-and-visual-studio-code-remote-code-execution-vulne","source":"vendor-blogs","category":"advisory","severity":"critical","title":"CVE-2026-21523 GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability","description":"Added acknowledgements. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T14:00:00.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21523","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-zerofox-data-shows-ransomware-stabilizing-at-scale-with-manufacturing-absorbing-","source":"vendor-blogs","category":"advisory","severity":"critical","title":"ZeroFox data shows ransomware stabilizing at scale, with manufacturing absorbing nearly one in five attacks","description":"New ZeroFox data from the first quarter of this year paints a picture of a threat landscape that...\nThe post ZeroFox data shows ransomware stabilizing at scale, with manufacturing absorbing nearly one in five attacks appeared first on Industrial Cyber.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T16:07:00.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://industrialcyber.co/threat-landscape/zerofox-data-shows-ransomware-stabilizing-at-scale-with-manufacturing-absorbing-nearly-one-in-five-attacks/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"abuseip-195.178.110.26","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 195.178.110.26","description":"Country: NL | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["195.178.110.26"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:01.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/195.178.110.26","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-193.163.125.91","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 193.163.125.91","description":"Country: GB | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["193.163.125.91"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:01.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/193.163.125.91","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-88.214.25.121","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 88.214.25.121","description":"Country: DE | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["88.214.25.121"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:01.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/88.214.25.121","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-152.32.182.165","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 152.32.182.165","description":"Country: US | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["152.32.182.165"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:01.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/152.32.182.165","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-66.132.172.157","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 66.132.172.157","description":"Country: US | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["66.132.172.157"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:01.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/66.132.172.157","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-37.10.113.217","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 37.10.113.217","description":"Country: GB | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["37.10.113.217"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:01.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/37.10.113.217","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-213.209.159.231","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 213.209.159.231","description":"Country: DE | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["213.209.159.231"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:01.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/213.209.159.231","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-58.57.154.146","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 58.57.154.146","description":"Country: CN | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["58.57.154.146"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:01.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/58.57.154.146","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-45.148.10.151","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 45.148.10.151","description":"Country: NL | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["45.148.10.151"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:01.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/45.148.10.151","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-87.251.64.147","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 87.251.64.147","description":"Country: PL | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["87.251.64.147"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/87.251.64.147","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-92.118.39.196","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 92.118.39.196","description":"Country: RO | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["92.118.39.196"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/92.118.39.196","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-195.85.207.253","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 195.85.207.253","description":"Country: TR | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["195.85.207.253"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/195.85.207.253","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-174.138.29.13","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 174.138.29.13","description":"Country: SG | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["174.138.29.13"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/174.138.29.13","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-2.57.122.197","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 2.57.122.197","description":"Country: RO | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["2.57.122.197"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/2.57.122.197","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-45.40.57.23","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 45.40.57.23","description":"Country: IN | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["45.40.57.23"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/45.40.57.23","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-167.172.126.69","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 167.172.126.69","description":"Country: US | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["167.172.126.69"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/167.172.126.69","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-45.148.10.147","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 45.148.10.147","description":"Country: NL | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["45.148.10.147"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/45.148.10.147","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-64.62.156.203","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 64.62.156.203","description":"Country: US | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["64.62.156.203"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/64.62.156.203","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-222.239.251.12","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 222.239.251.12","description":"Country: KR | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["222.239.251.12"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/222.239.251.12","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-14.225.3.79","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 14.225.3.79","description":"Country: VN | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["14.225.3.79"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:16:59.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/14.225.3.79","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"threatfox-1796400","source":"threatfox","category":"threat-intel","severity":"critical","title":"payload_delivery: undefined","description":"https://infosec.exchange/@monitorsg/116451588423267418","indicators":{"cves":[],"ips":[""],"domains":[""],"urls":[""],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ClearFake","StrelaStealer","Mirai","ClickFix","compromised","etherhiding","Polygon","Vidar","WordPress","SocGholish","Loki","storj",".NET","VDSINA","SmartLoader","Kongtuke","darkcomet","CobaltStrike","drb-ra","ProxyBox","Socks5 Systemz","ACR Stealer","Mozi","c2","r88vry","LokiBot","Android","banker","Kutxabank","NFCGate","NGate","Spain","Unicaja","ndroid","phish","22April2026","Commandline","Windows","AS199968","DarkCloud","Internet Domain Service BS Corp.","IWS NETWORKS LLC","subdomain","CastleLoader","finger-delivery","tcp79","trojan","ViriBack","RAT","ValleyRAT","RedLineStealer","Agentemis","Beacon","Cobalt Strike","cobeacon","RapidStealer","remcos","Gafgyt","ConnectBack","glassworm","Wave3","wallet-trojan","calendar-c2","infostealer stealer","opiusra","EnmityStealer","1xxbot","ArechClient","SectopRAT","Stealc","CinaRAT","Quasar RAT","QuasarRAT","Yggdrasil","BotManager","MaskGramStealer","21April2026","conhost-headless","finger-tcp79","fingerfix","win.fingerfix","AS15169","hak5","AS14618","AS14061","AS9123","cs-watermark-987654321","cs-watermark-100000","Fake Zoom","ScreenConnect","VBScript","Fake Microsoft Teams","Fake Adobe","SSA","ErrTraffic","Lumma","XWorm","GDrive","grpc","msi","NodeJS","TOR","NanoCore","dcrat","Steal","RemcosRAT","ExtRat","Xtreme RAT","AS24940","CHAOS","Hetzner Online GmbH","kimwolf","Discord","cs-watermark-666666","macOS","stealer","FrostStealer","etherhide","polygon-contract-stored-c2","20April2026","Fake-Claude","Nancrat","NanoCore RAT","PureHVNC","PureRAT","AS202412","jarm-cluster","Omegatech","cluster25","sliver","clickfix-cluster","phishing","AS8075","Microsoft Corporation","Supershell","EXT","Fake Claude","ACRStealer","OffLoader","AISURU","exe","DGA","valleyrat_s2","REMPROXY","CrystalX","DeepLoad","AS205775","NEON CORE NETWORK LLC","Bot Manager","pw-ryos","DDNS","Fake Adobe Reader","Fake DocuSign","payload","Fake Google Meet","cs-watermark-305419896","cs-watermark-666666666","cs-watermark-391144938","DarkCrystal RAT","18April2026","AS216084","itystealer","Kerem Uluboy","Access2.IT Network","AS208258","zabbix","AS64439","borz","RocketCloud.ru","honeypot","WebDav","botnet","controller","ssh","Amnesia Panel","Web Panel","NetSupport","asyncrat","garble","go","midie","sideload-asus","AS56971","AS56971 Cloud","UNAM","Amos","asar","atomic","wallet-injection","applescript","keystone-persistence","Loader","Vjw0rm","PhantomGate","SantaStealer","rmm","simplehelp","deerstealer","njrat","a10fsw","SHubStealer","Farfli","APT","kimsuky","DPRK","Lazarus","ESP","geo","GCleaner","SilentNet","17April2026","KermitRAT","Breut","Fynloski","klovbot","Remvio","Socmer","tofsee","IClickFix","NetSupport RAT","ZigClipper","domain","Lumma Stealer","Mirax","16April2026","infostealer","AS328543","Sun Network Company Limited","RedTigerStealer","WeedHack","Havoc","d0b0p","Lorikazz","AS932","XNNET LLC","SmartApeSG","AgingFly","UKR","odiznrio","Patchwork","cs-watermark-1234567890","quasar","dropped-by-vidar","exfil","FlagStealer","15April2026","apt"],"malwareFamily":"ClearFake","confidence":100,"publishedAt":"2026-04-23T02:56:34Z","fetchedAt":"2026-04-23T03:00:05.010Z","references":[{"url":"https://infosec.exchange/@monitorsg/116451588423267418","label":"ThreatFox","domainType":"other"},{"url":"https://infosec.exchange/@monitorsg/116450645010297764","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/7e9a43686183b6cf6b9ac26c6c3de0176637799bf1b7ba348b31a7407cc3948a/","label":"ThreatFox","domainType":"primary"},{"url":"https://tria.ge/260422-y7xnvaew4k/behavioral2","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/613e5314a7ded3155cdec49fd34e852e181f4651d78bd8bf3adad2f4dbf22b0d/","label":"ThreatFox","domainType":"primary"},{"url":"https://www.virustotal.com/gui/file/e494ce6af136876cba1adfe3f9d6e151f1dcf9a38059897cfb509e30e12b8c7b/detection","label":"ThreatFox","domainType":"other"},{"url":"https://infosec.exchange/@monitorsg/116449703219645845","label":"ThreatFox","domainType":"other"},{"url":"https://tracker.viriback.com/index.php?q=mail.treysbeatend.com","label":"ThreatFox","domainType":"other"},{"url":"https://infosec.exchange/@monitorsg/116448535265098838","label":"ThreatFox","domainType":"other"},{"url":"https://app.any.run/tasks/35c37d6a-75d7-49b0-b74a-b08decf37ad9","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/ce1285f6f87bfc3c2a7f51f1f9f4829d94fed5504f9b892f7e2a62b6b4acf4bc/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/0f70443956f8340ec3a31ca44c34619a2ea1db1b07b68c06c5f4e72ae8581df8/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/7e8535101461b828c2d12888ab01fe2ead504d19c2e14c141ef029346bfe86d5/","label":"ThreatFox","domainType":"primary"},{"url":"https://codeberg.org/tip-o-deincognito/glassworm-writeup","label":"ThreatFox","domainType":"other"},{"url":"https://tria.ge/260422-mm74asc19k/behavioral1","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/217db70a30b60d6f855d9347251889c5c18ef895057619fb8480a31882c53ebe/","label":"ThreatFox","domainType":"primary"},{"url":"https://x.com/suyog41/status/2046592187606220864","label":"ThreatFox","domainType":"other"},{"url":"https://app.any.run/tasks/e3d0fd2c-5aa2-462e-a704-bfb99c24dbf1","label":"ThreatFox","domainType":"other"},{"url":"https://app.any.run/tasks/f2bfdd8e-687b-4dc7-96e1-3d37846c6710","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/778ca9816558ae85045ad676fd016bb7e0d586ff4b05a80472006c81180b0d4d/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/34b7d8e96a8156c53299589e69aa8b4e353ac9554f7ea109b3c652e805f74f97/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116444745795503961","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/amanullahstorellc.com","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/673d15c65f3c65d8bf7518d2a47907a59c5f26a8dd08fb954107d162c1b3721f","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116446151590680751","label":"ThreatFox","domainType":"other"},{"url":"https://x.com/solostalking/status/2046806549813989463?s=20","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/4804a8800007a70241a5e5b2e9f548d2cf56aa64800324a16818616950880945/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/c23f8dd49136a471a5d6632272ecc09041efec0503716f8a3e513a4e8e9eee26/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/4db60c88de6ae375433dc71b8fde1ff323ff5bc5425903a77324a321ac85029c/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/0ac8ef75974a1e69c74855aea131206598a060feab1790282b8ca1c431058fe0/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/bfaf3900078db99c433f5d6e1d58989ae2c7c5a81aabeebc4668a87a89790466/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116443576096335383","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/981083069928ba9c9ab6f5c00e08e39bce07449ef7415f58e962939edabdecd7/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/0a326c130fb55d6f158b793d4c1373aac4c5280bcd9d57f97d10ff7c4d2bd3c7/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/abee9e2c579bed2a9169e1c0b0cfcf910a941ba7a3e556a7cbb9716a90616cbd/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/543379e43bf62ccb4e702b46a5d37edc93ffe7fbc3c9a01efeb7ceee0ac96127/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/15887b4ba9168d51b22e75cf00a801787578e9d3d62064bd19bb8aed0afa3b90/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@netresec/116441345775251709","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/346627d7d58703c3da5b604372778175219e5f7f8c0998f742ebede838fa79e4/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/cfa65056a9accc2678480771e25891733787cf1f0ac46727e2663ca8383e3795/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116438604768924087","label":"ThreatFox","domainType":"other"},{"url":"https://app.any.run/tasks/17149906-1e74-4cdb-a523-8de8790384c2","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/07f008e9ebfb33b2ef8a7f9dcf1f27bed1687359eb321044db47f9ebf70ed129/","label":"ThreatFox","domainType":"primary"},{"url":"https://www.virustotal.com/gui/domain/frostapiv2.com/relations","label":"ThreatFox","domainType":"other"},{"url":"https://x.com/motuariki_/status/2046158360928768268","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/a1a15f6d3c172e29e991bcb274f6c47a2ee45614224ffbccfcec39113a3bd078/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/346edde3c594d4af0f607951ae38f21c8e5ad611419cc7c9e7a2e0c913896581/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/e41f1af836b7573725758186407dbc21293186683e75582563f6760f8aac1a46/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/be94ed15a50a3386f6ab466401d68faf13ead40a05f50c37f410414b57512d3c/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/a4b590be9e9c39b328b69285182e9b0c1dc742d8df854a147bf709a2b74b15c6/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/3cdb760342bc041252efe74188ba8b106b10484a3638b0a2d33830016611a2c8/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/4013853381bb2c28ddff061b1a208e886f2b52a31073cea40e4cdb5ec431d58b/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/d4fd4b65aea6fdd1968fd59046265a5d636f58309c28e12044a3abf145014f78/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/c61c5222e298bf632c0f701da32d74c1e2830a56e1baef37cfb8d212540c516b/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/c086065da56bda3b3654003d541b44f9721baec9894066768447d6c3841504ab/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/c03060e63d3a3a16312ea4d15393c38901ec7239d7290bd30f6b266316bc0b1e/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/9b434276b0af0ea43fdf71a09ca7687c0a45254ba1a0955a1cf04372d69de36d/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/b8342acd2dde4b63d58b11bb83626aa61cd4a7ed33ba42df5eec4b3ad3e934df/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/269ef9fd26667dfcae57ae29f559a327de0327e37c2dd5887ed7a453f7a04a07/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/14871ed0de7fb24775a7c51fb6c88c68a02d31a07050612e457b7f2b66a06285/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/0ef84c28fef31e4457241009cada38ee3ba37d7827b6755d046586d4e49159f4/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/28b74e0919f0e8f08ca698f7d4c897ce345f0ad1f2752e29450d0ef4fe1eaeff/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116437427332348292","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/a63a4bef804fd6e29dfb03780c4b68d353b848d952573465d4a019b452c56e51/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116437337022892373","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/9a824eccc370507893eb49881bc5222b0e76a439b78afabea228a08fb686e6aa/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/a111e77f244f7ced8fea48db8d7ea4648e0a12715b16de0e1473965084d65465/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/6993b775414c63276857ea4ebb6798d8609724ebe9e661ad47d7adb7f554b0de/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/53ce6a4f580b7b9d572bb0cc6c1b9814c2538aabf58429e3f258548a54f0514a/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/3884ca8ff0e82370fc831f4b38c4e7004f474ae1a0087ff58b160d5082f031c2/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/56316afa7cc9642c064f64f1572f8e0c6a70f207f31229609670a6c4515624ca/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/673d15c65f3c65d8bf7518d2a47907a59c5f26a8dd08fb954107d162c1b3721f/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/12eeb42b6c685304e9619f3988146b5a68db3fbe7f0ac28b1c5fda9481315c46/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/1b53dd85b7392738c1810b950552fda5c6b274c7dd2e5b731a1eb101e3946b78/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/858787b627c6e7dec417e1082c6776f0f028930a5482e35fd7f2e3fd6ae9cc5a/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/f37e60e60a3e504f555444ced745e7224cc83625a29582d29217b8a4ab7341a4/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/7fed823191f3c1381f63d43e74dee66f451c6cc6bcb1cf753996e13aaec7921d/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/edd7e88acbf5e866bf68fdb45d2dcb3fe19bb8c5014a4ddc65ff59703abd42da/","label":"ThreatFox","domainType":"primary"},{"url":"https://greedybear.honeynet.org","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/8d8b467cc8473f5a02df308943a7e87927d5e3c1b6f52f1916226a1687697c64/","label":"ThreatFox","domainType":"primary"},{"url":"https://urlhaus.abuse.ch/host/176.65.134.19/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/51a5a9e0f2f500a5f296cf3cfa45576bca995f0eeb5d4d263630902cd1c2fd73/","label":"ThreatFox","domainType":"primary"},{"url":"https://x.com/BreakGlassIntel/status/2045300165330837575","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/a8f92e521b958cc8c702ee5eddfeb77b571de2b4c23f88de69949a419956432d/","label":"ThreatFox","domainType":"primary"},{"url":"https://x.com/JAMESWT_WT/status/2045449296871321937","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/267b0b1dc0a99f9f3918f24f626518d23dde5e0caf1128f128f7857906e3ebf5/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/e9564236bdaac13cb38601b461a76c1b497ae21c85f524cd6f623587101b20e9/","label":"ThreatFox","domainType":"primary"},{"url":"https://tria.ge/260418-glp87shv3s","label":"ThreatFox","domainType":"other"},{"url":"https://infosec.exchange/@monitorsg/116422799712820736","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/2762f3e0a56d62e70157c398626856befead49f0926ba921f478bb599f10e2f6/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/c6e203c681d5ba9786a870a67b11dd784468a640816844c197a4b5a14a9bcf81/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/706bd2e1aac21fadfbcfe1e6639a6488c574f00b007e087718282c597bebf1c1/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/4828d141d7c6b23d0e150aa5e88b812edfaa80ed31fea8f7b6e960144e96f58f/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/bde2db917c40dba4f7d17cb508a3fe9d84e7b00453402c99db7929df7fa50e23/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/2907d74d4bb3ce573ed471b7ddd96f2c49c9dc2b7c7485940651cd9fc1542080/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/9ffadd20c3946d7a635f48a91ab2ca00e6374ff05bf3ac9344e5d2758d3302ba/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/971fa32e2c385f679da4df0b303d2fc484b68d1a1131d77cd4815fc2285249ba/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/4686b6e4902d8a89e97eaa78b4513344537e8031da2fa2b31dad8df30496a3fd/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/753e3923f63b122a65c886aac5932670d0dcd5c46a4cc4f5292da5c0dbea73ce/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/7d4fa8546533a2bc077b20560cd7c32bc240c456c9606478f6253372e48c07fc/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/f6ac3f6683fce33f2f376745b3f9dfe5e86d5d661c36c2ed8ae5a5f153f72c99/","label":"ThreatFox","domainType":"primary"},{"url":"https://x.com/suyog41/status/2045093863812112734","label":"ThreatFox","domainType":"other"},{"url":"https://x.com/K_N1kolenko/status/2045099146856599584","label":"ThreatFox","domainType":"other"},{"url":"https://x.com/K_N1kolenko/status/2045094677435584919","label":"ThreatFox","domainType":"other"},{"url":"https://x.com/skocherhan/status/2044874869871906854","label":"ThreatFox","domainType":"other"},{"url":"https://x.com/cyberwar_15/status/2044964550173409631","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/faaa4d005314440dfd7ed5fa2f522e1a2642f08ec3bf0c1e2779a39bf4268349/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/bf11196247528173195420fcac7cb78e58bec0af501e400f5830d82b9d031b67/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/6250f329e5f6311b857a7d6813269fb0f56d5916870dd0095cb7b87452f5592f/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/679ce9eb3e1bdba8ed58fa53690ae879ce50679be97fbc41e85cbb6a88bbeb0a/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/f9d4d9d8ba78742c1dfcc2d3ff38b13cdc2cba40843564b5919100601f23bad1/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/0c31586cd59ccfaf7fb8da14ae4aa28bd7300443b4e17a86aa59cfc921ecd62e/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/fe93882d49c90278bd15c2b5f02a3d278e41b6c98604210cea167042cec509ea/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/3e5d00fd22666970d708c6a0f8813f81689f21eb6e6d3ffbe01e19023562b630/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/eabd970c01299dc18e66e65a921b4d9045afd362771baeb0fa89e43257c4e4dd/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/82f28b2ecc7158d827089712f84c664c124aa94fde9ea353608b22ee110d73d7/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/73f5db0b04dfff8274ecb96dc3c10c8d4819627a20110dc763123d6ed3421fa9/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116418783762985803","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/454850749d874755a8e1e43e5a128a9fa39ffe49f5ffdbe9f264b5997ccb039c/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/153a90a38f3fe20786de448bce120bcc89c0a00761a55b01783e9b8345b5cb78/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/3442ef237e4be9b964e7922253482cdbe557d9c8c44c519ea6fecf1725cdeead/","label":"ThreatFox","domainType":"primary"},{"url":"https://urlhaus.abuse.ch/url/3823884/","label":"ThreatFox","domainType":"primary"},{"url":"https://www.cleafy.com/cleafy-labs/mirax-a-new-android-rat-turning-infected-devices-into-potential-residential-proxy-nodes","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/9d176e2a1d21e4b368cd06adfb0f38629781d4b7ca6ed7b738efb0745e77fa22/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/c132d2a4a97ba28b95d212d9b4dba6b375fc73a3b52f0a5b72703ee380e29cc8/","label":"ThreatFox","domainType":"primary"},{"url":"https://x.com/skocherhan/status/2044843064745681374","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/108bb28df7f64b83f8fda981664c6209a50cab9bb0eb13888410be30d2006bd6/","label":"ThreatFox","domainType":"primary"},{"url":"https://www.virustotal.com/gui/domain/friendlydomain.ru/relations","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/dd426a8f168871393bec760724228c0584e80519c5069b4969a663846afdb88e/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/aa589ef7e0ea27bed4ee87929117cfc5b28b68c343b3991209514db311c1a3ec/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/500f2453771722611010edab168211ad9eca0c0bf97936453855e8638e6d73fd/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/8e02b5ba983587779b3aeeaa2d50d9b2a965c578ec0a1242c58af34322d97e9f/","label":"ThreatFox","domainType":"primary"},{"url":"https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2026-04-13-LORIKAZZ-ANDROID-IOT.txt","label":"ThreatFox","domainType":"primary"},{"url":"https://x.com/500mk500/status/2044765712481239082","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/6ad0f9685ddaf9f39d9543f83be82874e050455e0fc6f3d20481cf595e23f02d/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116414303892382227","label":"ThreatFox","domainType":"other"},{"url":"https://cert.gov.ua/article/6288271","label":"ThreatFox","domainType":"other"},{"url":"https://therecord.media/aging-fly-espionage-campaign-targets-ukraine-emergency-services","label":"ThreatFox","domainType":"media"},{"url":"https://app.any.run/tasks/a365d025-2c6f-4ead-b419-e1285fcfcaae","label":"ThreatFox","domainType":"other"},{"url":"https://app.any.run/tasks/3d1280a9-8ba1-4f2e-aab9-213bb9639197","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/4bfd0b95c3baf8b621e009aec5b92344e4e236ebc12b34fad891d0a1996668c6/","label":"ThreatFox","domainType":"primary"},{"url":"https://x.com/500mk500/status/2044440829859643849","label":"ThreatFox","domainType":"other"},{"url":"https://x.com/salmanvsf/status/2044635908981604371","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/e9bf8b0cc4f99ab868fbdbf3e90a6adcb867a7041f6201007a7844414ba0cc55/","label":"ThreatFox","domainType":"primary"},{"url":"https://urlhaus.abuse.ch/url/3823147/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/b830f043076a12748b6a2dc0810ece85439ee77434d991ae7d84201b09ead756/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/ade9874ddc5fb64c27f3eecddeeabdddb4b62e341e1ec06f09fea29ac9e6baa5/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/9f9c4d0f6644abe7500325d2e387ff606a1d72f8d033bc164f984deee92d7d65/","label":"ThreatFox","domainType":"primary"},{"url":"https://clickfix.carsonww.com/domains/www.zeitdanach.ch","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/www.aircliniq.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/www.omnicoresolutions.net","label":"ThreatFox","domainType":"other"}],"feedLabel":null},{"id":"otx-69e2824daddc65cc4bab207d","source":"otx","category":"threat-intel","severity":"critical","title":"Using KATA and KEDR to detect the AdaptixC2 agent","description":"AdaptixC2 is an emerging open-source post-exploitation framework rapidly adopted by threat actors in APT attacks and ransomware campaigns. Written in Go and C++, it supports Windows, macOS, and Linux with extensive modularity through Beacon Object Files (BOFs). The framework enables diverse command-…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"f212fd00d9ffc0f3d868845f7f4215cb","sha1":null,"sha256":null}},"tags":["mgbot","lateral movement","network detection","post-exploitation framework","coolclient","command-and-control","toneshell","vbcloud","cloudatlas","process injection","edr","powershower","credential harvesting","adaptixc2","vbshower","ransomware","apt","phishing","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T18:56:13.085Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e2824daddc65cc4bab207d","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e2bfe152d44136b3c83ec3","source":"otx","category":"threat-intel","severity":"critical","title":"Uptick in Bomgar RMM Exploitation","description":"Since early April 2026, security researchers have observed a significant increase in attacks targeting Bomgar remote monitoring and management instances, exploiting CVE-2026-1731, a critical vulnerability disclosed in February. Threat actors have compromised Bomgar RMM to target downstream customers…","indicators":{"cves":["CVE-2026-1731","CVE-2024-3400","CVE-2023-33538","CVE-2025-59287","CVE-2025-21042","CVE-2025-55182","CVE-2025-66478","CVE-2025-14847","CVE-2026-1281","CVE-2026-1340","CVE-2025-0921","CVE-2025-23304","CVE-2026-22584"],"ips":[],"domains":["bot.ddosvps.cc","cnc.vietdediserver.shop"],"urls":[],"hashes":{"md5":"e7efe76a253a37e0f92ff1dbe3caf3e7","sha1":"c2cc464588846692f67bb9abdde5fedb88d0cb21","sha256":"bc9635dcc3444c18b447883c6bc1931e5373e48c7dbfaa607285a9fb668b03ea"}},"tags":["lockbit","simplehelp","remote access tools","ransomware","byovd","screenconnect","atera","bomgar","rmm exploitation","anydesk","cve-2026-1731","poisonkiller","msp targeting","cve-2023-33538","tp-link routers","iot exploitation","firmware analysis","condi botnet","command injection","wifi routers","mirai","condi","mirai botnet","botnet","rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T23:18:57.685Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e2bfe152d44136b3c83ec3","label":"OTX Pulse","domainType":"primary"},{"url":"https://otx.alienvault.com/pulse/69e1f0ddb1aa33b71576ca92","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"news-new-mirai-campaign-exploits-rce-flaw-in-eol-d-link-routers","source":"general-news","category":"news","severity":"critical","title":"New Mirai campaign exploits RCE flaw in EoL D-Link routers","description":"A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link DIR-823X routers, to enlist devices into the botnet. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet","rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T20:04:46.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/new-mirai-campaign-exploits-rce-flaw-in-eol-d-link-routers/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-kyber-ransomware-gang-toys-with-post-quantum-encryption-on-windows","source":"general-news","category":"news","severity":"critical","title":"Kyber ransomware gang toys with post-quantum encryption on Windows","description":"A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints in recent attacks, with one variant implementing Kyber1024 post-quantum encryption. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T18:52:29.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/kyber-ransomware-gang-toys-with-post-quantum-encryption-on-windows/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-over-1-300-microsoft-sharepoint-servers-vulnerable-to-spoofing-attacks","source":"general-news","category":"news","severity":"critical","title":"Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks","description":"Over 1,300 Microsoft SharePoint servers exposed online remain unpatched against a spoofing vulnerability that was exploited as a zero-day and is still being abused in ongoing attacks. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["zeroday"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T06:53:02.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/over-1-300-microsoft-sharepoint-servers-vulnerable-to-ongoing-attacks/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-mustang-panda-s-new-lotuslite-variant-targets-india-banks-south-korea-policy-cir","source":"general-news","category":"news","severity":"critical","title":"Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles","description":"Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that's distributed via a theme related to India's banking sector.\n\"The backdoor communicates with a dynamic DNS-based command-and-control server over HTTPS and supports remote shell access, file operations, a…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["apt","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:58:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/mustang-pandas-new-lotuslite-variant.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-systembc-c2-server-reveals-1-570-victims-in-the-gentlemen-ransomware-operation","source":"general-news","category":"news","severity":"critical","title":"SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation","description":"Threat actors associated with The Gentlemen ransomware‑as‑a‑service (RaaS) operation have been observed attempting to deploy a known proxy malware called SystemBC.\nAccording to new research published by Check Point, the command-and-control (C2 or C&C) server linked to SystemBC has led to the discove…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:18:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/systembc-c2-server-reveals-1570-victims.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-ransomware-negotiator-pleads-guilty-to-aiding-blackcat-attacks-in-2023","source":"general-news","category":"news","severity":"critical","title":"Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023","description":"A third individual who was employed as a ransomware negotiator has pleaded guilty to conducting ransomware attacks against U.S. companies in 2023.\nAngelo Martino, 41, of Land O'Lakes, Florida, teamed up with the operators of the BlackCat ransomware starting in April 2023 to assist the e-crime gang i…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T14:31:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/ransomware-negotiator-pleads-guilty-to.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-no-exploit-needed-how-attackers-walk-through-the-front-door-via-identity-based-a","source":"general-news","category":"news","severity":"critical","title":"No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks","description":"The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry point for attackers still hasn't changed: stolen credentials.\nIdentity-based attacks remain a dominant initi…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["zeroday","supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T11:30:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/no-exploit-needed-how-attackers-walk.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-sglang-cve-2026-5760-cvss-9-8-enables-rce-via-malicious-gguf-model-files","source":"general-news","category":"news","severity":"critical","title":"SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files","description":"A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems.\nThe vulnerability, tracked as CVE-2026-5760, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of command injection lea…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T17:14:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/sglang-cve-2026-5760-cvss-98-enables.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-anthropic-mcp-design-vulnerability-enables-rce-threatening-ai-supply-chain","source":"general-news","category":"news","severity":"critical","title":"Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain","description":"Cybersecurity researchers have discovered a critical \"by design\" weakness in the Model Context Protocol's (MCP) architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence (AI) supply chain.\n\"This flaw enables Arbitrary Command Execution…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce","supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T10:42:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/anthropic-mcp-design-vulnerability.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-three-microsoft-defender-zero-days-actively-exploited-two-still-unpatched","source":"general-news","category":"news","severity":"critical","title":"Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched","description":"Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems.\nThe activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun, and…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["zeroday"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T13:21:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/three-microsoft-defender-zero-days.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-google-blocks-8-3b-policy-violating-ads-in-2025-launches-android-17-privacy-over","source":"general-news","category":"news","severity":"critical","title":"Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul","description":"Google this week announced a new set of Play policy updates to strengthen user privacy and protect businesses against fraud, even as it revealed it blocked or removed over 8.3 billion ads globally and suspended 24.9 million accounts in 2025.\nThe new policy updates relate to contact and location perm…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T10:47:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/google-blocks-83b-policy-violating-ads.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-threatsday-bulletin-defender-0-day-sonicwall-brute-force-17-year-old-excel-rce-a","source":"general-news","category":"news","severity":"critical","title":"ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories","description":"You know that feeling when you open your feed on a Thursday morning and it's just... a lot? Yeah. This week delivered. We've got hackers getting creative in ways that are almost impressive if you ignore the whole \"crime\" part, ancient vulnerabilities somehow still ruining people's days, and enough s…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["zeroday","rce","supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T13:05:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/threatsday-bulletin-17-year-old-excel.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-the-gentlemen-rapidly-rises-to-ransomware-prominence","source":"general-news","category":"news","severity":"critical","title":"'The Gentlemen' Rapidly Rises to Ransomware Prominence","description":"Not nearly as polite as the name suggests, the ransomware gang has impressed researchers with its speed in scaling up operations — and its sophistication.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T20:51:55.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.darkreading.com/threat-intelligence/gentlemen-rapidly-rise-ransomware","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-ransomware-negotiator-pleads-guilty-to-blackcat-scheme","source":"general-news","category":"news","severity":"critical","title":"Ransomware Negotiator Pleads Guilty to BlackCat Scheme","description":"A cautionary tale illustrates why the person negotiating should never be involved with any part of the ransom payment process.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:12:43.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.darkreading.com/insider-threats/ransomware-negotiator-pleads-guilty-blackcat-scheme","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-surge-in-bomgar-rmm-exploitation-demonstrates-supply-chain-risk","source":"general-news","category":"news","severity":"critical","title":"Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk","description":"The critical remote code execution flaw (CVE-2026-1731) in the remote monitoring and management tool can be exploited to spread ransomware and compromise supply chains.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware","rce","supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:29:17.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.darkreading.com/cyberattacks-data-breaches/surge-bomgar-rmm-exploitation-demonstrates-supply-chain-risk","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-google-fixes-critical-rce-flaw-in-ai-based-antigravity-tool","source":"general-news","category":"news","severity":"critical","title":"Google Fixes Critical RCE Flaw in AI-Based 'Antigravity' Tool","description":"The prompt-injection vulnerability in the agentic AI product for filesystem operations was a sanitization issue that allowed for sandbox escape and arbitrary code execution.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:00:50.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.darkreading.com/vulnerabilities-threats/google-fixes-critical-rce-flaw-ai-based-antigravity-tool","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-chinese-apt-targets-indian-banks-korean-policy-circles","source":"general-news","category":"news","severity":"critical","title":"Chinese APT Targets Indian Banks, Korean Policy Circles","description":"China is spying on India's financial sector, for some reason, and it's not putting much effort into it, judging by some stale TTPs.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["apt"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:00:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.darkreading.com/cyberattacks-data-breaches/chinese-apt-indian-banks-korean-policy","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-6-year-ransomware-campaign-targets-turkish-homes-amp-smbs","source":"general-news","category":"news","severity":"critical","title":"6-Year Ransomware Campaign Targets Turkish Homes &amp; SMBs","description":"While enterprises breaches make more headlines, smaller incidents tend to be under-reported, if at all, allowing campaigns to last longer with less disruption.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T06:00:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.darkreading.com/cyberattacks-data-breaches/6-year-ransomware-campaign-turkish-homes-smbs","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-google-antigravity-in-crosshairs-of-security-researchers-cybercriminals","source":"general-news","category":"news","severity":"critical","title":"Google Antigravity in Crosshairs of Security Researchers, Cybercriminals","description":"Researchers discovered a remote code execution vulnerability and cybercriminals are using its reputation to deliver malware.\nThe post Google Antigravity in Crosshairs of Security Researchers, Cybercriminals appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:53:05.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.securityweek.com/google-antigravity-in-crosshairs-of-security-researchers-cybercriminals/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-third-us-security-expert-admits-helping-ransomware-gang","source":"general-news","category":"news","severity":"critical","title":"Third US Security Expert Admits Helping Ransomware Gang","description":"Angelo Martino of Florida has pleaded guilty to collaborating with the BlackCat cybercrime group while working as a ransomware negotiator.\nThe post Third US Security Expert Admits Helping Ransomware Gang appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T14:44:24.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://www.securityweek.com/third-us-security-expert-admits-helping-ransomware-gang/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-former-ransomware-negotiator-pleads-guilty-to-working-for-blackcat-cyber-gang","source":"general-news","category":"news","severity":"critical","title":"Former Ransomware Negotiator Pleads Guilty to Working For BlackCat Cyber Gang","description":"A former ransomware negotiator has pleaded guilty to abusing his position by working with noted cybercrime group BlackCat","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T11:00:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://www.infosecurity-magazine.com/news/former-ransomware-negotiator/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-the-gentlemen-ransomware-expands-with-rapid-affiliate-growth","source":"general-news","category":"news","severity":"critical","title":"The Gentlemen Ransomware Expands With Rapid Affiliate Growth","description":"Gentlemen RaaS expands quickly with multi-platform attacks and SystemBC-linked infections","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T14:00:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://www.infosecurity-magazine.com/news/gentlemen-ransomware-rapid/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-cookeville-medical-center-notifies-patients-after-july-2025-ransomware-attack","source":"general-news","category":"news","severity":"critical","title":"Cookeville Medical Center Notifies Patients After July 2025 Ransomware Attack","description":"Tennessee's CRMC notifies over 337,000 patients of Rhysida ransomware breach exposing sensitive data","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T15:01:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://www.infosecurity-magazine.com/news/cookeville-medical-center-data/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-automotive-ransomware-attacks-double-in-a-year","source":"general-news","category":"news","severity":"critical","title":"Automotive Ransomware Attacks Double in a Year","description":"Halcyon says ransomware now accounts for more than two-fifths of cyber-attacks targeting carmakers","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T08:35:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://www.infosecurity-magazine.com/news/automotive-ransomware-attacks/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-former-digitalmint-ransomware-negotiator-pleads-guilty-to-extortion-scheme","source":"general-news","category":"news","severity":"critical","title":"Former DigitalMint ransomware negotiator pleads guilty to extortion scheme","description":"Angelo Martino helped accomplices extort a combined $75.3 million in ransom payments from five victim companies.\nThe post Former DigitalMint ransomware negotiator pleads guilty to extortion scheme appeared first on CyberScoop.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:03:58.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://cyberscoop.com/digitalmint-ransomware-negotiator-angelo-martino-guilty-plea/","label":"CyberScoop","domainType":"media"}],"feedLabel":null},{"id":"news-lawmakers-ponder-terrorism-designations-homicide-charges-over-hospital-ransomwar","source":"general-news","category":"news","severity":"critical","title":"Lawmakers ponder terrorism designations, homicide charges over hospital ransomware attacks","description":"The ideas came up at a House Homeland Security Committee hearing, as health care ransomware attacks are on the rise.\nThe post Lawmakers ponder terrorism designations, homicide charges over hospital ransomware attacks appeared first on CyberScoop.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:49:46.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://cyberscoop.com/lawmakers-ponder-terrorism-designations-homicide-charges-over-hospital-ransomware-attacks/","label":"CyberScoop","domainType":"media"}],"feedLabel":null},{"id":"news-vuln-in-google-s-antigravity-ai-agent-manager-could-escape-sandbox-give-attacker","source":"general-news","category":"news","severity":"critical","title":"Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution","description":"Google’s highest security setting for its agents runs command operations through a sandbox and throttles network access, but is still vulnerable to prompt injection.\nThe post Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution appeared first on Cy…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:17:31.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://cyberscoop.com/google-antigravity-pillar-security-agent-sandbox-escape-remote-code-execution/","label":"CyberScoop","domainType":"media"}],"feedLabel":null},{"id":"cisa-kev-CVE-2026-33825","source":"cisa-kev, otx","category":"vulnerability","severity":"high","title":"CVE-2026-33825 — Microsoft Defender Insufficient Granularity of Access Control Vulnerability","description":"Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally.","indicators":{"cves":["CVE-2026-33825"],"ips":["78.29.48.29","212.232.23.69"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":"a2b6c7a9c4490df70de3cdbfa5fc801a3e1cf6a872749259487e354de2876b7c"}},"tags":["undefend","beigeburrow","nightmare-eclipse","cve-2026-33825","redsun","windows defender bypass","bluehammer","fortigate vpn","privilege escalation"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T00:00:00.000Z","fetchedAt":"2026-04-23T03:00:00.187Z","references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33825","label":"NVD","domainType":"primary"},{"url":"https://otx.alienvault.com/pulse/69e68c661e82c96759b91265","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"cisa-kev-CVE-2026-20122","source":"cisa-kev","category":"vulnerability","severity":"high","title":"CVE-2026-20122 — Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability","description":"Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the…","indicators":{"cves":["CVE-2026-20122"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T00:00:00.000Z","fetchedAt":"2026-04-23T03:00:00.187Z","references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-20122","label":"NVD","domainType":"primary"}],"feedLabel":null},{"id":"cisa-kev-CVE-2026-20133","source":"cisa-kev","category":"vulnerability","severity":"high","title":"CVE-2026-20133 — Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability","description":"Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability that could allow remote attackers to view sensitive information on affected systems.","indicators":{"cves":["CVE-2026-20133"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T00:00:00.000Z","fetchedAt":"2026-04-23T03:00:00.187Z","references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-20133","label":"NVD","domainType":"primary"}],"feedLabel":null},{"id":"cisa-kev-CVE-2025-2749","source":"cisa-kev","category":"vulnerability","severity":"high","title":"CVE-2025-2749 — Kentico Xperience Path Traversal Vulnerability","description":"Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations.","indicators":{"cves":["CVE-2025-2749"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T00:00:00.000Z","fetchedAt":"2026-04-23T03:00:00.187Z","references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2749","label":"NVD","domainType":"primary"}],"feedLabel":null},{"id":"cisa-kev-CVE-2025-48700","source":"cisa-kev","category":"vulnerability","severity":"high","title":"CVE-2025-48700 — Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability","description":"Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that could allow attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information.","indicators":{"cves":["CVE-2025-48700"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T00:00:00.000Z","fetchedAt":"2026-04-23T03:00:00.187Z","references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48700","label":"NVD","domainType":"primary"}],"feedLabel":null},{"id":"cisa-kev-CVE-2026-20128","source":"cisa-kev","category":"vulnerability","severity":"high","title":"CVE-2026-20128 — Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability","description":"Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesystem as a low-privileged user.","indicators":{"cves":["CVE-2026-20128"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T00:00:00.000Z","fetchedAt":"2026-04-23T03:00:00.187Z","references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-20128","label":"NVD","domainType":"primary"}],"feedLabel":null},{"id":"cisa-kev-CVE-2025-32975","source":"cisa-kev","category":"vulnerability","severity":"high","title":"CVE-2025-32975 — Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability","description":"Quest KACE Systems Management Appliance (SMA) contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users without valid credentials.","indicators":{"cves":["CVE-2025-32975"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T00:00:00.000Z","fetchedAt":"2026-04-23T03:00:00.187Z","references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32975","label":"NVD","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-silex-technology-sd-330ac-and-amc-manager","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Silex Technology SD-330AC and AMC Manager","description":"View CSAF\nSummary\nSuccessful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, cause a denial-of-service, or configuration information may be altered without authentication.\nThe following versions of Silex Technology SD-330AC and AMC Manager are affected:\nSD-33…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing","ics","transport"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:00:00.000Z","fetchedAt":"2026-04-23T03:00:00.173Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-10","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-siemens-ruggedcom-crossbow-secure-access-manager-primary","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary","description":"View CSAF\nSummary\nRUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) contains a vulnerability that could allow an attacker to escalate their own privileges. Siemens has released a new version for RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) and recommends to update to the latest ve…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:00:00.000Z","fetchedAt":"2026-04-23T03:00:00.173Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-02","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-siemens-tpm-2-0","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Siemens TPM 2.0","description":"View CSAF\nSummary\nThe products listed below contain a vulnerability that could allow an attacker to perform an out-of-bound read, potentially leading to information disclosure or denial of service of the TPM. Siemens has released new versions for several affected products and recommends to update to…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet","ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:00:00.000Z","fetchedAt":"2026-04-23T03:00:00.173Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-01","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-senselive-x3050","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"SenseLive X3050","description":"View CSAF\nSummary\nSuccessful exploitation of these vulnerabilities could allow an attacker to take complete control of the device.\nThe following versions of SenseLive X3050 are affected:\nX3050 V1.523 (CVE-2026-40630, CVE-2026-25720, CVE-2026-35503, CVE-2026-39462, CVE-2026-27843, CVE-2026-40431, CVE…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing","ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:00:00.000Z","fetchedAt":"2026-04-23T03:00:00.173Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-12","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-siemens-analytics-toolkit","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Siemens Analytics Toolkit","description":"View CSAF\nSummary\nMultiple Siemens applications are affected by improper certificate validation in Siemens Analytics Toolkit. This could allow an unauthenticated remote attacker to perform man in the middle attacks. Siemens has released new versions for the affected products and recommends to update…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:00:00.000Z","fetchedAt":"2026-04-23T03:00:00.173Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-04","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-siemens-scalance","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Siemens SCALANCE","description":"View CSAF\nSummary\nSCALANCE W-700 IEEE 802.11n family before V6.6.0 are affected by multiple vulnerabilities. Siemens has released a new version for SCALANCE W-700 IEEE 802.11n family and recommends to update to the latest version.\nThe following versions of Siemens SCALANCE are affected:\nSCALANCE W72…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:00:00.000Z","fetchedAt":"2026-04-23T03:00:00.173Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-07","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-siemens-sinec-nms","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Siemens SINEC NMS","description":"View CSAF\nSummary\nSiemens SINEC NMS when used with User Management Component (UMC) contains an authentication bypass vulnerability due to insufficient validation of user identity. This could allow an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the applica…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:00:00.000Z","fetchedAt":"2026-04-23T03:00:00.173Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-03","label":"CISA Advisory","domainType":"primary"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-09","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-zero-motorcycles-firmware","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Zero Motorcycles Firmware","description":"View CSAF\nSummary\nSuccessful exploitation of this vulnerability could allow an attacker to pair via Bluetooth with a motorcycle, gaining unauthorized access to all Bluetooth functions, including changing the firmware.\nThe following versions of Zero Motorcycles Firmware are affected:\nZero Motorcycles…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:00:00.000Z","fetchedAt":"2026-04-23T03:00:00.173Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-06","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-siemens-industrial-edge-management","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Siemens Industrial Edge Management","description":"View CSAF\nSummary\nIndustrial Edge Management contains an authorization bypass vulnerability that could be exploited by an unauthenticated remote attacker to circumvent authentication and to access connected Industrial Edge Devices through the remote connection feature. Siemens has released new versi…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:00:00.000Z","fetchedAt":"2026-04-23T03:00:00.173Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-11","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-siemens-ruggedcom-crossbow-station-access-controller-sac","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Siemens RUGGEDCOM CROSSBOW Station Access Controller (SAC)","description":"View CSAF\nSummary\nRUGGEDCOM CROSSBOW Station Access Controller (SAC) contains a vulnerability that could allow an attacker to achieve arbitrary code execution and to create a denial of service condition. Siemens has released a new version for RUGGEDCOM CROSSBOW Station Access Controller (SAC) and re…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:00:00.000Z","fetchedAt":"2026-04-23T03:00:00.173Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-08","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-supply-chain-compromise-impacts-axios-node-package-manager","source":"cisa-advisories","category":"advisory","severity":"high","title":"​​Supply Chain Compromise Impacts Axios Node Package Manager​ ","description":"The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this alert to provide guidance in response to the software supply chain compromise of the Axios node package manager (npm).1 Axios is an HTTP client for JavaScript that developers commonly use in Node.js and browser environment…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing","botnet","supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T12:00:00.000Z","fetchedAt":"2026-04-23T03:00:00.173Z","references":[{"url":"https://www.cisa.gov/news-events/alerts/2026/04/20/supply-chain-compromise-impacts-axios-node-package-manager","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-aveva-pipeline-simulation","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"AVEVA Pipeline Simulation","description":"View CSAF\nSummary\nSuccessful exploitation of this vulnerability could allow an unauthenticated attacker to modify simulation parameters, training configuration and training records.\nThe following versions of AVEVA Pipeline Simulation are affected:\nPipeline Simulation <=2025_SP1_build_7.1.9497.6351\nC…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T12:00:00.000Z","fetchedAt":"2026-04-23T03:00:00.173Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-04","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-horner-automation-cscape-and-xl4-xl7-plc","source":"cisa-advisories, vendor-blogs","category":"advisory","severity":"high","title":"Horner Automation Cscape and XL4, XL7 PLC","description":"View CSAF\nSummary\nSuccessful exploitation of this vulnerability could allow an attacker to gain unauthorized access to systems and services.\nThe following versions of Horner Automation Cscape and XL4, XL7 PLC are affected:\nCscape v10.0\nXL7 PLC v15.60\nXL4 PLC v16.32.0\nCVSS\nVendor\nEquipment\nVulnerabil…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T12:00:00.000Z","fetchedAt":"2026-04-23T03:00:00.173Z","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-02","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40193","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40193 — maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vul…","description":"maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search filters and DN strings via strings.ReplaceAll() without any LDAP filter escaping, despite the go-ldap…","indicators":{"cves":["CVE-2026-40193"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T00:16:28.163Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://github.com/foxcpp/maddy/commit/6a06337eb41fa87a35697366bcb71c3c962c44ba","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/foxcpp/maddy/releases/tag/v0.9.3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/foxcpp/maddy/security/advisories/GHSA-5835-4gvc-32pc","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40245","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40245 — Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Ver…","description":"Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions 4.2.1 and below contain an information disclosure vulnerability in the UDR (Unified Data Repository) service. The handler for GET /nudr-dr/v2/application-data/influenceData/subs-to-notify sends…","indicators":{"cves":["CVE-2026-40245"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T00:16:29.060Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-wrwh-rpq4-87hf","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-wrwh-rpq4-87hf","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40502","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40502 — OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote ga…","description":"OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can execut…","indicators":{"cves":["CVE-2026-40502"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T01:16:11.250Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://github.com/HKUDS/OpenHarness/commit/dd1d235450dd987b20bff01b7bfb02fe8620a0af","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/HKUDS/OpenHarness/pull/127","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openharness-remote-administrative-command-injection-via-gateway-handler","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40960","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40960 — Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least on…","description":"Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trusted_mods or secure.http_mods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it.","indicators":{"cves":["CVE-2026-40960"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T01:16:11.770Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://github.com/luanti-org/luanti/commit/0faf529bc4b89e70a275ed1162047815118f2413","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/luanti-org/luanti/commit/827fd4cf7f989482b2dad381fa4afd642ea73e8c","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/luanti-org/luanti/security/advisories/GHSA-22c4-238c-m5j4","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41015","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41015 — radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name…","description":"radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git (not a release), the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1.…","indicators":{"cves":["CVE-2026-41015"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T03:16:27.440Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://github.com/radareorg/radare2/blob/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2/SECURITY.md?plain=1#L3-L5","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/radareorg/radare2/commit/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/radareorg/radare2/issues/25650","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/radareorg/radare2/pull/25651","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/radareorg/radare2/issues/25650","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6348","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6348 — WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing…","description":"WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine as well as on all hosts within the environment where the agent is installed.","indicators":{"cves":["CVE-2026-6348"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T03:16:30.383Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://www.twcert.org.tw/en/cp-139-10840-ba9b9-2.html","label":"twcert@cert.org.tw","domainType":"other"},{"url":"https://www.twcert.org.tw/tw/cp-132-10839-2d9a7-1.html","label":"twcert@cert.org.tw","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6351","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6351 — MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticat…","description":"MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files.","indicators":{"cves":["CVE-2026-6351"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T03:16:31.053Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://www.twcert.org.tw/en/cp-139-10843-9ff91-2.html","label":"twcert@cert.org.tw","domainType":"other"},{"url":"https://www.twcert.org.tw/tw/cp-132-10844-1405d-1.html","label":"twcert@cert.org.tw","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22619","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-22619 — Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, w…","description":"Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software which is available on the…","indicators":{"cves":["CVE-2026-22619"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T06:16:10.413Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf","label":"CybersecurityCOE@eaton.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3599","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-3599 — The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' p…","description":"The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter keys within 'product_data' of the /wp-json/InkXEProductDesignerLite/add-item-to-cart REST API endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on the…","indicators":{"cves":["CVE-2026-3599"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T06:16:17.063Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L3576","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L6808","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L6876","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L3576","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L6808","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L6876","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a36c9a7e-830d-4a92-a330-29279387b3be?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3614","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-3614 — The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.…","description":"The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and including, 10.8.1 due to a missing capability check on the `wp_ajax_acymailing_router` AJAX handler. This makes it possible for authenticated attackers, with Subscriber-level access and a…","indicators":{"cves":["CVE-2026-3614"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T06:16:18.167Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/acymailing/tags/10.7.1/WpInit/Router.php#L11","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/acymailing/tags/10.7.1/WpInit/Router.php#L122","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/acymailing/tags/10.7.1/WpInit/Router.php#L230","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/acymailing/tags/10.7.1/back/Core/AcymController.php#L92","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/acymailing/tags/10.8.1/back/Core/AcymController.php#L99","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/acymailing/trunk/WpInit/Router.php#L11","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a895e2cf-9eba-4c46-b19f-d008e1058f64?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5050","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5050 — The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Ver…","description":"The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 7.0.0 due to successful_request() handlers calculating a local signature but not validating Ds_Signature from the request before…","indicators":{"cves":["CVE-2026-5050"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T06:16:20.587Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3501998/woo-redsys-gateway-light","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/80544889-8efc-4aa0-a690-774b1ee6a1a0?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1620","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-1620 — The Livemesh Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all…","description":"The Livemesh Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.0. This is due to insufficient sanitization of the template name parameter in the `lae_get_template_part()` function, which uses an inadequate `str_replace()` approach…","indicators":{"cves":["CVE-2026-1620"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T07:16:29.787Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/9.0/includes/helper-functions.php#L669","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/9.0/includes/helper-functions.php#L671","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/includes/helper-functions.php#L669","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/includes/helper-functions.php#L671","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2483875a-84de-4a40-a69e-aee68da1ce3b?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3876","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-3876 — The Prismatic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prismatic_e…","description":"The Prismatic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prismatic_encoded' pseudo-shortcode in all versions up to, and including, 3.7.3. This is due to insufficient input sanitization and output escaping on user-supplied attributes within the 'prismatic_decode' funct…","indicators":{"cves":["CVE-2026-3876"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T07:16:30.350Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset?old_path=/prismatic/tags/3.7.3/inc/prismatic-core.php&new_path=/prismatic/tags/3.7.4/inc/prismatic-core.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/aa4e18b0-f871-4476-af92-42e55aabdf93?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41035","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41035 — In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call,…","description":"In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerab…","indicators":{"cves":["CVE-2026-41035"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T07:16:31.003Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/RsyncProject/rsync/issues/871","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/RsyncProject/rsync/releases","label":"cve@mitre.org","domainType":"primary"},{"url":"https://www.openwall.com/lists/oss-security/2026/04/16/2","label":"cve@mitre.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/16/9","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/22/3","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-14868","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2025-14868 — The Career Section plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Path…","description":"The Career Section plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Path Traversal and Arbitrary File Deletion in all versions up to, and including, 1.6. This is due to missing nonce validation and insufficient file path validation on the delete action in the 'appform_opti…","indicators":{"cves":["CVE-2025-14868"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T08:16:26.773Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3474216/career-section","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/84936b68-923a-4da1-ae67-1d63d025342e?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-23772","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-23772 — Dell Storage Manager - Replay Manager for Microsoft Servers, version(s) 8.0, contain(s) an Improper…","description":"Dell Storage Manager - Replay Manager for Microsoft Servers, version(s) 8.0, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.","indicators":{"cves":["CVE-2026-23772"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T09:16:35.280Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000453020/dsa-2026-058-security-update-for-dell-storage-manager-replay-manager-for-microsoft-servers-vulnerabilities","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3489","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-3489 — The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable…","description":"The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection via the 'packages' parameter in versions up to, and including, 3.6.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S…","indicators":{"cves":["CVE-2026-3489"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T12:16:08.373Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3474986/directorypress","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2e602223-8571-42e1-9b3f-e7cc51f8fa58?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31987","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-31987 — JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. User…","description":"JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. \nUsers are advised to upgrade to Airflow version that contains fix.\n\nUsers are recommended to upgrade to version 3.2.0, which fixes this issue.","indicators":{"cves":["CVE-2026-31987"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T14:16:13.490Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/apache/airflow/issues/62428","label":"security@apache.org","domainType":"primary"},{"url":"https://github.com/apache/airflow/issues/62773","label":"security@apache.org","domainType":"primary"},{"url":"https://github.com/apache/airflow/pull/62964","label":"security@apache.org","domainType":"primary"},{"url":"https://lists.apache.org/thread/pvsrtxzwo9xy6xgknmwslv4zrw70kt6g","label":"security@apache.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/16/7","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5785","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5785 — Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions fro…","description":"Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module.","indicators":{"cves":["CVE-2026-5785"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T14:16:18.430Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2026-5785.html","label":"0fc0942c-577d-436f-ae8e-945763c79b02","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-30459","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-30459 — An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated att…","description":"An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message.","indicators":{"cves":["CVE-2026-30459"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T15:17:17.370Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"http://daylight.com","label":"cve@mitre.org","domainType":"other"},{"url":"http://fuelcms.com","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/daylightstudio/FUEL-CMS/blob/master/fuel/modules/fuel/controllers/Login.php","label":"cve@mitre.org","domainType":"primary"},{"url":"https://pentest-tools.com/PTT-2025-029-Password-Reset-Poisoning-via-Host-Header.pdf","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-30656","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-30656 — A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job…","description":"A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job files containing the fdp_pli option. The callback function str_fdp_pli_cb() does not validate the input pointer and calls strdup() on a NULL value when the option is specified without an argument. Thi…","indicators":{"cves":["CVE-2026-30656"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T15:17:17.873Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://gist.github.com/Criticayon/eb5e69163bfa4ce684e62ed5c939b76e","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/axboe/fio/issues/2055","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33804","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-33804 — @fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated F…","description":"@fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated Fastify ignoreDuplicateSlashes option is enabled. The middleware path matching logic does not account for duplicate slash normalization performed by Fastify's router, allowing requests with duplicate s…","indicators":{"cves":["CVE-2026-33804"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T15:17:34.633Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://cna.openjsf.org/security-advisories.html","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"other"},{"url":"https://github.com/fastify/middie/security/advisories/GHSA-v9ww-2j6r-98q6","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-3324","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-3324 — Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to authentication bypass on…","description":"Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to authentication bypass on certain actions due to improper filter configuration.","indicators":{"cves":["CVE-2026-3324"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T15:17:38.010Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://www.manageengine.com/log-management/advisory/CVE-2026-3324.html","label":"0fc0942c-577d-436f-ae8e-945763c79b02","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5426","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5426 — Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to F…","description":"Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks","indicators":{"cves":["CVE-2026-5426"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T16:16:17.693Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0009.md","label":"mandiant-cve@google.com","domainType":"primary"},{"url":"https://www.digital-knowledge.co.jp/product/kd/","label":"mandiant-cve@google.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41082","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41082 — In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach…","description":"In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.","indicators":{"cves":["CVE-2026-41082"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T18:16:45.980Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/ocaml/opam/pull/6897","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/ocaml/opam/releases/tag/2.5.1","label":"cve@mitre.org","domainType":"primary"},{"url":"https://lists.debian.org/debian-lts-announce/2026/04/msg00021.html","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6442","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6442 — Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed s…","description":"Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding specially crafted commands in untrusted content, such as a malicious repository, causing the CLI agent to…","indicators":{"cves":["CVE-2026-6442"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T19:16:35.560Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://community.snowflake.com/s/article/PromptArmor-Report---Snowflake-Response","label":"412d305a-227d-44f9-a262-a31ba44f2aea","domainType":"other"},{"url":"https://www.promptarmor.com/","label":"412d305a-227d-44f9-a262-a31ba44f2aea","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40901","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40901 — DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below shi…","description":"DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar, which pulls in commons-collections-3.2.1.jar containing the InvokerTransformer deserialization gadget chain. Quartz 2.3.2, also bundled in the application, deserializes…","indicators":{"cves":["CVE-2026-40901"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T21:16:24.270Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/dataease/dataease/releases/tag/v2.10.21","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-gm5q-g72w-c466","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40170","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40170 — ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_par…","description":"ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transpo…","indicators":{"cves":["CVE-2026-40170"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T22:16:38.220Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/ngtcp2/ngtcp2/commit/708a7640c1f48fb8ffb540c4b8ea5b4c1dfb8ee5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ngtcp2/ngtcp2/security/advisories/GHSA-f523-465f-8c8f","label":"security-advisories@github.com","domainType":"primary"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/17/12","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"},{"url":"https://github.com/ngtcp2/ngtcp2/security/advisories/GHSA-f523-465f-8c8f","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40246","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40246 — free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the…","description":"free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when va…","indicators":{"cves":["CVE-2026-40246"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T22:16:38.370Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-g9cw-qwhf-24jp","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40247","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40247 — free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the…","description":"free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when val…","indicators":{"cves":["CVE-2026-40247","CVE-2026-40248","CVE-2026-40249"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T22:16:38.510Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-x5r2-r74c-3w28","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-jgq2-qv8v-5cmj","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-gx38-8h33-pmxr","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41113","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41113 — sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts…","description":"sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remote.c.","indicators":{"cves":["CVE-2026-41113"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T22:16:39.103Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://blog.calif.io/p/we-asked-claude-to-audit-sagredos","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/califio/publications/tree/main/MADBugs/qmail","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/sagredo-dev/qmail/commit/749f607f6885e3d01b36f2647d7a1db88f1ef741","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/sagredo-dev/qmail/pull/42","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/sagredo-dev/qmail/releases/tag/v2026.04.07","label":"cve@mitre.org","domainType":"primary"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/18/5","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40259","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40259 — SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api…","description":"SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttributeView endpoint is protected only by generic authentication that accepts publish-service RoleReader tokens. The handler passes a caller-controlled id directly to a model functio…","indicators":{"cves":["CVE-2026-40259"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T23:16:33.430Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/siyuan-note/siyuan/releases/tag/v3.6.4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-7m5h-w69j-qggg","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-7m5h-w69j-qggg","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40318","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40318 — SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api…","description":"SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttributeView endpoint constructs a filesystem path using the user-controlled id parameter without validation or path boundary enforcement. An attacker can inject path traversal sequen…","indicators":{"cves":["CVE-2026-40318"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T23:16:33.590Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/siyuan-note/siyuan/releases/tag/v3.6.4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-vw86-c94w-v3x4","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-22734","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-22734 — Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user a…","description":"Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that are neither signed nor e…","indicators":{"cves":["CVE-2026-22734"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T01:17:37.107Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://www.cloudfoundry.org/blog/cve-2026-22734-uaa-saml-2-0-signature-bypass/","label":"security@vmware.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40262","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40262 — Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset deliver…","description":"Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset delivery handler serves uploaded files inline and relies on magic-byte detection for content type, which does not identify text-based formats such as HTML, SVG, or XHTML. These files are served with an empty…","indicators":{"cves":["CVE-2026-40262"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T01:17:39.950Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/enchant97/note-mark/commit/6bb62842ccb956870b9bf183629eba95e326e5e3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/enchant97/note-mark/releases/tag/v0.19.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/enchant97/note-mark/security/advisories/GHSA-9pr4-rf97-79qh","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5231","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5231 — The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utm_sou…","description":"The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utm_source' parameter in all versions up to, and including, 14.16.4. This is due to insufficient input sanitization and output escaping. The plugin's referral parser copies the raw utm_source value into the…","indicators":{"cves":["CVE-2026-5231"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T02:16:06.227Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-statistics/tags/14.16.4/assets/dev/javascript/chart.js#L498","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-statistics/tags/14.16.4/src/Service/Analytics/Referrals/ReferralsParser.php#L62","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-statistics/trunk/assets/dev/javascript/chart.js#L498","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-statistics/trunk/src/Service/Analytics/Referrals/ReferralsParser.php#L62","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3503795%40wp-statistics%2Ftrunk&old=3483860%40wp-statistics%2Ftrunk&sfp_email=&sfph_mail=","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9b350b48-05ba-4054-895f-36d7ad71459d?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3605","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-3605 — An authenticated user with access to a kvv2 path through a policy containing a glob may be able to d…","description":"An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any secret data…","indicators":{"cves":["CVE-2026-3605"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T04:16:03.263Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://discuss.hashicorp.com/t/hcsec-2026-05-vault-kvv2-metadata-and-secret-deletion-policy-bypass-denial-of-service/77342","label":"security@hashicorp.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4525","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-4525 — If a Vault auth mount is configured to pass through the \"Authorization\" header, and the \"Authorizati…","description":"If a Vault auth mount is configured to pass through the \"Authorization\" header, and the \"Authorization\" header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin backend. Fixed in 2.0.0, 1.21.5, 1.20.10, and 1.19.16.","indicators":{"cves":["CVE-2026-4525"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T04:16:09.997Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://discuss.hashicorp.com/t/hcsec-2026-07-vault-may-expose-tokens-to-auth-plugins-due-to-incorrect-header-sanitization/77344","label":"security@hashicorp.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5807","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5807 — Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedl…","description":"Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This vulnerability,…","indicators":{"cves":["CVE-2026-5807"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T05:16:19.303Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://discuss.hashicorp.com/t/hcsec-2026-08-vault-vulnerable-to-denial-of-service-via-unauthenticated-root-token-generation-rekey-operations/77345","label":"security@hashicorp.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6421","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6421 — A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown…","description":"A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown part in the library msimg32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The attack is considered to have high complexity. It is indicated that the…","indicators":{"cves":["CVE-2026-6421"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T06:16:30.367Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://download.mobatek.net/2622026032581854/MobaXterm_Installer_v26.2.zip","label":"cna@vuldb.com","domainType":"other"},{"url":"https://drive.google.com/file/d/17bbNDzfoD3NNPlUMkSYs8bVzVbbwddnU/view","label":"cna@vuldb.com","domainType":"other"},{"url":"https://mobaxterm.mobatek.net/download-home-edition.html","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/778851","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358020","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358020/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4659","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-4659 — The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via t…","description":"The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV URL parameter in versions up to, and including, 2.0.6. This is due to insufficient path traversal sanitization in the URLtoRelative() and urlToPath() functions, combined with the…","indicators":{"cves":["CVE-2026-4659"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T07:16:01.967Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/tags/2.0.6/inc_php/unitecreator_helper.class.php#L643","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/tags/2.0.6/inc_php/unitecreator_helper.class.php#L667","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/tags/2.0.6/inc_php/unitecreator_operations.class.php#L710","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/tags/2.0.6/provider/provider_helper.class.php#L597","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/tags/2.0.6/provider/provider_helper.class.php#L607","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_helper.class.php#L643","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_helper.class.php#L667","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_operations.class.php#L710","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/provider/provider_helper.class.php#L597","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/provider/provider_helper.class.php#L607","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3504458%40unlimited-elements-for-elementor&new=3504458%40unlimited-elements-for-elementor&sfp_email=&sfph_mail=","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9e7e3763-4606-4fc4-aa0f-b67e6087bdc2?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-23853","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-23853 — Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions…","description":"Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a use of weak credentials vulnerability. An unauthenticated attacker…","indicators":{"cves":["CVE-2026-23853","CVE-2026-23778","CVE-2026-23776","CVE-2026-23779","CVE-2025-46605","CVE-2025-46606","CVE-2025-46607","CVE-2025-46641","CVE-2026-23777","CVE-2026-28263","CVE-2026-23774"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:16:16.900Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33392","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-33392 — In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass","description":"In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass","indicators":{"cves":["CVE-2026-33392"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:16:17.877Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","label":"cve@jetbrains.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-36568","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2025-36568 — Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LT…","description":"Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an insufficiently protected credentials vulnerability. A low privileged attacker with local…","indicators":{"cves":["CVE-2025-36568"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T09:16:05.000Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-23775","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-23775 — Dell PowerProtect Data Domain appliances with Data Domain Operating System (DD OS) of Feature Releas…","description":"Dell PowerProtect Data Domain appliances with Data Domain Operating System (DD OS) of Feature Release versions 8.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with remote access cou…","indicators":{"cves":["CVE-2026-23775"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T09:16:05.153Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6483","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6483 — A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function st…","description":"A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upg…","indicators":{"cves":["CVE-2026-6483"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T11:16:11.160Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://dl.wavlink.com/firmware/RD/root_uImage_WN530H4-A_2026.04.16.bin","label":"cna@vuldb.com","domainType":"other"},{"url":"https://github.com/dxz0069/WAVLINK-WN530H4-Command-Injection-in-set_add_routing/blob/main/vuldb_submission_report.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/783055","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358021","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358021/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6507","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6507 — A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by…","description":"A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY (Bootstrap Protocol Reply) packet to a dnsmasq server configured with the `--dhcp-split-relay` option. This can lead to memory corruption, causing the dnsmasq da…","indicators":{"cves":["CVE-2026-6507"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T13:16:14.967Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6507","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2459181","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31317","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-31317 — Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attack…","description":"Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file","indicators":{"cves":["CVE-2026-31317"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:16:33.730Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/markhuot/craftql","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/stormmmg/craftql_ssrf/","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/stormmmg/craftql_ssrf/blob/master/craftql-ssrf-en/README_detail.md","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/stormmmg/craftql_ssrf/blob/master/craftql-ssrf-en/README_detail.md","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40459","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40459 — PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inje…","description":"PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP queries and arbitrary directory operations.\n\nThis issue was fixed in PAC4J versions 4.5.10, 5.7.10 an…","indicators":{"cves":["CVE-2026-40459"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:16:34.123Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://cert.pl/en/posts/2026/04/CVE-2026-40458/","label":"cvd@cert.pl","domainType":"other"},{"url":"https://www.pac4j.org/blog/security-advisory-pac4j-core-and-ldap.html","label":"cvd@cert.pl","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6490","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6490 — A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impa…","description":"A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impacted is an unknown function of the file admin/deletecourse.php of the component GET Request Parameter Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated re…","indicators":{"cves":["CVE-2026-6490"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:16:34.983Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/duckpigdog/CVE/blob/main/QueryMine_sms%20PHP%20Project%20Deployment%20Document%20(Windows%20Local)-1.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/786912","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358034","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358034/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-21733","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-21733 — Software installed and run as a non-privileged user may conduct improper GPU system calls to gain wr…","description":"Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory and files.\n\nThis is caused by improper handling of GPU memory reservation protections.","indicators":{"cves":["CVE-2026-21733"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T17:16:35.220Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://www.imaginationtech.com/gpu-driver-vulnerabilities/","label":"367425dc-4d06-4041-9650-c2dc6aaa27ce","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3464","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-3464 — The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to i…","description":"The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajax_attach_file' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator gr…","indicators":{"cves":["CVE-2026-3464"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T17:17:07.217Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/js/common/files/file-attachment-manager.js#L170","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/js/common/files/ftp-uploader.js#L63","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/php/core-addons/private-file/private-file-addon.class.php#L844","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/php/core-addons/private-file/private-file-addon.class.php#L883","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/php/core-addons/private-file/private-file-addon.class.php#L920","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/php/core-addons/private-file/private-file-default-handlers.class.php#L404","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/php/core-addons/private-file/private-file-default-handlers.class.php#L422","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/php/core-addons/private-file/private-file-default-handlers.class.php#L428","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/customer-area/tags/8.3.4/src/php/core-addons/private-file/templates/private-attachments-add-ftp-folder-frontend.template.php#L17","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3507868/customer-area","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/aadf1f4c-c852-4167-9b09-7e679a953725?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40515","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40515 — OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers t…","description":"OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not properl…","indicators":{"cves":["CVE-2026-40515"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T17:17:09.067Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/HKUDS/OpenHarness/commit/bd4df81f634f8c7cddcc3fdf7f561a13dcbf03ae","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/HKUDS/OpenHarness/pull/92","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openharness-permission-bypass-via-grep-and-glob-root-argument","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40516","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40516 — OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fe…","description":"OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses. Attackers can influence an a…","indicators":{"cves":["CVE-2026-40516"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T17:17:09.327Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/HKUDS/OpenHarness/commit/bd4df81f634f8c7cddcc3fdf7f561a13dcbf03ae","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/HKUDS/OpenHarness/pull/92","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openharness-ssrf-via-web-fetch-and-web-search","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://github.com/HKUDS/OpenHarness/pull/92","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40518","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40518 — ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerab…","description":"ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers can supply traversal-style values or absolute paths as the agent name to influence directory creati…","indicators":{"cves":["CVE-2026-40518"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T17:17:09.543Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/bytedance/deer-flow/commit/2176b2bbfccfce25ceee08318813f96d843a13fd","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/bytedance/deer-flow/pull/2274","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/bytedance-deerflow-path-traversal-and-arbitrary-file-write-via-bootstrap-mode","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-65104","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2025-65104 — Firebird is an open-source relational database management system. In versions FB3 of the client libr…","description":"Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher…","indicators":{"cves":["CVE-2025-65104"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T18:16:30.773Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-mfpr-9886-xjhg","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5710","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5710 — The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Path…","description":"The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary File Read in versions up to and including 1.3.9.6. This is due to the plugin using client-supplied mfile[] POST values as the source of truth for email attachment selec…","indicators":{"cves":["CVE-2026-5710"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T18:16:32.593Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.9.6/inc/dnd-upload-cf7.php#L203","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.9.6/inc/dnd-upload-cf7.php#L477","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.9.6/inc/dnd-upload-cf7.php#L718","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3508522/drag-and-drop-multiple-file-upload-contact-form-7","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1005eb8c-da5a-4422-9d65-0f341ad755b2?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5718","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5718 — The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbi…","description":"The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.6. This is due to insufficient file type validation that occurs when custom blacklist types are configured, which replaces the default dangero…","indicators":{"cves":["CVE-2026-5718"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T18:16:32.753Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.9.6/inc/dnd-upload-cf7.php#L62","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.9.6/inc/dnd-upload-cf7.php#L883","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.9.6/inc/dnd-upload-cf7.php#L970","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/tags/1.3.9.6/inc/dnd-upload-cf7.php#L987","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3508522/drag-and-drop-multiple-file-upload-contact-form-7","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/38f95d40-a6d4-429c-9872-9d2531e942eb?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-28212","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-28212 — Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4,…","description":"Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to the SDL_info() function, resulting in a null pointer dereference a…","indicators":{"cves":["CVE-2026-28212"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T19:16:35.180Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-9884-9qm3-hqch","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-32107","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-32107 — xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did n…","description":"xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and execute arbitrary code…","indicators":{"cves":["CVE-2026-32107"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:33.677Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-p5m6-7m43-pjv9","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-32324","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-32324 — Anviz CX7 Firmware is vulnerable because the application embeds reusable certificate/key material, e…","description":"Anviz CX7 Firmware is \nvulnerable because the application embeds reusable certificate/key \nmaterial, enabling decryption of MQTT traffic and potential interaction \nwith device messaging channels at scale.","indicators":{"cves":["CVE-2026-32324"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:33.817Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json","label":"ics-cert@hq.dhs.gov","domainType":"primary"},{"url":"https://www.anviz.com/contact-us.html","label":"ics-cert@hq.dhs.gov","domainType":"other"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03","label":"ics-cert@hq.dhs.gov","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-32650","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-32650 — Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable enc…","description":"Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable \nencryption, causing database credentials to be sent in plaintext and \nenabling unauthorized database access.","indicators":{"cves":["CVE-2026-32650"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:34.360Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json","label":"ics-cert@hq.dhs.gov","domainType":"primary"},{"url":"https://www.anviz.com/contact-us.html","label":"ics-cert@hq.dhs.gov","domainType":"other"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03","label":"ics-cert@hq.dhs.gov","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35682","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-35682 — Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that ena…","description":"Anviz CX2 Lite is vulnerable to an authenticated command injection via a \nfilename parameter that enables arbitrary command execution (e.g., \nstarting telnetd), resulting in root‑level access.","indicators":{"cves":["CVE-2026-35682"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:35.510Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json","label":"ics-cert@hq.dhs.gov","domainType":"primary"},{"url":"https://www.anviz.com/contact-us.html","label":"ics-cert@hq.dhs.gov","domainType":"other"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03","label":"ics-cert@hq.dhs.gov","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40066","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40066 — Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device…","description":"Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The \ndevice unpacks and executes a script resulting in unauthenticated remote\n code execution.","indicators":{"cves":["CVE-2026-40066"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:35.637Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json","label":"ics-cert@hq.dhs.gov","domainType":"primary"},{"url":"https://www.anviz.com/contact-us.html","label":"ics-cert@hq.dhs.gov","domainType":"other"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03","label":"ics-cert@hq.dhs.gov","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40283","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40283 — WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site…","description":"WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript via the \"Nome\" field in the \"Informações Pacientes\" page. The payload is stored and executed when the patient…","indicators":{"cves":["CVE-2026-40283","CVE-2026-40282","CVE-2026-40284","CVE-2026-40286"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:35.793Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-x74c-gwj9-6cwr","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-r6h8-7vxv-q8pp","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-mccp-8446-phw5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-42rc-rvrx-cmmw","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40434","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40434 — Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet…","description":"Anviz CrossChex Standard\nlacks source verification in the client/server channel, enabling TCP \npacket injection by an attacker on the same network to alter or disrupt \napplication traffic.","indicators":{"cves":["CVE-2026-40434"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:36.083Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json","label":"ics-cert@hq.dhs.gov","domainType":"primary"},{"url":"https://www.anviz.com/contact-us.html","label":"ics-cert@hq.dhs.gov","domainType":"other"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03","label":"ics-cert@hq.dhs.gov","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40461","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40461 — Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings (e…","description":"Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug \nsettings (e.g., enabling SSH), allowing unauthorized state changes that \ncan facilitate later compromise.","indicators":{"cves":["CVE-2026-40461"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:36.217Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json","label":"ics-cert@hq.dhs.gov","domainType":"primary"},{"url":"https://www.anviz.com/contact-us.html","label":"ics-cert@hq.dhs.gov","domainType":"other"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03","label":"ics-cert@hq.dhs.gov","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35603","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-35603 — Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded th…","description":"Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\\ProgramData\\ClaudeCode\\managed-settings.json without validating directory ownership or access permissions. Because the ProgramData directory is writable by…","indicators":{"cves":["CVE-2026-35603"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:33.507Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/anthropics/claude-code/security/advisories/GHSA-5cwg-9f6j-9jvx","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40196","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40196 — HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerabilit…","description":"HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group, even after their access to that group was revoked. While the web interface correctly enforced the ac…","indicators":{"cves":["CVE-2026-40196"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:33.863Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/sysadminsmedia/homebox/releases/tag/v0.25.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/sysadminsmedia/homebox/security/advisories/GHSA-6pvm-v73p-p6m9","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40285","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40285 — WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection…","description":"WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/memorando/UsuarioDAO.php. The cpf_usuario POST parameter overwrites the session-stored user identity via extract($_REQUEST) in DespachoControle::verificarDespacho(), and the atta…","indicators":{"cves":["CVE-2026-40285"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:34.267Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-666r-v2m7-xgp9","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-666r-v2m7-xgp9","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40303","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40303 — zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, end…","description":"zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls make([]string, count) with no upper bound before any token validation occurs. The function is reached on every request…","indicators":{"cves":["CVE-2026-40303"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:35.140Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/openziti/zrok/releases/tag/v2.0.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/openziti/zrok/security/advisories/GHSA-cpf9-ph2j-ccr9","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40527","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40527 — radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command…","description":"radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DW_TAG_formal_parameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute…","indicators":{"cves":["CVE-2026-40527"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:35.373Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/radareorg/radare2/commit/bc5a89033db3ecb5b1f7bf681fc6ba4dcfc14683","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/radareorg/radare2/pull/25821","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/radare2-command-injection-via-dwarf-parameter-names","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40305","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40305 — DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e…","description":"DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.…","indicators":{"cves":["CVE-2026-40305","CVE-2026-40306","CVE-2026-40321"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T22:16:32.370Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v10.2.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-fpj4-9qhx-5m6m","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2rhw-gw3f-477j","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-ffq7-898w-9jc4","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40352","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40352 — FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoin…","description":"FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticated attacker can bypass the \"old password\" verification by injecting MongoDB query operators. This allows an attacker who has gained a low-privileged s…","indicators":{"cves":["CVE-2026-40352"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T22:16:32.940Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/labring/FastGPT/commit/bd966d479fbe414d02679cf79f9eaaab3d100a2d","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/labring/FastGPT/releases/tag/v4.14.9.5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/labring/FastGPT/security/advisories/GHSA-422w-vrfj-72g6","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40474","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40474 — wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the GymConfigUpd…","description":"wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the GymConfigUpdateView declares permission_required = 'config.change_gymconfig' but inherits WgerFormMixin instead of WgerPermissionMixin, so the permission is never enforced at runtime. Since GymConfig is an ownerl…","indicators":{"cves":["CVE-2026-40474"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T22:16:33.213Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/wger-project/wger/commit/47ee5af93b3ced24b9f94b0a8b9296b50bc9523f","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/wger-project/wger/releases/tag/2.5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/wger-project/wger/security/advisories/GHSA-xppv-4jrx-qf8m","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-2262","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-2262 — The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all ve…","description":"The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the `/wp-json/wp/v2/eablocks/ea_appointments/` REST API endpoint. This is due to the endpoint being registered with `'permission_callback' => '__return_true'`,…","indicators":{"cves":["CVE-2026-2262"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:36.620Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.19/ea-blocks/ea-blocks.php#L141","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/tags/3.12.19/ea-blocks/ea-blocks.php#L190","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/easy-appointments/trunk/ea-blocks/ea-blocks.php#L190","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3485692/easy-appointments/trunk/ea-blocks/ea-blocks.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?old_path=%2Feasy-appointments/tags/3.12.21&new_path=%2Feasy-appointments/tags/3.12.22","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e681aa8e-522e-4092-aa1f-8ada3097c8d6?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40348","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40348 — Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1,…","description":"Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can trigger server-side requests to arbitrary internal targets through `POST /settings/jellyfin/server-url-verify`. The endpoint accepts a user-controlled URL, appends `…","indicators":{"cves":["CVE-2026-40348","CVE-2026-40349","CVE-2026-40350"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:38.663Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/leepeuker/movary/commit/d459b3513293d41254f7093aef07010a8e5dcf04","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/leepeuker/movary/pull/751","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/leepeuker/movary/releases/tag/0.71.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/leepeuker/movary/security/advisories/GHSA-2m2v-v563-qqvj","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/leepeuker/movary/commit/12c8a090051b1a1c07a3aa48922f3bc9ffe44c8b","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/leepeuker/movary/pull/750","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/leepeuker/movary/security/advisories/GHSA-mcfq-8rx7-w25v","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/leepeuker/movary/commit/92c7400486f5fe9f350046e04e45a8502778bf39","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/leepeuker/movary/pull/749","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/leepeuker/movary/security/advisories/GHSA-7r3f-9fwv-p43w","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40581","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40581 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record…","description":"ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record deletion endpoint (SelectDelete.php) performs permanent, irreversible deletion of family records and all associated data via a plain GET request with no CSRF token validation. An attacker can craft a…","indicators":{"cves":["CVE-2026-40581"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:39.683Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/ChurchCRM/CRM/commit/39361628613af7682b813f3e62a412559616d674","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/pull/8613","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/security/advisories/GHSA-6qxv-xw9j-77pj","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35465","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-35465 — SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle s…","description":"SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation. In versions 0.17.4 and below, a compromised SecureDrop Server can achieve code execution on the Client's virtual machine (sd-app) by exploiting improper filen…","indicators":{"cves":["CVE-2026-35465"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T01:16:18.440Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/freedomofpress/securedrop-client/blob/8dc8bb6e307b13876d67f72d8a071202e2f39ab5/changelog.md?plain=1#L8","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freedomofpress/securedrop-client/commit/e518adaf897e7838467ccf9e1f28152ae6fe3655","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freedomofpress/securedrop-client/security/advisories/GHSA-2jrc-x8fq-prvc","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35582","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-35582 — Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getComm…","description":"Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand() is vulnerable to OS command injection  because it interpolates temporary file paths into a /bin/sh -c shell command string without any escaping or input validation. The IN_FILE_ENDING and OUT_FI…","indicators":{"cves":["CVE-2026-35582"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T02:16:11.510Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/NationalSecurityAgency/emissary/commit/1faf33f2494c0128f250d7d2e8f2da99bbd32ae8","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/NationalSecurityAgency/emissary/security/advisories/GHSA-3p24-9x7v-7789","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40487","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40487 — Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file upload validation bypa…","description":"Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file upload validation bypass allows any authenticated user to upload arbitrary HTML, SVG, or other executable file types to the server by spoofing the `Content-Type` header. The uploaded files are then served by nginx with a C…","indicators":{"cves":["CVE-2026-40487"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T02:16:11.670Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/gitroomhq/postiz-app/releases/tag/v2.21.6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gitroomhq/postiz-app/security/advisories/GHSA-44wg-r34q-hvfx","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gitroomhq/postiz-app/security/advisories/GHSA-44wg-r34q-hvfx","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6518","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6518 — The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbi…","description":"The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the `cmp_theme_update_install` AJAX action. This is due to the function only checking for the `publish_page…","indicators":{"cves":["CVE-2026-6518"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T05:16:24.377Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/cmp-coming-soon-maintenance/tags/4.1.16/niteo-cmp.php#L1421","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cmp-coming-soon-maintenance/tags/4.1.16/niteo-cmp.php#L1437","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cmp-coming-soon-maintenance/tags/4.1.16/niteo-cmp.php#L1447","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?old_path=%2Fcmp-coming-soon-maintenance/tags/4.1.16&new_path=%2Fcmp-coming-soon-maintenance/tags/4.1.17","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d6fb275b-dbba-46df-b170-977ef4a84c4c?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-25917","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-25917 — Dag Authors, who normally should not be able to execute code in the webserver context could craft XC…","description":"Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.\n\nUsers are recommended to upgrade to Apache Airflow 3.2.0, whic…","indicators":{"cves":["CVE-2026-25917"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T07:16:09.347Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/apache/airflow/pull/61641","label":"security@apache.org","domainType":"primary"},{"url":"https://lists.apache.org/thread/6whgpkqbh12rvpfmvcg8b0vwlv4hq3po","label":"security@apache.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/17/9","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-30898","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-30898 — An example of BashOperator in Airflow documentation suggested a way of passing dag_run.conf in the w…","description":"An example of BashOperator in Airflow documentation suggested a way of passing dag_run.conf in the way that could cause unsanitized user input to be used to escalate privileges of UI user to allow execute code on worker. Users should review if any of their own DAGs have adopted this incorrect advice…","indicators":{"cves":["CVE-2026-30898"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T07:16:10.297Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/apache/airflow/pull/64129","label":"security@apache.org","domainType":"primary"},{"url":"https://lists.apache.org/thread/26zmhfj1t95c1hld2r14ho81nzh1bdc8","label":"security@apache.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/17/7","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-30912","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-30912 — In case of SQL errors, exception/stack trace of errors was exposed in API even if \"api/expose_stack_…","description":"In case of SQL errors, exception/stack trace of errors was exposed in API even if \"api/expose_stack_traces\" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.","indicators":{"cves":["CVE-2026-30912"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T07:16:10.427Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/apache/airflow/pull/63028","label":"security@apache.org","domainType":"primary"},{"url":"https://lists.apache.org/thread/tp6kz1hnfb3zsrrtg19myo8x5x80w8r9","label":"security@apache.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/17/5","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-32228","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-32228 — UI / API User with asset materialize permission could trigger dags they had no access to. Users are…","description":"UI / API User with asset materialize permission could trigger dags they had no access to.\nUsers are advised to migrate to Airflow version 3.2.0 that fixes the issue.","indicators":{"cves":["CVE-2026-32228"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T07:16:10.560Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/apache/airflow/pull/63338","label":"security@apache.org","domainType":"primary"},{"url":"https://lists.apache.org/thread/s7c75txgt4qf2rofcn43szfwgcrzy0nj","label":"security@apache.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/17/8","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6560","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6560 — A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects…","description":"A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function Edit_BasicSSID of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly…","indicators":{"cves":["CVE-2026-6560"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T07:16:05.973Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/xiaohaiyang-ai/CVE-Reports/blob/main/Vulnerability-Report.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/788021","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358197","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358197/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6562","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6562 — A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of…","description":"A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.…","indicators":{"cves":["CVE-2026-6562"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T09:16:10.100Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://thinhneee.github.io/posts/muucmf-sqli/","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/789501","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358199","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358199/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6563","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6563 — A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function S…","description":"A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to th…","indicators":{"cves":["CVE-2026-6563"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T09:16:11.000Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/K4ptor/H3C-routers-vulnerability/","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/789531","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358200","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358200/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6568","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6568 — A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.c…","description":"A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Handler. This manipulation of the argument path causes path traversal. The attack can be initiated remo…","indicators":{"cves":["CVE-2026-6568"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T10:16:09.203Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://vuldb.com/submit/789981","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358202","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358202/cti","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vulnplus-note.wetolink.com/share/JyHBnRUaoOY2","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6569","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6569 — A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet…","description":"A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such manipulation of the argument fileUrl leads to improper authentication. The attack can be launched remotely. The ven…","indicators":{"cves":["CVE-2026-6569"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T11:16:14.443Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://vuldb.com/submit/789982","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358203","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358203/cti","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vulnplus-note.wetolink.com/share/wgfZR6kXRApl","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6574","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6574 — A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown pr…","description":"A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials. The attack may be performed from remote. The ex…","indicators":{"cves":["CVE-2026-6574"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T14:16:11.593Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://vuldb.com/submit/790000","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358209","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358209/cti","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vulnplus-note.wetolink.com/share/VhoNkMja5u7A","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6577","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6577 — A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an…","description":"A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file owntracks/views.py of the component logtracks Endpoint. The manipulation leads to missing authentication. The attack can be initiated remotely. The exploit is publicly ava…","indicators":{"cves":["CVE-2026-6577"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T20:16:28.837Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-2-Unauthenticated-GPS-Data-Injection.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/790282","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358212","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358212/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6580","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6580 — A security vulnerability has been detected in liangliangyy DjangoBlog up to 2.1.0.0. Affected is an…","description":"A security vulnerability has been detected in liangliangyy DjangoBlog up to 2.1.0.0. Affected is an unknown function of the file owntracks/views.py of the component Amap API Call Handler. Such manipulation of the argument key leads to use of hard-coded cryptographic key\r . The attack may be launched…","indicators":{"cves":["CVE-2026-6580"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T23:16:33.697Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-5-Hardcoded-Amap-API-Key.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/790287","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358215","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358215/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6581","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6581 — A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the fu…","description":"A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function SetMobileAPInfoById of the file /goform/aspForm. Performing a manipulation of the argument param results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now pu…","indicators":{"cves":["CVE-2026-6581"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T23:16:33.893Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/hmKunlun/H3Cc/blob/main/h3c.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/790977","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358216","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358216/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6582","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6582 — A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the fun…","description":"A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function get_vector_db_details of the file superagi/controllers/vector_dbs.py of the component Vector Database Management Endpoint. Executing a manipulation can lead to missing authentication. The attack…","indicators":{"cves":["CVE-2026-6582"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T23:16:34.080Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/YLChen-007/f38b32a9cd0c9722e04a716ca4dbf9d5","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791072","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358217","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358217/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6594","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6594 — A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing…","description":"A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing a manipulation of the argument __proto__/constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be performed from remote. The ve…","indicators":{"cves":["CVE-2026-6594"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T02:16:15.633Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/sudo-secure/security-research/blob/main/brikcss-merge/prototype-pollution/PoC.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791805","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358229","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358229/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6595","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6595 — A vulnerability was identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f8…","description":"A vulnerability was identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This vulnerability affects unknown code of the file buslocation.php of the component HTTP GET Parameter Handler. The manipulation of the argument bus_id leads to sql injecti…","indicators":{"cves":["CVE-2026-6595"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T03:16:16.777Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://tcn60zf28jhk.feishu.cn/wiki/MdHFw78Gmi1zbske8Ozc6XTjnIh?from=from_copylink","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/791820","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358230","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358230/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6596","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6596 — A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the func…","description":"A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function create_upload_file of the file src/backend/base/Langflow/api/v1/endpoints.py of the component API Endpoint. The manipulation results in unrestricted upload. It is possible to launch the attack re…","indicators":{"cves":["CVE-2026-6596"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T03:16:16.967Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/chenhouser2025/c2aabfdee41009cfe45d28a9924742a0","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791919","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358231","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358231/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-32955","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-32955 — SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-based buffer overflow vu…","description":"SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device.","indicators":{"cves":["CVE-2026-32955"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T04:16:29.113Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://jvn.jp/en/vu/JVNVU94271449/","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/en/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-32965","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-32965 — Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manag…","description":"Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc. When the affected device is connected to the network with the initial (factory-default) configuration, the device can be configured with the null string password.","indicators":{"cves":["CVE-2026-32965"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T04:16:45.583Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://jvn.jp/en/vu/JVNVU94271449/","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/en/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6602","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6602 — A vulnerability was found in rickxy Hospital Management System up to 88a4290d957dc5bdde8a56e5ad451ad…","description":"A vulnerability was found in rickxy Hospital Management System up to 88a4290d957dc5bdde8a56e5ad451ad14f7f90f4. Affected is an unknown function of the file /backend/admin/his_admin_account.php. The manipulation of the argument ad_dpic results in unrestricted upload. The attack can be executed remotel…","indicators":{"cves":["CVE-2026-6602"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T04:16:58.933Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/freeloader9527/cve/issues/2","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792092","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358237","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358237/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6603","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6603 — A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability…","description":"A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function execute_python_code/execute_shell_command of the file src/AgentScope/tool/_coding/_python.py. This manipulation causes code injection. The attack is possible to be carried out remotel…","indicators":{"cves":["CVE-2026-6603"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T05:16:15.353Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/YLChen-007/c084d69aaeda6729f3988603f2b0ce6e","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792223","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358238","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358238/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6604","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6604 — A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the…","description":"A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function _parse_url/prepare_image/openai_audio_to_text of the file src/agentscope/tool/_multi_modality/_openai_tools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument imag…","indicators":{"cves":["CVE-2026-6604"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T05:16:15.567Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/YLChen-007/e3e0741b297d8c2ffca59b6350d4c657","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792224","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358239","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358239/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6605","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6605 — A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function…","description":"A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function _get_bytes_from_web_url of the file src/agentscope/_utils/_common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. It is possible to initiate th…","indicators":{"cves":["CVE-2026-6605"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T05:16:15.780Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/YLChen-007/ced2d438ae79a5a11cea663c1ba2c954","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792225","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358240","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358240/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6606","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6606 — A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the…","description":"A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function _process_audio_block of the file src/agentscope/agent/_agent_base.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attac…","indicators":{"cves":["CVE-2026-6606"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T05:16:15.987Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/YLChen-007/4e589eec07446726612dc416a7d80820","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792226","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358241","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358241/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5966","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5966 — ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authen…","description":"ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system.","indicators":{"cves":["CVE-2026-5966"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T08:16:11.010Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://www.twcert.org.tw/en/cp-139-10832-05f3a-2.html","label":"twcert@cert.org.tw","domainType":"other"},{"url":"https://www.twcert.org.tw/tw/cp-132-10831-a734d-1.html","label":"twcert@cert.org.tw","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6615","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6615 — A weakness has been identified in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue i…","description":"A weakness has been identified in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function Upload of the file superagi/controllers/resources.py of the component Multipart Upload Handler. This manipulation of the argument Name causes path traversal. It is possible to initiate…","indicators":{"cves":["CVE-2026-6615"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T08:16:11.190Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/YLChen-007/300843c707435540ce0e23bff3e6173a","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791083","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358250","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358250/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5967","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5967 — ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authentic…","description":"ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote attackers with shell access can inject OS commands and execute them with root privileges.","indicators":{"cves":["CVE-2026-5967"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T09:16:09.430Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://www.twcert.org.tw/en/cp-139-10855-e6d1b-2.html","label":"twcert@cert.org.tw","domainType":"other"},{"url":"https://www.twcert.org.tw/tw/cp-132-10854-03015-1.html","label":"twcert@cert.org.tw","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6621","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6621 — A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknow…","description":"A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument __proto__ causes improperly controlled modification of object prototype attributes. Remote exploitation of the attack is possible. Th…","indicators":{"cves":["CVE-2026-6621"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T09:16:10.170Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/sudo-secure/security-research/blob/main/extend-deep/prototype-pollution/PoC.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792387","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358256","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358256/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6625","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6625 — A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulne…","description":"A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file mogu_picture/src/main/java/com/moxi/mogublog/picture/service/impl/LocalFileServiceImpl.java of the component Picture Storag…","indicators":{"cves":["CVE-2026-6625"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T10:16:17.760Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/ccccccctiiiiiiii-lab/public_exp/issues/3","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792417","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358260","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358260/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6629","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6629 — A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the…","description":"A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the function Statement.executeUpdate of the file sql.jsp of the component Interface. Such manipulation of the argument sql leads to sql injection. The attack can be launched remotely. The exploit has been…","indicators":{"cves":["CVE-2026-6629"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T11:16:18.927Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://my.feishu.cn/docx/JttndUaPLoR88HxI1alcz1uencf?from=from_copylink","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/792615","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358263","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358263/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6630","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6630 — A vulnerability was found in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromGstD…","description":"A vulnerability was found in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips results in buffer overflow. The attack may be initiated remotely. The exploit has bee…","indicators":{"cves":["CVE-2026-6630"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T11:16:19.407Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/Jimi-Lab/cve/issues/23","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792882","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358264","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358264/cti","label":"cna@vuldb.com","domainType":"other"},{"url":"https://www.tenda.com.cn/","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6631","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6631 — A vulnerability was determined in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function fromwebExc…","description":"A vulnerability was determined in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. Executing a manipulation of the argument page can lead to buffer overflow. The attack may be launched remotely. The expl…","indicators":{"cves":["CVE-2026-6631"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T11:16:19.583Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/Jimi-Lab/cve/issues/25","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792904","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358265","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358265/cti","label":"cna@vuldb.com","domainType":"other"},{"url":"https://www.tenda.com.cn/","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6632","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6632 — A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the functio…","description":"A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component httpd. The manipulation of the argument menufacturer/Go leads to buffer overflow. Remote exploitation of the attack is poss…","indicators":{"cves":["CVE-2026-6632"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T11:16:19.760Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/Jimi-Lab/cve/issues/26","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792905","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358266","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358266/cti","label":"cna@vuldb.com","domainType":"other"},{"url":"https://www.tenda.com.cn/","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6635","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6635 — A security vulnerability has been detected in rowboatlabs rowboat up to 0.1.67. This impacts the fun…","description":"A security vulnerability has been detected in rowboatlabs rowboat up to 0.1.67. This impacts the function tool_call of the file apps/experimental/tools_webhook/app.py of the component tools_webhook. Such manipulation of the argument X-Tools-JWE leads to improper authentication. The attack may be per…","indicators":{"cves":["CVE-2026-6635"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T12:16:09.673Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/Dave-gilmore-aus/security-advisories/blob/main/rowbat-advisory","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/793433","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358269","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358269/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3517","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-3517 — OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an a…","description":"OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry' command","indicators":{"cves":["CVE-2026-3517","CVE-2026-3518","CVE-2026-3519"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T14:16:19.330Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://community.progress.com/s/article/LoadMaster-Security-Vulnerabilites-CVE-2026-3517-CVE-2026-3518-CVE-2026-3519-CVE-2026-4048-CVE-2026-21876","label":"security@progress.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4048","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-4048 — OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an au…","description":"OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file upload process.","indicators":{"cves":["CVE-2026-4048"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T14:16:20.700Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://community.progress.com/s/article/LoadMaster-Security-Vulnerabilites-CVE-2026-3517-CVE-2026-3518-CVE-2026-3519-CVE-2026-4048-CVE-2026-21876","label":"security@progress.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-25058","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-25058 — Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0…","description":"Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa transcription-collector service exposes an internal endpoint `GET /internal/transcripts/{meeting_id}` that returns transcript data for any meeting without any authentication or…","indicators":{"cves":["CVE-2026-25058","CVE-2026-25883"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:16:41.763Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/Vexa-ai/vexa/security/advisories/GHSA-w73r-2449-qwgh","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/Vexa-ai/vexa/security/advisories/GHSA-fhr6-8hff-cvg4","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-26944","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-26944 — Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through…","description":"Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access could potentially ex…","indicators":{"cves":["CVE-2026-26944","CVE-2026-24504","CVE-2026-24506","CVE-2026-26943","CVE-2026-26951"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:16:42.223Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34427","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-34427 — Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save…","description":"Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject role_id=1 into profile save requests to escalate to Super Administrator privileges, enab…","indicators":{"cves":["CVE-2026-34427"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:16:44.250Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/givanz/Vvveb/commit/0eca14af50f038915b8bf7ceec2becf6b6720b0a","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/givanz/Vvveb/releases/tag/1.0.8.1","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/vvveb-privilege-escalation-via-admin-user-save","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34428","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-34428 — Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy actio…","description":"Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy action of the editor/editor module where the url parameter is passed directly to getUrl() via curl without scheme or destination validation. Authenticated backend users can supply file:// URLs to read arbi…","indicators":{"cves":["CVE-2026-34428"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:16:44.473Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/givanz/Vvveb/commit/2d356844f37819bf771e7cd5e12a8686975e0b2b","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/givanz/Vvveb/releases/tag/1.0.8.1","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/vvveb-ssrf-via-oembedproxy","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6066","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6066 — ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in th…","description":"ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center traf…","indicators":{"cves":["CVE-2026-6066"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:16:50.123Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://www.connectwise.com/company/trust/security-bulletins/2026-04-20-connectwise-automate-bulletin","label":"7d616e1a-3288-43b1-a0dd-0a65d3e70a49","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-24505","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-24505 — Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnera…","description":"Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.","indicators":{"cves":["CVE-2026-24505"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T17:16:31.920Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-25524","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-25524 — Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative t…","description":"Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, PHP functions such as `getimagesize()`, `file_exists()`, and `is_readable()`…","indicators":{"cves":["CVE-2026-25524","CVE-2026-25525","CVE-2026-40098","CVE-2026-40488"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T17:16:32.290Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/OpenMage/magento-lts/releases/tag/v20.17.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/OpenMage/magento-lts/security/advisories/GHSA-fg79-cr9c-7369","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/OpenMage/magento-lts/security/advisories/GHSA-6vqf-6fhm-7rc6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/OpenMage/magento-lts/security/advisories/GHSA-665x-ppc4-685w","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/OpenMage/magento-lts/security/advisories/GHSA-3j5q-7q7h-2hhv","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-30266","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-30266 — Insecure Permissions vulnerability in DeepCool DeepCreative v.1.2.7 and before allows a local attack…","description":"Insecure Permissions vulnerability in DeepCool DeepCreative v.1.2.7 and before allows a local attacker to execute arbitrary code via a crafted file","indicators":{"cves":["CVE-2026-30266"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T17:16:33.377Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"http://deepcool.com","label":"cve@mitre.org","domainType":"other"},{"url":"http://deepcreative.com","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/uncle-hash/vulnerability-research/tree/main/CVE-2026-30266","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41445","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41445 — KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc()…","description":"KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) overflows signed 32-bit integer arithmetic before being widened to size_t, causing malloc()…","indicators":{"cves":["CVE-2026-41445"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T17:16:37.160Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/mborgerding/kissfft/commit/8a8e66e33d692bad1376fe7904d87d767730537f","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/kissfft-integer-overflow-heap-buffer-overflow-via-kiss-fftndr-alloc","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6662","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6662 — A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function…","description":"A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/server.ts of the component Token Endpoint. Performing a manipulation results in permissive cross-domain policy with untrusted domains. It is possible to initiate the attack remote…","indicators":{"cves":["CVE-2026-6662"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T17:16:39.647Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/August829/CVEP/issues/31","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/794601","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358300","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358300/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6248","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6248 — The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and…","description":"The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.5. This is due to two compounding flaws: the Members::update() method does not validate or restrict the value of file-type custom profile fields, allowing authenticated users to store a…","indicators":{"cves":["CVE-2026-6248"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T19:16:11.230Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/wpforo/tags/2.4.16/wpforo/classes/Actions.php#L1418","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wpforo/tags/2.4.16/wpforo/classes/Members.php#L891","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wpforo/tags/2.4.16/wpforo/includes/functions.php#L3187","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3509997/wpforo","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/79cc102a-6777-41be-a395-8c2eeb6deb73?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-29645","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-29645 — NEMU (OpenXiangShan/NEMU) before v2025.12.r2 contains an improper instruction-validation flaw in its…","description":"NEMU (OpenXiangShan/NEMU) before v2025.12.r2 contains an improper instruction-validation flaw in its RISC-V Vector (RVV) decoder. The decoder does not correctly validate the funct3 field when decoding vsetvli/vsetivli/vsetvl, allowing certain invalid OP-V instruction encodings to be misinterpreted a…","indicators":{"cves":["CVE-2026-29645"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T20:16:48.303Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://docs.riscv.org/reference/isa/unpriv/v-st-ext.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/OpenXiangShan/NEMU/commit/481de637d5fc5838356caee80a79e56a33754039","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/OpenXiangShan/NEMU/issues/952","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/OpenXiangShan/NEMU/pull/958","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-32135","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-32135 — NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.11 have…","description":"NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.11 have a remotely triggerable heap buffer overflow in the `uri_param_parse` function of NanoMQ's REST API. The vulnerability occurs due to an off-by-one error when allocating memory for query parameter keys…","indicators":{"cves":["CVE-2026-32135"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T20:16:48.510Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/nanomq/nanomq/commit/69a97b3b39cc218f044f1c8896f4d3d8757bb394","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nanomq/nanomq/issues/2247","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nanomq/nanomq/security/advisories/GHSA-6w96-9qw7-m599","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5478","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5478 — The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all vers…","description":"The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all versions up to, and including, 3.4.4. This is due to the plugin trusting attacker-controlled old_files data from public form submissions as legitimate server-side upload state, and converting attacker-sup…","indicators":{"cves":["CVE-2026-5478"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T20:16:48.800Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/everest-forms/tags/3.4.4/includes/abstracts/class-evf-form-fields-upload.php#L1306","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/everest-forms/tags/3.4.4/includes/abstracts/class-evf-form-fields-upload.php#L1581","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/everest-forms/tags/3.4.4/includes/abstracts/class-evf-form-fields-upload.php#L1665","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3507814/everest-forms","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8641eb53-6a9a-4549-b8ef-e37acbcc7f03?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6249","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6249 — Vvveb CMS 1.0.8 contains a remote code execution vulnerability in its media upload handler that allo…","description":"Vvveb CMS 1.0.8 contains a remote code execution vulnerability in its media upload handler that allows authenticated attackers to execute arbitrary operating system commands by uploading a PHP webshell with a .phtml extension. Attackers can bypass the extension deny-list and upload malicious files t…","indicators":{"cves":["CVE-2026-6249"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T20:16:48.943Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/givanz/Vvveb/commit/23ac0e8c758d80f3c4d9224763c8b2359648270e","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/vvveb-cms-remote-code-execution-via-media-upload","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-29642","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-29642 — A local attacker who can execute privileged CSR operations (or can induce firmware to do so) perform…","description":"A local attacker who can execute privileged CSR operations (or can induce firmware to do so) performs carefully crafted reads/writes to menvcfg (e.g., csrrs in M-mode). On affected XiangShan versions (commit aecf601e803bfd2371667a3fb60bfcd83c333027, 2024-11-19), these menvcfg accesses can unexpected…","indicators":{"cves":["CVE-2026-29642"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:19.393Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://docs.riscv.org/reference/isa/priv/machine.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://docs.riscv.org/reference/isa/priv/priv-csrs.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/OpenXiangShan/XiangShan/commit/5e3dd63","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/OpenXiangShan/XiangShan/issues/3934","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-29648","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-29648 — In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restr…","description":"In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restrict access to henvcfg and senvcfg. As a result, less-privileged code may read or write these CSRs without the required exception, potentially bypassing intended state-enable based isolation controls i…","indicators":{"cves":["CVE-2026-29648"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:19.733Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://docs.riscv.org/reference/isa/priv/smstateen.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/OpenXiangShan/NEMU/issues/690","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/OpenXiangShan/XiangShan/pull/3978","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/OpenXiangShan/NEMU/issues/690","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33031","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-33031 — Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, a user who was di…","description":"Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, a user who was disabled by an administrator can use previously issued API tokens for up to the token lifetime. In practice, disabling a compromised account does not actually terminate that user’s access, so an attacke…","indicators":{"cves":["CVE-2026-33031"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:32.783Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-x234-x5vq-cc2v","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33626","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-33626 — LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior…","description":"LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy's vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating…","indicators":{"cves":["CVE-2026-33626"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:35.097Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/InternLM/lmdeploy/commit/71d64a339edb901e9005358e0633fbbab367d626","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/InternLM/lmdeploy/pull/4447","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/InternLM/lmdeploy/releases/tag/v0.12.3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-34403","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-34403 — Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket end…","description":"Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with CheckOrigin unconditionally returning true, allowing Cross-Site WebSocket Hijacking (CSWSH). Combined with the fact that authentication tokens…","indicators":{"cves":["CVE-2026-34403"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:36.267Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/0xJacky/nginx-ui/releases/tag/v2.3.5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-78mf-482w-62qj","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5928","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5928 — Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that h…","description":"Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially res…","indicators":{"cves":["CVE-2026-5928"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:36.963Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=33998","label":"3ff69d7a-14f2-4f67-a097-88dee7810d18","domainType":"other"},{"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=33998","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-29643","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-29643 — XiangShan (Open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c21…","description":"XiangShan (Open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) contains an improper exceptional-condition handling flaw in its CSR subsystem (NewCSR). On affected versions, certain sequences of CSR operations targeting non-existent/custom CSR a…","indicators":{"cves":["CVE-2026-29643","CVE-2026-29644"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T22:16:23.507Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://docs.riscv.org/reference/isa/priv/machine.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://docs.riscv.org/reference/isa/priv/priv-csrs.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/OpenXiangShan/XiangShan/issues/3959","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/OpenXiangShan/XiangShan/pull/3966","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/OpenXiangShan/XiangShan/commit/2b1f9796aa98597e5eeac32e5bb1418496987ca4","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/OpenXiangShan/XiangShan/commit/edb1dfaf7d290ae99724594507dc46c2c2125384","label":"cve@mitre.org","domainType":"primary"},{"url":"https://xiangshan-doc-test.readthedocs.io/next/memory/mmu/pmp_pma/","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35570","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-35570 — OpenClaude is an open-source coding-agent command line interface for cloud and local model providers…","description":"OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Versions prior to 0.5.1 have a logic flaw in `bashToolHasPermission()` inside `src/tools/BashTool/bashPermissions.ts`. When the sandbox auto-allow feature is active and no explicit deny rule is conf…","indicators":{"cves":["CVE-2026-35570"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:28.877Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/Gitlawb/openclaude/commit/7002cb302b78ea2a19da3f26226de24e2903fa1d","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/Gitlawb/openclaude/security/advisories/GHSA-m6rx-7pvw-2f73","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/Gitlawb/openclaude/security/advisories/GHSA-m6rx-7pvw-2f73","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41294","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41294 — OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir con…","description":"OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment variable injection. Attackers can place a malicious .env file in a repository or workspace to override runtime configuration and security-sensitive environment setting…","indicators":{"cves":["CVE-2026-41294"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:29.637Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-8rh7-6779-cjqq","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-environment-variable-injection-via-cwd-env-file","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41295","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41295 — OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted worksp…","description":"OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended in-process code exec…","indicators":{"cves":["CVE-2026-41295"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:29.803Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/openclaw/openclaw/commit/53c29df2a9eb242a70d0ff29f3d1e67c8d6801f0","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2qrv-rc5x-2g2h","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-untrusted-workspace-channel-shadow-code-execution-during-built-in-channel-setup","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41296","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41296 — OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesyst…","description":"OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile function that allows sandbox escape. Attackers can exploit the separate path validation and file read operations to bypass sandbox restrictions and read arbitrary files.","indicators":{"cves":["CVE-2026-41296"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:29.993Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/openclaw/openclaw/commit/121870a08583033ed6a0ed73d9ffea32991252bb","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9p3r-hh9g-5cmg","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-sandbox-escape-via-toctou-race-in-remote-fs-bridge-readfile","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41297","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41297 — OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace pl…","description":"OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows attackers to access internal resources by following unvalidated redirects. The marketplace.ts module fails to restrict redirect destinations during archive down…","indicators":{"cves":["CVE-2026-41297","CVE-2026-41302"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:30.163Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/openclaw/openclaw/commit/2ce44ca6a1302b166a128abbd78f72114f2f4f52","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-vjx8-8p7h-82gr","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-marketplace-plugin-download-redirect","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://github.com/openclaw/openclaw/commit/8deb9522f3d2680820588b190adb4a2a52f3670b","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9q7v-8mr7-g23p","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-unguarded-fetch-in-marketplace-plugin-download","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41299","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41299 — OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway me…","description":"OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway method where ACP-only provenance fields are gated by self-declared client metadata from WebSocket handshake rather than verified authorization state. Authenticated operator clients can spoof ACP identit…","indicators":{"cves":["CVE-2026-41299"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:30.517Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-6xg4-82hv-cp6f","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-client-identity-spoofing-in-chat-send-gateway-provenance-guard","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41303","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41303 — OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval co…","description":"OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that allows non-approvers to resolve pending exec approvals. Attackers can send Discord text commands to bypass the channels.discord.execApprovals.approvers allowlist and approve pending host e…","indicators":{"cves":["CVE-2026-41303"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:31.223Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-98hh-7ghg-x6rq","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-discord-text-approval-commands","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-39320","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-39320 — Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.25…","description":"Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.25.0 are vulnerable to an unauthenticated Regular Expression Denial of Service (ReDoS) attack within the WebSocket subscription handling logic. By injecting unescaped regex metacharacters into the `cont…","indicators":{"cves":["CVE-2026-39320"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T01:16:05.063Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/SignalK/signalk-server/commit/215d81eb700d5419c3396a0fbf23f2e246dfac2d","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/SignalK/signalk-server/pull/2568","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/SignalK/signalk-server/releases/tag/v2.25.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/SignalK/signalk-server/security/advisories/GHSA-7gcj-phff-2884","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/SignalK/signalk-server/security/advisories/GHSA-7gcj-phff-2884","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-39386","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-39386 — Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 throug…","description":"Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1, any authenticated user can immediately obtain full administrative control of the entire Neko instance (member management, room settings, broadcast control, session te…","indicators":{"cves":["CVE-2026-39386"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T01:16:06.217Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/m1k1o/neko/releases/tag/v3.0.11","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/m1k1o/neko/releases/tag/v3.1.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/m1k1o/neko/security/advisories/GHSA-2gw9-c2r2-f5qf","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-39886","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-39886 — OpenEXR provides the specification and reference implementation of the EXR file format, an image sto…","description":"OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Versions 3.4.0 through 3.4.9 have a signed integer overflow vulnerability in OpenEXR's HTJ2K (High-Throughput JPEG 2000) decompression path. The `ht_undo_i…","indicators":{"cves":["CVE-2026-39886","CVE-2026-40244","CVE-2026-40250"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T02:16:07.753Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.10","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-r3mr-mx8q-jcw5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.8","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.3.10","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-j526-66f6-fxhx","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-m5qw-23x2-6phj","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-39973","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-39973 — Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 and 3.0.1, a path tra…","description":"Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 and 3.0.1, a path traversal vulnerability in `brut/androlib/res/decoder/ResFileDecoder.java` allows a maliciously crafted APK to write arbitrary files to the filesystem during standard decoding (`apktool d`). This is a se…","indicators":{"cves":["CVE-2026-39973"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T02:16:07.903Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/iBotPeaches/Apktool/commit/e10a0450c7afcd9462c0b76bcbff0e7428b92bdd#diff-cd531ebe1014bfd18185bf21585ca5cdb16fbcb07703ebc47949a1b4e4e36bc3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/iBotPeaches/Apktool/pull/4041","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/iBotPeaches/Apktool/releases/tag/v3.0.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-m8mh-x359-vm8m","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40497","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40497 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's `Helper::stripDangerousTags()` removes `<script>`, `<form>`, `<iframe>`, `<object>` but does NOT strip `<style>` tags. The mailbox signature field is saved via POST /mailbox/settings/{id} and later re…","indicators":{"cves":["CVE-2026-40497","CVE-2026-40565"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T03:16:08.403Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/5aa8d633216f65995e80a7d4a921b784acc94df4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.213","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-fh99-wr77-pxq3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/commit/265379b3ae343f06846adc0aa8510643d1eac2df","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-49pm-xwqj-vwjp","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-31368","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-31368 — AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may…","description":"AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability.","indicators":{"cves":["CVE-2026-31368"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T07:16:07.923Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://www.honor.com/global/security/cve-2026-31368/","label":"3836d913-7555-4dd0-a509-f5667fdf5fe4","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-39467","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-39467 — Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows…","description":"Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows Object Injection.This issue affects Responsive Slider by MetaSlider: from n/a through 3.106.0.","indicators":{"cves":["CVE-2026-39467"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T10:16:29.280Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://patchstack.com/database/wordpress/plugin/ml-slider/vulnerability/wordpress-responsive-slider-by-metaslider-plugin-3-106-0-php-object-injection-vulnerability?_s_id=cve","label":"audit@patchstack.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40520","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40520 — FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiat…","description":"FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess() function where GraphQL mutation input fields are passed directly to shell_exec() without sanitization or escaping. An authenticated user with a valid bearer token can send a GraphQL m…","indicators":{"cves":["CVE-2026-40520"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:20.380Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/FreePBX/api/blob/5f194e39a47e5481e8947f9694304d32724175f6/Api.class.php#L546C1-L554C3","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/FreePBX/api/blob/5f194e39a47e5481e8947f9694304d32724175f6/ApiGqlHelper.class.php#L34C1-L36C136","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/FreePBX/api/commit/5f194e39a47e5481e8947f9694304d32724175f6","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/freepbx-api-module-command-injection-via-graphql","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6746","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6746 — Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firef…","description":"Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6746"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:20.720Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2014596","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6747","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6747 — Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140…","description":"Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6747"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:20.813Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021769","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6749","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6749 — Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnera…","description":"Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6749"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:20.993Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022610","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6752","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6752 — Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150,…","description":"Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6752","CVE-2026-6753"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:21.250Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027499","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027501","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6754","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6754 — Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Fire…","description":"Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6754"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:21.420Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027541","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6756","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6756 — Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150.","description":"Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150.","indicators":{"cves":["CVE-2026-6756"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:21.593Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1992585","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6758","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6758 — Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150…","description":"Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.","indicators":{"cves":["CVE-2026-6758"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:21.770Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013619","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6759","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6759 — Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox…","description":"Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6759"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:21.857Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016164","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6761","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6761 — Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firef…","description":"Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6761"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:22.040Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017857","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6766","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6766 — Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Fir…","description":"Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6766","CVE-2026-6772"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:22.493Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023207","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2026089","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6769","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6769 — Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox…","description":"Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6769"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:22.753Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023753","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6773","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6773 — Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was…","description":"Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.","indicators":{"cves":["CVE-2026-6773"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:23.087Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2015959","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6776","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6776 — Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in F…","description":"Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6776"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:23.350Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021770","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6780","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6780 — Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 15…","description":"Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.","indicators":{"cves":["CVE-2026-6780","CVE-2026-6781"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:23.683Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2025179","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2025583","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6782","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6782 — Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 a…","description":"Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.","indicators":{"cves":["CVE-2026-6782"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:23.847Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2026571","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6784","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6784 — Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of…","description":"Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150 and Thunderbird 150.","indicators":{"cves":["CVE-2026-6784"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:24.020Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1536243%2C1745382%2C1851073%2C1893400%2C1963301%2C2001319%2C2002899%2C2012436%2C2014435%2C2016901%2C2019916%2C2020486%2C2020612%2C2020817%2C2021788%2C2022051%2C2022367%2C2022431%2C2023302%2C2023670%2C2024225%2C2024238%2C2024240%2C2024265%2C2024367%2C2024369%2C2024424%2C2024760%2C2025281%2C2025361%2C2025387%2C2025466%2C2025954%2C2025958%2C2026278%2C2026292%2C2026297%2C2026378%2C2027148%2C2027287%2C2027341%2C2027384%2C2027427%2C2027694%2C2027993%2C2028009%2C2028270%2C2028416%2C2028524%2C2029295%2C2029301%2C2029461%2C2029699%2C2029800%2C2029801","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-14362","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2025-14362 — The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if th…","description":"The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force.","indicators":{"cves":["CVE-2025-14362"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:16:35.207Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://fortra.com/security/advisories/product-security/FI-2026-002","label":"df4dee71-de3a-4139-9588-11b62fe6c0ff","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31018","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-31018 — In Dolibarr ERP & CRM <= 22.0.4, PHP code detection and editing permission enforcement in the Websit…","description":"In Dolibarr ERP & CRM <= 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page cre…","indicators":{"cves":["CVE-2026-31018"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:16:36.443Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"http://dolibarr.com","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/PhDg1410/CVE/blob/main/CVE-2026-31018/README.md","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-31019","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-31019 — In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based f…","description":"In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can bypass this filtering, resulting in full remote code exe…","indicators":{"cves":["CVE-2026-31019"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:16:36.560Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"http://dolibarr.com","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/PhDg1410/CVE/blob/main/CVE-2026-31019/README.md","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5789","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5789 — Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a loca…","description":"Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path (C:\\Program Files\\CivetWeb\\CivetWeb.…","indicators":{"cves":["CVE-2026-5789"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:16:37.713Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/search-path-without-quotes-civetweb","label":"cve-coordination@incibe.es","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-37748","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-37748 — Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/adm…","description":"Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/admin_user_insert.php and vms/php/update_1.php. The move_uploaded_file() function is called without any MIME type, extension, or content validation, allowing an authenticated admin to upload a PHP webshe…","indicators":{"cves":["CVE-2026-37748"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T16:16:20.113Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/menevarad007/CVE-2026-37748","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/sanjay1313/Visitor-Management-System","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/menevarad007/CVE-2026-37748","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-24177","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-24177 — NVIDIA KAI Scheduler contains a vulnerability where an attacker could access API endpoints without a…","description":"NVIDIA KAI Scheduler contains a vulnerability where an attacker could access API endpoints without authorization. A successful exploit of this vulnerability might lead to information disclosure.","indicators":{"cves":["CVE-2026-24177"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:23.787Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24177","label":"psirt@nvidia.com","domainType":"primary"},{"url":"https://nvidia.custhelp.com/app/answers/detail/a_id/5818","label":"psirt@nvidia.com","domainType":"other"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-24177","label":"psirt@nvidia.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-24189","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-24189 — NVIDIA CUDA-Q contains a vulnerability in an endpoint, where an unauthenticated attacker could cause…","description":"NVIDIA CUDA-Q contains a vulnerability in an endpoint, where an unauthenticated attacker could cause an out-of-bounds read by sending a maliciously crafted request. A successful exploit of this vulnerability might lead to denial of service and information disclosure.","indicators":{"cves":["CVE-2026-24189"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:23.933Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24189","label":"psirt@nvidia.com","domainType":"primary"},{"url":"https://nvidia.custhelp.com/app/answers/detail/a_id/5820","label":"psirt@nvidia.com","domainType":"other"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-24189","label":"psirt@nvidia.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-38834","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-38834 — Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do_ping_ac…","description":"Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do_ping_action function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.","indicators":{"cves":["CVE-2026-38834"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:53.257Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/jsjbcyber/repo/blob/main/rep_1.md","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/jsjbcyber/repo/blob/main/rep_1.md","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40161","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40161 — Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.…","description":"Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to 1.10.0, the Tekton Pipelines git resolver in API mode sends the system-configured Git API token to a user-controlled serverURL when the user omits the token parameter. A tenant with TaskRun or Pi…","indicators":{"cves":["CVE-2026-40161","CVE-2026-40938"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:53.790Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/tektoncd/pipeline/issues/9608","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/tektoncd/pipeline/issues/9609","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/tektoncd/pipeline/security/advisories/GHSA-wjxp-xrpv-xpff","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/tektoncd/pipeline/releases/tag/v1.11.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40568","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40568 — FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a store…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a stored cross-site scripting (XSS) vulnerability in the mailbox signature feature. The sanitization function `Helper::stripDangerousTags()` (`app/Misc/Helper.php:568`) uses an incomplete blocklist of only f…","indicators":{"cves":["CVE-2026-40568"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:55.297Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/1d83e1cffb0bf8d109625313530b36b0f5910b3f","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.213","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-w2f5-6wcv-677r","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-w2f5-6wcv-677r","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40585","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40585 — blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a password reset is ini…","description":"blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a password reset is initiated, a 128-character CSPRNG token is generated and stored alongside a password_reset_at timestamp. However, the token redemption function findUserIDFromEmailAndToken() queries only for a matching e…","indicators":{"cves":["CVE-2026-40585"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:56.380Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/blueprintue/blueprintue-self-hosted-edition/security/advisories/GHSA-qr65-6vp8-whjf","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/blueprintue/blueprintue-self-hosted-edition/security/advisories/GHSA-qr65-6vp8-whjf","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40586","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40586 — blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler perfo…","description":"blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts are processed at full network speed with no IP-based rate limiting, no per-account attempt counter, no temporary lockout, no progressive d…","indicators":{"cves":["CVE-2026-40586"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:56.523Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/blueprintue/blueprintue-self-hosted-edition/security/advisories/GHSA-m6c2-6p3h-8jv2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/blueprintue/blueprintue-self-hosted-edition/security/advisories/GHSA-m6c2-6p3h-8jv2","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40589","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40589 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privil…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privileged agent can edit a visible customer and add an email address already owned by a hidden customer in another mailbox. The server discloses the hidden customer’s name and profile URL in the success fl…","indicators":{"cves":["CVE-2026-40589"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:56.660Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/2e2fe37111d92ac665b9ad8806eac94a1a3e502c","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.214","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-mv55-3mgv-fxwr","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-mv55-3mgv-fxwr","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40591","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40591 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-co…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-conversation creation flow accepts attacker-controlled `customer_id`, `name`, `to_email`, and `phone` values and resolves the target customer in the backend without enforcing mailbox-scoped customer vis…","indicators":{"cves":["CVE-2026-40591"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:56.940Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/83eea1ca47d97c6cdc90c501734bc2579b014a34","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.214","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-9ff4-mmhv-x6jp","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-9ff4-mmhv-x6jp","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41189","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41189 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thr…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thread editing is authorized through `ThreadPolicy::edit()`, which checks mailbox access but does not apply the assigned-only restriction from `ConversationPolicy`. A user who cannot view a conversation…","indicators":{"cves":["CVE-2026-41189"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:57.367Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/cdadaf621bb1e1d017315df20d743671f7eae7a9","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.215","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-4h5p-7f5c-q7gj","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41190","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41190 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, when `APP_SH…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, when `APP_SHOW_ONLY_ASSIGNED_CONVERSATIONS` is enabled, direct conversation view correctly blocks users who are neither the assignee nor the creator. The `save_draft` AJAX path is weaker. A direct POST can create…","indicators":{"cves":["CVE-2026-41190"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:57.510Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/414878eb79be7cb01a3ae124df6efcd23729275f","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.215","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-vj2p-2789-3747","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41191","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41191 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, `MailboxesCo…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, `MailboxesController::updateSave()` persists `chat_start_new` outside the allowed-field filter. A user with only the mailbox `sig` permission sees only the signature field in the UI, but can still change the hidd…","indicators":{"cves":["CVE-2026-41191"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:57.653Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/fb130de64e1c830d85dd6988eaa08d725a7be954","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.215","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-wpv9-c2gv-2j82","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40588","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40588 — blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the password change form at…","description":"blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the password change form at /profile/{slug}/edit/ does not include a current_password field and does not verify the user's existing password before accepting a new one. Any attacker who obtains a valid authenticated session — th…","indicators":{"cves":["CVE-2026-40588"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:16:51.207Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/blueprintue/blueprintue-self-hosted-edition/security/advisories/GHSA-73f2-p9jr-m44x","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/blueprintue/blueprintue-self-hosted-edition/security/advisories/GHSA-73f2-p9jr-m44x","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40611","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40611 — Let's Encrypt client and ACME library written in Go (Lego). Prior to 4.34.0, the webroot HTTP-01 cha…","description":"Let's Encrypt client and ACME library written in Go (Lego). Prior to 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to wr…","indicators":{"cves":["CVE-2026-40611"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:16:52.457Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/go-acme/lego/security/advisories/GHSA-qqx8-2xmm-jrv8","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/go-acme/lego/security/advisories/GHSA-qqx8-2xmm-jrv8","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41192","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41192 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply an…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply and draft flows trust client-supplied encrypted attachment IDs. Any IDs present in `attachments_all[]` but omitted from retained lists are decrypted and passed directly to `Attachment::deleteByIds()`. B…","indicators":{"cves":["CVE-2026-41192"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:16:53.047Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/5f182818e2391f8e711fec6ae6648ac0b367bef5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.215","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-cv36-2j23-x6g3","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40613","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40613 — Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN…","description":"Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN attribute parsing functions in coturn perform unsafe pointer casts from uint8_t * to uint16_t * without alignment checks. When processing a crafted STUN message with odd-aligned attribute boundaries,…","indicators":{"cves":["CVE-2026-40613"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T19:16:17.743Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/coturn/coturn/security/advisories/GHSA-j662-9wcj-mf36","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/coturn/coturn/security/advisories/GHSA-j662-9wcj-mf36","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40868","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40868 — Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 1.16.4, ky…","description":"Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 1.16.4, kyverno’s apiCall servicecall helper implicitly injects Authorization: Bearer ... using the kyverno controller serviceaccount token when a policy does not explicitly set an Authorization header. Because…","indicators":{"cves":["CVE-2026-40868"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T19:16:18.420Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/kyverno/kyverno/security/advisories/GHSA-q93q-v844-jrqp","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/kyverno/kyverno/security/advisories/GHSA-q93q-v844-jrqp","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33813","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-33813 — Parsing a WEBP image with an invalid, large size panics on 32-bit platforms.","description":"Parsing a WEBP image with an invalid, large size panics on 32-bit platforms.","indicators":{"cves":["CVE-2026-33813"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:16:56.387Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://go.dev/cl/759860","label":"security@golang.org","domainType":"other"},{"url":"https://go.dev/issue/78407","label":"security@golang.org","domainType":"other"},{"url":"https://pkg.go.dev/vuln/GO-2026-4961","label":"security@golang.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40869","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40869 — Decidim is a participatory democracy framework. Starting in version 0.19.0 and prior to versions 0.3…","description":"Decidim is a participatory democracy framework. Starting in version 0.19.0 and prior to versions 0.30.5 and 0.31.1, a vulnerability allows any registered and authenticated user to accept or reject any amendments. The impact is on any users who have created proposals where the amendments feature is e…","indicators":{"cves":["CVE-2026-40869"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:00.207Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/decidim/decidim/commit/1b99136a1c7aa02616a0b54a6ab88d12907a57a9","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/decidim/decidim/security/advisories/GHSA-w5xj-99cg-rccm","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40870","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40870 — Decidim is a participatory democracy framework. Starting in version 0.0.1 and prior to versions 0.30…","description":"Decidim is a participatory democracy framework. Starting in version 0.0.1 and prior to versions 0.30.5 and 0.31.1, the root level `commentable` field in the API allows access to all commentable resources within the platform, without any permission checks. All Decidim instances are impacted that have…","indicators":{"cves":["CVE-2026-40870"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:00.367Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/decidim/decidim/security/advisories/GHSA-ghmh-q25g-gxxx","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40871","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40871 — mailcow: dockerized is an open source groupware/email suite based on docker. Versions prior to 2026-…","description":"mailcow: dockerized is an open source groupware/email suite based on docker. Versions prior to 2026-03b have a second-order SQL injection vulnerability in the quarantine_category field via the Mailcow API. The /api/v1/add/mailbox endpoint stores quarantine_category without validation or sanitization…","indicators":{"cves":["CVE-2026-40871"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:00.527Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-r8fq-wrfm-cj2q","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-r8fq-wrfm-cj2q","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40879","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40879 — Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.19, when a…","description":"Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.19, when an attacker sends many small, valid JSON messages in one TCP frame, handleData() recurses once per message; the buffer shrinks each call. maxBufferSize is never reached; call stack overflows instead. A…","indicators":{"cves":["CVE-2026-40879"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:01.533Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/nestjs/nest/security/advisories/GHSA-hpwf-8g29-85qm","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40890","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40890 — The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering…","description":"The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a < character that is not followed by a > character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read or a pan…","indicators":{"cves":["CVE-2026-40890"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:02.810Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/gomarkdown/markdown/commit/759bbc3e32073c3bc4e25969c132fc520eda2778","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gomarkdown/markdown/security/advisories/GHSA-77fj-vx54-gvh7","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gomarkdown/markdown/security/advisories/GHSA-77fj-vx54-gvh7","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40909","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40909 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint (…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint (`locale/save.php`) constructs a file path by directly concatenating `$_POST['flag']` into the path at line 30 without any sanitization. The `$_POST['code']` parameter is then written verbatim to that…","indicators":{"cves":["CVE-2026-40909"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet","rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:03.347Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/57f89ffbc27d37c9d9dd727212334846e78ac21a","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-6rc6-p838-686f","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-6rc6-p838-686f","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6819","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6819 — HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin i…","description":"HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin install, /plugin enable, /plugin disable, and /reload-plugins to remote senders by default. Attackers who gain access through the channel layer can remotely manage plugin trust and activation state, en…","indicators":{"cves":["CVE-2026-6819"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:05.780Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/HKUDS/OpenHarness/commit/59017e09880fcf9a6f60456a84fb982900b2c0b2","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/HKUDS/OpenHarness/pull/156","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/HKUDS/OpenHarness/releases/tag/v0.1.7","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/hkuds-openharness-plugin-management-command-exposure","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://github.com/HKUDS/OpenHarness/pull/156","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2025-70420","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2025-70420 — A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated at…","description":"A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated attacker to execute arbitrary SQL queries against the backend database. The vulnerability is caused by unsanitized user-supplied input being concatenated directly into SQL statements.","indicators":{"cves":["CVE-2025-70420"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:22.900Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"http://genesys.com","label":"cve@mitre.org","domainType":"other"},{"url":"https://okunsec.com/research/cve-2025-70420","label":"cve@mitre.org","domainType":"other"},{"url":"https://okunsec.com/research/cve-2025-70420","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-21997","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-21997 — Vulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Life Science Application…","description":"Vulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Life Science Applications (component: Common Core).  Supported versions that are affected are 9.2.1-9.2.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Lif…","indicators":{"cves":["CVE-2026-21997"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:24.653Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22007","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-22007 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ…","description":"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security).  Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.…","indicators":{"cves":["CVE-2026-22007","CVE-2026-22013","CVE-2026-22016","CVE-2026-22018","CVE-2026-22021","CVE-2026-34268","CVE-2026-34282"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:26.440Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22010","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-22010 — Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Ora…","description":"Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform).  Supported versions that are affected are 8.0.7.9, 8.0.8.7 and  8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker wit…","indicators":{"cves":["CVE-2026-22010","CVE-2026-34310","CVE-2026-34313","CVE-2026-34314","CVE-2026-34321","CVE-2026-34325"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:27.550Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22011","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-22011 — Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: ADPatch)…","description":"Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: ADPatch).  Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications DBA.  Succ…","indicators":{"cves":["CVE-2026-22011"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:27.740Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34291","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-34291 — Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). Suppo…","description":"Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server.  Whil…","indicators":{"cves":["CVE-2026-34291"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:33.950Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34292","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-34292 — Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). S…","description":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).  Supported versions that are affected are 12.2.1.4.0 and  14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server.…","indicators":{"cves":["CVE-2026-34292"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:34.087Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34297","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-34297 — Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: K…","description":"Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: Knowledge Integration).  Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HCM…","indicators":{"cves":["CVE-2026-34297"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:34.743Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34305","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-34305 — Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Serv…","description":"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services).  Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and  15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to co…","indicators":{"cves":["CVE-2026-34305","CVE-2026-34315"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:35.850Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34309","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-34309 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Secu…","description":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security).  Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools…","indicators":{"cves":["CVE-2026-34309"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:36.390Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34320","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-34320 — Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Servic…","description":"Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications (component: User Interface).   The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to com…","indicators":{"cves":["CVE-2026-34320"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:37.643Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35229","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-35229 — Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affect…","description":"Vulnerability in the Java VM component of Oracle Database Server.  Supported versions that are affected are 19.3-19.30 and  21.3-21.21. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Java VM.  Successful attacks of this vulnerability…","indicators":{"cves":["CVE-2026-35229"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:38.440Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35230","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-35230 — Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The su…","description":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).   The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracl…","indicators":{"cves":["CVE-2026-35230","CVE-2026-35242","CVE-2026-35245","CVE-2026-35246","CVE-2026-35247","CVE-2026-35248","CVE-2026-35249","CVE-2026-35250","CVE-2026-35251"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:38.583Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35231","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-35231 — Vulnerability in the Oracle Financial Services Transaction Filtering product of Oracle Financial Ser…","description":"Vulnerability in the Oracle Financial Services Transaction Filtering product of Oracle Financial Services Applications (component: User Interface).   The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to…","indicators":{"cves":["CVE-2026-35231"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:38.717Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35243","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-35243 — Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middlew…","description":"Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where…","indicators":{"cves":["CVE-2026-35243"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:40.260Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40905","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40905 — LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, a password reset poisonin…","description":"LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, a password reset poisoning vulnerability was identified in the application due to improper trust of user-controlled HTTP headers. The application uses the X-Forwarded-Host header when generating password reset URLs. By manipu…","indicators":{"cves":["CVE-2026-40905"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:44.503Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/Kovah/LinkAce/security/advisories/GHSA-48wv-jpf4-vjfv","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40925","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40925 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/configurationUpda…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/configurationUpdate.json.php` (also routed via `/updateConfig`) persists dozens of global site settings from `$_POST` but protects the endpoint only with `User::isAdmin()`. It does not call `forbidIfIsUntrustedRequest…","indicators":{"cves":["CVE-2026-40925"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:45.903Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/f9492f5e6123dff0292d5bb3164fde7665dc36b4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-vvfw-4m39-fjqf","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-vvfw-4m39-fjqf","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6823","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6823 — HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerabil…","description":"HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote channels inherit allow_from = [\"*\"] permitting arbitrary remote senders to pass admission checks. Attackers who can reach the configured channel can bypass access controls and reach h…","indicators":{"cves":["CVE-2026-6823"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:48.827Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/HKUDS/OpenHarness/commit/fab40c6eabfb15f2bdf23cddd3cfe66a64ea203d","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/HKUDS/OpenHarness/pull/147","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/HKUDS/OpenHarness/releases/tag/v0.1.7","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/hkuds-openharness-insecure-default-remote-channel-allowlist","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://github.com/HKUDS/OpenHarness/pull/147","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40706","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40706 — In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfs_build_permissions_posix…","description":"In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfs_build_permissions_posix() in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path (stat, readdir, open) when pr…","indicators":{"cves":["CVE-2026-40706"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T22:16:19.077Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/tuxera/ntfs-3g/blob/d3ace19838ce37cfde55294e76841e6d2f393f9e/libntfs-3g/acls.c#L4011-L4027","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/tuxera/ntfs-3g/releases/tag/2026.2.25","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-4cwv-5285-63v9","label":"cve@mitre.org","domainType":"primary"},{"url":"https://www.openwall.com/lists/oss-security/2026/04/21/4","label":"cve@mitre.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/21/4","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"},{"url":"https://lists.debian.org/debian-lts-announce/2026/04/msg00024.html","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40931","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40931 — Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch fo…","description":"Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch for CVE-2026-24884 relies on a purely logical string validation within the isPathWithinParent utility. This check verifies if a resolved path string starts with the destination directory string but fail…","indicators":{"cves":["CVE-2026-40931"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T22:16:19.247Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/node-modules/compressing/security/advisories/GHSA-4c3q-x735-j3r5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/node-modules/compressing/security/advisories/GHSA-4c3q-x735-j3r5","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6832","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6832 — Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint t…","description":"Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the session_id parameter. Attackers can exploit unvalidated…","indicators":{"cves":["CVE-2026-6832"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T22:16:21.040Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/nesquena/hermes-webui/commit/3cc5839bf303fa6758bfdac538507407a2929655","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/nesquena/hermes-webui/pull/409","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/nesquena/hermes-webui/pull/412","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/nesquena/hermes-webui/releases/tag/v0.50.132","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/nesquena/hermes-webui/releases/tag/v0.50.32","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/nesquena-hermes-webui-arbitrary-file-deletion-via-unvalidated-session-id","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40926","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40926 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, three admin-only JSON endp…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and prior, three admin-only JSON endpoints — `objects/categoryAddNew.json.php`, `objects/categoryDelete.json.php`, and `objects/pluginRunUpdateScript.json.php` — enforce only a role check (`Category::canCreateCategory()` / `User::isAdmin…","indicators":{"cves":["CVE-2026-40926"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:20.163Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/ee5615153c40628ab3ec6fe04962d1f92e67d3e2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-ffw8-fwxp-h64w","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-ffw8-fwxp-h64w","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41055","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41055 — WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in AVideo's LiveLinks proxy adds `isSSRFSafeURL()` validation but leaves DNS TOCTOU vulnerabilities where DNS rebinding between validation and the actual HTTP request redirects traffic to internal endpoi…","indicators":{"cves":["CVE-2026-41055"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:20.707Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/0e56382921fc71e64829cd1ec35f04e338c70917","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/commit/8d8fc0cadb425835b4861036d589abcea4d78ee8","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-793q-xgj6-7frp","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-9x67-f2v7-63rw","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-793q-xgj6-7frp","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41056","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41056 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the `allowOrigin($allowAll…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and below, the `allowOrigin($allowAll=true)` function in `objects/functions.php` reflects any arbitrary `Origin` header back in `Access-Control-Allow-Origin` along with `Access-Control-Allow-Credentials: true`. This function is called by…","indicators":{"cves":["CVE-2026-41056"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:20.850Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/caf705f38eae0ccfac4c3af1587781355d24495e","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-ccq9-r5cw-5hwq","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-ccq9-r5cw-5hwq","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41057","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41057 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the CORS origin validation…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and below, the CORS origin validation fix in commit `986e64aad` is incomplete. Two separate code paths still reflect arbitrary `Origin` headers with credentials allowed for all `/api/*` endpoints: (1) `plugin/API/router.php` lines 4-8 un…","indicators":{"cves":["CVE-2026-41057"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:20.987Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/5e2b897ccac61eb6daca2dee4a6be3c4c2d93e13","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-ff5q-cc22-fgp4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-ff5q-cc22-fgp4","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41058","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41058 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVi…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVideo's CloneSite `deleteDump` parameter does not apply path traversal filtering, allowing `unlink()` of arbitrary files via `../../` sequences in the GET parameter. Commit 3c729717c26f160014a5c86b0b6ac…","indicators":{"cves":["CVE-2026-41058"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:21.117Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/3c729717c26f160014a5c86b0b6accdbd613e7b2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/commit/941decd6d19e2e694acb75e86317d10fbb560284","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-5879-4fmr-xwf2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-xmjm-86qv-g226","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-5879-4fmr-xwf2","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41060","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41060 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isSSRFSafeURL()` func…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isSSRFSafeURL()` function in `objects/functions.php` contains a same-domain shortcircuit (lines 4290-4296) that allows any URL whose hostname matches `webSiteRootURL` to bypass all SSRF protections. Because the check comp…","indicators":{"cves":["CVE-2026-41060"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:21.250Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/a0156a6398362086390d949190f9d52a823000ba","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-j432-4w3j-3w8j","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-j432-4w3j-3w8j","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41133","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41133 — pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.…","description":"pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.5.0b3.dev97 cache `role` and `permission` in the session at login and continues to authorize requests using these cached values, even after an admin changes the user's role/permissions in the database…","indicators":{"cves":["CVE-2026-41133"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T00:16:29.153Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/pyload/pyload/commit/e95804fb0d06cbb07d2ba380fc494d9ff89b68c1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/pyload/pyload/security/advisories/GHSA-66hx-chf7-3332","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/pyload/pyload/security/advisories/GHSA-66hx-chf7-3332","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41135","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41135 — free5GC UDR is the Policy Control Function (PCF) for free5GC, an an open-source project for 5th gene…","description":"free5GC UDR is the Policy Control Function (PCF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. A memory leak vulnerability in versions prior to 1.4.3 allows any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory g…","indicators":{"cves":["CVE-2026-41135"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T00:16:29.287Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-98cp-84m9-q3qp","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/free5gc/pcf/commit/599803b1b2eb4611e26d5216481ee142bce71a16","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-98cp-84m9-q3qp","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5398","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5398 — The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the c…","description":"The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the calling process' session.  If the invoking process then exits, the terminal structure may end up containing a pointer to freed memory.\n\nA malicious process can abuse the dan…","indicators":{"cves":["CVE-2026-5398"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T03:16:01.213Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://security.freebsd.org/advisories/FreeBSD-SA-26:10.tty.asc","label":"secteam@freebsd.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22753","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-22753 — Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a P…","description":"Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security components will not be exercised as intended by the applicatio…","indicators":{"cves":["CVE-2026-22753"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T06:16:04.160Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://spring.io/security/cve-2026-22753","label":"security@vmware.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22754","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-22754 — Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path=\"/se…","description":"Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path=\"/servlet-path\" pattern=\"/endpoint/**\"/> to define the servlet path for computing a path matcher, then the servlet path is not included and the related authorization rules are not exercised. This can lead…","indicators":{"cves":["CVE-2026-22754"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T06:16:04.270Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://spring.io/security/cve-2026-22754","label":"security@vmware.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40542","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40542 — Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the cli…","description":"Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue.","indicators":{"cves":["CVE-2026-40542"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:16:12.780Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://lists.apache.org/thread/tfmgv86xr0z1y096vs3z0y315t1v3o97","label":"security@apache.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/22/5","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6022","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6022 — In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resou…","description":"In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion.","indicators":{"cves":["CVE-2026-6022"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:16:12.903Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.telerik.com/products/aspnet-ajax/documentation/knowledge-base/kb-security-uncontrolled-resource-consumption-cve-2026-6022","label":"security@progress.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6023","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6023 — In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is…","description":"In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible.","indicators":{"cves":["CVE-2026-6023"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:16:13.040Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.telerik.com/products/aspnet-ajax/documentation/knowledge-base/kb-security-deserialization-of-untrusted-data-cve-2026-6023","label":"security@progress.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4132","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-4132 — The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading…","description":"The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution in all versions up to and including 1.19.2. This is due to insufficient validation of the file path stored in the 'hh_htpasswd_path' option and lack of sanitization on the 'h…","indicators":{"cves":["CVE-2026-4132"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:24.240Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/http-headers/tags/1.19.2/http-headers.php#L1296","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/tags/1.19.2/http-headers.php#L1298","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/tags/1.19.2/http-headers.php#L1403","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/tags/1.19.2/http-headers.php#L671","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/tags/1.19.2/http-headers.php#L722","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/tags/1.19.2/http-headers.php#L97","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/trunk/http-headers.php#L1296","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/trunk/http-headers.php#L1298","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/trunk/http-headers.php#L1403","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/trunk/http-headers.php#L671","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/trunk/http-headers.php#L722","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/trunk/http-headers.php#L97","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ce010c6f-16bd-4178-a621-31ba6378946a?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6846","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6846 — A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a speciall…","description":"A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution,…","indicators":{"cves":["CVE-2026-6846"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:27.607Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6846","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460006","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6855","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6855 — A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in th…","description":"A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in the chat session handler by manipulating the `logs_dir` parameter. This allows the attacker to create new directories and write files to arbitrary locations on the system, potentially leading to unautho…","indicators":{"cves":["CVE-2026-6855"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T13:16:22.410Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6855","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460013","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6857","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6857 — A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the Prot…","description":"A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to gain…","indicators":{"cves":["CVE-2026-6857"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T13:16:22.583Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6857","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460003","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31450","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-31450 — In the Linux kernel, the following vulnerability has been resolved: ext4: publish jinode after initi…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: publish jinode after initialization\n\next4_inode_attach_jinode() publishes ei->jinode to concurrent users.\nIt used to set ei->jinode before jbd2_journal_init_jbd_inode(),\nallowing a reader to observe a non-NULL jinode with i_v…","indicators":{"cves":["CVE-2026-31450"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:39.083Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/1aec30021edd410b986c156f195f3d23959a9d11","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/2d2b648960147d078b000b9a7494017082024366","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/33f486987af21531a7b18973d11795ede3da9ddd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4855a59e21789c79f003a9b5f4135c95a7495c6b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a070d5a872ffe0e0fe5c46eda6386140ded39adb","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/be54c0055407a73b60349c093c8ce621cb8fa232","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e4325e84727e539c8597bd5b8491349f57f7fb17","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e76bcb727e4874a2f9d0297f8e3f8eced89b0764","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31456","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-31456 — In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between co…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/pagewalk: fix race between concurrent split and refault\n\nThe splitting of a PUD entry in walk_pud_range() can race with a\nconcurrent thread refaulting the PUD leaf entry causing it to try walking\na PMD range that has disappeared…","indicators":{"cves":["CVE-2026-31456"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:40.203Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/38ec58670a0c5fc1edabdeccd857e586b7b3f318","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3b89863c3fa482912911cd65a12a3aeef662c250","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9bbbebd94dd5be25ec8c899d46ef01b33d5d22c0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31479","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-31479 — In the Linux kernel, the following vulnerability has been resolved: drm/xe: always keep track of rem…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: always keep track of remap prev/next\n\nDuring 3D workload, user is reporting hitting:\n\n[  413.361679] WARNING: drivers/gpu/drm/xe/xe_vm.c:1217 at vm_bind_ioctl_ops_unwind+0x1e2/0x2e0 [xe], CPU#7: vkd3d_queue/9925\n[  413.3619…","indicators":{"cves":["CVE-2026-31479"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:44.993Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/5eda8001ebb5269755608d678dd1f3928ab077c9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/bfe9e314d7574d1c5c851972e7aee342733819d2","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ccd41f110c608b3cc347b9be881c3e72cd634b2b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e6ba1749549e87b83c0c4885d84b543687c3740e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31510","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-31510 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-d…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb\n\nBefore using sk pointer, check if it is null.\n\nFix the following:\n\n KASAN: null-ptr-deref in range [0x0000000000000260-0x0000000000000267]\n CPU: 0 UID: 0 PID: 5985 Comm:…","indicators":{"cves":["CVE-2026-31510"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:50.130Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/03d4eafb0f3788239df63575951f6b4c97bbfda4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/0780f9333852971ca77d110019e3a66ce5a7b100","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/1dc6db047919ecd59493cd51248b37381bbabcbb","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3c821bc0fbeaa27910a20d0b43c6008d099792af","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/898b89c90ff9496e64b9331040778cc4e1b28c9d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a04a760c06bb591989db659439efdf106f0bae76","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/b6552e0503973daf6f23bd6ed9273ef131ee364f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d34776c7fa1f2c510f1cdd14823aba701babb4ad","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33593","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-33593 — A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.","description":"A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.","indicators":{"cves":["CVE-2026-33593"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:53.713Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33608","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-33608 — An attacker can send a notify request that causes a new secondary domain to be added to the bind bac…","description":"An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it.","indicators":{"cves":["CVE-2026-33608"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:54.650Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41651","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41651 — PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way us…","description":"PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that all…","indicators":{"cves":["CVE-2026-41651"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:17:04.617Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L2273-L2277","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L4036","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L873-L882","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/PackageKit/PackageKit/security/advisories/GHSA-f55j-vvr9-69xv","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html","label":"security-advisories@github.com","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/22/6","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"},{"url":"https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6859","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-6859 — A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when…","description":"A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run `ilab train/download/generate` with a specially crafted malicious…","indicators":{"cves":["CVE-2026-6859"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:17:07.687Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6859","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2459998","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35548","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-35548 — An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5.2.1 (5.2.1…","description":"An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5.2.1 (5.2.1 is used in guardsix 7.9.0.0). A logic flaw allowed stored database credentials to be reused after modification of the target Host, IP address, or Port. When editing an existing Enrichment Source, prev…","indicators":{"cves":["CVE-2026-35548"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T15:16:16.100Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://guardsix.com/media-room#/pressreleases/logpoint-becomes-guardsix-as-europe-reassesses-sovereign-security-operations-3436974","label":"cve@mitre.org","domainType":"other"},{"url":"https://servicedesk.guardsix.com/hc/en-us/articles/35555683205021-SSRF-in-ODBC-Enrichment-Source","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35338","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-35338 — A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root…","description":"A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbolic…","indicators":{"cves":["CVE-2026-35338"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:35.583Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/pull/10033","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.6.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35341","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-35341 — A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions o…","description":"A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a file already exists at the target path, it fails to terminate the operation for that path and continues to execute a follow-up set_permis…","indicators":{"cves":["CVE-2026-35341"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:36.060Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/issues/10020","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/10020","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35352","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-35352 — A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mkfifo utility of uutils coreut…","description":"A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mkfifo utility of uutils coreutils. The utility creates a FIFO and then performs a path-based chmod to set permissions. A local attacker with write access to the parent directory can swap the newly created FIFO for a symbolic link…","indicators":{"cves":["CVE-2026-35352"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:37.597Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/issues/10020","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/10020","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35368","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-35368 — A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. T…","description":"A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam() after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch (NSS) to load…","indicators":{"cves":["CVE-2026-35368"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:40.560Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/issues/10327","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/10327","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-4922","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-4922 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.9.6, 18.10…","description":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection.","indicators":{"cves":["CVE-2026-4922"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:44.277Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/","label":"cve@gitlab.com","domainType":"other"},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/594937","label":"cve@gitlab.com","domainType":"other"},{"url":"https://hackerone.com/reports/3627285","label":"cve@gitlab.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5262","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5262 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18.…","description":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an unauthenticated user to access tokens in the Storybook development environment due to improper input val…","indicators":{"cves":["CVE-2026-5262"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:44.437Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/","label":"cve@gitlab.com","domainType":"other"},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/595332","label":"cve@gitlab.com","domainType":"other"},{"url":"https://hackerone.com/reports/3574642","label":"cve@gitlab.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5816","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5816 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and…","description":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions.","indicators":{"cves":["CVE-2026-5816"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:44.763Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/","label":"cve@gitlab.com","domainType":"other"},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/592816","label":"cve@gitlab.com","domainType":"other"},{"url":"https://hackerone.com/reports/3572231","label":"cve@gitlab.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-26354","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-26354 — Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1…","description":"Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain a stack-based Buffer Overflow vulnerability. An unauthenticated attacker…","indicators":{"cves":["CVE-2026-26354"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T19:17:00.677Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34413","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-34413 — Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in th…","description":"Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit() or die(), allowing PHP execution to continue and process the…","indicators":{"cves":["CVE-2026-34413"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T19:17:02.710Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/commit/02661be88cc369325ea01b508086bde7fbfec805","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/commit/17e4f945fe6a3400fa88c01eda18c1075ee4a212","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/commit/507d55c5e91bf9310b5b1c7fad8aebfef902ad23","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/issues/1527","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/xerte-online-toolkits-missing-authentication-via-connector-php","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://xerte.org.uk/index.php/en/downloads-1/category/3-xerte-online-toolkits","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://xerte.org.uk/xertetoolkits_3.15_ChangeLog.html","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34414","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-34414 — Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in t…","description":"Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where the name parameter in rename commands is not sanitized for path traversal sequences. Attackers can supply a name value contai…","indicators":{"cves":["CVE-2026-34414"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T19:17:04.033Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/commit/02661be88cc369325ea01b508086bde7fbfec805","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/commit/17e4f945fe6a3400fa88c01eda18c1075ee4a212","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/commit/507d55c5e91bf9310b5b1c7fad8aebfef902ad23","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/issues/1527","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/xerte-online-toolkits-path-traversal-via-connector-php","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://xerte.org.uk/index.php/en/downloads-1/category/3-xerte-online-toolkits","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://xerte.org.uk/xertetoolkits_3.15_ChangeLog.html","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41468","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41468 — Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbo…","description":"Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript execution…","indicators":{"cves":["CVE-2026-41468"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T19:17:08.813Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22191-POC.py","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22191-SicuroWeb-ATI-chain.txt","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.beghelli.it","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://www.boffsec-services.com/posts/sicuroweb-cve-2026-22191/","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://www.vulncheck.com/advisories/beghelli-sicuro24-sicuroweb-angularjs-sandbox-escape-via-template-injection","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34063","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-34063 — Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `n…","description":"Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `network-libp2p` discovery uses a libp2p `ConnectionHandler` state machine. the handler assumes there is at most one inbound and one outbound discovery substream per connection. if a remote peer opens/n…","indicators":{"cves":["CVE-2026-34063"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T20:16:40.713Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/nimiq/core-rs-albatross/commit/e0d4e01994f061bf41d3c2835bc74040d3c084f5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/pull/3666","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-74hp-mhfx-m45h","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-34065","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-34065 — nimiq-primitives contains primitives (e.g., block, account, transaction) to be used in Nimiq's Rust…","description":"nimiq-primitives contains primitives (e.g., block, account, transaction) to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can cause a node to panic by announcing an election macro block whose `validators` set contains an invalid compressed BLS voting key. Hash…","indicators":{"cves":["CVE-2026-34065"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T20:16:41.077Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/nimiq/core-rs-albatross/commit/e10eaebcd7774e5da6d0ff5e88ed13503474f0ff","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/pull/3662","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-7c4j-2m43-2mgh","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33733","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-33733 — EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the…","description":"EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management endpoints accept attacker-controlled `name` and `scope` values and pass them into template path construction without normalization or traversal filtering. As a result, an aut…","indicators":{"cves":["CVE-2026-33733"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T21:17:05.970Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/espocrm/espocrm/security/advisories/GHSA-44c3-xjfp-3jrh","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40882","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40882 — OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset…","description":"OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses attacker-controlled XML without explicit XXE hardening. An authenticated user who can call the import endpoint may trigger XML external entity processing, which can lead to server-s…","indicators":{"cves":["CVE-2026-40882"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T21:17:08.733Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/openremote/openremote/security/advisories/GHSA-g24f-mgc3-jwwc","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40937","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40937 — RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notif…","description":"RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notification target admin API endpoints in `rustfs/src/admin/handlers/event.rs` use a `check_permissions` helper that validates authentication only (access key + session token), without performing any admi…","indicators":{"cves":["CVE-2026-40937"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T21:17:08.877Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/rustfs/rustfs/releases/tag/1.0.0-alpha.94","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/rustfs/rustfs/security/advisories/GHSA-pfcq-4gjr-6gjm","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41166","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41166 — OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has `w…","description":"OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has `write:admin` in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, including `master`. The handler uses the `{realm}` path segment when talking to th…","indicators":{"cves":["CVE-2026-41166"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T21:17:09.167Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/openremote/openremote/releases/tag/1.22.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/openremote/openremote/security/advisories/GHSA-49vv-25qx-mg44","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40517","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-40517 — radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars()…","description":"radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz…","indicators":{"cves":["CVE-2026-40517"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T22:16:31.183Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://blog.calif.io/p/mad-bugs-discovering-a-0-day-in-zero","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://github.com/radareorg/radare2/issues/25730","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/radareorg/radare2/pull/25731","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/radare2-command-injection-via-pdb-parser-symbol-names","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41175","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41175 — Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.20 and…","description":"Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.20 and 6.13.0, manipulating query parameters on Control Panel and REST API endpoints, or arguments in GraphQL queries, could result in the loss of content, assets, and user accounts. The Control Panel requi…","indicators":{"cves":["CVE-2026-41175"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T22:16:31.820Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/statamic/cms/security/advisories/GHSA-4jjr-vmv7-wh4w","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41454","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41454 — WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoin…","description":"WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs, create new integrations…","indicators":{"cves":["CVE-2026-41454"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T22:16:32.497Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/wekan/wekan/commit/2cd702f48df2b8aef0e7381685f8e089986a18a4","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/wekan/wekan/releases/tag/v8.35","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/wekan-missing-authorization-via-integration-rest-api","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41455","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41455 — WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL ha…","description":"WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the url schema field accepts any string without protocol restriction or destination validation. Attackers who can create or modify integrations can set webhook URLs to internal network ad…","indicators":{"cves":["CVE-2026-41455"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T22:16:32.677Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/wekan/wekan/commit/2cd702f48df2b8aef0e7381685f8e089986a18a4","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/wekan/wekan/releases/tag/v8.35","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/wekan-ssrf-via-webhook-url","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3621","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-3621 — IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Serve…","description":"IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deployed without authentication and authorization configured.","indicators":{"cves":["CVE-2026-3621"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:45.313Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://www.ibm.com/support/pages/node/7270437","label":"psirt@us.ibm.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5935","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-5935 — IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow a…","description":"IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input.","indicators":{"cves":["CVE-2026-5935"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:46.900Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://www.ibm.com/support/pages/node/7270127","label":"psirt@us.ibm.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41180","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41180 — PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload…","description":"PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under `/files/:uploadId` validates the mounted request path using the still-encoded `req.path`, but the downstream tus handler later writes using the decoded `req.params.uploadId`. In depl…","indicators":{"cves":["CVE-2026-41180"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:15.977Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/psi-4ward/psitransfer/commit/8b547bf3e09757122efa00aab90281e3915aa0c6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/psi-4ward/psitransfer/releases/tag/v2.4.3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/psi-4ward/psitransfer/security/advisories/GHSA-533q-w4g6-5586","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"vendor-powmix-botnet-targets-czech-workforce","source":"vendor-blogs","category":"advisory","severity":"high","title":"PowMix botnet targets Czech workforce","description":"Cisco Talos discovered an ongoing malicious campaign, operating since at least December 2025, affecting a broader workforce in the Czech Republic with a previously undocumented botnet we call “PowMix.”","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T10:00:33.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://blog.talosintelligence.com/powmix-botnet-targets-czech-workforce/","label":"Cisco Talos","domainType":"other"}],"feedLabel":null},{"id":"malbaz-0671be8c3c90f4f70b4feef76edbf8f3fd8d8b9ceb191675b100912d70e82c22","source":"malware-bazaar","category":"malware","severity":"high","title":"sport.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"9f86a462681b343125415cee2ce30624","sha1":"5aaffe2fd4ad738032bcf35b960b575a778a97fe","sha256":"0671be8c3c90f4f70b4feef76edbf8f3fd8d8b9ceb191675b100912d70e82c22"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:58:56Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/0671be8c3c90f4f70b4feef76edbf8f3fd8d8b9ceb191675b100912d70e82c22/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-6a94e0e6917dac14fe32db0e46e328251ca2baa5551712ab5a9b6e008a0ebd6c","source":"malware-bazaar","category":"malware","severity":"high","title":"pace.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"54a8827f55792a6e0d3817e80ac2a318","sha1":"8b30ba6bca841026b199e955822b6459ad44d981","sha256":"6a94e0e6917dac14fe32db0e46e328251ca2baa5551712ab5a9b6e008a0ebd6c"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:58:39Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/6a94e0e6917dac14fe32db0e46e328251ca2baa5551712ab5a9b6e008a0ebd6c/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-6c403ed3119dae79cc5abf671489c6b1053ae5de11d249c74b3a9e9c01d86634","source":"malware-bazaar","category":"malware","severity":"high","title":"Indeed.bat","description":"File type: bat | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"61a5049fb91d6a8b1659c267dd2d8713","sha1":"17d136a21801102060dabe962c0c7f472ab5d194","sha256":"6c403ed3119dae79cc5abf671489c6b1053ae5de11d249c74b3a9e9c01d86634"}},"tags":["bat"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:58:30Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/6c403ed3119dae79cc5abf671489c6b1053ae5de11d249c74b3a9e9c01d86634/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-e178ec2c637f8340288d0928c5de1a852e5f6fdded6327cfb3fc2c752f0c88cd","source":"malware-bazaar","category":"malware","severity":"high","title":"ENJOY.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"f65cf754c315bc223fda4dee8ebc9a02","sha1":"e315db400b398c97ebdd9c76c9437908b6214722","sha256":"e178ec2c637f8340288d0928c5de1a852e5f6fdded6327cfb3fc2c752f0c88cd"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:58:20Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/e178ec2c637f8340288d0928c5de1a852e5f6fdded6327cfb3fc2c752f0c88cd/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-43d206a3928e1d6445113250bee9b2f8b0568b062280d28af8b496a5e76d4b78","source":"malware-bazaar","category":"malware","severity":"high","title":"SIMPLY.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"7fe9f680efb8660345b340df5c58e179","sha1":"4bbf34b61d35d5e60f19b61732950b91d5c4f22d","sha256":"43d206a3928e1d6445113250bee9b2f8b0568b062280d28af8b496a5e76d4b78"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:46:53Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/43d206a3928e1d6445113250bee9b2f8b0568b062280d28af8b496a5e76d4b78/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-7d8cf5a10104f02491f52f8d7314c729d30cdb469f18ff8c2f0766faf11c2c00","source":"malware-bazaar","category":"malware","severity":"high","title":"roughly.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"cb3af8617b37c043b9935a19ee2d24c0","sha1":"4510fb16cad04daf8fab3f7b5d6077b75d447944","sha256":"7d8cf5a10104f02491f52f8d7314c729d30cdb469f18ff8c2f0766faf11c2c00"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:46:45Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/7d8cf5a10104f02491f52f8d7314c729d30cdb469f18ff8c2f0766faf11c2c00/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-4f7d170b16f656a4bd09f5e1b8606eab8b8a5381a1230e2a716a01cc837c73f6","source":"malware-bazaar","category":"malware","severity":"high","title":"rail.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"f5612d481fc9e8c4a2b7ee7eb70c4dbb","sha1":"9fbc359d8cf4d07c86c3b809d01c4c4d7802b639","sha256":"4f7d170b16f656a4bd09f5e1b8606eab8b8a5381a1230e2a716a01cc837c73f6"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:46:37Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/4f7d170b16f656a4bd09f5e1b8606eab8b8a5381a1230e2a716a01cc837c73f6/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-5364a6db5cfb43f056be8dd0102124a425bd7b02c406b2f4af822b3e18106144","source":"malware-bazaar","category":"malware","severity":"high","title":"Lunch.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"249dc8a9dc96ef5f65a96277e2e022e2","sha1":"a773c006c415ba353cf197f9e254999d3860dbce","sha256":"5364a6db5cfb43f056be8dd0102124a425bd7b02c406b2f4af822b3e18106144"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:46:28Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/5364a6db5cfb43f056be8dd0102124a425bd7b02c406b2f4af822b3e18106144/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-22bdb406f852375a0dec9a309d923d39f3e38f7b465fb51ea0710d70b9eb3ba8","source":"malware-bazaar","category":"malware","severity":"high","title":"Jump.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"9cff319d04fe3ad5b7afdaa1c33aaa08","sha1":"40147a62b1f6bdc19a9db059f1c896495f65e12e","sha256":"22bdb406f852375a0dec9a309d923d39f3e38f7b465fb51ea0710d70b9eb3ba8"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:46:20Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/22bdb406f852375a0dec9a309d923d39f3e38f7b465fb51ea0710d70b9eb3ba8/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-2b9067eeb7909d5e78c83d9a37b379d6531a5b893d5a002b06c4f851edb1f402","source":"malware-bazaar","category":"malware","severity":"high","title":"Gold.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"13543fe2894ca8577f234c4641ae4890","sha1":"22d48c4483602f87e5d94764dc838cb403de31c0","sha256":"2b9067eeb7909d5e78c83d9a37b379d6531a5b893d5a002b06c4f851edb1f402"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:46:11Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/2b9067eeb7909d5e78c83d9a37b379d6531a5b893d5a002b06c4f851edb1f402/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-8057846b383074f436e035011f2b47ce14f4bdbf9b3d8146bdd3bfa47863ad0d","source":"malware-bazaar","category":"malware","severity":"high","title":"102214433.dll","description":"File type: exe | Reporter: seventh","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"da86876a180c98bde9151bb97bd82492","sha1":"c5bec0cb69878d2883067ec3760bfa0a4e8ebc37","sha256":"8057846b383074f436e035011f2b47ce14f4bdbf9b3d8146bdd3bfa47863ad0d"}},"tags":["exe","Generic"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:28:10Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/8057846b383074f436e035011f2b47ce14f4bdbf9b3d8146bdd3bfa47863ad0d/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-95b620de060eaaedf521423892275b8fe6f635e720c9f294704d1f1df5b46036","source":"malware-bazaar","category":"malware","severity":"high","title":"Earn.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"4725d3cc859e5ce08ae392596b497485","sha1":"d85c25d7d0dc38a7f7ce101b38dd1fb140768404","sha256":"95b620de060eaaedf521423892275b8fe6f635e720c9f294704d1f1df5b46036"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:15:55Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/95b620de060eaaedf521423892275b8fe6f635e720c9f294704d1f1df5b46036/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-ebe53bdc9a171b425a091131e45c9119a8652b57fd00c08c8f7de300a32092af","source":"malware-bazaar","category":"malware","severity":"high","title":"57E2D4450641AFB778B17A9348AE707F.exe","description":"File type: exe | Reporter: abuse_ch","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"57e2d4450641afb778b17a9348ae707f","sha1":"0e27a306c5405bdb305ff2a3e458f35340e11b4e","sha256":"ebe53bdc9a171b425a091131e45c9119a8652b57fd00c08c8f7de300a32092af"}},"tags":["exe","Loki"],"malwareFamily":"Loki","confidence":null,"publishedAt":"2026-04-23T02:10:17Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/ebe53bdc9a171b425a091131e45c9119a8652b57fd00c08c8f7de300a32092af/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-bc4398448cea0dce1a025b061145801b0ba27f7840f4298748ea9302408024b8","source":"malware-bazaar","category":"malware","severity":"high","title":"vpuuaqjs.dll","description":"File type: dll | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"53062a067d23ec46fba15b6d2cea672d","sha1":"12809654ca28bd7391d820ed34176755eb2561f4","sha256":"bc4398448cea0dce1a025b061145801b0ba27f7840f4298748ea9302408024b8"}},"tags":["dll"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:07:39Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/bc4398448cea0dce1a025b061145801b0ba27f7840f4298748ea9302408024b8/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-4f3ac17ca2c10d5129d7001d855b7ac073abccde991424cb2962a48ed3e8bb0b","source":"malware-bazaar","category":"malware","severity":"high","title":"perfect.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"202a45a94c6484ea89330c2075842933","sha1":"f9a9f87ae46e1df10176caaa5e75a452f3226036","sha256":"4f3ac17ca2c10d5129d7001d855b7ac073abccde991424cb2962a48ed3e8bb0b"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:07:32Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/4f3ac17ca2c10d5129d7001d855b7ac073abccde991424cb2962a48ed3e8bb0b/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-827954fcfe9efbda35968d9f5928b12d75f9e5c8ea0026df19296ccc4623b170","source":"malware-bazaar","category":"malware","severity":"high","title":"explorer.exe","description":"File type: exe | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"95267bdaef5c91708ee495af88a5b395","sha1":"cc31c02ee881ea5927984f9e7f2ceebe2d47b571","sha256":"827954fcfe9efbda35968d9f5928b12d75f9e5c8ea0026df19296ccc4623b170"}},"tags":["exe"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:07:26Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/827954fcfe9efbda35968d9f5928b12d75f9e5c8ea0026df19296ccc4623b170/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e8b27323474e048df8d7b1","source":"otx","category":"threat-intel","severity":"high","title":"APT Group Expands Toolset With New GoGra Linux Backdoor","description":"The Harvester APT group has developed a highly-evasive Linux version of its GoGra backdoor that leverages Microsoft Graph API and Outlook mailboxes as a covert command-and-control channel to bypass traditional network defenses. Initial VirusTotal submissions originated from India and Afghanistan, in…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"8f1af2175403195726957dc58fe64821","sha1":"c78c6f9b78e9503ab1a079010cf12a6182ec4d43","sha256":"d8d84eaba9b902045ae4fe044e9761ad0ce9051b85feea3f1cf9c80b59b2b123"}},"tags":["graphon","south asia espionage","cross-platform","gogra","linux backdoor","microsoft graph api","azure ad abuse","nation-state","apt","phishing","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T11:35:15.969Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e8b27323474e048df8d7b1","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e8c18ece091934fe2136f5","source":"otx","category":"threat-intel","severity":"high","title":"Kyber Ransomware Double Trouble: Windows and ESXi Attacks Explained","description":"Kyber ransomware represents a significant threat through dual-platform deployment capabilities targeting VMware ESXi virtualization infrastructure and Windows file systems. During a March 2026 incident response engagement, two Kyber payloads were recovered from the same environment. The ESXi variant…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"18498b1ff111ee9d9a037c280f75b720","sha1":"0e9a47782e39741a2c161bf639252d33ad3a428a","sha256":"6ccacb7567b6c0bd2ca8e68ff59d5ef21e8f47fc1af70d4d88a421f1fc5280fc"}},"tags":["rust","virtualization","chacha8","hyper-v","vmware","esxi","cross-platform","kyber","ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T12:39:42.119Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e8c18ece091934fe2136f5","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e8c1fb96869b14e2c565a2","source":"otx","category":"threat-intel","severity":"high","title":"TwizAdmin -- Multi-Stage Crypto Clipper, Infostealer & Ransomware Operation","description":"A sophisticated multi-stage malware operation was identified through an exposed C2 panel at 103.241.66[.]238:1337, combining cryptocurrency clipboard hijacking across eight chains, BIP-39 seed phrase theft, browser credential exfiltration, ransomware module (crpx0), and Java RAT builder managed via…","indicators":{"cves":[],"ips":["31.31.198.206"],"domains":["fanonlyatn.xyz","beboss34.ru","caribb.ru","mekhovaya-shuba.ru","secure-shard-091.of-cdn.com","www.fanonlyatn.xyz"],"urls":["https://fanonlyatn.xyz/files/","https://fanonlyatn.xyz","http://fanonlyatn.xyz/files/","https://beboss34.ru/crpx0/notify.php","https://caribb.ru/crpx0/notify.php","https://fanonlyatn.xyz/api.php","https://fanonlyatn.xyz/api_address_match.php","https://fanonlyatn.xyz/api_dropper_log.php","https://fanonlyatn.xyz/builds/","https://mekhovaya-shuba.ru/crpx0/notify.php"],"hashes":{"md5":null,"sha1":null,"sha256":"f7ddba605e3d04e06d2f7b0fc4a38027ae58ca65a69d800dd2f43c8e94ca8396"}},"tags":["crypto clipper","twizadmin","multi-platform","russian-speaking","infostealer","crpx0","maas","ransomware","cryptocurrency theft","phishing","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T12:41:31.240Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e8c1fb96869b14e2c565a2","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e827168edcf67707285b4e","source":"otx","category":"threat-intel","severity":"high","title":"Same packet, different magic: Hits India's banking sector and Korea geopolitics","description":"A new variant of the LOTUSLITE backdoor, version 1.1, has been identified targeting India's banking sector and South Korean diplomatic circles. The backdoor is delivered via DLL sideloading using legitimate Microsoft-signed executables and initially through CHM files containing malicious JavaScript.…","indicators":{"cves":[],"ips":["172.81.60.97"],"domains":["editor.gleeze.com","cosmosmusic.com","www.cosmosmusic.com"],"urls":[],"hashes":{"md5":"5abac6560eeb77f71e4cd2e1b33d973e","sha1":"1ffd797a49df270494b8cb2d2d0d679387fbd44a","sha256":"cc0ff7e25ea686171919575916e2d9ebaeb5800a063f370a6980ea791f8851b8"}},"tags":["espionage","chm files","backdoor","south korea diplomacy","lotuslite","dll sideloading","india banking","javascript loader","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T01:40:38.268Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e827168edcf67707285b4e","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e82714e5cf2d1fb9fe1b0a","source":"otx","category":"threat-intel","severity":"high","title":"Mach-O Man Malware: What CISOs Need to Know","description":"Lazarus Group is conducting an active campaign targeting businesses through ClickFix attacks, distributing a newly identified macOS malware kit called \"Mach-O Man\". The attack begins with fake meeting invitations via Telegram, redirecting victims to fraudulent collaboration platforms impersonating Z…","indicators":{"cves":[],"ips":["172.86.113.102"],"domains":["livemicrosft.com","update-teams.live"],"urls":["http://172.86.113.102/localencode","http://livemicrosft.com/meet/89035563931?p=9jXK14VFM8fObdKxfkake8tD7rPhzs.1","http://update-teams.live/teams"],"hashes":{"md5":null,"sha1":null,"sha256":"a73ce18952b40fd621789e43c56b2af08d1497ce3560b2481fa973d8265ce491"}},"tags":["mach-o man","browser stealing","pylangghostrat","social engineering","macos","mach-o binaries","telegram exfiltration","credential theft","clickfix","fintech targeting","apt","phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T01:40:36.560Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e82714e5cf2d1fb9fe1b0a","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e7690744c08ddc410e543f","source":"otx","category":"threat-intel","severity":"high","title":"Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories","description":"Void Dokkaebi, also known as Famous Chollima, has evolved its operations into a self-propagating supply chain threat targeting software developers. The North Korea-aligned group uses fabricated job interviews to lure developers into cloning malicious repositories. Once compromised, the victim's mach…","indicators":{"cves":[],"ips":["166.88.4.2","85.239.62.36","23.27.20.143","23.27.202.27","23.27.120.142","154.91.0.196","198.105.127.210","83.168.68.219"],"domains":[],"urls":[],"hashes":{"md5":"a12957e7627cb19fba2a4b155f7258b7","sha1":"78be1ea752622c75fd5c636abc2e6e7a51484323","sha256":"834a92277f1bd82d4d473ac0aa2ddb23208a3a8763a576b882e7326c42bc5412"}},"tags":["dev#popper rat","omnistealer","git history tampering","vs code exploitation","worm propagation","supply chain attack","fake job interview","blockchain infrastructure","invisibleferret","repository poisoning","north korea","developer targeting","beavertail","ottercookie","supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:09:43.074Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e7690744c08ddc410e543f","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e63f93a0ddbd53fcab3f51","source":"otx","category":"threat-intel","severity":"high","title":"The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy","description":"The Gentlemen ransomware-as-a-service program has rapidly expanded since mid-2025, claiming over 320 victims with 240 attacks occurring in early 2026. The service provides multi-platform lockers for Windows, Linux, NAS, BSD, and ESXi, enabling comprehensive coverage of corporate environments. During…","indicators":{"cves":[],"ips":[],"domains":["tezwsse5czllksjb7cwp65rvnk4oobmzti2znn42i43bjdfd2prqqkad.onion"],"urls":["http://tezwsse5czllksjb7cwp65rvnk4oobmzti2znn42i43bjdfd2prqqkad.onion/"],"hashes":{"md5":"c9d004384de06bbc53724b1431dc0fde","sha1":"f1025bb2f147c01742f263bc0b8d462af9728a22","sha256":"fe1033335a045c696c900d435119d210361966e2fb5cd1ba3382608cfa2c8e68"}},"tags":["cobalt-strike","domain-compromise","the gentlemen","psexec","systembc","esxi-encryption","lateral-movement","cobalt strike","anydesk","ransomware-as-a-service","mimikatz","group-policy-deployment","ransomware","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T15:00:35.743Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e63f93a0ddbd53fcab3f51","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e2417dcac9587a626c98a2","source":"otx","category":"threat-intel","severity":"high","title":"Iranian APT Seedworm Targets Global Organizations via Microsoft Teams","description":"In late February 2026, following escalating Middle East tensions and coordinated military actions, Iranian APT group Seedworm launched sophisticated social engineering attacks via Microsoft Teams. Attackers impersonated IT support personnel using deceptive Microsoft 365 tenant domains to convince vi…","indicators":{"cves":[],"ips":[],"domains":["serialmenot.com","dd3.filedwnl.top","dd4.filedwnl.top"],"urls":["https://dd3.filedwnl.top","https://dd4.filedwnl.top"],"hashes":{"md5":"f8560b9a893eeb2130fc7159e9c1b851","sha1":"e2e8516b4f275e8c636620b7377ee3b9f9f47bb0","sha256":"ddf75e118db8a5614483ee7e7528a3e2621901059899a8a497335bdef2fba437"}},"tags":["muddywater infrastructure","in-memory execution","seedworm","microsoft teams","dindoor","social engineering","dindoor backdoor","iran apt","deno runtime","dinodance","apt","phishing","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:19:41.824Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e2417dcac9587a626c98a2","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e1f1296b63ec46a94782ce","source":"otx","category":"threat-intel","severity":"high","title":"Takes Aim at the Ransomware Throne","description":"In February 2025, BlackBasta ransomware operations ceased after their internal chat logs were leaked online, leading to disbandment. However, former affiliates continued launching attacks using different ransomware families, including the relatively unknown Payouts King group that emerged in April 2…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":"d68ce82e82801cd487f9cd2d24f7b30e353cafd0704dcdf0bb8f12822d4227c2"}},"tags":["aes encryption","blackbasta affiliates","edr evasion","blackbasta","spam bombing","direct system calls","payouts king","quick assist","microsoft teams","cactus","rsa encryption","ransomware","phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:36:57.288Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e1f1296b63ec46a94782ce","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e1f157d8f8bb7547f8c23f","source":"otx","category":"threat-intel","severity":"high","title":"Dissecting macOS intrusion from lure to compromise","description":"Microsoft Threat Intelligence uncovered a macOS-focused cyber campaign by North Korean threat actor Sapphire Sleet utilizing social engineering to compromise systems. The attack chain begins with a malicious AppleScript file disguised as a Zoom SDK update, which executes cascading payloads through c…","indicators":{"cves":[],"ips":["83.136.209.22","188.227.196.252","104.145.210.107","83.136.208.246","83.136.208.48","83.136.210.180"],"domains":["uw04webzoom.us","ur01webzoom.us","uv01webzoom.us","check02id.com","uv03webzoom.us","uv04webzoom.us","uw03webzoom.us","uw05webzoom.us","ux06webzoom.us"],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":"a05400000843fbad6b28d2b76fc201c3d415a72d88d8dc548fafd8bae073c640"}},"tags":["social engineering","north korea","systemupdate.app","tcc bypass","com.google.chromes.updaters","applescript","services","softwareupdate.app","cryptocurrency theft","com.apple.cli","macos","sapphire sleet","credential harvesting","icloudz","phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:37:43.088Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e1f157d8f8bb7547f8c23f","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"news-new-npm-supply-chain-attack-self-spreads-to-steal-auth-tokens","source":"general-news","category":"news","severity":"high","title":"New npm supply-chain attack self-spreads to steal auth tokens","description":"A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T12:57:42.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/new-npm-supply-chain-attack-self-spreads-to-steal-auth-tokens/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-malicious-kics-docker-images-and-vs-code-extensions-hit-checkmarx-supply-chain","source":"general-news","category":"news","severity":"high","title":"Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain","description":"Cybersecurity researchers have warned of malicious images pushed to the official \"checkmarx/kics\" Docker Hub repository.\nIn an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2.1.20 and alp…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:55:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/malicious-kics-docker-images-and-vs.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-self-propagating-supply-chain-worm-hijacks-npm-packages-to-steal-developer-token","source":"general-news","category":"news","severity":"high","title":"Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens","description":"Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens.\nThe supply chain worm has been detected by both Socket and StepSecurity, with the companies tracking the activi…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:33:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/self-propagating-supply-chain-worm.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-harvester-deploys-linux-gogra-backdoor-in-south-asia-using-microsoft-graph-api","source":"general-news","category":"news","severity":"high","title":"Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API","description":"The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia.\n\"The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T15:28:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/harvester-deploys-linux-gogra-backdoor.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-researchers-detect-zionsiphon-malware-targeting-israeli-water-desalination-ot-sy","source":"general-news","category":"news","severity":"high","title":"Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems","description":"Cybersecurity researchers have flagged a new malware called ZionSiphon that appears to be specifically designed to target Israeli water treatment and desalination systems.\nThe malware has been codenamed ZionSiphon by Darktrace, highlighting its ability to set up persistence, tamper with local config…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T07:34:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/researchers-detect-zionsiphon-malware.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-newly-discovered-powmix-botnet-hits-czech-workers-using-randomized-c2-traffic","source":"general-news","category":"news","severity":"high","title":"Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic","description":"Cybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least December 2025.\n\"PowMix employs randomized command-and-control (C2) beaconing intervals, rather than persistent…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T17:52:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/newly-discovered-powmix-botnet-hits.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-mirai-botnet-targets-flaw-in-discontinued-d-link-routers","source":"general-news","category":"news","severity":"high","title":"Mirai Botnet Targets Flaw in Discontinued D-Link Routers","description":"The exploitation of the command injection vulnerability started one year after public disclosure and PoC exploit code publication.\nThe post Mirai Botnet Targets Flaw in Discontinued D-Link Routers appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T11:44:07.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.securityweek.com/mirai-botnet-targets-flaw-in-discontinued-d-link-routers/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-are-sboms-failing-supply-chain-attacks-rise-as-security-teams-struggle-with-sbom","source":"general-news","category":"news","severity":"high","title":"Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data","description":"Researcher says the missing piece is a governance-driven intelligence layer that turns SBOM and VEX data into explainable security decisions.\nThe post Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T11:30:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.securityweek.com/are-sboms-failing-supply-chain-attacks-rise-as-security-teams-struggle-with-sbom-data/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-zionsiphon-malware-targets-water-infrastructure-systems","source":"general-news","category":"news","severity":"high","title":"ZionSiphon Malware Targets Water Infrastructure Systems","description":"ZionSiphon malware targets OT water systems with sabotage and ICS scanning capabilities","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ics"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:00:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://www.infosecurity-magazine.com/news/zionsiphon-malware-water/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-attackers-exploit-dvr-command-injection-flaw-to-deploy-mirai-based-botnet","source":"general-news","category":"news","severity":"high","title":"Attackers Exploit DVR Command Injection Flaw to Deploy  Mirai-Based Botnet","description":"FortiGuard Labs has identified a Mirai-based Nexcorium campaign actively exploiting CVE-2024-3721 in TBK DVR devices","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T13:01:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://www.infosecurity-magazine.com/news/mirai-variant-dvr-flaw-iot-botnet/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"nvd-CVE-2026-40503","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40503 — OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gatew…","description":"OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to escape the project memor…","indicators":{"cves":["CVE-2026-40503"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T01:16:11.440Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://github.com/HKUDS/OpenHarness/commit/dd1d235450dd987b20bff01b7bfb02fe8620a0af","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/HKUDS/OpenHarness/pull/127","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openharness-path-traversal-information-disclosure-via-memory-show","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3299","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3299 — The WP YouTube Lyte plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin…","description":"The WP YouTube Lyte plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lyte' shortcode in all versions up to, and including, 1.7.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attack…","indicators":{"cves":["CVE-2026-3299"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T02:16:11.533Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3482595/wp-youtube-lyte","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/de09d051-d124-4397-bd1c-b193acd6c186?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40962","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40962 — FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encrypt…","description":"FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.","indicators":{"cves":["CVE-2026-40962"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T02:16:12.227Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22348","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3885","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3885 — The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Si…","description":"The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_box' shortcode in all versions up to, and including, 7.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possi…","indicators":{"cves":["CVE-2026-3885"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T03:16:27.080Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3489360/shortcodes-ultimate","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f6929fdc-a5b1-4c71-9291-3fafa9381cf2?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3878","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3878 — The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdocs_option…","description":"The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdocs_options[icon_size]' parameter in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-leve…","indicators":{"cves":["CVE-2026-3878"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T04:17:09.813Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3481830/wp-docs","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e11ecf13-0b3b-4148-abca-677652a68c24?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4032","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4032 — The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' pa…","description":"The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in 'cc' comment shortcode in versions up to, and including, 0.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject ar…","indicators":{"cves":["CVE-2026-4032"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T04:17:10.890Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3481552/codecolorer","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/44fd7e13-f48a-43c6-a735-15036aa03005?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5070","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5070 — The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text…","description":"The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text content in versions up to, and including, 1.20.32 due to insufficient output escaping in the gallery template. This makes it possible for authenticated attackers, with contributor-level access and abo…","indicators":{"cves":["CVE-2026-5070"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T04:17:11.720Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://themes.trac.wordpress.org/changeset/320834/vantage","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fb7d4eee-fd81-4d9d-8d8d-a56870b27874?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22615","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-22615 — Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is po…","description":"Due to improper\ninput validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is\npossible for an attacker with admin privileges and access to the local system to\ninject malicious code resulting in arbitrary command execution. This security issue has been fixed in the latest version…","indicators":{"cves":["CVE-2026-22615"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T05:16:14.433Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf","label":"CybersecurityCOE@eaton.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22616","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-22616 — Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the…","description":"Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been fixed in the latest version of Eaton IPP which is available on the Eaton download centre.","indicators":{"cves":["CVE-2026-22616"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T05:16:14.563Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf","label":"CybersecurityCOE@eaton.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22617","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-22617 — Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a n…","description":"Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. This security issue has been fixed in the latest version of Eaton IPP software which is available on th…","indicators":{"cves":["CVE-2026-22617"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T06:16:08.980Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf","label":"CybersecurityCOE@eaton.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22618","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-22618 — A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP…","description":"A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attacks. This security issue has been fixed in the latest version of Eaton IPP software which is available…","indicators":{"cves":["CVE-2026-22618"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T06:16:10.297Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf","label":"CybersecurityCOE@eaton.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3551","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3551 — The Custom New User Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting v…","description":"The Custom New User Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's admin settings in all versions up to, and including, 1.2.0. This is due to insufficient input sanitization and output escaping on multiple settings fields including 'User Mail Subject'…","indicators":{"cves":["CVE-2026-3551"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T06:16:10.530Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/tags/1.2.0/admin/includes.php#L132","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/tags/1.2.0/admin/includes.php#L46","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/tags/1.2.0/admin/includes.php#L52","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/tags/1.2.0/admin/includes.php#L59","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/tags/1.2.0/admin/includes.php#L84","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/tags/1.2.0/admin/includes.php#L90","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/tags/1.2.0/admin/includes.php#L97","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/tags/1.2.0/custom-new-user-notification.php#L63","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/trunk/admin/includes.php#L132","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/trunk/admin/includes.php#L46","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/trunk/admin/includes.php#L52","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/trunk/admin/includes.php#L59","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/trunk/admin/includes.php#L84","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/trunk/admin/includes.php#L90","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/trunk/admin/includes.php#L97","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/custom-new-user-notification/trunk/custom-new-user-notification.php#L63","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7a14d35d-144c-4ddd-b288-5e0e006fb165?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3581","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3581 — The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versi…","description":"The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.10.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to modify stored…","indicators":{"cves":["CVE-2026-3581"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T06:16:13.433Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3495944/basic-google-maps-placemarks","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b8a2bbfe-eb87-4e26-ba20-bc406d681124?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3595","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3595 — The Riaxe Product Customizer plugin for WordPress is vulnerable to authorization bypass in all versi…","description":"The Riaxe Product Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.2. This is due to the plugin registering a REST API route at POST /wp-json/InkXEProductDesignerLite/customer/delete_customer without a permission_callback, causing WordPr…","indicators":{"cves":["CVE-2026-3595"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T06:16:14.550Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L2993","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L3150","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L4271","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L2993","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L3150","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L4271","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/59da92e2-9ea0-4566-ae4d-3d5d91d0e42e?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3773","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3773 — The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the…","description":"The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the 'scan_id' parameter in all versions up to, and including, 4.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This m…","indicators":{"cves":["CVE-2026-3773"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T06:16:19.260Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/online-accessibility/trunk/includes/ajax_functions/false-positives.php#L20","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/online-accessibility/trunk/includes/classes/Helper.php#L166","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b882ba6d-47c0-401a-bf50-5cf0bf0f3d5b?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-13364","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-13364 — The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for…","description":"The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'put_wpgm' shortcode in all versions up to, and including, 4.8.7. This is due to insufficient input sanitization and output escaping on u…","indicators":{"cves":["CVE-2025-13364"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T07:16:28.550Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset?old_path=wp-google-map-plugin/tags/4.8.7/wp-google-map-plugin.php&new_path=wp-google-map-plugin/tags/4.8.8/wp-google-map-plugin.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/91d6cf21-cb65-40cb-ad19-5a8e7179fd98?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1572","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1572 — The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of…","description":"The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 9.0. This is due to missing authorization checks on the AJAX handler `lae_admin_ajax()` and insufficient…","indicators":{"cves":["CVE-2026-1572"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T07:16:29.610Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/9.0/admin/admin-ajax.php#L28","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/9.0/admin/admin-ajax.php#L64","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/9.0/admin/views/settings.php#L707","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/9.0/plugin.php#L207","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/admin/admin-ajax.php#L28","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/admin/admin-ajax.php#L64","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/admin/views/settings.php#L707","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/plugin.php#L207","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/24b9bf5a-19ac-4e99-b32d-1ab681356a1b?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3355","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3355 — The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scri…","description":"The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘crsearch’ parameter in all versions up to, and including, 5.101.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inj…","indicators":{"cves":["CVE-2026-3355"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T07:16:29.943Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3472287/customer-reviews-woocommerce","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a851172f-3b27-4bc2-adc7-6863c2fd1c0a?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3861","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3861 — LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where op…","description":"LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs, potentially causing the iOS device to become temporarily inoperable.","indicators":{"cves":["CVE-2026-3861"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T07:16:30.090Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://hackerone.com/reports/3422905","label":"dl_cve@linecorp.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3875","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3875 — The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocs…","description":"The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocs_feedback_form' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible…","indicators":{"cves":["CVE-2026-3875"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T07:16:30.207Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset?old_path=betterdocs/tags/4.3.8/views/shortcodes/feedback-form.php&new_path=betterdocs/tags/4.3.9/views/shortcodes/feedback-form.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5b7e4c3c-a12e-4b11-9673-79a7060052a8?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3995","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3995 — The OPEN-BRAIN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'API Key' s…","description":"The OPEN-BRAIN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'API Key' settings field in all versions up to, and including, 0.5.0. This is due to insufficient input sanitization and output escaping. The plugin uses sanitize_text_field() which strips HTML tags but does not…","indicators":{"cves":["CVE-2026-3995"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T07:16:30.503Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/open-brain/tags/0.5.0/index.php#L128","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/open-brain/tags/0.5.0/index.php#L252","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/open-brain/tags/0.5.0/index.php#L253","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/open-brain/tags/0.5.0/index.php#L272","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/open-brain/trunk/index.php#L128","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/open-brain/trunk/index.php#L252","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/open-brain/trunk/index.php#L253","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/open-brain/trunk/index.php#L272","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3fe3fa95-cc1d-469b-8a97-37987b9ae362?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41030","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41030 — In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on…","description":"In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges.","indicators":{"cves":["CVE-2026-41030"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T07:16:30.660Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/ONLYOFFICE/DesktopEditors/blob/master/CHANGELOG.md","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41034","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41034 — ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conver…","description":"ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion (via pictFmla.cbBufInCtlStm and other vectors), leading to an information leak and ASLR bypass.","indicators":{"cves":["CVE-2026-41034"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T07:16:30.843Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/ONLYOFFICE/DocumentServer/blob/master/CHANGELOG.md","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-0718","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-0718 — The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vu…","description":"The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ultp_shareCount_callback() function in all versions up to, and including, 5.0.5. This makes it possible for unaut…","indicators":{"cves":["CVE-2026-0718"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T08:16:27.170Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset?old_path=/ultimate-post/tags/5.0.5/classes/Blocks.php&new_path=/ultimate-post/tags/5.0.6/classes/Blocks.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c4b2cf3b-5d35-4ce6-9453-1538a6f7752f?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-6024","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-6024 — The authentication endpoint fails to encode user-supplied input before rendering it in the web page,…","description":"The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection.\nAn attacker can leverage this by injecting malicious scripts into the authentication endpoint. This can result in the user's browser being redirected to a malicious web…","indicators":{"cves":["CVE-2025-6024"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T10:16:14.243Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4251/","label":"ed10eef1-636d-4fbe-9993-6890dfa878f8","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-12624","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-12624 — Active access tokens are not revoked or invalidated when a user account is locked within WSO2 Identi…","description":"Active access tokens are not revoked or invalidated when a user account is locked within WSO2 Identity Server. This failure to enforce revocation allows previously issued, valid tokens to remain usable, enabling continued access to protected resources by locked user accounts.\n\nThe security consequen…","indicators":{"cves":["CVE-2025-12624"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T11:16:26.447Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4684/","label":"ed10eef1-636d-4fbe-9993-6890dfa878f8","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3369","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3369 — The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cr…","description":"The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded image title in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…","indicators":{"cves":["CVE-2026-3369"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T12:16:08.233Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3477632/real-time-auto-find-and-replace","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/497c2f5f-ed7d-486e-baf2-aefbe3dc412f?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6414","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6414 — @fastify/static versions 8.0.0 through 9.1.0 decode percent-encoded path separators (%2F) before fil…","description":"@fastify/static versions 8.0.0 through 9.1.0 decode percent-encoded path separators (%2F) before filesystem resolution, while Fastify's router treats them as literal characters. This mismatch allows attackers to bypass route-based middleware or guards that protect files served by @fastify/static. Fo…","indicators":{"cves":["CVE-2026-6414"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T13:16:52.243Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://cna.openjsf.org/security-advisories.html","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"other"},{"url":"https://github.com/fastify/fastify-static/security/advisories/GHSA-x428-ghpx-8j92","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"primary"},{"url":"https://github.com/fastify/middie/security/advisories/GHSA-cxrg-g7r8-w69p","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"primary"},{"url":"https://github.com/honojs/hono/security/advisories/GHSA-q5qw-h33p-qvwr","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-4160","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4160 — The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin fo…","description":"The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference via the 'submission_id' parameter in versions up to, and including, 6.1.21. This is due to missing authorization and ownership validation…","indicators":{"cves":["CVE-2026-4160"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T14:16:18.167Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3496638/fluentform","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/154fc656-3a33-4783-a941-10bb848244b3?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6410","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6410 — @fastify/static versions 8.0.0 through 9.1.0 allow path traversal when directory listing is enabled…","description":"@fastify/static versions 8.0.0 through 9.1.0 allow path traversal when directory listing is enabled via the list option. The dirList.path() function resolves directories outside the configured static root using path.join() without a containment check. A remote unauthenticated attacker can obtain dir…","indicators":{"cves":["CVE-2026-6410"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T14:16:20.173Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://cna.openjsf.org/security-advisories.html","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"other"},{"url":"https://github.com/fastify/fastify-static/security/advisories/GHSA-pr96-94w5-mx2h","label":"ce714d77-add3-4f53-aff5-83d477b104bb","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-2840","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-2840 — The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to…","description":"The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eeb_mailto' shortcode in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authentica…","indicators":{"cves":["CVE-2026-2840"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T15:17:17.190Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset?old_path=/email-encoder-bundle/tags/2.4.4/src/Front/Shortcodes/MailtoShortcode.php&new_path=/email-encoder-bundle/tags/2.4.5/src/Front/Shortcodes/MailtoShortcode.php&old=3462208&new=3494181","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?old_path=/email-encoder-bundle/tags/2.4.4/src/Validate/Encoding.php&new_path=/email-encoder-bundle/tags/2.4.5/src/Validate/Encoding.php&old=3462208&new=3494181","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9987b5b4-33d8-4446-acbe-58c6cb5604df?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-37100","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-37100 — An issue in the Bluetooth Low Energy (BLE) control interface of the Yamaha SR-B30A sound bar firmwar…","description":"An issue in the Bluetooth Low Energy (BLE) control interface of the Yamaha SR-B30A sound bar firmware 2.40 (Mobile App: Sound Bar Remote / version: 2.40) allows remote attackers within BLE radio range to connect without authentication via the Sound Bar Remote protocol","indicators":{"cves":["CVE-2026-37100"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T16:16:16.910Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://gist.github.com/sohsatoh/02699fbbdff90e6c2078b508f830022b","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2025-36579","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-36579 — Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthentica…","description":"Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, leading to unauthorized access.","indicators":{"cves":["CVE-2025-36579"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T17:16:54.073Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000300450/dsa-2025-153","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-43883","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-43883 — Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or excepti…","description":"Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.","indicators":{"cves":["CVE-2025-43883"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T18:16:43.667Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-24749","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-24749 — The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior…","description":"The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL() or DBFile::getSourceURL() incorrectly add an access grant to the current session, which by…","indicators":{"cves":["CVE-2026-24749"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T18:16:44.610Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/silverstripe/silverstripe-assets/security/advisories/GHSA-jgcf-rf45-2f8v","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://www.silverstripe.org/download/security-releases/cve-2026-24749","label":"security-advisories@github.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-43935","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-43935 — Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release…","description":"Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.","indicators":{"cves":["CVE-2025-43935"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T19:16:32.610Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-43937","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-43937 — Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information in…","description":"Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to…","indicators":{"cves":["CVE-2025-43937"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T19:16:32.750Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000376214/dsa-2025-347-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33472","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33472 — Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 c…","description":"Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority() that allows an attacker to bypass the security fix for CVE-2026-32303. The method hardcodes the URI scheme based on port number, causing…","indicators":{"cves":["CVE-2026-33472"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T22:16:37.583Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/cryptomator/cryptomator/pull/4179","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/cryptomator/cryptomator/releases/tag/1.19.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/cryptomator/cryptomator/security/advisories/GHSA-9q8x-whrw-x44p","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/cryptomator/cryptomator/security/advisories/GHSA-9q8x-whrw-x44p","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-34164","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34164 — Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0,…","description":"Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox messages can contain highly sensitive information including personal data (PII), citizen identifiers…","indicators":{"cves":["CVE-2026-34164"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T22:16:37.757Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/generiekzaakafhandelcomponent/gzac-issues/issues/653","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/valtimo-platform/valtimo/commit/f16a1940ba7b34627c0b966f98ca78655ace9335","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/valtimo-platform/valtimo/pull/497","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/valtimo-platform/valtimo/releases/tag/13.22.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/valtimo-platform/valtimo/security/advisories/GHSA-hfrg-mcvw-8mch","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40253","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40253 — openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. In versions 3.26.0 and bel…","description":"openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library (asn1.c) accept a raw pointer but no buffer length parameter, and trust attacker-controlled BER length fields without validating them ag…","indicators":{"cves":["CVE-2026-40253"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T23:16:33.107Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/opencryptoki/opencryptoki/commit/ed378f463ef73364c89feb0fc923f4dc867332a3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/opencryptoki/opencryptoki/security/advisories/GHSA-c9cf-6vr4-wfxm","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/opencryptoki/opencryptoki/security/advisories/GHSA-c9cf-6vr4-wfxm","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40255","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40255 — AdonisJS HTTP Server is a package for handling HTTP requests in the AdonisJS framework. In @adonisjs…","description":"AdonisJS HTTP Server is a package for handling HTTP requests in the AdonisJS framework. In @adonisjs/http-server versions prior to 7.8.1 and 8.0.0-next.0 through 8.1.3, and @adonisjs/core versions prior to 7.4.0, the response.redirect().back() method reads the Referer header from the incoming HTTP r…","indicators":{"cves":["CVE-2026-40255"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T23:16:33.267Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/adonisjs/http-server/commit/2008fb6cf4f6f1c0ca5797d57def4d93e1c3de08","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/adonisjs/http-server/releases/tag/v7.8.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/adonisjs/http-server/releases/tag/v8.2.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/adonisjs/http-server/security/advisories/GHSA-6qvv-pj99-48qm","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40260","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40260 — pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XM…","description":"pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has be…","indicators":{"cves":["CVE-2026-40260"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T01:17:39.733Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/py-pdf/pypdf/commit/b15a374e5ca648d4878e57c3b2c0551e7f8cc7f8","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/py-pdf/pypdf/pull/3724","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/py-pdf/pypdf/releases/tag/6.10.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-3crg-w4f6-42mx","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40265","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40265 — Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset downloa…","description":"Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset download endpoint at /api/notes/{noteID}/assets/{assetID} is registered without authentication middleware, and the backend query does not verify ownership or book visibility. An unauthenticated user who know…","indicators":{"cves":["CVE-2026-40265"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T01:17:40.293Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/enchant97/note-mark/commit/6593898855add151eb9965d96998b05e14c62026","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/enchant97/note-mark/releases/tag/v0.19.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/enchant97/note-mark/security/advisories/GHSA-p5w6-75f9-cc2p","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40922","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40922 — SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a pr…","description":"SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar README rendering (incomplete fix for CVE-2026-33066) enabled the Lute HTML sanitizer, but the sanitizer does not block iframe tags, and its URL-prefix blocklist does not effe…","indicators":{"cves":["CVE-2026-40922"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T01:17:40.447Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/advisories/GHSA-4663-4mpg-879v","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/siyuan-note/siyuan/commit/b382f50e1880ed996364509de5a10a72d7409428","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/siyuan-note/siyuan/releases/tag/v3.6.4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-8q5w-mmxf-48jg","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-8q5w-mmxf-48jg","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-3488","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3488 — The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in all versions up to,…","description":"The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14.16.4. This is due to missing capability checks on multiple AJAX handlers including `wp_statistics_get_filters`, `wp_statistics_getPrivacyStatus`, `wp_statistics_updatePrivacyStatus`…","indicators":{"cves":["CVE-2026-3488"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T02:16:05.707Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-statistics/tags/14.16.1/includes/admin/class-wp-statistics-admin-ajax.php#L310","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-statistics/tags/14.16.1/src/Service/Admin/FilterHandler/FilterManager.php#L62","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-statistics/tags/14.16.1/src/Service/Admin/PrivacyAudit/PrivacyAuditController.php#L21","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-statistics/tags/14.16.1/src/Service/Admin/PrivacyAudit/PrivacyAuditController.php#L41","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-statistics/trunk/includes/admin/class-wp-statistics-admin-ajax.php#L310","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-statistics/trunk/src/Service/Admin/FilterHandler/FilterManager.php#L62","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-statistics/trunk/src/Service/Admin/PrivacyAudit/PrivacyAuditController.php#L21","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3483860/wp-statistics/trunk/src/Service/Admin/PrivacyAudit/PrivacyAuditController.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b1938ba4-ced7-455b-8772-a192d9cb0897?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4817","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4817 — The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulner…","description":"The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms/order/items REST API endpoint in versions up to and including 3.7.25. This is due to insufficient in…","indicators":{"cves":["CVE-2026-4817"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T02:16:05.883Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/masterstudy-lms-learning-management-system/tags/3.7.17/_core/lms/classes/models/StmStatistics.php#L202","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/masterstudy-lms-learning-management-system/tags/3.7.17/_core/lms/classes/models/StmStatistics.php#L238","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/masterstudy-lms-learning-management-system/tags/3.7.17/_core/lms/classes/vendor/Query.php#L676","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/masterstudy-lms-learning-management-system/tags/3.7.17/_core/lms/route.php#L16","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/models/StmStatistics.php#L202","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/models/StmStatistics.php#L238","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/vendor/Query.php#L676","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/masterstudy-lms-learning-management-system/trunk/_core/lms/route.php#L16","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3506029/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/vendor/Query.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?old_path=%2Fmasterstudy-lms-learning-management-system/tags/3.7.25&new_path=%2Fmasterstudy-lms-learning-management-system/tags/3.7.26","label":"security@wordfence.com","domainType":"other"},{"url":"https://ti.wordfence.io/vendors/patch/1789/download","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7a51fe96-f3d3-46fe-9e3a-fb7c1bd17b05?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5162","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5162 — The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via…","description":"The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagram_follow_text' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for authe…","indicators":{"cves":["CVE-2026-5162"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T02:16:06.073Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/modules/instagram-feed/widgets/wpr-instagram-feed.php#L5334","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/modules/instagram-feed/widgets/wpr-instagram-feed.php#L5528","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/modules/instagram-feed/widgets/wpr-instagram-feed.php#L5623","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3503219/royal-elementor-addons/trunk/modules/instagram-feed/widgets/wpr-instagram-feed.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/16d083bc-d726-4291-bc6d-a7bf83fa78c3?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4666","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4666 — The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the…","description":"The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of `extract($args, EXTR_OVERWRITE)` on user-controlled input in the `edit()` method of `classes/Posts.php` in all versions up to, and including, 2.4.16. The `post_edit` action handler in `Actions.…","indicators":{"cves":["CVE-2026-4666"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T04:16:11.023Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/wpforo/tags/2.4.16/classes/Actions.php#L773","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wpforo/tags/2.4.16/classes/Posts.php#L283","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wpforo/tags/2.4.16/classes/Posts.php#L285","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wpforo/tags/2.4.16/includes/functions.php#L532","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?old_path=%2Fwpforo/tags/2.4.16&new_path=%2Fwpforo/tags/2.4.17","label":"security@wordfence.com","domainType":"other"},{"url":"https://ti.wordfence.io/vendors/patch/1885/download","label":"security@wordfence.com","domainType":"other"},{"url":"https://wordpress.org/plugins/wpforo/","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/049ffab1-677d-4112-9f1d-092ee01299f1?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5052","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5052 — Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-…","description":"Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially leading to information disclosure. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0, 1.…","indicators":{"cves":["CVE-2026-5052"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T04:16:12.567Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://discuss.hashicorp.com/t/hcsec-2026-06-vault-vulnerable-to-server-side-request-forgery-in-acme-challenge-validation-via-attacker-controlled-dns/77343","label":"security@hashicorp.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3330","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3330 — The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ip_search', 'st…","description":"The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ip_search', 'startdate', 'enddate', 'username_search', and 'useremail_search' parameters in all versions up to, and including, 1.15.40. This is due to the `WDW_FM_Library::validate_data()` method calling `stripslash…","indicators":{"cves":["CVE-2026-3330"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T05:16:18.080Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/form-maker/tags/1.15.22/admin/controllers/Submissions_fm.php#L84","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/form-maker/tags/1.15.22/admin/models/Submissions_fm.php#L154","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/form-maker/tags/1.15.22/framework/WDW_FM_Library.php#L415","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/form-maker/trunk/admin/controllers/Submissions_fm.php#L84","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/form-maker/trunk/admin/models/Submissions_fm.php#L154","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/form-maker/trunk/framework/WDW_FM_Library.php#L415","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3501693%40form-maker&new=3501693%40form-maker&sfp_email=&sfph_mail=","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5e383b8a-27e5-4b35-8d11-6e4102255d44?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4853","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4853 — The JetBackup – Backup, Restore & Migrate plugin for WordPress is vulnerable to Path Traversal leadi…","description":"The JetBackup – Backup, Restore & Migrate plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary Directory Deletion in versions up to and including 3.1.19.8. This is due to insufficient input validation on the fileName parameter in the file upload handler. The plugin sanitizes the…","indicators":{"cves":["CVE-2026-4853"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T05:16:18.680Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/backup/tags/3.1.17.5/src/JetBackup/Ajax/Calls/AddToQueue.php#L244","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/backup/tags/3.1.17.5/src/JetBackup/Ajax/Calls/AddToQueue.php#L64","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/backup/tags/3.1.17.5/src/JetBackup/Upload/Upload.php#L66","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/backup/trunk/src/JetBackup/Ajax/Calls/AddToQueue.php#L244","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/backup/trunk/src/JetBackup/Ajax/Calls/AddToQueue.php#L64","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/backup/trunk/src/JetBackup/Upload/Upload.php#L66","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3495633%40backup&new=3495633%40backup&sfp_email=&sfph_mail=","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4aa0fa80-05dd-4fe1-b7b5-7ed0cf13053c?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5234","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5234 — The LatePoint plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions…","description":"The LatePoint plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.3.2. The vulnerability exists because the OsStripeConnectController::create_payment_intent_for_transaction action is registered as a public action (no authentication required)…","indicators":{"cves":["CVE-2026-5234"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T05:16:18.830Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/latepoint/tags/5.2.9/lib/controllers/stripe_connect_controller.php#L20","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/latepoint/tags/5.2.9/lib/controllers/stripe_connect_controller.php#L31","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/latepoint/tags/5.2.9/lib/controllers/stripe_connect_controller.php#L33","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/latepoint/tags/5.2.9/lib/controllers/stripe_connect_controller.php#L50","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/latepoint/trunk/lib/controllers/stripe_connect_controller.php#L20","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/latepoint/trunk/lib/controllers/stripe_connect_controller.php#L31","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/latepoint/trunk/lib/controllers/stripe_connect_controller.php#L33","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/latepoint/trunk/lib/controllers/stripe_connect_controller.php#L50","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3505127/latepoint/trunk/lib/controllers/stripe_connect_controller.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/afec4c8c-a18d-4907-8879-2412f8a1abed?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5427","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5427 — The Kubio plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to and includin…","description":"The Kubio plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to and including 2.7.2. This is due to insufficient capability checks in the kubio_rest_pre_insert_import_assets() function, which is hooked to the rest_pre_insert_{post_type} filter for posts, pages, templates, and…","indicators":{"cves":["CVE-2026-5427"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T05:16:18.973Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/kubio/tags/2.7.1/lib/filters/post-insert.php#L17","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/kubio/tags/2.7.1/lib/importer/importer-filters/kubio-blocks.php#L20","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/kubio/tags/2.7.1/lib/src/Core/Importer.php#L546","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/kubio/trunk/lib/filters/post-insert.php#L17","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/kubio/trunk/lib/importer/importer-filters/kubio-blocks.php#L20","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/kubio/trunk/lib/src/Core/Importer.php#L546","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3506647/kubio/trunk/lib/src/Core/Importer.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d8096f3c-e1a9-424f-af10-3e80212db985?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5502","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5502 — The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthori…","description":"The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course content manipulation in versions up to and including 3.9.8. This is due to a missing authorization check in the tutor_update_course_content_order() function. The function only validates the…","indicators":{"cves":["CVE-2026-5502"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T05:16:19.117Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.7/classes/Course.php#L1700","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.7/classes/Course.php#L1789","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Course.php#L1700","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Course.php#L1789","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3505142/tutor/tags/3.9.9/classes/Course.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f32ae42d-dd1f-41d7-8ae4-ddec56d78ae6?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6080","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6080 — The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.…","description":"The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.9.8. This is due to insufficient escaping on the 'date' parameter combined with direct interpolation into a SQL fragment before being passed to $wpdb->prepare(). This makes it possible for authenticat…","indicators":{"cves":["CVE-2026-6080"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T05:16:19.430Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.8/classes/Instructors_List.php#L376","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.8/classes/Instructors_List.php#L451","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.8/views/pages/instructors.php#L38","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Instructors_List.php#L376","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Instructors_List.php#L451","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/tutor/trunk/views/pages/instructors.php#L38","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3505142/tutor/tags/3.9.9/classes/Instructors_List.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6dd041ff-a0a3-4d1f-83e0-6ec2a978e9cf?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5797","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5797 — The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in ve…","description":"The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and including 11.1.0. This is due to insufficient input sanitization and the execution of do_shortcode() on user-submitted quiz answer text. User-submitted answers pass through sanitize_t…","indicators":{"cves":["CVE-2026-5797"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T06:16:30.153Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/classes/class-qmn-quiz-manager.php#L572","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/classes/class-qsm-results-pages.php#L193","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/classes/question-types/class-question-review-text.php#L15","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/php/classes/question-types/class-question-review.php#L40","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quiz-master-next/trunk/php/classes/class-qmn-quiz-manager.php#L572","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quiz-master-next/trunk/php/classes/class-qsm-results-pages.php#L193","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quiz-master-next/trunk/php/classes/question-types/class-question-review-text.php#L15","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quiz-master-next/trunk/php/classes/question-types/class-question-review.php#L40","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3506094%40quiz-master-next&new=3506094%40quiz-master-next&sfp_email=&sfph_mail=","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f2aa33cc-c1c4-42d4-9c2f-54648426ee4b?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6441","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6441 — The Canto plugin for WordPress is vulnerable to Missing Authorization in versions up to and includin…","description":"The Canto plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 3.1.1. This is due to the absence of any capability check or nonce verification in the updateOptions() function, which is exposed via two AJAX hooks: wp_ajax_updateOptions (class-canto.php line 231)…","indicators":{"cves":["CVE-2026-6441"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T07:16:03.020Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/canto/tags/3.1.1/includes/class-canto-settings.php#L603","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/canto/tags/3.1.1/includes/class-canto.php#L231","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/canto/tags/3.1.1/includes/class-canto.php#L572","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/canto/trunk/includes/class-canto-settings.php#L603","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/canto/trunk/includes/class-canto.php#L231","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/canto/trunk/includes/class-canto.php#L572","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c1a0200f-9861-4eca-adbf-d458eb6b4e63?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40002","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40002 — Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to trigge…","description":"Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to trigger sensitive operations. The vulnerability stems from the lack of validation for applications accessing the service interface. Exploiting this vulnerability, an attacker can write files to specific par…","indicators":{"cves":["CVE-2026-40002"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:16:18.120Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/8224335890517684583","label":"psirt@zte.com.cn","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6451","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6451 — The cms-fuer-motorrad-werkstaetten plugin for WordPress is vulnerable to Cross-Site Request Forgery…","description":"The cms-fuer-motorrad-werkstaetten plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.0.0. This is due to missing nonce validation on all eight AJAX deletion handlers: vehicles_cfmw_d_vehicle, contacts_cfmw_d_contact, suppliers_cfmw_d_supplier, receipt…","indicators":{"cves":["CVE-2026-6451"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:16:18.243Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/tags/1.0.0/includes/cfmw-catalogs.php#L88","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/tags/1.0.0/includes/cfmw-contacts.php#L93","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/tags/1.0.0/includes/cfmw-positions.php#L119","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/tags/1.0.0/includes/cfmw-receipts.php#L92","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/tags/1.0.0/includes/cfmw-settings.php#L191","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/tags/1.0.0/includes/cfmw-stock.php#L101","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/tags/1.0.0/includes/cfmw-suppliers.php#L108","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/tags/1.0.0/includes/cfmw-vehicles.php#L100","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/tags/1.0.0/includes/cfmw-vehicles.php#L98","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/trunk/includes/cfmw-catalogs.php#L88","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/trunk/includes/cfmw-contacts.php#L93","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/trunk/includes/cfmw-positions.php#L119","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/trunk/includes/cfmw-receipts.php#L92","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/trunk/includes/cfmw-settings.php#L191","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/trunk/includes/cfmw-stock.php#L101","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/trunk/includes/cfmw-suppliers.php#L108","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/trunk/includes/cfmw-vehicles.php#L100","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/trunk/includes/cfmw-vehicles.php#L98","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6895a774-7e78-4ab2-a2b3-2a333f258778?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6439","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6439 — The VideoZen plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and…","description":"The VideoZen plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping in the videozen_conf() function. The 'lang' POST parameter is stored directly via update_option() without any sanit…","indicators":{"cves":["CVE-2026-6439"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T09:16:05.447Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/videozen/tags/1.0.1/videozen-conf.php#L24","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/videozen/tags/1.0.1/videozen-conf.php#L69","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/videozen/trunk/videozen-conf.php#L24","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/videozen/trunk/videozen-conf.php#L69","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/47bcd04b-a479-49f2-94d0-df2a7684210c?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6494","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6494 — A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injecti…","description":"A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the `toolsetroute` parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control char…","indicators":{"cves":["CVE-2026-6494"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T09:16:05.600Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6494","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2459131","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35072","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35072 — Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 th…","description":"Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS command ('OS command injection') vulnerability. A high privileg…","indicators":{"cves":["CVE-2026-35072","CVE-2026-35073","CVE-2026-35074","CVE-2026-35153"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T11:16:10.090Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6487","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6487 — A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/c…","description":"A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This manipulation of the argument path causes path traversal. The attack is possible to be carried out remotely. The exploit has been pub…","indicators":{"cves":["CVE-2026-6487"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T13:16:14.427Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://tcn60zf28jhk.feishu.cn/wiki/CnpvwDdyOi5PXOk8X1fcorudnSv?from=from_copylink","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/786183","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358028","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358028/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6488","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6488 — A vulnerability was identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This…","description":"A vulnerability was identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This vulnerability affects unknown code of the file admin/editcourse.php of the component GET Request Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be initi…","indicators":{"cves":["CVE-2026-6488"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T13:16:14.603Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/duckpigdog/CVE/blob/main/QueryMine_sms%20PHP%20Project%20Deployment%20Document%20(Windows%20Local)-2.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/786925","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358032","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358032/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6489","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6489 — A security flaw has been discovered in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593.…","description":"A security flaw has been discovered in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This issue affects some unknown processing of the file admin/addteacher.php of the component Background Management Page. The manipulation of the argument image results in unrestricted upload. The att…","indicators":{"cves":["CVE-2026-6489"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T13:16:14.787Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/duckpigdog/CVE/blob/main/QueryMine_sms%20PHP%20Project%20Deployment%20Document%20(Windows%20Local)-3.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/786981","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358033","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358033/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-70795","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-70795 — STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user…","description":"STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's IOCTL handler, enabling…","indicators":{"cves":["CVE-2025-70795"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:16:33.373Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://bbs.kafan.cn/thread-2287429-1-1.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://bbs.kafan.cn/thread-2287429-2-1.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/magicsword-io/LOLDrivers/commit/eea8326bf891d810902203e9ac5cfdeaf5a17a1c","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/magicsword-io/LOLDrivers/issues/268","label":"cve@mitre.org","domainType":"primary"},{"url":"https://www.virustotal.com/gui/file/70bcec00c215fe52779700f74e9bd669ff836f594df92381cbfb7ee0568e7a8b","label":"cve@mitre.org","domainType":"other"},{"url":"https://www.virustotal.com/gui/file/9ace6a1e4bee5834be38b4c2fd26780d1fcc18ea9d58224e31d6382c19e53296","label":"cve@mitre.org","domainType":"other"},{"url":"https://www.virustotal.com/gui/file/fc3588482f596a067b65d5d64d21fe62463b38a138fc87d8d2350efa86d34284","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40458","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40458 — PAC4J is vulnerable to Cross-Site Request Forgery (CSRF). A malicious attacker can craft a specially…","description":"PAC4J is vulnerable to Cross-Site Request Forgery (CSRF). A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site request with a token whose hash collides with the victim's legitimate CSRF token. Importantly, the attack…","indicators":{"cves":["CVE-2026-40458"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:16:33.987Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://cert.pl/en/posts/2026/04/CVE-2026-40458/","label":"cvd@cert.pl","domainType":"other"},{"url":"https://www.pac4j.org/blog/security-advisory-pac4j-core-and-ldap.html","label":"cvd@cert.pl","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6491","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6491 — A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the func…","description":"A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function im_minpos_vec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such manipulation of the argument n leads to heap-based buffer overflow. An attack has to be approached l…","indicators":{"cves":["CVE-2026-6491"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:16:35.187Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/biniamf/pocs/tree/main/libvips_im_minpos_vec_oob","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/libvips/libvips/","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/libvips/libvips/issues/4965","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/libvips/libvips/issues/4965#issuecomment-4135003499","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/786994","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358035","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358035/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6492","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6492 — A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc76197…","description":"A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc761974c7616f44c2bbc04bea. The impacted element is an unknown function of the file /api/health/detailed of the component Health Check Endpoint. Performing a manipulation results in information disclosure. R…","indicators":{"cves":["CVE-2026-6492"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:16:35.380Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/sudo-secure/security-research/blob/main/Hotel-Booking-Management-System/sensitive-information-disclosure/PoC.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/787242","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358036","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358036/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41153","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41153 — In JetBrains Junie before 252.549.29 command execution was possible via malicious project file","description":"In JetBrains Junie before 252.549.29 command execution was possible via malicious project file","indicators":{"cves":["CVE-2026-41153"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T15:16:51.853Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://www.jetbrains.com/privacy-security/issues-fixed/","label":"cve@jetbrains.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6496","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6496 — A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function…","description":"A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argument file[] results in path traversal. The attack may be performed from remote. The exploit has been m…","indicators":{"cves":["CVE-2026-6496"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T15:16:52.480Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://drive.google.com/file/d/14taA8w3e5z3gl4WttpB4_CquwQdz1i6r/view?usp=sharing","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/787942","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358039","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358039/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-21709","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-21709 — A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Sig…","description":"A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Signature Enforcement.","indicators":{"cves":["CVE-2026-21709"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T16:16:36.413Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://www.veeam.com/kb4830","label":"support@hackerone.com","domainType":"other"},{"url":"https://www.veeam.com/kb4831","label":"support@hackerone.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6497","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6497 — A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerabil…","description":"A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerability is an unknown functionality of the file /filemanager.php?p= ajax=true&type=upload of the component File Upload Handler. This manipulation of the argument uploadurl causes server-side request forge…","indicators":{"cves":["CVE-2026-6497"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T16:17:07.763Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://drive.google.com/file/d/1pB3dI4oUy09mAtDHWbLlcoRRC1b3YU6k/view?usp=sharing","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/787943","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358040","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358040/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6437","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6437 — Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Drive…","description":"Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver (aws-efs-csi-driver) before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection.\n\n\n\n\nTo remediate this issue, us…","indicators":{"cves":["CVE-2026-6437"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T19:16:40.150Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://aws.amazon.com/security/security-bulletins/2026-016-aws/","label":"ff89ba41-3aa1-4d27-914a-91399e9639e5","domainType":"other"},{"url":"https://github.com/kubernetes-sigs/aws-efs-csi-driver/releases/tag/v3.0.1","label":"ff89ba41-3aa1-4d27-914a-91399e9639e5","domainType":"primary"},{"url":"https://github.com/kubernetes-sigs/aws-efs-csi-driver/security/advisories/GHSA-mph4-q2vm-w2pw","label":"ff89ba41-3aa1-4d27-914a-91399e9639e5","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-31927","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-31927 — Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overw…","description":"Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal \nto overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized \nSSH access when combined with debug‑setting changes","indicators":{"cves":["CVE-2026-31927"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:33.370Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json","label":"ics-cert@hq.dhs.gov","domainType":"primary"},{"url":"https://www.anviz.com/contact-us.html","label":"ics-cert@hq.dhs.gov","domainType":"other"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03","label":"ics-cert@hq.dhs.gov","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-32648","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-32648 — Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration d…","description":"Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug \nconfiguration details (e.g., SSH/RTTY status), assisting attackers in \nreconnaissance against the device.","indicators":{"cves":["CVE-2026-32648"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:34.220Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json","label":"ics-cert@hq.dhs.gov","domainType":"primary"},{"url":"https://www.anviz.com/contact-us.html","label":"ics-cert@hq.dhs.gov","domainType":"other"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03","label":"ics-cert@hq.dhs.gov","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33093","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33093 — Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with…","description":"Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures\n a photo with the front facing camera, exposing visual information about\n the deployment environment.","indicators":{"cves":["CVE-2026-33093"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:34.493Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json","label":"ics-cert@hq.dhs.gov","domainType":"primary"},{"url":"https://www.anviz.com/contact-us.html","label":"ics-cert@hq.dhs.gov","domainType":"other"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03","label":"ics-cert@hq.dhs.gov","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33569","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33569 — Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff…","description":"Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling \non‑path attackers to sniff credentials and session data, which can be \nused to compromise the device.","indicators":{"cves":["CVE-2026-33569"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:34.847Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json","label":"ics-cert@hq.dhs.gov","domainType":"primary"},{"url":"https://www.anviz.com/contact-us.html","label":"ics-cert@hq.dhs.gov","domainType":"other"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03","label":"ics-cert@hq.dhs.gov","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35061","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35061 — Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be retrieved with…","description":"Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be \nretrieved without authentication, revealing sensitive operational \nimagery.","indicators":{"cves":["CVE-2026-35061"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:35.117Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json","label":"ics-cert@hq.dhs.gov","domainType":"primary"},{"url":"https://www.anviz.com/contact-us.html","label":"ics-cert@hq.dhs.gov","domainType":"other"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03","label":"ics-cert@hq.dhs.gov","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33145","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33145 — xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to exe…","description":"xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled (which is the default when not explicitly c…","indicators":{"cves":["CVE-2026-33145"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:32.610Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-rmvv-7633-fg7h","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40155","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40155 — The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In…","description":"The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Users are affected if thei…","indicators":{"cves":["CVE-2026-40155"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:33.713Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/auth0/nextjs-auth0/commit/98c36dc306970c2230ea1a32efef431d29b99978","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/auth0/nextjs-auth0/releases/tag/v4.18.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-xq8m-7c5p-c2r6","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40293","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40293 — OpenFGA is an authorization/permission engine built for developers. In versions 0.1.4 through 1.13.1…","description":"OpenFGA is an authorization/permission engine built for developers. In versions 0.1.4 through 1.13.1, when OpenFGA is configured to use preshared-key authentication with the built-in playground enabled, the local server includes the preshared API key in the HTML response of the /playground endpoint.…","indicators":{"cves":["CVE-2026-40293"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:34.567Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/openfga/openfga/releases/tag/v1.14.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/openfga/openfga/security/advisories/GHSA-68m9-983m-f3v5","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40301","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40301 — DOMSanitizer is a DOM/SVG/MathML Sanitizer for PHP 7.3+. Prior to version 1.0.10, DOMSanitizer::sani…","description":"DOMSanitizer is a DOM/SVG/MathML Sanitizer for PHP 7.3+. Prior to version 1.0.10, DOMSanitizer::sanitize() allows <style> elements in SVG content but never inspects their text content. CSS url() references and @import rules pass through unfiltered, causing the browser to issue HTTP requests to attac…","indicators":{"cves":["CVE-2026-40301"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:34.850Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/rhukster/dom-sanitizer/commit/49a98046b708a4c92f754f5b0ef1720bb85142e2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/rhukster/dom-sanitizer/releases/tag/1.0.10","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/rhukster/dom-sanitizer/security/advisories/GHSA-93vf-569f-22cq","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40302","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40302 — zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the…","description":"zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the proxyUi template engine uses Go's text/template (which performs no HTML escaping) instead of html/template. The GitHub OAuth callback handlers in both publicProxy and dynamicProxy embed the attacker-…","indicators":{"cves":["CVE-2026-40302","CVE-2026-40304"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:34.997Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/openziti/zrok/releases/tag/v2.0.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/openziti/zrok/security/advisories/GHSA-4fxq-2x3x-6xqx","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/openziti/zrok/security/advisories/GHSA-3jpj-v3xr-5h6g","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-2434","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-2434 — The Pz-LinkCard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blogcard'…","description":"The Pz-LinkCard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blogcard' shortcode attributes in all versions up to, and including, 2.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev…","indicators":{"cves":["CVE-2026-2434"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T23:16:12.167Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/pz-linkcard/tags/2.5.8/pz-linkcard.php#L442","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/pz-linkcard/tags/2.5.8/pz-linkcard.php#L636","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/pz-linkcard/trunk/pz-linkcard.php#L636","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/687ffac2-1f07-4adb-ba12-5f2ea357ea7e?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40479","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40479 — Kimai is an open-source time tracking application. In versions 1.16.3 through 2.52.0, the escapeForH…","description":"Kimai is an open-source time tracking application. In versions 1.16.3 through 2.52.0, the escapeForHtml() function in KimaiEscape.js does not escape double quote or single quote characters. When a user's profile alias is inserted into an HTML attribute context via the team member form prototype and…","indicators":{"cves":["CVE-2026-40479"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T23:16:12.317Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/kimai/kimai/releases/tag/2.53.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/kimai/kimai/security/advisories/GHSA-g82g-m9vx-vhjg","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40486","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40486 — Kimai is an open-source time tracking application. In versions 2.52.0 and below, the User Preference…","description":"Kimai is an open-source time tracking application. In versions 2.52.0 and below, the User Preferences API endpoint (PATCH /api/users/{id}/preferences) applies submitted preference values without checking the isEnabled() flag on preference objects. Although the hourly_rate and internal_rate fields ar…","indicators":{"cves":["CVE-2026-40486"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T23:16:12.593Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/kimai/kimai/releases/tag/2.53.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/kimai/kimai/security/advisories/GHSA-qh43-xrjm-4ggp","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40333","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40333 — libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two funct…","description":"libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptp_unpack_EOS_events() have xsize available but never pass it, leaving both…","indicators":{"cves":["CVE-2026-40333"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:37.120Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/gphoto/libgphoto2/commit/1817ecead20c2aafa7549dac9619fe38f47b2f53","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gphoto/libgphoto2/security/advisories/GHSA-hq94-cp6h-3gjp","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40335","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40335 — libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-o…","description":"libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in `ptp_unpack_DPV()` in `camlibs/ptp2/ptp-pack.c` (lines 622–629). The UINT128 and INT128 cases advance `*offset += 16` without verifying that 16 bytes remain in the buffer. The entry c…","indicators":{"cves":["CVE-2026-40335","CVE-2026-40338","CVE-2026-40339","CVE-2026-40340"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:37.390Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/gphoto/libgphoto2/commit/433bde9888d70aa726e32744cd751d7dbe94379a","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gphoto/libgphoto2/security/advisories/GHSA-g4g5-c2x9-cqfj","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gphoto/libgphoto2/commit/3b9f9696be76ae51dca983d9dd8ce586a2561845","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gphoto/libgphoto2/security/advisories/GHSA-2hwp-w84q-27hf","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gphoto/libgphoto2/commit/09f8a940b1e418b5693f5c11e3016a1ad2cea62d","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gphoto/libgphoto2/security/advisories/GHSA-42cm-m9hc-r7q8","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gphoto/libgphoto2/commit/7c7f515bc88c3d0c4098ac965d313518e0ccbe33","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gphoto/libgphoto2/security/advisories/GHSA-xfw3-xvjp-5wcv","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40337","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40337 — The Sentry kernel is a high security level micro-kernel implementation made for high security embedd…","description":"The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the __sys_int_* syscall familly. Prior to version 0.4.7, this can lead to DoS and…","indicators":{"cves":["CVE-2026-40337"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:37.667Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/camelot-os/sentry-kernel/commit/150b7edd2c5b0da0a8baeed3135ddde613b08081","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/camelot-os/sentry-kernel/pull/108","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/camelot-os/sentry-kernel/security/advisories/GHSA-5hgv-rg2f-79pg","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40347","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40347 — Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial…","description":"Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary candid…","indicators":{"cves":["CVE-2026-40347"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:38.520Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/Kludex/python-multipart/releases/tag/0.0.26","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/Kludex/python-multipart/security/advisories/GHSA-mj87-hwqh-73pj","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40483","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40483 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the Pledge Editor…","description":"ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the Pledge Editor renders donation comment values directly into HTML input value attributes without escaping via htmlspecialchars(). An authenticated user with Finance permissions can inject HTML attribute-breaking cha…","indicators":{"cves":["CVE-2026-40483"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:39.243Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/ChurchCRM/CRM/commit/b3da72a2b35f9c600e340a9dfd35e7792ff4f899","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/pull/8609","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/security/advisories/GHSA-wjmf-w8gj-rx7g","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40485","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40485 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the public API log…","description":"ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the public API login endpoint (/api/public/user/login) returns distinguishable HTTP response codes based on whether a username exists: 404 for non-existent users and 401 for valid users with incorrect passwords. An una…","indicators":{"cves":["CVE-2026-40485"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:39.540Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/ChurchCRM/CRM/commit/214694eb83778e1f5e52b3dfa2a99d0e965c1850","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/pull/8607","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/security/advisories/GHSA-x2qh-xmhq-4jpx","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40593","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40593 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the User Editor (U…","description":"ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the User Editor (UserEditor.php) renders stored usernames directly into an HTML input value attribute without applying htmlspecialchars(). An administrator can save a username containing HTML attribute-breaking charact…","indicators":{"cves":["CVE-2026-40593"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:39.957Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/ChurchCRM/CRM/security/advisories/GHSA-7h46-9f64-p49q","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-1559","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1559 — The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkin_place…","description":"The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkin_place_id' parameter in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access…","indicators":{"cves":["CVE-2026-1559"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T02:16:11.187Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/youzify/tags/1.3.6/includes/public/core/class-youzify-wall.php#L109","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/youzify/tags/1.3.6/includes/public/core/wall/class-youzify-form.php#L506","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/youzify/trunk/includes/public/core/class-youzify-wall.php#L109","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/youzify/trunk/includes/public/core/wall/class-youzify-form.php#L506","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3483281/youzify/trunk/includes/public/core/wall/class-youzify-form.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?old_path=%2Fyouzify/tags/1.3.6&new_path=%2Fyouzify/tags/1.3.7","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6bd69711-8303-4086-87c3-eb2935a89aff?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1838","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1838 — The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode_i…","description":"The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode_id' parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script…","indicators":{"cves":["CVE-2026-1838"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T02:16:11.337Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/hostel/tags/1.1.6/controllers/ajax.php#L28","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/hostel/tags/1.1.6/hostel.php#L44","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/hostel/tags/1.1.6/views/partial/rooms-table.html.php#L29","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/hostel/trunk/controllers/ajax.php#L28","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/hostel/trunk/hostel.php#L44","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/hostel/trunk/views/partial/rooms-table.html.php#L29","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3478265/hostel/trunk/hostel.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?old_path=%2Fhostel/tags/1.1.6&new_path=%2Fhostel/tags/1.1.7","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2b9da491-771a-4100-b41a-7411981dd34b?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40490","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40490 — The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and async…","description":"The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When redirect following is enabled (followRedirect(true)), versions of AsyncHttpClient prior to 3.0.9 and 2.14.5 forward Authorization and Proxy-Authorization headers…","indicators":{"cves":["CVE-2026-40490"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T02:16:11.977Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/AsyncHttpClient/async-http-client/commit/6b2fbb7f8","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/AsyncHttpClient/async-http-client/commit/ae557ad35246721c09dafb2976609cd0004e78ae","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/AsyncHttpClient/async-http-client/releases/tag/async-http-client-project-2.14.5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/AsyncHttpClient/async-http-client/releases/tag/async-http-client-project-3.0.9","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-cmxv-58fp-fm3g","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40491","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40491 — gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a P…","description":"gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members. This…","indicators":{"cves":["CVE-2026-40491"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T03:16:13.157Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/wkentaro/gdown/commit/af569fc6ed300b7974dee66dc51e9f01b57b4dff","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/wkentaro/gdown/releases/tag/v5.2.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/wkentaro/gdown/security/advisories/GHSA-76hw-p97h-883f","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-4801","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4801 — The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site…","description":"The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via external iCal feed data in all versions up to, and including, 3.1.16 due to insufficient output escaping of event titles, descriptions, and locations fetched from external iCal feeds in…","indicators":{"cves":["CVE-2026-4801"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T05:16:23.987Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/coblocks/tags/3.1.16/src/blocks/events/index.php#L218","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/coblocks/tags/3.1.16/src/blocks/events/index.php#L245","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/coblocks/tags/3.1.16/src/blocks/events/index.php#L246","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/coblocks/tags/3.1.16/src/blocks/events/index.php#L255","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/coblocks/tags/3.1.16/src/blocks/events/index.php#L91","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/coblocks/trunk/src/blocks/events/index.php#L218","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/coblocks/trunk/src/blocks/events/index.php#L245","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/coblocks/trunk/src/blocks/events/index.php#L246","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/coblocks/trunk/src/blocks/events/index.php#L255","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/coblocks/trunk/src/blocks/events/index.php#L91","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3475789/coblocks/trunk/src/blocks/events/index.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?old_path=%2Fcoblocks/tags/3.1.16&new_path=%2Fcoblocks/tags/3.1.17","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bde0aef3-aa61-4ee7-9cbf-9f51cb5ac700?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6048","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6048 — The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi…","description":"The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget's button URL `custom_attributes` field in all versions up to, and including, 2.1.1 due to insufficient validation of custom attribute names. Specifically, the plugin uses `esc_htm…","indicators":{"cves":["CVE-2026-6048"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T05:16:24.157Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/ultimate-flipbox-addon-for-elementor/tags/2.1.1/widget/simple/ufae-frontend/class-ufae-frontend-item.php#L250","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/ultimate-flipbox-addon-for-elementor/tags/2.1.1/widget/stories/ufae-frontend/class-ufae-frontend-loop.php#L248","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/ultimate-flipbox-addon-for-elementor/tags/2.1.2/widget/simple/ufae-frontend/class-ufae-frontend-item.php#L263","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/ultimate-flipbox-addon-for-elementor/tags/2.1.2/widget/stories/ufae-frontend/class-ufae-frontend-loop.php#L253","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/faa6ad51-7b3b-4fe1-95fa-e9b63943d533?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41253","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41253 — In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 d…","description":"In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious file whose name is valid output from the conductor encoding path, such as a pathname with an initial ace/c+ substring, aka \"hypothetical in-band sign…","indicators":{"cves":["CVE-2026-41253"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T06:16:17.427Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://blog.calif.io/p/mad-bugs-even-cat-readmetxt-is-not","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/gnachman/iTerm2/commit/a9e745993c2e2cbb30b884a16617cd5495899f86","label":"cve@mitre.org","domainType":"primary"},{"url":"https://iterm2.com/downloads.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://news.ycombinator.com/item?id=47809190","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41254","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41254 — Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow…","description":"Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication.","indicators":{"cves":["CVE-2026-41254"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T07:16:10.807Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://abhinavagarwal07.github.io/posts/lcms2-cubesize-overflow/","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/mm2/Little-CMS/commit/da6110b1d14abc394633a388209abd5ebedd7ab0","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/mm2/Little-CMS/commit/e0641b1828d0a1af5ecb1b11fe22f24fceefd4bc","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/mm2/Little-CMS/security/advisories/GHSA-4xp6-rcgg-m9qq","label":"cve@mitre.org","domainType":"primary"},{"url":"https://www.openwall.com/lists/oss-security/2026/04/17/16","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-0894","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-0894 — The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scri…","description":"The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content_block shortcode in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping on user supplied values consumed from user-created…","indicators":{"cves":["CVE-2026-0894"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T10:16:12.093Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3447914/custom-post-widget","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/246dee15-82e0-4630-8d95-d2419e9eaef8?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-2505","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-2505 — The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions…","description":"The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.1, via the 'z_taxonomy_image' shortcode. This is due to the shortcode rendering path passing attacker-controlled class input into a fallback image builder that concatenates H…","indicators":{"cves":["CVE-2026-2505"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T10:16:12.823Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3499275/categories-images","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/34fb64d5-e152-4950-9ef4-6d53a97a56fb?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-2986","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-2986 — The Contextual Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t…","description":"The Contextual Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'other_attributes' parameter in versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor…","indicators":{"cves":["CVE-2026-2986"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T12:16:11.600Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3481684/contextual-related-posts","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8f59e069-a953-47b6-8106-55f55df722ed?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40948","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40948 — The Keycloak authentication manager in `apache-airflow-providers-keycloak` did not generate or valid…","description":"The Keycloak authentication manager in `apache-airflow-providers-keycloak` did not generate or validate the OAuth 2.0 `state` parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's b…","indicators":{"cves":["CVE-2026-40948"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T14:16:10.897Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/apache/airflow/pull/64114","label":"security@apache.org","domainType":"primary"},{"url":"https://lists.apache.org/thread/kc0odpr70hbqhdb9ksnz42fkqz2xld9q","label":"security@apache.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/17/14","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-0868","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-0868 — The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cro…","description":"The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's calendly shortcode in all versions up to, and including, 4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it po…","indicators":{"cves":["CVE-2026-0868"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T04:16:10.670Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3466576/embed-calendly-scheduling","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d5653ebe-7145-4b1c-94f8-ca87ed0dc4f5?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6559","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6559 — A weakness has been identified in Wavlink WL-WN579A3 220323. This affects the function sub_401F80 of…","description":"A weakness has been identified in Wavlink WL-WN579A3 220323. This affects the function sub_401F80 of the file /cgi-bin/login.cgi. This manipulation of the argument Hostname causes cross site scripting. Remote exploitation of the attack is possible. Upgrading the affected component is recommended. Th…","indicators":{"cves":["CVE-2026-6559"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T06:16:10.437Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://dl.wavlink.com/firmware/RD/WINSTAR_WN579A3-A-2026-03-10-94f93d4-WO-mt7628-squashfs-sysupgrade.bin","label":"cna@vuldb.com","domainType":"other"},{"url":"https://github.com/Litengzheng/vul_db/blob/main/WL-WN579A3/vul_16/README.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/785303","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358196","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358196/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6561","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6561 — A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit_adminlogo…","description":"A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit_adminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filename results in unrestricted upload. The attack is possible to be carried out remotely. The exploit is…","indicators":{"cves":["CVE-2026-6561"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T08:16:26.113Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/zzk6th/my-cve-notes/blob/main/EyouCMS%20Arbitrary%20File%20Copy%20Vulnerability%20in%20edit_adminlogo()%20Leading%20to%20Sensitive%20Information%20Disclosure.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/788038","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358198","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358198/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6564","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6564 — A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown fun…","description":"A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown function of the component Session Handling. The manipulation results in improper authorization. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendo…","indicators":{"cves":["CVE-2026-6564"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T10:16:08.457Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/cailiujia/CVE","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/789924","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358201","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358201/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6571","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6571 — A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is…","description":"A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipulation of the argument group_role can lead to authorization bypass. The attack may be launched remotel…","indicators":{"cves":["CVE-2026-6571"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T12:16:33.607Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://vuldb.com/submit/789987","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358205","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358205/cti","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vulnplus-note.wetolink.com/share/atu3UbqnfAgs","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6572","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6572 — A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this iss…","description":"A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this issue is some unknown functionality of the file /app/controller/share.class.php of the component fileUpload Endpoint. The manipulation of the argument fileUpload leads to improper authorization. Remote e…","indicators":{"cves":["CVE-2026-6572"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T13:16:45.650Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://vuldb.com/submit/789988","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358206","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358206/cti","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vulnplus-note.wetolink.com/share/PLCI4v0BWaF8","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6573","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6573 — A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exa…","description":"A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely. T…","indicators":{"cves":["CVE-2026-6573"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T13:16:46.187Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://vuldb.com/submit/789990","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358207","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358207/cti","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vulnplus-note.wetolink.com/share/1QZ4NE0oTRIc","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6576","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6576 — A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the…","description":"A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument Source can lead to command injection. It is possible…","indicators":{"cves":["CVE-2026-6576"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T19:16:14.347Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-1-WeChat-Bot-RCE.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/790281","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358211","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358211/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6578","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6578 — A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknow…","description":"A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of the argument SECRET_KEY results in hard-coded credentials. The attack can be launched remotely. The…","indicators":{"cves":["CVE-2026-6578"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T22:16:35.133Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-3-Hardcoded-Django-SECRET_KEY.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/790283","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358213","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358213/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6579","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6579 — A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown fun…","description":"A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown function of the file blog/views.py of the component Clean Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the publi…","indicators":{"cves":["CVE-2026-6579"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T22:16:35.320Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-4-Unauthenticated-Cache-Purge.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/790286","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358214","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358214/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6583","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6583 — A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the functio…","description":"A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function delete_api_key/edit_api_key of the file superagi/controllers/api_key.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. The attack is possible to be car…","indicators":{"cves":["CVE-2026-6583"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T23:16:34.300Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/YLChen-007/ba28ac92d9fd011d40560dbf2bac39ce","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791074","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358218","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358218/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6584","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6584 — A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects th…","description":"A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function update_user of the file superagi/controllers/user.py of the component User Update Endpoint. The manipulation of the argument user_id results in authorization bypass. The attack may be perfo…","indicators":{"cves":["CVE-2026-6584"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T00:16:34.093Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/YLChen-007/79b967ece52d424558f279156dd53324","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791075","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358219","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358219/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6585","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6585 — A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the f…","description":"A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function update_organisation of the file superagi/controllers/organisation.py of the component Organisation Update Endpoint. This manipulation of the argument organisation_id causes authorization bypas…","indicators":{"cves":["CVE-2026-6585"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T00:16:34.307Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/YLChen-007/88ea045efa387ab0b93f6dd2f797e653","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791076","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358220","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358220/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6586","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6586 — A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function…","description":"A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function get_budget/update_budget of the file superagi/controllers/budget.py of the component Budget Endpoint. Such manipulation leads to authorization bypass. It is possible to launch the attack remotely. Th…","indicators":{"cves":["CVE-2026-6586"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T00:16:34.507Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/YLChen-007/4b6b95f98aeed927a99d2a76eaf53444","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791077","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358221","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358221/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6587","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6587 — A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the…","description":"A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function _try_process_local_file/_try_process_url of the file src/ragas/metrics/collections/multi_modal_faithfulness/util.py of the component Collections Module. Performing a manipulation of the argum…","indicators":{"cves":["CVE-2026-6587"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T00:16:34.703Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://adithyanak.com/ragas-v0214-arbitrary-file-read-vulnerability","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/791088","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358222","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358222/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6588","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6588 — A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function…","description":"A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function download_model/delete_model of the file api/src/serge/routers/model.py of the component Model API Endpoint. Executing a manipulation can lead to missing authentication. The attack can be launched rem…","indicators":{"cves":["CVE-2026-6588"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T01:16:30.867Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/YLChen-007/5fbc93a21f9928e91a72ab0d72fb1e88","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791089","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358223","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358223/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6589","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6589 — A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function create…","description":"A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function create_origin_only_middleware of the file server.py. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The…","indicators":{"cves":["CVE-2026-6589"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T01:16:31.477Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/YLChen-007/d314f8120e47601dfa3ac8b899f12d1f","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791108","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358224","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358224/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6590","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6590 — A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function get_model_preview of…","description":"A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function get_model_preview of the file app/model_manager.py of the component Model Preview Endpoint. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. The…","indicators":{"cves":["CVE-2026-6590"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T01:16:31.673Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/YLChen-007/b46c4cfef1643df14ed73e278129af2c","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791109","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358225","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358225/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6591","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6591 — A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folder_paths.get_annotated_f…","description":"A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folder_paths.get_annotated_filepath of the file folder_paths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been p…","indicators":{"cves":["CVE-2026-6591"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T01:16:31.870Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/YLChen-007/1e6db39703626dc5c1a2505426754333","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791112","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358226","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358226/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-32957","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-32957 — SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for cri…","description":"SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for critical function issue on firmware maintenance. Arbitrary file may be uploaded on the device without authentication.","indicators":{"cves":["CVE-2026-32957","CVE-2026-32962"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T04:16:39.093Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://jvn.jp/en/vu/JVNVU94271449/","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/en/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-32958","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-32958 — SD-330AC and AMC Manager provided by silex technology, Inc. use a hard-coded cryptographic key. An a…","description":"SD-330AC and AMC Manager provided by silex technology, Inc. use a hard-coded cryptographic key. An administrative user may be directed to apply a fake firmware update.","indicators":{"cves":["CVE-2026-32958"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T04:16:42.580Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://jvn.jp/en/vu/JVNVU94271449/","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/en/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-32959","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-32959 — SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a broken…","description":"SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a broken or risky cryptographic algorithm. Information in the traffic may be retrieved via man-in-the-middle attack.","indicators":{"cves":["CVE-2026-32959"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T04:16:43.790Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://jvn.jp/en/vu/JVNVU94271449/","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/en/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-32960","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-32960 — SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a sensitive inform…","description":"SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a sensitive information in resource not removed before reuse.  An attacker may login to the device without knowing the password by sending a crafted packet.","indicators":{"cves":["CVE-2026-32960"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T04:16:44.037Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://jvn.jp/en/vu/JVNVU94271449/","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/en/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-32964","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-32964 — SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CR…","description":"SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CRLF sequences ('CRLF Injection') vulnerability. Processing some crafted configuration data may lead to arbitrary entries injected to the system configuration.","indicators":{"cves":["CVE-2026-32964"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T04:16:45.450Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://jvn.jp/en/vu/JVNVU94271449/","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/en/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6598","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6598 — A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element…","description":"A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function create_project/encrypt_auth_settings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument auth_settin…","indicators":{"cves":["CVE-2026-6598"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T04:16:52.857Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/chenhouser2025/77adb3486c06c635ae4b09a3eaf90213","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791921","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358233","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358233/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6599","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6599 — A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the functi…","description":"A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function get_client_ip/install_mcp_config of the file src/backend/base/langflow/api/v1/mcp_projects.py of the component Model Context Protocol Configuration API. Performing a manipulation of the argument X-…","indicators":{"cves":["CVE-2026-6599"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T04:16:53.060Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/chenhouser2025/a909c47316b7a0948ee68c109ab747a3","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791922","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358234","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358234/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6601","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6601 — A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts an unknown function…","description":"A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts an unknown function of the component Datatables. The manipulation leads to resource consumption. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor wa…","indicators":{"cves":["CVE-2026-6601"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T04:16:56.763Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/devsamuelsantiago/lagom-whmcs-dos-poc","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791943","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358236","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358236/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6607","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6607 — A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the f…","description":"A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function api_generate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used…","indicators":{"cves":["CVE-2026-6607"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T05:16:16.190Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/YLChen-007/87216a2d97a882d619e11dc67cd473b5","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/lm-sys/FastChat/","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/lm-sys/FastChat/commit/c9e84b89c91d45191dc24466888de526fa04cf33","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/lm-sys/FastChat/issues/3833","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/lm-sys/FastChat/pull/3835","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792227","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358242","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358242/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6608","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6608 — A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of t…","description":"A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was fix…","indicators":{"cves":["CVE-2026-6608"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T06:16:21.733Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/YLChen-007/e45039d23e698222d887ee09735d9d36","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/lm-sys/FastChat/","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/lm-sys/FastChat/issues/3834","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792228","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358243","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358243/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6609","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6609 — A flaw has been found in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function…","description":"A flaw has been found in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function form_valid of the file oauth/views.py. This manipulation of the argument oauthid causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used. T…","indicators":{"cves":["CVE-2026-6609"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T06:16:22.050Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-6-OAuth-Email-Binding-IDOR.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/790288","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358244","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358244/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6612","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6612 — A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the functio…","description":"A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the function get_agent_execution/update_agent_execution of the file superagi/controllers/agent_execution.py of the component Agent Execution Endpoint. Executing a manipulation of the argument agent_execution_id…","indicators":{"cves":["CVE-2026-6612"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T07:16:15.943Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/YLChen-007/d033e9d4d23e0832b9ede71dc545ac9a","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791078","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358247","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358247/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6613","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6613 — A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function…","description":"A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function delete_agent/stop_schedule/get_schedule_data of the file superagi/controllers/agent.py. The manipulation of the argument agent_id leads to authorization bypass. The attack is possible to be carried o…","indicators":{"cves":["CVE-2026-6613"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T07:16:16.147Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/YLChen-007/1d87985b274ce22c4294726d7758df8e","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791081","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358248","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358248/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6614","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6614 — A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vu…","description":"A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function get_project/update_project/get_projects_organisation of the file superagi/controllers/project.py. The manipulation results in authorization bypass. The attack may be perfor…","indicators":{"cves":["CVE-2026-6614"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T07:16:16.343Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/YLChen-007/ac40da2253c7364d043c0dfe3275190b","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791082","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358249","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358249/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41282","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41282 — ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-var…","description":"ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets (not the default configuration).","indicators":{"cves":["CVE-2026-41282"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T08:16:10.140Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/projectdiscovery/nuclei/commit/6c803c74d193f85f8a6d9803ce493fd302cad0eb","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/projectdiscovery/nuclei/commit/d2217320162d5782ca7cb95bef9dda17063818f3","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/projectdiscovery/nuclei/pull/7221","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/projectdiscovery/nuclei/pull/7321","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/projectdiscovery/nuclei/security/advisories/GHSA-jm34-66cf-qpvr","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/projectdiscovery/nuclei/pull/7221","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"},{"url":"https://github.com/projectdiscovery/nuclei/pull/7321","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6616","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6616 — A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects…","description":"A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extract_with_bs4/extract_with_3k/extract_with_lxml of the file superagi/helper/webpage_extractor.py of the component WebScraperTool. Such manipulation leads to server-side request forger…","indicators":{"cves":["CVE-2026-6616"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T08:16:11.390Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/YLChen-007/4bb1d709cbb58cee46d839c651d3221f","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791084","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358251","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358251/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6617","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6617 — A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function…","description":"A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function get_api_tool_provider_remote_schema of the file api/services/tools/api_tools_manage_service.py of the component ApiToolManageService. Performing a manipulation of the argument url results in server-s…","indicators":{"cves":["CVE-2026-6617"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T08:16:11.597Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/chenhouser2025/306c6a7ad6aff9bc9a7fa76d5df38c63","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792231","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358252","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358252/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6618","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6618 — A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse_openai_…","description":"A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse_openai_plugin_json_to_tool_bundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery. T…","indicators":{"cves":["CVE-2026-6618"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T09:16:09.607Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/chenhouser2025/d7b1c574b0e32eb9169f7046b486e662","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792241","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358253","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358253/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6620","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6620 — A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the fun…","description":"A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of the argument Type results in path traversal. The attack may be launched remotely. The exploit has been…","indicators":{"cves":["CVE-2026-6620"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T09:16:09.990Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/ccccccctiiiiiiii-lab/public_exp/issues/2","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792336","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358255","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358255/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6626","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6626 — A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unkn…","description":"A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unknown functionality of the component Asset Handler/Aggregate Handler. The manipulation results in improper neutralization of special elements in data query logic. It is possible to launch the attack rem…","indicators":{"cves":["CVE-2026-6626"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T10:16:17.943Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/NicolasPauferro/studiesofnosqli","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792601","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358261","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358261/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6628","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6628 — A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput o…","description":"A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the component Query Viewer Component. This manipulation of the argument custom causes sql injection. The attack can be initiated remotely. The exploit has been published…","indicators":{"cves":["CVE-2026-6628"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T10:16:18.147Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/NicolasPauferro/studiessqli","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792607","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358262","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358262/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6654","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6654 — Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thi…","description":"Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting the length to zero.","indicators":{"cves":["CVE-2026-6654"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T11:16:19.937Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/mozilla/thin-vec/security/advisories/GHSA-xphw-cqx3-667j","label":"security@mozilla.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6634","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6634 — A weakness has been identified in usememos memos up to 0.22.1. This affects the function memos_acces…","description":"A weakness has been identified in usememos memos up to 0.22.1. This affects the function memos_access_token of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The attack is possible to be c…","indicators":{"cves":["CVE-2026-6634"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T12:16:09.490Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/Dave-gilmore-aus/security-advisories/blob/main/usememos-security-advisory","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/793432","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358268","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358268/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6636","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6636 — A vulnerability was detected in p2r3 convert up to 6998584ace3e11db66dff0b423612a5cf91de75b. Affecte…","description":"A vulnerability was detected in p2r3 convert up to 6998584ace3e11db66dff0b423612a5cf91de75b. Affected is the function Bun.serve of the file buildCache.js of the component API. Performing a manipulation of the argument pathname results in path traversal. It is possible to initiate the attack remotely…","indicators":{"cves":["CVE-2026-6636"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T12:16:09.943Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/Dave-gilmore-aus/security-advisories/blob/main/convert-advisory","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/793436","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358270","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358270/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-66335","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-66335 — Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw…","description":"Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version 0.6.1…","indicators":{"cves":["CVE-2025-66335"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T14:16:16.760Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://lists.apache.org/thread/odp0fyyst8kxm7hhm9z4d1snh1y4hjpy","label":"security@apache.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/17/4","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33558","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33558 — Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component…","description":"Information exposure vulnerability has been identified in Apache Kafka.\n\nThe NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information will…","indicators":{"cves":["CVE-2026-33558"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T14:16:19.010Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://kafka.apache.org/cve-list","label":"security@apache.org","domainType":"other"},{"url":"https://lists.apache.org/thread/pz5g4ky3h0k91tfd14p0dzqjp80960kl","label":"security@apache.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/17/3","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6649","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6649 — A vulnerability was determined in Qibo CMS 1.0. Affected by this issue is some unknown functionality…","description":"A vulnerability was determined in Qibo CMS 1.0. Affected by this issue is some unknown functionality of the file /index/image/headers. Executing a manipulation of the argument starts can lead to server-side request forgery. The attack can be launched remotely. The exploit has been publicly disclosed…","indicators":{"cves":["CVE-2026-6649"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T14:16:23.600Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://tcn60zf28jhk.feishu.cn/wiki/VYIcwwH4uiWZMgkX0SecopTgnQd?from=from_copylink","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/793510","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358283","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358283/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34429","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34429 — Vvveb prior to 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticate…","description":"Vvveb prior to 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticated users with media upload and rename permissions to execute arbitrary JavaScript by bypassing MIME type validation and renaming uploaded files to executable extensions. Attackers can prepend a GIF89a…","indicators":{"cves":["CVE-2026-34429"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:16:44.650Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://delta.cyberm.ca/bugbin/ur66bvB7BYTC9y0eCIk3uzhZQgbjzAkG/","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://github.com/givanz/Vvveb/commit/cc997d3359ea5e49a45c132f5dee3bc80fb441d7","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/givanz/Vvveb/releases/tag/1.0.8.1","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/vvveb-stored-xss-via-media-upload-and-rename","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40896","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40896 — OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user w…","description":"OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with `manage_agendas` permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target p…","indicators":{"cves":["CVE-2026-40896"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:16:48.567Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/opf/openproject/commit/8f693a1f35d0a84bb69af78fb6925f74329ae4fe","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/opf/openproject/security/advisories/GHSA-hh5p-gwf8-h245","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/opf/openproject/security/advisories/GHSA-hh5p-gwf8-h245","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41245","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41245 — Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnera…","description":"Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when a crafted RAR archive is extracted. Version 7.5.10 fixes the…","indicators":{"cves":["CVE-2026-41245"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:16:49.113Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/junrar/junrar/commit/d77e9a83eb721cd51f9c23d7869d0e6ad7f952d7","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/junrar/junrar/releases/tag/v7.5.10","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/junrar/junrar/security/advisories/GHSA-hf5p-q87m-crj7","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6650","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6650 — A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file…","description":"A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zb_users/plugin/AppCentre/app_upload.php of the component ZBA File Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available and…","indicators":{"cves":["CVE-2026-6650"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:16:55.617Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/qingyun985/Cyber-Security/issues/3","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/793451","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358284","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358284/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6652","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6652 — A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate…","description":"A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote ex…","indicators":{"cves":["CVE-2026-6652"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:16:56.013Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://medium.com/@pkhuyar/the-danger-of-php-eval-a23410187ca2","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/794186","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358286","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358286/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-66954","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-66954 — A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or…","description":"A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is triggered by modifying a parameter within requests sent to the /nasapi endpoint.","indicators":{"cves":["CVE-2025-66954"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T17:16:29.837Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/DBmonster19/CVE-2025-66954","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-22761","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-22761 — Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A…","description":"Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.","indicators":{"cves":["CVE-2026-22761"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T17:16:31.053Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-26942","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-26942 — Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Spe…","description":"Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execu…","indicators":{"cves":["CVE-2026-26942"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T17:16:32.657Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-28684","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-28684 — python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prio…","description":"python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, `set_key()` and `unset_key()` in python-dotenv follow symbolic links when rewriting `.env` files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when…","indicators":{"cves":["CVE-2026-28684"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T17:16:33.087Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/theskumar/python-dotenv/releases/tag/v1.2.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/theskumar/python-dotenv/security/advisories/GHSA-mf9w-mj56-hr94","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/theskumar/python-dotenv/security/advisories/GHSA-mf9w-mj56-hr94","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35154","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35154 — Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions…","description":"Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper privilege management vulnerability in IDRAC. A high privileged attacker with local access could poten…","indicators":{"cves":["CVE-2026-35154"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T17:16:34.263Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","label":"security_alert@emc.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-23752","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-23752 — GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the template grou…","description":"GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the template group creation and editing functionality that allows authenticated administrators to inject arbitrary JavaScript by manipulating the companyname POST parameter without HTML sanitization. Attackers can inj…","indicators":{"cves":["CVE-2026-23752"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T18:16:23.947Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://gfi.ai/products-and-solutions/email-and-messaging-solutions/helpdesk/resources/product-releases","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://www.vulncheck.com/advisories/gfi-helpdesk-stored-xss-via-companyname-parameter","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-23753","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-23753 — GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the language mana…","description":"GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the language management functionality where the charset POST parameter is passed directly to SWIFT_Language::Create() without HTML sanitization and subsequently rendered unsanitized by View_Language.RenderGrid(). An a…","indicators":{"cves":["CVE-2026-23753"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T18:16:24.137Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://gfi.ai/products-and-solutions/email-and-messaging-solutions/helpdesk/resources/product-releases","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://www.vulncheck.com/advisories/gfi-helpdesk-stored-xss-via-charset-parameter","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-23756","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-23756 — GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the Troubleshoote…","description":"GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the Troubleshooter module where the subject POST parameter is not sanitized in Controller_Step.InsertSubmit() and EditSubmit() before being rendered by View_Step.RenderViewSteps(). An authenticated staff member can in…","indicators":{"cves":["CVE-2026-23756"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T18:16:24.297Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://gfi.ai/products-and-solutions/email-and-messaging-solutions/helpdesk/resources/product-releases","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://www.vulncheck.com/advisories/gfi-helpdesk-stored-xss-via-troubleshooter-step-subject","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-23757","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-23757 — GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports modu…","description":"GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFT_Report::Create() without HTML sanitization. Attackers can inject arbitrary JavaScript into the report title field when creating or editing a re…","indicators":{"cves":["CVE-2026-23757"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T18:16:24.473Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://gfi.ai/products-and-solutions/email-and-messaging-solutions/helpdesk/resources/product-releases","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://www.vulncheck.com/advisories/gfi-helpdesk-stored-xss-via-reports-module","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-26399","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-26399 — A stack-use-after-return issue exists in the Arduino_Core_STM32 library prior to version 1.7.0. The…","description":"A stack-use-after-return issue exists in the Arduino_Core_STM32 library prior to version 1.7.0. The pwm_start() function allocates a TIM_HandleTypeDef structure on the stack and passes its address to HAL initialization routines, where it is stored in a global timer handle registry. After the functio…","indicators":{"cves":["CVE-2026-26399"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T18:16:25.040Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/Acen28/CVE-2026-26399-Disclosure","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/stm32duino/Arduino_Core_STM32/releases/tag/1.6.1","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-39112","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-39112 — Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Manage…","description":"Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the visname parameter of visitors-form.php. An authenticated attacker can inject arbitrary JavaScript that is later executed when the malicious input is viewed in manage-newvisitor…","indicators":{"cves":["CVE-2026-39112"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T18:16:27.417Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/efekaanakkar/Apartment-Visitors-Management-System-CVEs/","label":"cve@mitre.org","domainType":"primary"},{"url":"https://phpgurukul.com/?sdm_process_download=1&download_id=21524","label":"cve@mitre.org","domainType":"other"},{"url":"https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41389","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41389 — OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result me…","description":"OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially disclosi…","indicators":{"cves":["CVE-2026-41389"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T18:16:27.980Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/openclaw/openclaw/commit/1470de5d3e0970856d86cd99336bb8ada3fe87da","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/openclaw/openclaw/commit/52ef42302ead9e183e6c8810e0a04ee4ef8ae9fc","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/openclaw/openclaw/commit/6e58f1f9f54bca1fea1268ec0ee4c01a2af03dde","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mr34-9552-qr95","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-unvalidated-tool-result-media-paths","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6060","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6060 — A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource cons…","description":"A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS: \n\n  *  7.0.X\n  *  8.0.X\n  *  2023.X\n  *  2024.X\n  *  2025.X\n  *  2026.X before 2026.3.X","indicators":{"cves":["CVE-2026-6060"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T19:16:11.043Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://otrs.com/release-notes/otrs-security-advisory-2026-01/","label":"security@otrs.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6550","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6550 — Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python befor…","description":"Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version  4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache, resulting in ciphertext that can be decryp…","indicators":{"cves":["CVE-2026-6550"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T20:16:49.283Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://aws.amazon.com/security/security-bulletins/2026-017-aws/","label":"ff89ba41-3aa1-4d27-914a-91399e9639e5","domainType":"other"},{"url":"https://github.com/aws/aws-encryption-sdk-python/releases/tag/v3.3.1","label":"ff89ba41-3aa1-4d27-914a-91399e9639e5","domainType":"primary"},{"url":"https://github.com/aws/aws-encryption-sdk-python/releases/tag/v4.0.5","label":"ff89ba41-3aa1-4d27-914a-91399e9639e5","domainType":"primary"},{"url":"https://github.com/aws/aws-encryption-sdk-python/security/advisories/GHSA-v638-38fc-rhfv","label":"ff89ba41-3aa1-4d27-914a-91399e9639e5","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-29647","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-29647 — In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to…","description":"In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling.","indicators":{"cves":["CVE-2026-29647"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:19.637Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://docs.riscv.org/reference/isa/priv/smstateen.html#state-enable-0-registers","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/OpenXiangShan/NEMU/issues/691","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/OpenXiangShan/XiangShan/pull/3978","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/OpenXiangShan/NEMU/issues/691","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-4852","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4852 — The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable t…","description":"The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image Source' attachment field in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. This makes it possible for…","indicators":{"cves":["CVE-2026-4852"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:36.560Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/image-source-control-isc/tags/3.8.0/public/views/global-list.php#L37","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/db0222e2-5a50-43f4-8620-12b97c712dec?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6729","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6729 — HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that…","description":"HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by exploiting a shared ohmo session key that lacks sender identity verification. Attackers can reuse anothe…","indicators":{"cves":["CVE-2026-6729"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T22:16:23.800Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/HKUDS/OpenHarness/commit/3186851c479ee714a9bb9aa6cd77017db7e589e2","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/HKUDS/OpenHarness/pull/159","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/hkuds-openharness-session-key-collision-privilege-escalation","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://github.com/HKUDS/OpenHarness/pull/159","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5721","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5721 — The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress i…","description":"The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.5.0.4. This is due to insufficient input sanitization and output escaping in the prepareCellOutput() method of the L…","indicators":{"cves":["CVE-2026-5721"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T23:16:24.403Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3510613/","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8db736fb-cd6c-4a52-9dd3-eefd0a8d9267?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35588","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35588 — Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassand…","description":"Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module (`glances/exports/glances_cassandra/__init__.py`) interpolates `keyspace`, `table`, and `replication_factor` configuration values directly into CQL statements without validation. A us…","indicators":{"cves":["CVE-2026-35588"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:29.163Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/nicolargo/glances/commit/d339181f03a14bb15506307e9d58f876e23d8160","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nicolargo/glances/commit/e41b665576f9fd5374e3152078726cc59a01e48c","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nicolargo/glances/security/advisories/GHSA-grp3-h8m8-45p7","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nicolargo/glances/security/advisories/GHSA-grp3-h8m8-45p7","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40045","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40045 — OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored…","description":"OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft setup codes to redirect clients to malicious endpoints, disclosing plaintext gateway credentials.","indicators":{"cves":["CVE-2026-40045"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:29.300Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/openclaw/openclaw/commit/a941a4fef9bc43b2973c92d0dcff5b8a426210c5","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-83f3-hh45-vfw9","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-cleartext-credential-transmission-via-unencrypted-websocket-gateway-endpoints","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41285","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41285 — In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted…","description":"In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND) option (over a local network) with length zero, because of an \"nd_opt_len * 8 - 2\" expression with no preceding check for whether nd_opt_len is zero.","indicators":{"cves":["CVE-2026-41285"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:29.480Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/openbsd/src/commit/086c5738bcd3c203bcc08d024fcf983cb409115f","label":"cve@mitre.org","domainType":"primary"},{"url":"https://www.openbsd.org/errata78.html","label":"cve@mitre.org","domainType":"other"},{"url":"https://www.rfc-editor.org/rfc/rfc4861#section-4.6","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41298","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41298 — OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoi…","description":"OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoint in identity-bearing HTTP modes. Read-scoped callers can terminate running subagent sessions by sending requests to this endpoint, bypassing authorization controls.","indicators":{"cves":["CVE-2026-41298"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:30.350Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/openclaw/openclaw/commit/54a0878517167c6e49900498cf77420dadb74beb","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5hff-46vh-rxmw","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-session-termination-endpoint","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41300","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41300 — OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered…","description":"OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoints by having their discovered URL survive the trust decline process into manual prompts requiring oper…","indicators":{"cves":["CVE-2026-41300"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:30.690Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/openclaw/openclaw/commit/2a75416634837c21ed05b8c3ed906eb7a7807060","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9f4w-67g7-mqwv","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-attacker-discovered-endpoint-preservation-in-remote-onboarding","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41301","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41301 — OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability i…","description":"OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingress path that allows pairing challenges to be issued before event signature validation. An unauthenticated remote attacker can send forged direct messages to create pending pairing…","indicators":{"cves":["CVE-2026-41301"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:30.873Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/openclaw/openclaw/commit/4ee742174f36b5445703e3b1ef2fbd6ae6700fa4","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-h43v-27wg-5mf9","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-forged-nostr-dm-pairing-state-creation-via-signature-verification-bypass","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41330","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41330 — OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec polic…","description":"OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification, Do…","indicators":{"cves":["CVE-2026-41330"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:31.557Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/openclaw/openclaw/commit/4d912e04519b4bd53b248437c53748cdebce9a41","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-9gp8-hjxr-6f34","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-environment-variable-override-via-host-exec-policy","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41331","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41331 — OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight…","description":"OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that allows unauthorized group senders to trigger transcription processing. Attackers can exploit insufficient allowlist enforcement to cause resource or billing consumption by initiatin…","indicators":{"cves":["CVE-2026-41331"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:31.740Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/openclaw/openclaw/commit/c4fa8635d03943ffe9e294d501089521dca635c5","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-m6fx-m8hc-572m","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/openclaw-resource-consumption-via-unauthorized-telegram-audio-preflight-transcription","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-39377","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-39377 — The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja…","description":"The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The `Extr…","indicators":{"cves":["CVE-2026-39377","CVE-2026-39378"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T01:16:05.937Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/jupyter/nbconvert/releases/tag/v7.17.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6058","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6058 — ** UNSUPPORTED WHEN ASSIGNED ** An improper encoding or escaping vulnerability in the CGI program of…","description":"** UNSUPPORTED WHEN ASSIGNED ** An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the WLAN to cause a denial-of-service (DoS) condition in the web management interface by convincing an authentica…","indicators":{"cves":["CVE-2026-6058"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T02:16:08.500Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://www.zyxel.com/global/en/support/end-of-life","label":"security@zyxel.com.tw","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6674","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6674 — The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the…","description":"The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the 'arttype' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it…","indicators":{"cves":["CVE-2026-6674"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T03:16:09.070Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/tags/1.0.0/includes/cfmw-positions.php#L202","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/tags/1.0.0/includes/cfmw-positions.php#L207","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/trunk/includes/cfmw-positions.php#L202","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/cms-fuer-motorrad-werkstaetten/trunk/includes/cfmw-positions.php#L207","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/af4bd5f6-4f0e-4035-8544-48154a05cef1?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6675","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6675 — The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Una…","description":"The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Email Relay in all versions up to, and including, 2.2.0. This is due to insufficient authorization checks and missing server-side validation of the recipient email address supplied v…","indicators":{"cves":["CVE-2026-6675","CVE-2026-6703"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T03:16:09.210Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/tags/2.1.9/includes/class-responsive-block-editor-addons.php#L2212","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/tags/2.1.9/includes/class-responsive-block-editor-addons.php#L2324","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/tags/2.1.9/includes/class-responsive-block-editor-addons.php#L2403","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/trunk/includes/class-responsive-block-editor-addons.php#L2212","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/trunk/includes/class-responsive-block-editor-addons.php#L2324","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/trunk/includes/class-responsive-block-editor-addons.php#L2403","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/17452a29-bcef-451a-9893-a436ac5d3b80?source=cve","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/tags/2.2.0/includes/class-responsive-block-editor-addons.php#L1730","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/tags/2.2.0/includes/class-responsive-block-editor-addons.php#L1814","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/tags/2.2.0/includes/class-responsive-block-editor-addons.php#L668","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/trunk/includes/class-responsive-block-editor-addons.php#L1730","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/trunk/includes/class-responsive-block-editor-addons.php#L1814","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/responsive-block-editor-addons/trunk/includes/class-responsive-block-editor-addons.php#L668","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3465616","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/187b072d-6314-4ac1-a924-b14324b2fd8d?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31370","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-31370 — Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerabi…","description":"Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.","indicators":{"cves":["CVE-2026-31370"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T07:16:09.437Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://www.honor.com/global/security/CVE-2026-31370/","label":"3836d913-7555-4dd0-a509-f5667fdf5fe4","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6711","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6711 — The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 't…","description":"The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.6. This is due to the use of filter_input() without a sanitization filter and insufficient output escaping. This makes it possible for unauthent…","indicators":{"cves":["CVE-2026-6711"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T07:16:09.743Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3482210%40website-llms-txt&new=3482210%40website-llms-txt&sfp_email=&sfph_mail=","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f5af155b-b65e-4cb1-a748-fc0fc5c6176d?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6712","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6712 — The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin set…","description":"The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a…","indicators":{"cves":["CVE-2026-6712"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T07:16:09.880Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3482210%40website-llms-txt&new=3482210%40website-llms-txt&sfp_email=&sfph_mail=","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2ab86a42-2a8f-4cbc-a754-a3e307b1b73f?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6755","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6755 — Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and…","description":"Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.","indicators":{"cves":["CVE-2026-6755"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:21.510Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1880429","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6757","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6757 — Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 15…","description":"Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6757"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:21.690Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2013588","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6762","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6762 — Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firef…","description":"Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6762"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:22.137Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021080","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6763","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6763 — Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firef…","description":"Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6763"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:22.227Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021666","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6764","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6764 — Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed…","description":"Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6764"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:22.313Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022162","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6765","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6765 — Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150,…","description":"Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6765"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:22.390Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022419","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6767","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6767 — Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox…","description":"Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6767"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:22.577Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023209","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-31/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6770","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6770 — Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefo…","description":"Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.","indicators":{"cves":["CVE-2026-6770"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:22.840Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2024220","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6774","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6774 — Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Th…","description":"Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.","indicators":{"cves":["CVE-2026-6774"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:23.173Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016915","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6775","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6775 — Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 a…","description":"Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.","indicators":{"cves":["CVE-2026-6775"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:23.260Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2021768","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6777","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6777 — Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150 and Thunde…","description":"Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.","indicators":{"cves":["CVE-2026-6777"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:23.430Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022726","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6778","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6778 — Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150…","description":"Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.","indicators":{"cves":["CVE-2026-6778"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:23.513Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2022746","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6779","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6779 — Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thun…","description":"Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.","indicators":{"cves":["CVE-2026-6779"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:23.600Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2023343","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6783","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6783 — Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnera…","description":"Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.","indicators":{"cves":["CVE-2026-6783"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:16:23.930Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2027564","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","label":"security@mozilla.org","domainType":"other"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","label":"security@mozilla.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-1241","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-1241 — Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to v…","description":"Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data.","indicators":{"cves":["CVE-2025-1241"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:16:35.320Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://fortra.com/security/advisories/product-security/FI-2026-001","label":"df4dee71-de3a-4139-9588-11b62fe6c0ff","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-31981","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-31981 — HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 (…","description":"HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 (HTTP) being open, allowing unencrypted access.  An attacker with access to the network traffic can sniff packets from the connection and uncover the data.","indicators":{"cves":["CVE-2025-31981"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:16:35.580Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127605","label":"psirt@hcl.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-0971","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-0971 — An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML…","description":"An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page.","indicators":{"cves":["CVE-2026-0971"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:16:35.717Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://fortra.com/security/advisories/product-security/fi-2025-013","label":"df4dee71-de3a-4139-9588-11b62fe6c0ff","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-0972","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-0972 — HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0. No…","description":"HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0.\n\n\nNote: The title, details, and description of this CVE were corrected post-publishing.","indicators":{"cves":["CVE-2026-0972"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:16:35.830Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://www.fortra.com/security/advisories/product-security/fi-2026-006","label":"df4dee71-de3a-4139-9588-11b62fe6c0ff","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1089","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1089 — User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to t…","description":"User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information Disclosure.","indicators":{"cves":["CVE-2026-1089"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:16:35.943Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://www.fortra.com/security/advisories/product-security/fi-2026-005","label":"df4dee71-de3a-4139-9588-11b62fe6c0ff","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31013","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-31013 — Dovestones Softwares ADPhonebook <4.0.1.1 has a reflected cross-site scripting (XSS) vulnerability i…","description":"Dovestones Softwares ADPhonebook <4.0.1.1 has a reflected cross-site scripting (XSS) vulnerability in the search parameter of the /ADPhonebook?Department=HR endpoint. User-supplied input is reflected in the HTTP response without proper input validation or output encoding, allowing execution of arbit…","indicators":{"cves":["CVE-2026-31013"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:16:36.217Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://dovestones.com/download/","label":"cve@mitre.org","domainType":"other"},{"url":"https://gist.github.com/pentestrox/a35cd5df1a5a84eabada897fc4ffcc79","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-31014","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-31014 — Dovestones Softwares AD Self Update <4.0.0.5 is vulnerable to Cross Site Request Forgery (CSRF). The…","description":"Dovestones Softwares AD Self Update <4.0.0.5 is vulnerable to Cross Site Request Forgery (CSRF). The affected endpoint processes state-changing requests without requiring a CSRF token or equivalent protection. The endpoint accepts application/x-www-form-urlencoded requests, and an originally POST-ba…","indicators":{"cves":["CVE-2026-31014"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:16:36.337Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://dovestones.com/download/","label":"cve@mitre.org","domainType":"other"},{"url":"https://gist.github.com/pentestrox/64cb5febcd9b3022c1f9d3340bf586e3","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-24176","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-24176 — NVIDIA KAI Scheduler contains a vulnerability where an attacker could cause improper authorization t…","description":"NVIDIA KAI Scheduler contains a vulnerability where an attacker could cause improper authorization through cross-namespace pod references. A successful exploit of this vulnerability might lead to data tampering.","indicators":{"cves":["CVE-2026-24176"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:23.603Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24176","label":"psirt@nvidia.com","domainType":"primary"},{"url":"https://nvidia.custhelp.com/app/answers/detail/a_id/5818","label":"psirt@nvidia.com","domainType":"other"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-24176","label":"psirt@nvidia.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-25542","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-25542 — Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 0.43…","description":"Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 0.43.0 to 1.11.0, trusted resources verification policies match a resource source string (refSource.URI) against spec.resources[].pattern using regexp.MatchString. In Go, regexp.MatchString reports a matc…","indicators":{"cves":["CVE-2026-25542"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:24.213Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/tektoncd/pipeline/commit/b8905600322aa86327baae0a7c04d6cf1207362a","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/tektoncd/pipeline/security/advisories/GHSA-rmx9-2pp3-xhcr","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-26067","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-26067 — October is a Content Management System (CMS) and web platform. Prior to 3.7.14 and 4.1.10, a server-…","description":"October is a Content Management System (CMS) and web platform. Prior to 3.7.14 and 4.1.10, a server-side information disclosure vulnerability was identified in the handling of CSS preprocessor files. Backend users with Editor permissions could craft .less, .sass, or .scss files that leverage the com…","indicators":{"cves":["CVE-2026-26067"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:24.383Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/octobercms/october/security/advisories/GHSA-3888-q23f-x7qh","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-26274","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-26274 — October is a Content Management System (CMS) and web platform. Prior to 3.7.14 and 4.1.10, a vulnera…","description":"October is a Content Management System (CMS) and web platform. Prior to 3.7.14 and 4.1.10, a vulnerability was identified in the Twig sandbox security policy that allowed database write operations when cms.safe_mode is enabled. Backend users with Developer permissions could use Twig template markup…","indicators":{"cves":["CVE-2026-26274"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:30.667Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/octobercms/october/security/advisories/GHSA-h6jm-f4hh-fw27","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-30452","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-30452 — Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management syste…","description":"Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management system that allows authenticated users with low privileges to modify articles owned by users with higher privileges. By manipulating the article ID parameter during the duplicate-and-save workflow in textp…","indicators":{"cves":["CVE-2026-30452"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:36.303Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/textpattern/textpattern","label":"cve@mitre.org","domainType":"primary"},{"url":"https://textpattern.com/weblog/textpattern-491-released-security-fixes-patches-and-tweaks","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35451","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35451 — Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting (XSS) vulnerability exi…","description":"Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting (XSS) vulnerability exists in the BlockNote editor component. Due to a lack of protocol validation in the FileBlock component and insufficient server-side inspection of block content, an attacker can inject a javascript: UR…","indicators":{"cves":["CVE-2026-35451"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:53.087Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/twentyhq/twenty/commit/8da69e0f77ea820a6845a4c3c025b6af3861d523","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/twentyhq/twenty/security/advisories/GHSA-7w89-7q26-gj7q","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/twentyhq/twenty/security/advisories/GHSA-7w89-7q26-gj7q","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40566","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40566 — FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Serve…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery (SSRF) vulnerability in the IMAP/SMTP connection test functionality of FreeScout's `MailboxesController`. Three AJAX actions  `fetch_test` (line 731), `send_test` (line 682), an…","indicators":{"cves":["CVE-2026-40566"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:55.000Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/efe82e31b4a0d4c0b20025d09df0615e8139ff08","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.213","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-fg98-rgx6-8x4g","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-fg98-rgx6-8x4g","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40574","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40574 — OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2…","description":"OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2, an authorization bypass exists in OAuth2 Proxy as part of the email_domain enforcement option. An attacker may be able to authenticate with an email claim such as attacker@evil.com@company.com and s…","indicators":{"cves":["CVE-2026-40574"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:55.730Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-c5c4-8r6x-56w3","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40590","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40590 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the Change C…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the Change Customer modal exposes a “Create a new customer” flow via POST /customers/ajax with action=create. Under limited visibility, the endpoint drops unique-email validation. If the supplied email already be…","indicators":{"cves":["CVE-2026-40590"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:56.803Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/b3d7611e6e173ed8a5e525b791deb6b32cf1ce62","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.214","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-wjw4-8xg6-342m","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-wjw4-8xg6-342m","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40592","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40592 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the undo-sen…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the undo-send route `GET /conversation/undo-reply/{thread_id}` checks only whether the current user can view the parent conversation. It does not verify that the current user created the reply being undone. In a…","indicators":{"cves":["CVE-2026-40592"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:57.087Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/c779afdda86fa00a4b85779e034bbfd9ce20c76d","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.214","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-674v-r6xp-mvp6","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41183","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41183 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be hidd…","indicators":{"cves":["CVE-2026-41183"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:57.227Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/6583d6f5a593b51223904f9e0f2e721e63c76de0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.215","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-7rh8-9rgv-g35r","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-7rh8-9rgv-g35r","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40587","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40587 — blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a user changes their pa…","description":"blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a user changes their password via the profile edit page, or when a password reset is completed via the reset link, neither operation invalidates existing authenticated sessions for that user. A server-side session store ass…","indicators":{"cves":["CVE-2026-40587"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:16:51.073Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/blueprintue/blueprintue-self-hosted-edition/security/advisories/GHSA-gqpq-x62g-p4mg","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/blueprintue/blueprintue-self-hosted-edition/security/advisories/GHSA-gqpq-x62g-p4mg","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40594","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40594 — pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the set…","description":"pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the set_session_cookie_secure before_request handler in src/pyload/webui/app/__init__.py reads the X-Forwarded-Proto header from any HTTP request without validating that the request originates from a trusted…","indicators":{"cves":["CVE-2026-40594"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:16:51.553Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/pyload/pyload/security/advisories/GHSA-mp82-fmj6-f22v","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/pyload/pyload/security/advisories/GHSA-mp82-fmj6-f22v","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40602","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40602 — The Home Assistant Command-line interface (hass-cli) is a command-line tool for Home Assistant. Up t…","description":"The Home Assistant Command-line interface (hass-cli) is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no r…","indicators":{"cves":["CVE-2026-40602"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:16:51.827Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/home-assistant-ecosystem/home-assistant-cli/pull/453","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/home-assistant-ecosystem/home-assistant-cli/security/advisories/GHSA-33qf-q99x-wpm8","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40606","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40606 — mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software…","description":"mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP serv…","indicators":{"cves":["CVE-2026-40606"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:16:52.127Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-527g-3w9m-29hv","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40608","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40608 — Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams.…","description":"Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. Prior to 0.4.15, the embedded HTTP sidecar contains three POST handlers (/api/state, /api/restore, and /api/history-svg) that process incoming requests by accumulating the entire request body into a J…","indicators":{"cves":["CVE-2026-40608"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:16:52.280Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/DayuanJiang/next-ai-draw-io/commit/31819f413cc4b329a1cb81e5fccd0cd98c1fd665","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/DayuanJiang/next-ai-draw-io/security/advisories/GHSA-9q7h-wgfw-p378","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/DayuanJiang/next-ai-draw-io/security/advisories/GHSA-9q7h-wgfw-p378","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41194","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41194 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the mailbox…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the mailbox OAuth disconnect action is implemented as `GET /mailbox/oauth-disconnect/{id}/{in_out}/{provider}`. It removes stored OAuth metadata from the mailbox and then redirects. Because it is a GET route, no…","indicators":{"cves":["CVE-2026-41194"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:16:53.400Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/eb397efae2086524ba0ee91abb916de8db7a4ac1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.215","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-6rvw-fhqx-cfv5","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-22751","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-22751 — Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login…","description":"Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use (TOCTOU) race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0.0…","indicators":{"cves":["CVE-2026-22751"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T19:16:16.550Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://spring.io/security/cve-2026-22751","label":"security@vmware.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6744","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6744 — A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Do…","description":"A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Downloadable Link Handler. The manipulation results in server-side request forgery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted earl…","indicators":{"cves":["CVE-2026-6744"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T19:16:18.727Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://drive.google.com/file/d/1pVSN3BYjI_rUE2Jms5EcIBGSMdrq6Wql/view?usp=sharing","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/794680","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358435","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358435/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33812","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33812 — Parsing a malicious font file can cause excessive memory allocation.","description":"Parsing a malicious font file can cause excessive memory allocation.","indicators":{"cves":["CVE-2026-33812"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:16:56.290Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://go.dev/cl/761180","label":"security@golang.org","domainType":"other"},{"url":"https://go.dev/issue/78382","label":"security@golang.org","domainType":"other"},{"url":"https://pkg.go.dev/vuln/GO-2026-4962","label":"security@golang.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40889","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40889 — Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.2 an…","description":"Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.2 and 16.4.2, authenticated users can access unauthorized files by exploiting certain api endpoint. Versions 15.58.2 and 16.4.2 contain a patch. No known workarounds are available.","indicators":{"cves":["CVE-2026-40889"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:02.680Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/frappe/hrms/releases/tag/v15.58.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/frappe/hrms/releases/tag/v16.4.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/frappe/hrms/security/advisories/GHSA-6cg5-4q6m-vrgm","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40907","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40907 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, the endpoint `plugin/Live/…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and prior, the endpoint `plugin/Live/view/Live_restreams/list.json.php` contains an Insecure Direct Object Reference (IDOR) vulnerability that allows any authenticated user with streaming permission to retrieve other users' live restream…","indicators":{"cves":["CVE-2026-40907"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:03.080Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/d5992fff2811df4adad1d9fc7d0a5837b882aed7","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-gpgp-w4x2-h3h7","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-gpgp-w4x2-h3h7","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40908","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40908 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file `git.json.php` at…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file `git.json.php` at the web root executes `git log -1` and returns the full output as JSON to any unauthenticated user. This exposes the exact deployed commit hash (enabling version fingerprinting against known CVEs), d…","indicators":{"cves":["CVE-2026-40908"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:03.220Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-52hf-63q4-r926","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-52hf-63q4-r926","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41320","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41320 — Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.54.0 an…","description":"Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.54.0 and 14.38.1, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. Versions 15.54.0 and 14…","indicators":{"cves":["CVE-2026-41320"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:03.797Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/frappe/hrms/security/advisories/GHSA-745c-5q8r-vgj2","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-21998","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-21998 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported…","description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise My…","indicators":{"cves":["CVE-2026-21998","CVE-2026-22002","CVE-2026-22005","CVE-2026-22009","CVE-2026-22017","CVE-2026-34267","CVE-2026-34272","CVE-2026-34278","CVE-2026-34303","CVE-2026-35240"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:24.863Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-21999","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-21999 — Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are a…","description":"Vulnerability in the XML Database component of Oracle Database Server.  Supported versions that are affected are 23.4.0-23.26.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise XML Database.  Successful attacks require human interaction…","indicators":{"cves":["CVE-2026-21999"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:25.060Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22001","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-22001 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). S…","description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).  Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to comp…","indicators":{"cves":["CVE-2026-22001","CVE-2026-22015"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:25.253Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22003","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-22003 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co…","description":"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u481 and  8u481-b50; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows low privileged…","indicators":{"cves":["CVE-2026-22003"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:25.650Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22004","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-22004 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions th…","description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.…","indicators":{"cves":["CVE-2026-22004","CVE-2026-34304","CVE-2026-35236","CVE-2026-35237","CVE-2026-35238"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:25.857Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22006","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-22006 — Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (compone…","description":"Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Employee Snapshot).   The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterpris…","indicators":{"cves":["CVE-2026-22006","CVE-2026-34280"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:26.240Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22019","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-22019 — Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (compo…","description":"Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Person Search).   The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise…","indicators":{"cves":["CVE-2026-22019"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:29.030Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34266","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34266 — Vulnerability in the PeopleSoft Enterprise HCM Absence Management product of Oracle PeopleSoft (comp…","description":"Vulnerability in the PeopleSoft Enterprise HCM Absence Management product of Oracle PeopleSoft (component: Absence Management).   The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Ente…","indicators":{"cves":["CVE-2026-34266"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:30.040Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34269","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34269 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Port…","description":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal).  Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools.…","indicators":{"cves":["CVE-2026-34269"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:30.557Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34270","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34270 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plug…","description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).  Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to…","indicators":{"cves":["CVE-2026-34270","CVE-2026-34271","CVE-2026-34276"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:30.717Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34273","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34273 — Vulnerability in Oracle GoldenGate (component: Libraries). Supported versions that are affected are…","description":"Vulnerability in Oracle GoldenGate (component: Libraries).  Supported versions that are affected are 23.4-23.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate.  Successful attacks of this vulnerability can result in  una…","indicators":{"cves":["CVE-2026-34273"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:31.237Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34274","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34274 — Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: User Interfa…","description":"Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: User Interface).  Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator.  Success…","indicators":{"cves":["CVE-2026-34274"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:31.390Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34277","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34277 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Flui…","description":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Fluid Core).  Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTo…","indicators":{"cves":["CVE-2026-34277"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:31.860Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34281","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34281 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported ver…","description":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel).   The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris.  While the…","indicators":{"cves":["CVE-2026-34281"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:32.493Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34283","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34283 — Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Identit…","description":"Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Identity Console).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Ide…","indicators":{"cves":["CVE-2026-34283"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:32.823Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34284","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34284 — Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (c…","description":"Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Human workflow 11g+).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to c…","indicators":{"cves":["CVE-2026-34284"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:32.973Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34293","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34293 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versio…","description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).  Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of t…","indicators":{"cves":["CVE-2026-34293","CVE-2026-35239"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:34.223Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34295","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34295 — Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: P…","description":"Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: Purchasing).   The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM Purcha…","indicators":{"cves":["CVE-2026-34295"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:34.477Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34296","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34296 — Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply…","description":"Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Product Quality Management).   The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compro…","indicators":{"cves":["CVE-2026-34296"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:34.610Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34298","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34298 — Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Pe…","description":"Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization).  Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Application…","indicators":{"cves":["CVE-2026-34298"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:34.887Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34299","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34299 — Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft (…","description":"Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft (component: Work Order Management).   The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSof…","indicators":{"cves":["CVE-2026-34299","CVE-2026-34301"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:35.020Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34300","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34300 — Vulnerability in the PeopleSoft Enterprise FIN Contracts product of Oracle PeopleSoft (component: Co…","description":"Vulnerability in the PeopleSoft Enterprise FIN Contracts product of Oracle PeopleSoft (component: Contracts).   The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Contract…","indicators":{"cves":["CVE-2026-34300"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:35.150Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34302","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34302 — Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader)…","description":"Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader).  Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Workflow.  While the vuln…","indicators":{"cves":["CVE-2026-34302"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:35.410Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34306","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34306 — Vulnerability in the PeopleSoft Enterprise FIN Project Costing product of Oracle PeopleSoft (compone…","description":"Vulnerability in the PeopleSoft Enterprise FIN Project Costing product of Oracle PeopleSoft (component: Projects).   The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Pro…","indicators":{"cves":["CVE-2026-34306"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:35.997Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34307","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34307 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Work…","description":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Workflow).  Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools…","indicators":{"cves":["CVE-2026-34307"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:36.117Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34308","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34308 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versi…","description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON).  Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Se…","indicators":{"cves":["CVE-2026-34308"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:36.253Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34317","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34317 — Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported…","description":"Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client).  Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes…","indicators":{"cves":["CVE-2026-34317","CVE-2026-34318","CVE-2026-34319"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:37.183Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34323","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34323 — Vulnerability in the Oracle Life Sciences InForm product of Oracle Life Science Applications (compon…","description":"Vulnerability in the Oracle Life Sciences InForm product of Oracle Life Science Applications (component: IDM Authentication).  Supported versions that are affected are 7.0.1.0 and  7.0.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Or…","indicators":{"cves":["CVE-2026-34323","CVE-2026-34324"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:37.937Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35232","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35232 — Vulnerability in Oracle Fusion Middleware (component: Dynamic Monitoring Service). Supported version…","description":"Vulnerability in Oracle Fusion Middleware (component: Dynamic Monitoring Service).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Fusion Middleware.  Successful at…","indicators":{"cves":["CVE-2026-35232"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:38.847Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35234","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35234 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported…","description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition).  Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks…","indicators":{"cves":["CVE-2026-35234"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:38.993Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35235","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35235 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versio…","description":"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS).  Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of th…","indicators":{"cves":["CVE-2026-35235"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:39.120Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35241","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35241 — Vulnerability in the PeopleSoft Enterprise CS Student Records product of Oracle PeopleSoft (componen…","description":"Vulnerability in the PeopleSoft Enterprise CS Student Records product of Oracle PeopleSoft (component: Research Tracking).   The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise…","indicators":{"cves":["CVE-2026-35241"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:39.983Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35244","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35244 — Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component…","description":"Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management).   The supported version that is affected is 11.2.24.0.000. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle H…","indicators":{"cves":["CVE-2026-35244"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:40.400Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35252","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35252 — Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: C Oracl…","description":"Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: C Oracle SSL API).  Supported versions that are affected are 12.2.1.4.0 and  12.1.3.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle S…","indicators":{"cves":["CVE-2026-35252"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:41.560Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40910","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40910 — frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTT…","description":"frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser backend…","indicators":{"cves":["CVE-2026-40910"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:45.157Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/fatedier/frp/security/advisories/GHSA-pq96-pwvg-vrr9","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/fatedier/frp/security/advisories/GHSA-pq96-pwvg-vrr9","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40923","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40923 — Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to…","description":"Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tekton/ internal paths by using .. path traversal components. The restriction check uses strin…","indicators":{"cves":["CVE-2026-40923","CVE-2026-40924"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:45.543Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/tektoncd/pipeline/releases/tag/v1.11.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/tektoncd/pipeline/security/advisories/GHSA-rx35-6rhx-7858","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/tektoncd/pipeline/security/advisories/GHSA-m2cx-gpqf-qf74","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40927","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40927 — Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving…","description":"Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving a comment on a page, it is possible to include a JavaScript URI as the link. When a user clicks on the link the JavaScript executes. This vulnerability is fixed in 0.80.0.","indicators":{"cves":["CVE-2026-40927"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:46.110Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/docmost/docmost/security/advisories/GHSA-4gv6-jw3v-wc34","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6796","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6796 — A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_l…","description":"A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_login of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This manipulation of the argument errorPassword causes cleartext sto…","indicators":{"cves":["CVE-2026-6796"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:48.333Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://vuldb.com/submit/794797","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358490","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358490/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6797","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6797 — A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability…","description":"A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability is the function ZipSecureFile.setMinflateRatio of the file common/src/main/java/com/publiccms/common/tools/DocToHtmlUtils.java. Such manipulation leads to resource consumption. It is possible to laun…","indicators":{"cves":["CVE-2026-6797"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:48.593Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://vuldb.com/submit/794798","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358491","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358491/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1354","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1354 — Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with th…","description":"Zero Motorcycles firmware versions 44 and prior enable an attacker to \nforcibly pair a device with the motorcycle via Bluetooth. Once paired, \nan attacker can utilize over-the-air firmware updating functionality to \npotentially upload malicious firmware to the motorcycle. The motorcycle \nmust first…","indicators":{"cves":["CVE-2026-1354"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T22:16:18.643Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-06.json","label":"ics-cert@hq.dhs.gov","domainType":"primary"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-06","label":"ics-cert@hq.dhs.gov","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41527","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41527 — KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra u…","description":"KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there is an error in the mechanism (KUniqueService) for ensuring that only one instance is running.","indicators":{"cves":["CVE-2026-41527"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T22:16:20.363Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://commits.kde.org/kleopatra/73471abb92d99c56354adb582bfaec2764c22b79","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/KDE/kleopatra/releases","label":"cve@mitre.org","domainType":"primary"},{"url":"https://kde.org/info/security/advisory-20260408-1.txt","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6799","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6799 — A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unkno…","description":"A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET&section=ping_config of the component Endpoint. Performing a manipulation of the argument destination results in command injection. The atta…","indicators":{"cves":["CVE-2026-6799"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T22:16:20.510Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/Blackhole23-Lab/-/blob/main/Comfast-CF-N1-S-Router-VUDB.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/795203","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358492","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358492/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6829","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6829 — nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated atta…","description":"nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated attackers to set or change a session workspace to an arbitrary existing directory on disk by manipulating workspace path parameters in endpoints such as /api/session/new, /api/session/update, /api/chat/st…","indicators":{"cves":["CVE-2026-6829"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T22:16:20.690Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/nesquena/hermes-webui/commit/2a7a5ddfaf39e3b0094b7ac37e9f1dbcf40a3918","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/nesquena/hermes-webui/pull/416","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/nesquena/hermes-webui/releases/tag/v0.50.34","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/nesquena-hermes-webui-arbitrary-workspace-directory-access","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40928","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40928 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, multiple AVideo JSON endpo…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and prior, multiple AVideo JSON endpoints under `objects/` accept state-changing requests via `$_REQUEST`/`$_GET` and persist changes tied to the caller's session user, without any anti-CSRF token, origin check, or referer check. A malic…","indicators":{"cves":["CVE-2026-40928"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:20.300Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/7aaad601bd9cd7b993ba0ee1b1bea6c32ee7b77c","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-x2pw-9c38-cp2j","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-x2pw-9c38-cp2j","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40929","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40929 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/commentDelete.jso…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/commentDelete.json.php` is a state-mutating JSON endpoint that deletes comments but performs no CSRF validation. It does not call `forbidIfIsUntrustedRequest()`, does not verify a CSRF/global token, and does not check…","indicators":{"cves":["CVE-2026-40929"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:20.433Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/184f36b1896f3364f864f17c1acca3dd8df3af27","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-8qm8-g55h-xmqr","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-8qm8-g55h-xmqr","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40935","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40935 — WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/getCaptcha.php` a…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/getCaptcha.php` accepts the CAPTCHA length (`ql`) directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined w…","indicators":{"cves":["CVE-2026-40935"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:20.577Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/bf1c76989e6a9054be4f0eb009d68f0f2464b453","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-hg7g-56h5-5pqr","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-hg7g-56h5-5pqr","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41061","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41061 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isValidDuration()` re…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isValidDuration()` regex at `objects/video.php:918` uses `/^[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}/` without a `$` end anchor, allowing arbitrary HTML/JavaScript to be appended after a valid duration prefix. The crafted duratio…","indicators":{"cves":["CVE-2026-41061"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:21.387Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/bcba324644df8b4ed1f891462455f1cd26822a45","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-8pv3-29pp-pf8f","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-8pv3-29pp-pf8f","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41062","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41062 — WWBN AVideo is an open source video platform. In versions 29.0 and below, the directory traversal fi…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and below, the directory traversal fix introduced in commit 2375eb5e0 for `objects/aVideoEncoderReceiveImage.json.php` only checks the URL path component (via `parse_url($url, PHP_URL_PATH)`) for `..` sequences. However, the downstream f…","indicators":{"cves":["CVE-2026-41062"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:21.520Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/2375eb5e0a6d3cbcfb05377657d0820a7d470b1d","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/commit/bd11c16ec894698e54e2cdae25026c61ad1ed441","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-f4f9-627c-jh33","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-m63r-m9jh-3vc6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-m63r-m9jh-3vc6","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41063","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41063 — WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete XSS fix in A…","description":"WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete XSS fix in AVideo's `ParsedownSafeWithLinks` class overrides `inlineMarkup` for raw HTML but does not override `inlineLink()` or `inlineUrlTag()`, allowing `javascript:` URLs in markdown link syntax to bypass san…","indicators":{"cves":["CVE-2026-41063"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:21.663Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/WWBN/AVideo/commit/3ae02fa240939dbefc5949d64f05790fd25d728d","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/commit/cae8f0dadbdd962c89b91d0095c76edb8aadcacf","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-72h5-39r7-r26j","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-m7r8-6q9j-m2hc","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-m7r8-6q9j-m2hc","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41126","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41126 — BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect th…","description":"BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect through bigbluebutton/api/join via get-parameter \"logoutURL.\" Version 3.0.24 has adjusted the handling of requests with incorrect checksum so that the default logoutURL is used. No known workarounds are…","indicators":{"cves":["CVE-2026-41126"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T00:16:28.327Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-cvwj-4pcp-f3g8","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41127","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41127 — BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have a missing authoriza…","description":"BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have a missing authorization that allows viewers to inject/overwrite captions Version 3.0.24 tightened the permissions on who is able to submit captions. No known workarounds are available.","indicators":{"cves":["CVE-2026-41127"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T00:16:28.463Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-q387-2q28-mg33","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41131","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41131 — OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in spec…","description":"OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in specific scenarios, models using conditions with caching enabled can result in two different check requests producing the same cache key. This could result in OpenFGA reusing an earlier cached result for…","indicators":{"cves":["CVE-2026-41131"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T00:16:29.013Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/openfga/openfga/releases/tag/v1.14.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/openfga/openfga/security/advisories/GHSA-57j5-qwp2-vqp6","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6386","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6386 — In order to apply a particular protection key to an address range, the kernel must update the corres…","description":"In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries.  The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shm_create_largepage(3) interface.  In particular, i…","indicators":{"cves":["CVE-2026-6386"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T03:16:01.313Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://security.freebsd.org/advisories/FreeBSD-SA-26:11.amd64.asc","label":"secteam@freebsd.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6833","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6833 — The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote atta…","description":"The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.","indicators":{"cves":["CVE-2026-6833"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T04:16:07.303Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.twcert.org.tw/en/cp-139-10834-eb3ee-2.html","label":"twcert@cert.org.tw","domainType":"other"},{"url":"https://www.twcert.org.tw/tw/cp-132-10833-e3a53-1.html","label":"twcert@cert.org.tw","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6834","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6834 — The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated rem…","description":"The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method.","indicators":{"cves":["CVE-2026-6834"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T04:16:09.307Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.twcert.org.tw/en/cp-139-10834-eb3ee-2.html","label":"twcert@cert.org.tw","domainType":"other"},{"url":"https://www.twcert.org.tw/tw/cp-132-10833-e3a53-1.html","label":"twcert@cert.org.tw","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6835","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6835 — The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated…","description":"The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload arbitrary files to any path, including HTML documents, which may result in a XSS-like effect.","indicators":{"cves":["CVE-2026-6835"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T04:16:09.560Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.twcert.org.tw/en/cp-139-10836-ed15f-2.html","label":"twcert@cert.org.tw","domainType":"other"},{"url":"https://www.twcert.org.tw/tw/cp-132-10835-cb0c2-1.html","label":"twcert@cert.org.tw","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22747","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-22747 — Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle cer…","description":"Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user.\nThi…","indicators":{"cves":["CVE-2026-22747"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T06:16:03.933Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://spring.io/security/cve-2026-22747","label":"security@vmware.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22748","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-22748 — Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtD…","description":"Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder  or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator<Jwt> separately, for example by calling setJwtValidator.This issue affects Spring Security: from 6.3.0 through 6.3.14, fr…","indicators":{"cves":["CVE-2026-22748"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T06:16:04.040Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://spring.io/security/cve-2026-22748","label":"security@vmware.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40448","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40448 — Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory a…","description":"Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory allocation for large tensors in Samsung Open Source ONE.\nAffected version is prior to commit  1.30.0.","indicators":{"cves":["CVE-2026-40448"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:12.500Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/Samsung/ONE/pull/16481","label":"PSIRT@samsung.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40449","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40449 — Integer overflow in buffer size calculation could result in out of bounds memory access when handlin…","description":"Integer overflow in buffer size calculation could result in out of bounds memory access when handling large tensors in Samsung Open Source ONE.\nAffected version is prior to commit  1.30.0.","indicators":{"cves":["CVE-2026-40449"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:13.450Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/Samsung/ONE/pull/16481","label":"PSIRT@samsung.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40450","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-40450 — Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incor…","description":"Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incorrect copy length and memory corruption for oversized tensors.\nAffected version is prior to commit  1.30.0.","indicators":{"cves":["CVE-2026-40450"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:13.553Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/Samsung/ONE/pull/16481","label":"PSIRT@samsung.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41664","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41664 — Integer overflow in memory copy size calculation in Samsung Open Source ONE could lead to invalid me…","description":"Integer overflow in memory copy size calculation in Samsung Open Source ONE could lead to invalid memory operations with large tensor shapes.\nAffected version is prior to commit  1.30.0.","indicators":{"cves":["CVE-2026-41664"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:13.657Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/Samsung/ONE/pull/16481","label":"PSIRT@samsung.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41665","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41665 — Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause…","description":"Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause incorrect memory initialization for large intermediate tensors.\nAffected version is prior to commit  1.30.0.","indicators":{"cves":["CVE-2026-41665"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:13.763Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/Samsung/ONE/pull/16481","label":"PSIRT@samsung.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41666","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41666 — Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bou…","description":"Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bounds access during loop state propagation.\nAffected version is prior to commit  1.30.0.","indicators":{"cves":["CVE-2026-41666"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:13.867Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/Samsung/ONE/pull/16481","label":"PSIRT@samsung.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41667","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41667 — Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause inc…","description":"Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large constant nodes.\nAffected version is prior to commit  1.30.0.","indicators":{"cves":["CVE-2026-41667"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:13.990Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/Samsung/ONE/pull/16481","label":"PSIRT@samsung.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6839","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6839 — Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out o…","description":"Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE\nAffected version is prior to commit  1.30.0.","indicators":{"cves":["CVE-2026-6839"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:14.957Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/Samsung/ONE/pull/16481","label":"PSIRT@samsung.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6840","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6840 — Missing bounds validation for operator could allow out of range operator-code lookup during model lo…","description":"Missing bounds validation for operator could  allow out of range operator-code lookup during model loading\nAffected version is prior to commit  1.30.0.","indicators":{"cves":["CVE-2026-6840"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:15.067Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/Samsung/ONE/pull/16481","label":"PSIRT@samsung.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-1379","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1379 — The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin setting…","description":"The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and…","indicators":{"cves":["CVE-2026-1379"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:19.667Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/http-headers/tags/1.19.2/views/manual.php#L18","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/trunk/views/manual.php#L18","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/02e63068-02a8-4106-b64e-430c24815e55?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1845","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1845 — The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin sett…","description":"The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an…","indicators":{"cves":["CVE-2026-1845"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:20.650Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://wordpress.org/plugins/re-pro/","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1978fd4f-f130-4e72-85df-24a6f9aebfe2?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-2714","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-2714 — The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '…","description":"The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Admi…","indicators":{"cves":["CVE-2026-2714"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:20.817Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/institute-management/tags/5.5/admin/inc/wl_im_settings.php#L47","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/institute-management/trunk/admin/inc/wl_im_settings.php#L47","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1fd62c3d-2c15-4d1c-9210-4c2aca379fe3?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-2717","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-2717 — The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and inc…","description":"The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and including, 1.19.2. This is due to insufficient sanitization of custom header name and value fields before writing them to the Apache .htaccess file via `insert_with_markers()`. This makes it possible for…","indicators":{"cves":["CVE-2026-2717"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:20.987Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/http-headers/tags/1.19.2/http-headers.php#L1098","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/tags/1.19.2/http-headers.php#L745","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/trunk/http-headers.php#L1098","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/http-headers/trunk/http-headers.php#L745","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7716e77f-e899-4046-9421-86fc0c36c245?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-2719","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-2719 — The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exce…","description":"The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to, and including, 0.4.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-…","indicators":{"cves":["CVE-2026-2719"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:21.130Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/private-wp-suite/tags/0.4.1/private-wp-suite.php#L153","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/private-wp-suite/trunk/private-wp-suite.php#L153","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/af88a631-c4ec-47ec-ad9b-1ef38ea1be09?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3362","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3362 — The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '…","description":"The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Minimum Count' settings field in all versions up to and including 2.2. This is due to insufficient input sanitization (no sanitize callback on register_setting) and missing output escaping (no esc_att…","indicators":{"cves":["CVE-2026-3362"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:21.757Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/short-comment-filter/tags/2.2/classes/short-comment-filter-settings.php#L21","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/short-comment-filter/tags/2.2/classes/short-comment-filter-settings.php#L54","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/short-comment-filter/tags/2.2/classes/short-comment-filter-settings.php#L61","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/short-comment-filter/tags/2.2/views/settings.php#L25","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/short-comment-filter/trunk/classes/short-comment-filter-settings.php#L21","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/short-comment-filter/trunk/classes/short-comment-filter-settings.php#L54","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/short-comment-filter/trunk/classes/short-comment-filter-settings.php#L61","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/short-comment-filter/trunk/views/settings.php#L25","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4ba46475-bf54-49a8-9b0e-fae3fb4e1df9?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4074","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4074 — The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t…","description":"The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cheikh' and 'lang' shortcode attributes in all versions up to, and including, 1.0.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The q…","indicators":{"cves":["CVE-2026-4074"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:21.947Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/quran-live/tags/1.0.3/inc/Class_QuranLive.php#L191","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/tags/1.0.3/inc/Class_QuranLive.php#L216","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/tags/1.0.3/inc/Class_QuranLive.php#L217","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/tags/1.0.3/inc/Class_QuranLive.php#L245","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/tags/1.0.3/inc/Class_QuranLive.php#L246","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/tags/1.0.3/quran-live.php#L110","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/trunk/inc/Class_QuranLive.php#L191","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/trunk/inc/Class_QuranLive.php#L216","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/trunk/inc/Class_QuranLive.php#L217","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/trunk/inc/Class_QuranLive.php#L245","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/trunk/inc/Class_QuranLive.php#L246","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/quran-live/trunk/quran-live.php#L110","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/883484dd-d48d-46f9-ae96-223626c50039?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4076","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4076 — The Slider Bootstrap Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via…","description":"The Slider Bootstrap Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'category' and 'template' shortcode attributes in all versions up to and including 1.0.7. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes.…","indicators":{"cves":["CVE-2026-4076"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:22.117Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/tags/1.0.7/includes/sbc-shortcode.php#L109","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/tags/1.0.7/includes/sbc-shortcode.php#L113","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/tags/1.0.7/includes/sbc-shortcode.php#L38","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/tags/1.0.7/includes/sbc-shortcode.php#L47","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/tags/1.0.7/includes/sbc-shortcode.php#L7","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/tags/1.0.7/includes/sbc-shortcode.php#L93","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/trunk/includes/sbc-shortcode.php#L109","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/trunk/includes/sbc-shortcode.php#L113","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/trunk/includes/sbc-shortcode.php#L38","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/trunk/includes/sbc-shortcode.php#L47","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/trunk/includes/sbc-shortcode.php#L7","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slider-bootstrap-carousel/trunk/includes/sbc-shortcode.php#L93","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/26fe0b7b-dbf8-467f-b5e2-86a858eeaf89?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4082","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4082 — The ER Swiffy Insert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [swif…","description":"The ER Swiffy Insert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [swiffy] shortcode in all versions up to and including 1.0.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes ('n', 'w', 'h'). These attributes are…","indicators":{"cves":["CVE-2026-4082"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:22.273Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/er-swiffy-insert/tags/1.0.0/er-swiffy-insert.php#L49","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/er-swiffy-insert/tags/1.0.0/er-swiffy-insert.php#L56","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/er-swiffy-insert/trunk/er-swiffy-insert.php#L49","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/er-swiffy-insert/trunk/er-swiffy-insert.php#L56","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/074d9712-9b26-47da-9e24-49854fd7257c?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4085","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4085 — The Easy Social Photos Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via…","description":"The Easy Social Photos Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapper_class' shortcode attribute of the 'my-instagram-feed' shortcode in all versions up to, and including, 3.1.2. This is due to insufficient input sanitization and output escaping on user su…","indicators":{"cves":["CVE-2026-4085"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:22.417Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/my-instagram-feed/tags/3.1.2/frontend/class-my-instagram-feed-frontend.php#L53","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/my-instagram-feed/tags/3.1.2/frontend/views/feed.php#L102","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/my-instagram-feed/trunk/frontend/class-my-instagram-feed-frontend.php#L53","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/my-instagram-feed/trunk/frontend/views/feed.php#L102","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8640724c-0bd4-4684-9fd1-027f2af64e67?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4088","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4088 — The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppw_c…","description":"The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppw_cta_box' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user-supplied post meta values including 'cta_box_button_link', 'cta_…","indicators":{"cves":["CVE-2026-4088"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:22.560Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/switch-cta-box/tags/1.1/inc/box_display_template.php#L14","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/switch-cta-box/tags/1.1/inc/box_display_template.php#L18","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/switch-cta-box/tags/1.1/inc/box_display_template.php#L2","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/switch-cta-box/tags/1.1/inc/shortcode_setup.php#L8","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/switch-cta-box/trunk/inc/box_display_template.php#L14","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/switch-cta-box/trunk/inc/box_display_template.php#L18","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/switch-cta-box/trunk/inc/box_display_template.php#L2","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/switch-cta-box/trunk/inc/shortcode_setup.php#L8","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/19a3fc90-b81c-4451-80e0-cead99a2dcd9?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4089","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4089 — The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id…","description":"The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in all versions up to and including 1.0.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The ttt_twittee_tweeter() fun…","indicators":{"cves":["CVE-2026-4089"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:22.713Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/twittee-text-tweet/tags/1.0.8/ttt-twittee-text-tweet.php#L55","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/twittee-text-tweet/tags/1.0.8/ttt-twittee-text-tweet.php#L87","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/twittee-text-tweet/trunk/ttt-twittee-text-tweet.php#L55","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/twittee-text-tweet/trunk/ttt-twittee-text-tweet.php#L87","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4d678e97-f466-4640-83ee-a3a24550e8d8?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4090","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4090 — The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up…","description":"The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in the rd_ic_settings_page function when processing settings form submissions. This makes it possible for unauthenticated attackers…","indicators":{"cves":["CVE-2026-4090"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:22.867Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/tags/0.0.0.0/includes/inquiry-cart-shortcode.php#L32","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/tags/0.0.0.0/includes/inquiry-cart-shortcode.php#L34","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/tags/0.0.0.0/includes/settings-page.php#L21","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/tags/0.0.0.0/includes/settings-page.php#L46","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/tags/0.0.0.0/includes/settings-page.php#L47","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/tags/0.0.0.0/includes/settings-page.php#L48","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/tags/0.0.0.0/includes/settings-page.php#L49","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/tags/0.0.0.0/includes/settings-page.php#L6","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/trunk/includes/inquiry-cart-shortcode.php#L32","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/trunk/includes/inquiry-cart-shortcode.php#L34","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/trunk/includes/settings-page.php#L21","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/trunk/includes/settings-page.php#L46","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/trunk/includes/settings-page.php#L47","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/trunk/includes/settings-page.php#L48","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/trunk/includes/settings-page.php#L49","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/inquiry-cart/trunk/includes/settings-page.php#L6","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/772e9b2b-b2d5-4950-804b-d0914004710c?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4117","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4117 — The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and incl…","description":"The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5. This is due to a missing capability check in the CalJSettingsPage class constructor, which processes the 'save-obtained-key' operation directly from POST data without verifying that the re…","indicators":{"cves":["CVE-2026-4117"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:23.027Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/calj/tags/1.5/CalJSettingsPage.php#L25","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/calj/tags/1.5/CalJSettingsPage.php#L30","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/calj/tags/1.5/calj.php#L17","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/calj/trunk/CalJSettingsPage.php#L25","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/calj/trunk/CalJSettingsPage.php#L30","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/calj/trunk/calj.php#L17","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d1c7df8e-2f82-4474-88ef-8c8ddaeb4656?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4118","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4118 — The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ve…","description":"The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.3. This is due to missing nonce validation in the cbox_options_page() function which handles saving, creating, and deleting plugin settings. The form rendered on the s…","indicators":{"cves":["CVE-2026-4118"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:23.180Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/call-to-action-plugin/tags/3.1.3/call-to-action-plugin.php#L41","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/call-to-action-plugin/tags/3.1.3/call-to-action-plugin.php#L55","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/call-to-action-plugin/tags/3.1.3/call-to-action-plugin.php#L69","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/call-to-action-plugin/tags/3.1.3/call-to-action-plugin.php#L76","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/call-to-action-plugin/trunk/call-to-action-plugin.php#L41","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/call-to-action-plugin/trunk/call-to-action-plugin.php#L55","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/call-to-action-plugin/trunk/call-to-action-plugin.php#L69","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/call-to-action-plugin/trunk/call-to-action-plugin.php#L76","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6d15f5de-9ec9-466d-aafe-6304356ccb39?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4121","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4121 — The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to…","description":"The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.1. This is due to missing nonce validation in the plugin's settings page handler (admin/setting.php). The settings form does not include a wp_nonce_field() and the form processing co…","indicators":{"cves":["CVE-2026-4121"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:23.490Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/kcaptcha/tags/1.0.1/admin/setting.php#L12","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/kcaptcha/tags/1.0.1/admin/setting.php#L30","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/kcaptcha/tags/1.0.1/admin/setting.php#L47","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/kcaptcha/trunk/admin/setting.php#L12","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/kcaptcha/trunk/admin/setting.php#L30","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/kcaptcha/trunk/admin/setting.php#L47","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a6c1c73b-76e3-4cb9-ad53-9d5d4e7519c9?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4125","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4125 — The WPMK Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' sho…","description":"The WPMK Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, in the wpmk_block_sh…","indicators":{"cves":["CVE-2026-4125"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:23.633Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/wpmk-block/tags/1.0.1/classes/wpmk-block-class.php#L82","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wpmk-block/tags/1.0.1/classes/wpmk-block-class.php#L97","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wpmk-block/trunk/classes/wpmk-block-class.php#L82","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wpmk-block/trunk/classes/wpmk-block-class.php#L97","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5e397c7a-2aef-4c23-a224-e324ea4bb4b1?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4126","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4126 — The Table Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versio…","description":"The Table Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0 via the 'table_manager' shortcode. The shortcode handler `tablemanager_render_table_shortcode()` takes a user-controlled `table` attribute, applies only `sanitize_key()`…","indicators":{"cves":["CVE-2026-4126"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:23.777Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/table-manager/tags/1.0.0/table-manager.php#L561","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/table-manager/tags/1.0.0/table-manager.php#L572","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/table-manager/tags/1.0.0/table-manager.php#L573","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/table-manager/trunk/table-manager.php#L561","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/table-manager/trunk/table-manager.php#L572","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/table-manager/trunk/table-manager.php#L573","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/25b3607c-f99e-4359-8228-0f3452f80aac?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4128","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4128 — The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing Authorization…","description":"The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. The delete_term() function, which handles the 'tpmcattt_delete_term' AJAX action, does not perform any capability check (e.g., current_user_can()) to veri…","indicators":{"cves":["CVE-2026-4128"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:23.930Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/tp-restore-categories-and-taxonomies/tags/1.0.1/admin/class-tp-move-categories-and-taxonomies-to-trash-admin.php#L474","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/tp-restore-categories-and-taxonomies/tags/1.0.1/includes/class-tp-move-categories-and-taxonomies-to-trash.php#L169","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/tp-restore-categories-and-taxonomies/trunk/admin/class-tp-move-categories-and-taxonomies-to-trash-admin.php#L474","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/tp-restore-categories-and-taxonomies/trunk/includes/class-tp-move-categories-and-taxonomies-to-trash.php#L169","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/53a0749f-86e9-4f62-9de2-a6759c78ba2f?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4131","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4131 — The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery in…","description":"The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.4. This is due to the settings form on the admin page (wpo_admin_page.php) lacking nonce generation (wp_nonce_field) and verification (wp_verify_nonce/check_admin_re…","indicators":{"cves":["CVE-2026-4131"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:24.080Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/tags/1.4/wp-popup-optin.php#L218","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/tags/1.4/wpo_admin_page.php#L103","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/tags/1.4/wpo_admin_page.php#L104","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/tags/1.4/wpo_admin_page.php#L15","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/tags/1.4/wpo_admin_page.php#L43","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/trunk/wp-popup-optin.php#L218","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/trunk/wpo_admin_page.php#L103","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/trunk/wpo_admin_page.php#L104","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/trunk/wpo_admin_page.php#L15","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/wp-popup-optin/trunk/wpo_admin_page.php#L43","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0a8a49c4-21e8-447c-94da-8241c7d66c29?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4133","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4133 — The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all v…","description":"The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.7. This is due to missing nonce validation in the imTextP2POptionPage() function which processes settings updates. The form at line 314 does not include a wp_nonce_field(…","indicators":{"cves":["CVE-2026-4133"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:24.400Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/textp2p-texting-widget/tags/1.7/inc/admin/im-textp2p-options.php#L299","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/textp2p-texting-widget/tags/1.7/inc/admin/im-textp2p-options.php#L7","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/textp2p-texting-widget/trunk/inc/admin/im-textp2p-options.php#L299","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/textp2p-texting-widget/trunk/inc/admin/im-textp2p-options.php#L7","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2d36fa25-108b-462b-b84e-2e77943b1871?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4138","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4138 — The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all v…","description":"The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing nonce validation on the plugin's settings form in the dxuc-unanswered-comments-admin-page.php file. This makes it possible for unauthenticated…","indicators":{"cves":["CVE-2026-4138"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:24.547Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/dx-unanswered-comments/tags/1.7/dxuc-unanswered-comments-admin-page.php#L13","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/dx-unanswered-comments/tags/1.7/dxuc-unanswered-comments-admin-page.php#L21","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/dx-unanswered-comments/tags/1.7/dxuc-unanswered-comments-admin-page.php#L25","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/dx-unanswered-comments/tags/1.7/dxuc-unanswered-comments-admin-page.php#L40","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/dx-unanswered-comments/trunk/dxuc-unanswered-comments-admin-page.php#L13","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/dx-unanswered-comments/trunk/dxuc-unanswered-comments-admin-page.php#L21","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/dx-unanswered-comments/trunk/dxuc-unanswered-comments-admin-page.php#L25","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/dx-unanswered-comments/trunk/dxuc-unanswered-comments-admin-page.php#L40","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e44dbd0e-d6a7-438b-b1bf-a6628734fec4?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4139","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4139 — The mCatFilter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up t…","description":"The mCatFilter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.5.2. This is due to the complete absence of nonce verification and capability checks in the compute_post() function, which processes settings updates. The compute_post() function is…","indicators":{"cves":["CVE-2026-4139"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:24.707Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/mcatfilter/tags/0.5.2/mcatfilter.php#L138","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/mcatfilter/tags/0.5.2/mcatfilter.php#L320","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/mcatfilter/tags/0.5.2/mcatfilter.php#L339","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/mcatfilter/trunk/mcatfilter.php#L138","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/mcatfilter/trunk/mcatfilter.php#L320","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/mcatfilter/trunk/mcatfilter.php#L339","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/622ee6c8-7739-44ae-b88f-63a93c0a9b20?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4140","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4140 — The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in…","description":"The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.1.6. This is due to missing nonce validation in the ni_order_export_action() AJAX handler function. The handler processes settings updates when the 'page' parameter…","indicators":{"cves":["CVE-2026-4140"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:24.857Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/ni-woocommerce-order-export/tags/3.1.6/include/ni-order-export.php#L136","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/ni-woocommerce-order-export/tags/3.1.6/include/ni-order-setting.php#L59","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/ni-woocommerce-order-export/trunk/include/ni-order-export.php#L136","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/ni-woocommerce-order-export/trunk/include/ni-order-setting.php#L59","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2d62c49c-3a33-4865-abcc-22d8e38ac198?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4142","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4142 — The Sentence To SEO (keywords, description and tags) plugin for WordPress is vulnerable to Stored Cr…","description":"The Sentence To SEO (keywords, description and tags) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Permanent keywords' field in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping. The plugin reads user input via filte…","indicators":{"cves":["CVE-2026-4142"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:25.000Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php#L262","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php#L50","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php#L75","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php#L81","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/tags/1.0/index.php#L87","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php#L262","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php#L50","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php#L75","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php#L81","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/sentence-to-seo/trunk/index.php#L87","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7d11b2db-d097-433f-923c-f49ef2951c0e?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4279","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4279 — The Bread & Butter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'breadb…","description":"The Bread & Butter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'breadbutter-customevent-button' shortcode in all versions up to, and including, 8.2.0.25. This is due to insufficient input sanitization and output escaping on the 'event' shortcode attribute. The customEve…","indicators":{"cves":["CVE-2026-4279"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:25.160Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/bread-butter/tags/8.2.0.25/src/Base/Shortcode.php#L364","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/bread-butter/tags/8.2.0.25/src/Base/Shortcode.php#L380","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/bread-butter/trunk/src/Base/Shortcode.php#L364","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/bread-butter/trunk/src/Base/Shortcode.php#L380","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0728b42b-5ec7-46a2-a9a5-3316107e9324?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4280","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4280 — The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up t…","description":"The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwp_ajax_form AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwp_theme option…","indicators":{"cves":["CVE-2026-4280"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:25.310Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/breaking-news-wp/tags/1.3/breaking-news.php#L366","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/breaking-news-wp/tags/1.3/breaking-news.php#L372","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/breaking-news-wp/tags/1.3/breaking-news.php#L85","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/breaking-news-wp/trunk/breaking-news.php#L366","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/breaking-news-wp/trunk/breaking-news.php#L372","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/breaking-news-wp/trunk/breaking-news.php#L85","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4772b482-f5e5-4707-b012-aca70fc89e49?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4353","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4353 — The CI HUB Connector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id'…","description":"The CI HUB Connector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the `cihub_metadata` shortcode in all versions up to, and including, 1.2.106 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers…","indicators":{"cves":["CVE-2026-4353"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:25.457Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/ci-hub-connector/tags/1.2.106/ci-hub-wordpress-connector.php#L645","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/ci-hub-connector/trunk/ci-hub-wordpress-connector.php#L645","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f4b36468-319a-4de3-9112-bd4a3cf7d637?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5748","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5748 — The Text Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's…","description":"The Text Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ts` shortcode in all versions up to, and including, 0.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,…","indicators":{"cves":["CVE-2026-5748"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:25.700Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/text-snippet/tags/0.0.1/text-snippet.php#L78","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/text-snippet/trunk/text-snippet.php#L78","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8cc7a0f3-6a58-4e42-9341-aecf55d2ccb1?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5767","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5767 — The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin…","description":"The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `slideShowProSC` shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat…","indicators":{"cves":["CVE-2026-5767"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:25.840Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/slideshowpro-shortcode/tags/1.0.2/slideshowpro_sc.php#L287","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/slideshowpro-shortcode/trunk/slideshowpro_sc.php#L287","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/51467cef-9624-4dd9-a368-d3b5fac7bb3d?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5820","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5820 — The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table o…","description":"The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 1.0.6. This is due to the front-end TOC rendering script reading heading text via `innerText` and inserting it into the page using `innerHTML` wi…","indicators":{"cves":["CVE-2026-5820"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:25.977Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/zypento-blocks/tags/1.0.6/assets/js/src/blocks/table-of-contents/view.js#L57","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/zypento-blocks/tags/1.0.6/assets/js/src/blocks/table-of-contents/view.js#L71","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/024a6a0f-f819-40e7-9618-71219c27aa64?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6041","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6041 — The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom…","description":"The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom Buzz Avatar' (buzz_comments_avatar_image) setting in all versions up to, and including, 0.9.4. This is due to insufficient input sanitization and output escaping. This makes it possible for authentica…","indicators":{"cves":["CVE-2026-6041"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:26.123Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/buzz-comments/trunk/admin.tpl.php#L36","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/buzz-comments/trunk/buzzComments_class.php#L187","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1516ebe7-4d16-4e97-9baa-bc5857f95126?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6236","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6236 — The Posts map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' short…","description":"The Posts map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' shortcode attribute in all versions up to, and including, 0.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, w…","indicators":{"cves":["CVE-2026-6236"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:26.400Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/posts-map/tags/0.1.3/posts-map.php#L33","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/posts-map/tags/0.1.3/posts-map.php#L78","label":"security@wordfence.com","domainType":"other"},{"url":"https://wordpress.org/plugins/posts-map/","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e02c5817-7a54-4958-a076-71e5e7729cda?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6246","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6246 — The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting…","description":"The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'container_right_width' attribute of the 'simple_random_posts' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping on user supplied a…","indicators":{"cves":["CVE-2026-6246"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:26.540Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/simple-random-posts-shortcode/tags/0.3/simple-random-posts-shortcode.php#L54","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/simple-random-posts-shortcode/trunk/simple-random-posts-shortcode.php#L54","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7d61e6ea-4975-452a-8f9c-1c6d428372ac?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6294","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6294 — The Google PageRank Display plugin for WordPress is vulnerable to Cross-Site Request Forgery in vers…","description":"The Google PageRank Display plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4. This is due to missing nonce validation in the gpdisplay_option() function, which handles the plugin settings page. The settings form does not include a wp_nonce_field(),…","indicators":{"cves":["CVE-2026-6294"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:26.677Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/google-pagerank-display/tags/1.4/gpdisplay.php#L32","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/google-pagerank-display/tags/1.4/gpdisplay.php#L56","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/google-pagerank-display/trunk/gpdisplay.php#L32","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/google-pagerank-display/trunk/gpdisplay.php#L56","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e39ebe27-7780-48b6-8dca-7da7a78fce69?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6396","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6396 — The Fast & Fancy Filter – 3F plugin for WordPress is vulnerable to Cross-Site Request Forgery in ver…","description":"The Fast & Fancy Filter – 3F plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce verification in the saveFields() function, which handles the fff_save_settins AJAX action. This makes it possible for unauthenticated atta…","indicators":{"cves":["CVE-2026-6396"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:26.810Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/fast-fancy-filter-3f/tags/1.2.2/includes/admin/class-admin.php#L24","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/fast-fancy-filter-3f/tags/1.2.2/includes/admin/class-admin.php#L419","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/fast-fancy-filter-3f/trunk/includes/admin/class-admin.php#L24","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/fast-fancy-filter-3f/trunk/includes/admin/class-admin.php#L419","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4b5fbf2c-1231-482f-b5a5-819f31da3524?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6843","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6843 — A flaw was found in nano. A local user could exploit a format string vulnerability in the `statuslin…","description":"A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application attempts to display this name, leading to a segmentation fault (SEGV). This results in a Denial of Se…","indicators":{"cves":["CVE-2026-6843"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:26.963Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6843","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460017","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6844","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6844 — A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit tw…","description":"A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable Format (ELF) file. One vulnerability, a resource exhaustion (CWE-400), can lead to an out-of-memory c…","indicators":{"cves":["CVE-2026-6844"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:27.140Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6844","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460016","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6845","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6845 — A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a…","description":"A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw can lead to the syste…","indicators":{"cves":["CVE-2026-6845"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:27.373Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6845","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460012","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1395","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1395 — The Gutentools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Slider…","description":"The Gutentools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Slider block's block_id attribute in all versions up to, and including, 1.1.3. This is due to insufficient input sanitization and output escaping combined with a custom unescaping routine that reintroduces…","indicators":{"cves":["CVE-2026-1395"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:50.437Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/gutentools/tags/1.1.3/core/blocks/post-slider.php#L232","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/gutentools/trunk/core/blocks/post-slider.php#L232","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/gutentools/trunk/core/gutentools_block.php#L123","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset/3476597/gutentools/trunk/core/blocks/post-slider.php","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b2683b4e-b993-4c84-b7cc-a2cb511b4097?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1913","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1913 — The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t…","description":"The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login_link shortcode in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the 'prefix' attribute. This makes it possible for authentica…","indicators":{"cves":["CVE-2026-1913"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:50.853Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/gallagher-website-design/tags/2.6.4/gallagher-website-design.php#L203","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/gallagher-website-design/trunk/gallagher-website-design.php#L203","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3454227%40gallagher-website-design&new=3454227%40gallagher-website-design&sfp_email=&sfph_mail=","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d8d013ae-a512-454a-bcfc-8725a6928fee?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1930","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1930 — The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a missi…","description":"The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the page_options_ajax_disconnect() function in all versions up to, and including, 3.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and abo…","indicators":{"cves":["CVE-2026-1930"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:51.000Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://plugins.trac.wordpress.org/browser/emailchef/tags/3.5.1/admin/class-emailchef-admin.php#L121","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/emailchef/tags/3.5.1/admin/class-emailchef-admin.php#L200","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/emailchef/trunk/admin/class-emailchef-admin.php#L121","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/browser/emailchef/trunk/admin/class-emailchef-admin.php#L200","label":"security@wordfence.com","domainType":"other"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3474353%40emailchef&new=3474353%40emailchef&sfp_email=&sfph_mail=","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3ae02595-17f0-472d-bc4f-6169cce7a583?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33256","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33256 — An attacker can send a web request that causes unlimited memory allocation in the internal web serve…","description":"An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.","indicators":{"cves":["CVE-2026-33256","CVE-2026-33257","CVE-2026-33260"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:51.193Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","label":"security@open-xchange.com","domainType":"other"},{"url":"https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html","label":"security@open-xchange.com","domainType":"other"},{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33258","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33258 — By publishing and querying a crafted zone an attacker can cause allocation of large entries in the n…","description":"By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC(3) caches.","indicators":{"cves":["CVE-2026-33258"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:51.460Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33259","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33259 — Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free a…","description":"Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur with a malfunctioning RPZ provider.","indicators":{"cves":["CVE-2026-33259"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:51.580Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33261","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33261 — A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of s…","description":"A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service.","indicators":{"cves":["CVE-2026-33261"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:51.857Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33262","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33262 — An attacker can send replies that result in a null pointer dereference, caused by a missing consiste…","description":"An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are disabled by default.","indicators":{"cves":["CVE-2026-33262"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:51.997Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33600","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33600 — An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by…","description":"An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.","indicators":{"cves":["CVE-2026-33600"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:52.107Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33601","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33601 — If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zo…","description":"If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.","indicators":{"cves":["CVE-2026-33601"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:52.223Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6848","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6848 — A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive…","description":"A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with access to an idle authent…","indicators":{"cves":["CVE-2026-6848"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:16:52.347Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6848","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460119","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31192","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-31192 — Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5.6.…","description":"Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5.6.76.0 allows attackers to obtain sensitive user data via a crafted request.","indicators":{"cves":["CVE-2026-31192"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:36.420Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS","label":"cve@mitre.org","domainType":"other"},{"url":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Origin","label":"cve@mitre.org","domainType":"other"},{"url":"https://github.com/incoggeek/vulnerability-research/tree/master/CVE-2026-31192","label":"cve@mitre.org","domainType":"primary"},{"url":"https://support.google.com/chrome_webstore/answer/2664769?hl=en","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33254","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33254 — An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memor…","description":"An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default.","indicators":{"cves":["CVE-2026-33254"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:53.520Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33594","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33594 — A client can trigger excessive memory allocation by generating a lot of queries that are routed to a…","description":"A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released until the end of the connection.","indicators":{"cves":["CVE-2026-33594"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:53.837Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33595","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33595 — A client can trigger excessive memory allocation by generating a lot of errors responses over a sing…","description":"A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection.","indicators":{"cves":["CVE-2026-33595"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:53.950Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33598","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33598 — A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAd…","description":"A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress() or getAddressListByDomain() on a packet cache.","indicators":{"cves":["CVE-2026-33598"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:54.303Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33602","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33602 — A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum co…","description":"A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service.","indicators":{"cves":["CVE-2026-33602"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:54.537Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33609","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33609 — Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queri…","description":"Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees.","indicators":{"cves":["CVE-2026-33609"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:54.770Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33610","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33610 — A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when…","description":"A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it.","indicators":{"cves":["CVE-2026-33610"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:54.887Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33611","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-33611 — An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS…","description":"An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend.","indicators":{"cves":["CVE-2026-33611"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:55.000Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6355","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6355 — A vulnerability in the web application allows unauthorized users to access and manipulate sensitive…","description":"A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This could lead to unauthorized access to sensitive information and unauthorized changes to the tenant's configuration.","indicators":{"cves":["CVE-2026-6355"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:17:06.627Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/Penguinsecq/CVE-2026-6355/","label":"cret@cert.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6861","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6861 — A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs proc…","description":"A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG (Scalable Vector Graphics) CSS (Cascading Style Sheets) data. A local user could exploit this by convincing a victim to open a malicious SVG file, which may lead to a denia…","indicators":{"cves":["CVE-2026-6861"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:17:07.860Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6861","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2459992","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6862","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6862 — A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fai…","description":"A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI (Extensible Firmware Interface) device path node header. A local user could exploit this vulnerab…","indicators":{"cves":["CVE-2026-6862"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:17:08.060Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6862","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2459982","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-58922","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-58922 — Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request Forge…","description":"Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2.","indicators":{"cves":["CVE-2025-58922"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T16:16:51.963Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://patchstack.com/database/wordpress/theme/avada/vulnerability/wordpress-avada-theme-7-13-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve","label":"audit@patchstack.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-30139","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-30139 — A reflected cross-site scripting (XSS) vulnerability in the AdvancedSearch functionality of Silverpe…","description":"A reflected cross-site scripting (XSS) vulnerability in the AdvancedSearch functionality of Silverpeas Core before version 6.4.6 allows attackers to execute arbitrary JavaScript in the context of a user's browser via crafted input.","indicators":{"cves":["CVE-2026-30139"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T16:16:53.367Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/Silverpeas/Silverpeas-Core/pull/1421","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/bodd1593/CVEs-huyle/tree/main/CVE-2026-30139","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/bodd1593/CVEs-huyle/tree/main/CVE-2026-30139","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2025-0186","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-0186 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.9.6, 18.10…","description":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service under certain conditions by exhausting server resources by making crafted requests to…","indicators":{"cves":["CVE-2025-0186"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:32.950Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/","label":"cve@gitlab.com","domainType":"other"},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/511312","label":"cve@gitlab.com","domainType":"other"},{"url":"https://hackerone.com/reports/2915694","label":"cve@gitlab.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-3922","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-3922 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.4 before 18.9.6, 18.10…","description":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.4 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service by overwhelming system resources under certain conditions due to insufficient resourc…","indicators":{"cves":["CVE-2025-3922"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:33.123Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/","label":"cve@gitlab.com","domainType":"other"},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/537422","label":"cve@gitlab.com","domainType":"other"},{"url":"https://hackerone.com/reports/3098035","label":"cve@gitlab.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-6016","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-6016 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.9.6, 18.10…","description":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service due to insufficient resource allocation limits when retrieving notes under certain con…","indicators":{"cves":["CVE-2025-6016"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:33.410Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/","label":"cve@gitlab.com","domainType":"other"},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/548940","label":"cve@gitlab.com","domainType":"other"},{"url":"https://hackerone.com/reports/3160363","label":"cve@gitlab.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1660","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1660 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10…","description":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to cause denial of service when importing issues due to improper input validation.","indicators":{"cves":["CVE-2026-1660"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:33.697Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/","label":"cve@gitlab.com","domainType":"other"},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/588200","label":"cve@gitlab.com","domainType":"other"},{"url":"https://hackerone.com/reports/3518743","label":"cve@gitlab.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-32885","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-32885 — DDEV is an open-source tool for running local web development environments for PHP and Node.js. Vers…","description":"DDEV is an open-source tool for running local web development environments for PHP and Node.js. Versions prior to 1.25.2 have unsanitized extraction in both `Untar()` and `Unzip()` functions in `pkg/archive/archive.go`. Downloads and extracts archives from remote sources without path validation. Ver…","indicators":{"cves":["CVE-2026-32885"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:34.770Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/ddev/ddev/releases/tag/v1.25.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ddev/ddev/security/advisories/GHSA-x2xq-qhjf-5mvg","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ddev/ddev/security/advisories/GHSA-x2xq-qhjf-5mvg","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35339","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35339 — The recursive mode (-R) of the chmod utility in uutils coreutils incorrectly handles exit codes when…","description":"The recursive mode (-R) of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determined solely by the success or failure of the last file processed. This allows the command to return an exit code of 0 (success) even if erro…","indicators":{"cves":["CVE-2026-35339"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:35.767Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/pull/9793","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.6.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35340","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35340 — A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return…","description":"A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even if earlier ownership o…","indicators":{"cves":["CVE-2026-35340"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:35.923Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/pull/10035","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.6.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35345","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35345 — A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive fil…","description":"A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU tail, the uutils implementation continues to monitor a path after it has been replaced by a symbolic link, subsequently outputting the conten…","indicators":{"cves":["CVE-2026-35345"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:36.627Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/issues/10328","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/10328","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35347","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35347 — The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before p…","description":"The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The are_files_identical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input path…","indicators":{"cves":["CVE-2026-35347"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:36.903Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/pull/9545","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.6.0","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/pull/9545","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35348","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35348 — The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from o…","description":"The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces UTF-8 encoding and utilizes expect(), causing an immediate crash when encountering valid but non-UTF-8 paths. This diverge…","indicators":{"cves":["CVE-2026-35348"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:37.040Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/issues/9696","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/9696","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35349","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35349 — A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protect…","description":"A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to identify the root directory. An attacker or accidental user can bypass this safeguard by using a symb…","indicators":{"cves":["CVE-2026-35349"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:37.190Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/pull/9706","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.7.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35350","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35350 — The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership pr…","description":"The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p (preserve) flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origina…","indicators":{"cves":["CVE-2026-35350"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:37.327Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/issues/9750","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/9750","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35351","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35351 — The mv utility in uutils coreutils fails to preserve file ownership during moves across different fi…","description":"The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and mi…","indicators":{"cves":["CVE-2026-35351"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:37.457Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/issues/9714","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/9714","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35354","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35354 — A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the mv utility of uutils coreutils d…","description":"A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute (xattr) preservation logic uses multiple path-based system calls that perform fresh path-to-inode lookups for each operation. A local attacker with wri…","indicators":{"cves":["CVE-2026-35354"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:37.867Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/issues/10014","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/10014","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35355","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35355 — The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) rac…","description":"The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition during file installation. The implementation unlinks an existing destination file and then recreates it using a path-based operation without the O_EXCL flag. A local attacker can exploit t…","indicators":{"cves":["CVE-2026-35355"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:37.993Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/pull/10067","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.6.0","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/pull/10067","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35356","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35356 — A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the install utility of uutils coreut…","description":"A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent directories and subsequently performs a second path resolution to create the target file, neither of which is anchored to a directory file descri…","indicators":{"cves":["CVE-2026-35356"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:38.130Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/pull/10140","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.7.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35357","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35357 — The cp utility in uutils coreutils is vulnerable to an information disclosure race condition. Destin…","description":"The cp utility in uutils coreutils is vulnerable to an information disclosure race condition. Destination files are initially created with umask-derived permissions (e.g., 0644) before being restricted to their final mode (e.g., 0600) later in the process. A local attacker can race to open the file…","indicators":{"cves":["CVE-2026-35357"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:38.267Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/issues/10011","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/10011","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35358","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35358 — The cp utility in uutils coreutils, when performing recursive copies (-R), incorrectly treats charac…","description":"The cp utility in uutils coreutils, when performing recursive copies (-R), incorrectly treats character and block device nodes as stream sources rather than preserving them. Because the implementation reads bytes into regular files at the destination instead of using mknod, device semantics are dest…","indicators":{"cves":["CVE-2026-35358"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:38.393Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/issues/9746","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/pull/11163","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.7.0","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/9746","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35359","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35359 — A Time-of-Check to Time-of-Use (TOCTOU) vulnerability in the cp utility of uutils coreutils allows a…","description":"A Time-of-Check to Time-of-Use (TOCTOU) vulnerability in the cp utility of uutils coreutils allows an attacker to bypass no-dereference intent. The utility checks if a source path is a symbolic link using path-based metadata but subsequently opens it without the O_NOFOLLOW flag. An attacker with con…","indicators":{"cves":["CVE-2026-35359"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:38.537Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/issues/10017","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/10017","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35360","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35360 — The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race…","description":"The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition during file creation. When the utility identifies a missing path, it later attempts creation using File::create(), which internally uses O_TRUNC. An attacker can exploit this window to creat…","indicators":{"cves":["CVE-2026-35360"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:38.673Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/issues/10019","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/10019","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35363","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35363 — A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms inte…","description":"A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fails to recognize equivalent paths with trailing slashes, such as ./ or .///. An accidental or malicio…","indicators":{"cves":["CVE-2026-35363"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:39.120Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/issues/9749","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35364","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35364 — A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mv utility of uutils coreutils…","description":"A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the destination path before recreating it through a copy operation. A local attacker with write access to the destination directory can exploit this…","indicators":{"cves":["CVE-2026-35364"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:39.737Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/issues/10015","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/10015","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35365","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35365 — The mv utility in uutils coreutils improperly handles directory trees containing symbolic links duri…","description":"The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to res…","indicators":{"cves":["CVE-2026-35365"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:39.900Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/pull/10546","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.7.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35366","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35366 — The printenv utility in uutils coreutils fails to display environment variables containing invalid U…","description":"The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows ma…","indicators":{"cves":["CVE-2026-35366"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:40.167Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/issues/9701","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/pull/9728","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.6.0","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/9701","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35369","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35369 — An argument parsing error in the kill utility of uutils coreutils incorrectly interprets kill -1 as…","description":"An argument parsing error in the kill utility of uutils coreutils incorrectly interprets kill -1 as a request to send the default signal (SIGTERM) to PID -1. Sending a signal to PID -1 causes the kernel to terminate all processes visible to the caller, potentially leading to a system crash or massiv…","indicators":{"cves":["CVE-2026-35369"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:40.687Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/pull/9700","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.6.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35370","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35370 — The id utility in uutils coreutils miscalculates the groups= section of its output. The implementati…","description":"The id utility in uutils coreutils miscalculates the groups= section of its output. The implementation uses a user's real GID instead of their effective GID to compute the group list, leading to potentially divergent output compared to GNU coreutils. Because many scripts and automated processes rely…","indicators":{"cves":["CVE-2026-35370"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:40.833Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/issues/10006","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/10006","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35372","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35372 — A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic lin…","description":"A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic link target even when the --no-dereference (or -n) flag is explicitly provided. The implementation previously only honored the \"no-dereference\" intent if the --force (overwrite) mode was also enabled. Th…","indicators":{"cves":["CVE-2026-35372"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:41.850Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/pull/11253","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.8.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35374","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35374 — A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the split utility of uutils coreutil…","description":"A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the split utility of uutils coreutils. The program attempts to prevent data loss by checking for identity between input and output files using their file paths before initiating the split operation. However, the utility subsequently ope…","indicators":{"cves":["CVE-2026-35374"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:42.127Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/pull/11401","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35376","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35376 — A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the chcon utility of uutils coreutil…","description":"A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the chcon utility of uutils coreutils during recursive operations. The implementation resolves recursive targets using a fresh path lookup (via fts_accpath) rather than binding the traversal and label application to the specific directo…","indicators":{"cves":["CVE-2026-35376"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:42.430Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/pull/11402","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.8.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35380","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-35380 — A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret the…","description":"A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret the literal two-byte string '' (two single quotes) as an empty delimiter. The implementation mistakenly maps this string to the NUL character for both the -d (delimiter) and --output-delimiter options. T…","indicators":{"cves":["CVE-2026-35380"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:43.047Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/pull/11399","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.8.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-3254","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-3254 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that…","description":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into another user's browser due to improper input validation in the Mermaid sandbox.","indicators":{"cves":["CVE-2026-3254","CVE-2026-5377"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:43.433Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/591587","label":"cve@gitlab.com","domainType":"other"},{"url":"https://hackerone.com/reports/3572752","label":"cve@gitlab.com","domainType":"other"},{"url":"https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/","label":"cve@gitlab.com","domainType":"other"},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/595553","label":"cve@gitlab.com","domainType":"other"},{"url":"https://hackerone.com/reports/3640688","label":"cve@gitlab.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6515","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6515 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10…","description":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions.","indicators":{"cves":["CVE-2026-6515"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:44.923Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/","label":"cve@gitlab.com","domainType":"other"},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/595993","label":"cve@gitlab.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41459","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41459 — Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that…","description":"Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed root_path value re…","indicators":{"cves":["CVE-2026-41459"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T19:17:08.643Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/commit/f063e942b4a9bf77a06829e844c2c70316bc45e8","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/thexerteproject/xerteonlinetoolkits/issues/1527","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/xerte-online-toolkits-path-disclosure-via-setup","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://xerte.org.uk/index.php/en/downloads-1/category/3-xerte-online-toolkits","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://xerte.org.uk/xertetoolkits_3.15_ChangeLog.html","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41469","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41469 — Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted loadin…","description":"Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted loading of external JavaScript resources from attacker-controlled origins. When chained with the template injection and sandbox escape vulnerabilities present in the same application, the absence of CSP rem…","indicators":{"cves":["CVE-2026-41469"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T19:17:09.000Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22191-POC.py","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22191-SicuroWeb-ATI-chain.txt","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.beghelli.it","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://www.boffsec-services.com/posts/sicuroweb-cve-2026-22191/","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://www.vulncheck.com/advisories/beghelli-sicuro24-sicuroweb-missing-content-security-policy","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34062","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34062 — nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `MessageCode…","description":"nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `MessageCodec::read_request` and `read_response` call `read_to_end()` on inbound substreams, so a remote peer can send only a partial frame and keep the substream open. because `Behaviour::new` also sets `with_ma…","indicators":{"cves":["CVE-2026-34062"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T20:16:40.530Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/nimiq/core-rs-albatross/commit/c021a5337b808c73571b44999f9753051bac7508","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-gh7r-qh4p-q4fr","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-34064","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34064 — nimiq-account contains account primitives to be used in Nimiq's Rust implementation. Prior to versio…","description":"nimiq-account contains account primitives to be used in Nimiq's Rust implementation. Prior to version 1.3.0, `VestingContract::can_change_balance` returns `AccountError::InsufficientFunds` when `new_balance < min_cap`, but it constructs the error using `balance: self.balance - min_cap`. `Coin::sub`…","indicators":{"cves":["CVE-2026-34064"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T20:16:40.900Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/nimiq/core-rs-albatross/commit/4d01946f0b3d6c6e31786f91cdfb3eb902908da0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/pull/3658","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-vc34-39q2-m6q3","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-34066","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34066 — nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version…","description":"nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, `HistoryStore::put_historic_txns` uses an `assert!` to enforce invariants about `HistoricTransaction.block_number` (must be within the macro block being pushed and within the same epoch). Duri…","indicators":{"cves":["CVE-2026-34066"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T20:16:41.237Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/nimiq/core-rs-albatross/commit/6f5511309c199d84b012fe6b9aba7e5582892c50","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/pull/3656","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-j99g-7rqw-q9jg","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-34067","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-34067 — nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prio…","description":"nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, `HistoryTreeProof::verify` panics on a malformed proof where `history.len() != positions.len()` due to `assert_eq!(history.len(), positions.len())`. The proof object is derived fro…","indicators":{"cves":["CVE-2026-34067","CVE-2026-34068"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T21:17:07.760Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/nimiq/core-rs-albatross/commit/6ff0800e8e031363e787c827d8d033e5694e4e6a","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/pull/3659","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-264v-m8fm-76jm","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/commit/e7f0ab7d2115e17d6e5548ddc60f10df1a5d645f","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/pull/3654","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-pf4j-pf3w-95f9","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41170","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41170 — Squidex is an open source headless content management system and content management hub. Prior to ve…","description":"Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the `RestoreController.PostRestoreJob` endpoint allows an administrator to supply an arbitrary URL for downloading backup archives. This URL is fetched using the \"Backup\" `HttpClient` wi…","indicators":{"cves":["CVE-2026-41170","CVE-2026-41172","CVE-2026-41177"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T22:16:31.377Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/Squidex/squidex/commit/b81d75e1d9c1a8e30993c2ee59b350002b9aeda4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/Squidex/squidex/security/advisories/GHSA-6q6m-7h5j-jq4g","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/Squidex/squidex/security/advisories/GHSA-x7cq-4f4c-8qcv","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/Squidex/squidex/security/advisories/GHSA-45fq-w37p-qfw5","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2025-36074","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2025-36074 — IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory coul…","description":"IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload malicious files into the system that can be sent to victims for performing further attacks against…","indicators":{"cves":["CVE-2025-36074"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:43.093Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://www.ibm.com/support/pages/node/7268907","label":"psirt@us.ibm.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1274","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1274 — IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic vulnerabi…","description":"IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic vulnerability in the access management control panel.","indicators":{"cves":["CVE-2026-1274"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:44.583Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://www.ibm.com/support/pages/node/7269445","label":"psirt@us.ibm.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1352","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1352 — IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 C…","description":"IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic.","indicators":{"cves":["CVE-2026-1352"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:44.753Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://www.ibm.com/support/pages/node/7269433","label":"psirt@us.ibm.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4917","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4917 — IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the…","description":"IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to write arbitrary files on the system.","indicators":{"cves":["CVE-2026-4917"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:46.293Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://www.ibm.com/support/pages/node/7270422","label":"psirt@us.ibm.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4918","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4918 — IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability a…","description":"IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.","indicators":{"cves":["CVE-2026-4918"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:46.443Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://www.ibm.com/support/pages/node/7270422","label":"psirt@us.ibm.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-4919","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-4919 — IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows a…","description":"IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.","indicators":{"cves":["CVE-2026-4919"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:46.590Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://www.ibm.com/support/pages/node/7270422","label":"psirt@us.ibm.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5926","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-5926 — IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10…","description":"IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 uses weaker than expected cryptographic algorithms that could allow an attac…","indicators":{"cves":["CVE-2026-5926"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:46.743Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://www.ibm.com/support/pages/node/7269372","label":"psirt@us.ibm.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6874","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6874 — A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function…","description":"A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The exploit…","indicators":{"cves":["CVE-2026-6874"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:47.050Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/August829/CVEP/issues/32","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/795212","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/359039","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/359039/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6878","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6878 — A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of…","description":"A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be di…","indicators":{"cves":["CVE-2026-6878"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:47.233Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/zast-ai/vulnerability-reports/blob/main/bytedance/verl_rce.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/795257","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/359040","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/359040/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1923","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1923 — The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Sc…","description":"The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscr…","indicators":{"cves":["CVE-2026-1923"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:15.737Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3467694/social-rocket","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d92fc04e-201e-4fc3-bbf0-4f2f3de3ee95?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41182","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41182 — LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.…","description":"LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redaction controls (hideOutputs in JS, hide_outputs in Python) do not apply to streaming token events. When…","indicators":{"cves":["CVE-2026-41182"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:16.123Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/langchain-ai/langsmith-sdk/security/advisories/GHSA-rr7j-v2q5-chgv","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"vendor-ir-trends-q1-2026-phishing-reemerges-as-top-initial-access-vector-as-attacks-tar","source":"vendor-blogs","category":"advisory","severity":"medium","title":"IR Trends Q1 2026: Phishing reemerges as top initial access vector, as attacks targeting public administration persist","description":"Phishing reemerged as the most observed means of gaining initial access, accounting for over a third of the engagements where initial access could be determined. Phishing has not been the top vertical for initial access since Q2 2025.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:00:34.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://blog.talosintelligence.com/ir-trends-q1-2026/","label":"Cisco Talos","domainType":"other"}],"feedLabel":null},{"id":"vendor-podcast-it-s-not-you-it-s-your-printer-state-sponsored-and-phishing-threats-in-2","source":"vendor-blogs","category":"advisory","severity":"medium","title":"[Podcast] It's not you, it's your printer: State-sponsored and phishing threats in 2025","description":"In this episode of Talos Takes, Amy and Martin Lee unpack state-sponsored and phishing trends from the 2025 Talos Year in Review.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:29:49.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://blog.talosintelligence.com/podcast-its-not-you-its-your-printer-state-sponsored-and-phishing-threats-in-2025/","label":"Cisco Talos","domainType":"other"}],"feedLabel":null},{"id":"vendor-phishing-and-mfa-exploitation-targeting-the-keys-to-the-kingdom","source":"vendor-blogs","category":"advisory","severity":"medium","title":"Phishing and MFA exploitation: Targeting the keys to the kingdom","description":"In 2025, attackers increasingly targeted weaknesses in multi-factor authentication (MFA) workflows, and phishing attacks leveraged valid, compromised credentials to launch lures from trusted accounts. The trends focused entirely on trust, or the lack thereof, in everyday business operations.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:00:08.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://blog.talosintelligence.com/phishing-and-mfa-exploitation-targeting-the-keys-to-the-kingdom/","label":"Cisco Talos","domainType":"other"}],"feedLabel":null},{"id":"threatfox-1796370","source":"threatfox","category":"threat-intel","severity":"medium","title":"payload: undefined","description":"https://x.com/suyog41/status/2046592187606220864","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[".NET","stage3","CLR-host","stage2","ClickFix","garble","go","EnmityStealer","finger-tcp79","fingerfix","win.fingerfix","finger-delivery","Mirax"],"malwareFamily":"Unknown malware","confidence":100,"publishedAt":"2026-04-23T01:03:34Z","fetchedAt":"2026-04-23T03:00:05.010Z","references":[{"url":"https://x.com/suyog41/status/2046592187606220864","label":"ThreatFox","domainType":"other"},{"url":"https://www.cleafy.com/cleafy-labs/mirax-a-new-android-rat-turning-infected-devices-into-potential-residential-proxy-nodes","label":"ThreatFox","domainType":"other"}],"feedLabel":null},{"id":"otx-69e8c267419390d6722afdd5","source":"otx","category":"threat-intel","severity":"medium","title":"FormBook Malware Uses Phishing, DLL Side-Loading, JavaScript","description":"Two distinct phishing campaigns have been identified targeting companies in Greece, Spain, Slovenia, Bosnia and Central American countries to deliver FormBook data-stealing malware. The first campaign uses RAR attachments containing legitimate executables like Sandboxie ImBox.exe, TikTok desktop, Ad…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"ab0d213d4df3de06bbd2db524fb73282","sha1":"3d1eaf0777aac4c76ff406b9ecf82af7d045b8f3","sha256":"4140d26ecad2fd8a3ea326ee49f5dd8bda3696e0d1ae6e756db6d61d70bf3af4"}},"tags":["formbook","mandark","syscall evasion","obfuscated javascript","data-stealing","panthomvai","mandark loader","ntdll mapping","phishing campaigns","dll side-loading","phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T12:43:19.377Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e8c267419390d6722afdd5","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e8c2ea19756cc9d2899dea","source":"otx","category":"threat-intel","severity":"medium","title":"Dissecting FudCrypt: A Real-World Malware Crypting Service Analysis","description":"FudCrypt is a Cryptor-as-a-Service platform offering subscription-based malware obfuscation for $800 to $2,000 monthly. The service wraps customer payloads in multi-stage deployment packages featuring DLL sideloading, AMSI and ETW interference, silent UAC elevation via CMSTPLUA, and Windows Defender…","indicators":{"cves":[],"ips":[],"domains":["fudcrypt.net","hijacklibs.net","mstelemetrycloud.com","dl.admin334577joagj13.com","advapi32.lib","shell32.lib","winhttp.lib","admin.fudcrypt.net","api.fudcrypt.net","monitoring.fudcrypt.net"],"urls":["http://mstelemetrycloud.com/agent","http://dl.admin334577joagj13.com:443"],"hashes":{"md5":"ffd52dffdfb8340a2dda27fcab828fd1","sha1":"fd491feeaa6c88cfd3bf2a52cb3bb50bdf20026e","sha256":"ff2a0e8e8d8a536bd506d9b79b9db5f2435dc20060f724e040838c1a71b39600"}},"tags":["cmstplua-uac-bypass","azure-trusted-signing","cryptor-as-a-service","dll-sideloading","etw-patching","amsi-bypass","screenconnect","fudcrypt","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T12:45:30.748Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e8c2ea19756cc9d2899dea","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e7a6a0bb463e49c9b7572e","source":"otx","category":"threat-intel","severity":"medium","title":"New NGate variant hides in a trojanized NFC payment app","description":"ESET researchers have identified a new NGate malware variant targeting Android users in Brazil since November 2025. The threat actors trojanized the legitimate HandyPay NFC payment application, likely using AI-generated code, to relay NFC data from victims' payment cards to attacker-controlled devic…","indicators":{"cves":[],"ips":["108.165.230.223"],"domains":["raiffeisen-cz.eu","app.mobil-csob-cz.eu","nfc.cryptomaker.info","protecaocartao.online","spy.ngate.cc"],"urls":[],"hashes":{"md5":"d142bb04f32a50db476b63bbe1ac2ee7","sha1":"a4f793539480677241ef312150e9c02e324c0aa2","sha256":"6e3eea7fb31b8e81026021307247f6eecc5b7f97f35e900796f4786746cde3b8"}},"tags":["handypay trojanization","brazil targeting","ngate","fake lottery","nfc relay","ai-generated code","pin theft","phantomcard","payment card fraud","ransomware","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T16:32:32.765Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e7a6a0bb463e49c9b7572e","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e8738326fb86b891dd3c1f","source":"otx","category":"threat-intel","severity":"medium","title":"March 2026 Phishing Email Trends Report","description":"In March 2026, trojans represented 21% of attachment-based threats, while phishing attacks using fake pages dropped from 42% to 15% month-over-month. Script-based malware increased significantly, with HTML at 14% and JavaScript at 11%. Compressed files including ZIP (14%), RAR (8%), and 7Z (5%) were…","indicators":{"cves":[],"ips":[],"domains":["controller.airdns.org","ccp11nl.hyperhost.ua"],"urls":[],"hashes":{"md5":"0e9bd0c9991b21b13eddb518dee0eecf","sha1":null,"sha256":null}},"tags":["agenttesla","phishing email","trojan campaigns","fake invoices","remcosrat","script-based attacks","credential theft","html phishing","phishing","botnet","infostealer"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:06:43.012Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e8738326fb86b891dd3c1f","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e76908461fbf60038d0105","source":"otx","category":"threat-intel","severity":"medium","title":"Highly destructive Lotus Wiper used in a targeted attack","description":"A highly targeted destructive wiper campaign dubbed 'Lotus Wiper' was discovered targeting the energy and utilities sector in Venezuela during late 2025 and early 2026. The attack begins with batch scripts coordinating execution across networks using domain shares as trigger mechanisms. These script…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"c6d0f67db6a7dbf1f9394d98c1e13670","sha1":null,"sha256":null}},"tags":["destructive attack","targeted campaign","critical infrastructure","batch scripts","venezuela","disk wiping","lotus wiper","energy sector","ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:09:44.593Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e76908461fbf60038d0105","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e6db546f646b9818b7bf0d","source":"otx","category":"threat-intel","severity":"medium","title":"macOS ClickFix Campaign: AppleScript Stealers & New Terminal Protections","description":"A sophisticated ClickFix campaign targets both Windows and macOS users through fake CAPTCHA pages that trick victims into executing malicious commands. The macOS variant deploys an AppleScript-based infostealer that harvests sensitive data including keychain databases, credentials, and session cooki…","indicators":{"cves":[],"ips":["172.94.9.250","172.94.9.250"],"domains":["gen.detect.by.nscloudsandbox.tr","bull-run.fun","spot-wave.fun"],"urls":["https://bull-run.fun/","https://spot-wave.fun/","http://172.94.9.250/d/xxx10108"],"hashes":{"md5":"e12285f507c847b986233991b86b22e3","sha1":null,"sha256":"c07a15640065580e3bbff86eb567050e1a9e9847e2034ff00953ce7eeb2eec41"}},"tags":["clickfix","macos","session hijacking","credential harvesting","cryptocurrency wallet theft","applescript","social engineering","browser data exfiltration","infostealer","phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T02:05:08.869Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e6db546f646b9818b7bf0d","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e68ccac96ab3f866763f12","source":"otx","category":"threat-intel","severity":"medium","title":"Abusing OAuth Device Code Flow","description":"In early 2026, phishing attacks remain a top threat vector in security operations. This analysis covers a novel attack method exploiting Microsoft's OAuth 2.0 Device Authorization Grant (Device Code Flow) to compromise user accounts. Attackers use phishing emails containing Mailchimp's Mandrill serv…","indicators":{"cves":[],"ips":[],"domains":["adobe.safest.org"],"urls":["http://adobe.safest.org/","http://ppsrq.org/so/3dPniokM8/c"],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["persistent access","microsoft entra id","device code flow","graph api","oauth","phishing","credential theft","token hijacking"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T20:30:02.335Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e68ccac96ab3f866763f12","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e734af1069d427edf013a9","source":"otx","category":"threat-intel","severity":"medium","title":"StepDrainer MaaS Platform Targeting Multi-Chain Crypto Wallets and NFT Assets","description":"StepDrainer is a Malware-as-a-Service (MaaS) platform engineered to steal digital assets from cryptocurrency wallets, including fungible tokens and high-value NFT collections. The malware supports more than 20 blockchain networks and incorporates multiple draining techniques, particularly abusing ER…","indicators":{"cves":[],"ips":[],"domains":["aodefevrgdkhqltdnwgzbyjoywrlbntbhfwq.com","moonscan.live","scanclaw.live","aahdjjsivunugynqjvyfbhqnjekniyfboma.com"],"urls":["http://scanclaw.live/KjYQnKB-.php","http://moonscan.live/7w2NU3Z-.php"],"hashes":{"md5":null,"sha1":null,"sha256":"7fd19c564761e2c8c9b583cf30db810e313417c7d3572f637f8cedf4d2cc1e91"}},"tags":["smart contract","stager api","stepdrainer","maas","infostealer","crypto"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T08:26:23.319Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e734af1069d427edf013a9","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e739ee02f0f88b6f9e017a","source":"otx","category":"threat-intel","severity":"medium","title":"Zero-Day Local Privilege Escalation Exploit","description":"RedSun.exe is a publicly available proof-of-concept exploit targeting a zero-day vulnerability in Microsoft Defender that enables local privilege escalation from standard user to SYSTEM-level access on Windows systems. The exploit leverages flawed Defender remediation logic for cloud-tagged maliciou…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"7933bb74a2b3289e8c4b74a43c2149ac","sha1":"f0f0c5a3421f4d00b9da1387ff9d3cc12332b559","sha256":"57a70c383feb9af60b64ab6768a1ca1b3f7394b8c5ffdbfafc8e988d63935120"}},"tags":["redsun","redsun.exe","microsoft defender","windows","zero-day","system access","privilege escalation","tieringengineservice","filesystem manipulation","zeroday"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T08:48:46.405Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e739ee02f0f88b6f9e017a","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e628228cf9938a05a3c669","source":"otx","category":"threat-intel","severity":"medium","title":"FlowerStorm Phishing Kit Targeting Microsoft Credentials via Cloudflare-Backed Infrastructure","description":"IOCs related to FlowerStorm phishing‑kit–driven campaign that delivers fake Microsoft authentication pages via compromised domains fronted by Cloudflare. The activity abuses legitimate cloud and CDN services for delivery while credential harvesting occurs on attacker‑controlled infrastructure, with…","indicators":{"cves":[],"ips":[],"domains":["boysgirlsclubchester.continuousperformance.de","chestersuplandsd.continuousperformance.de","chesteruplandsd.continuousperformance.de","delcofamilyvillage.continuousperformance.de","fleschlawfirm.continuousperformance.de","jbsafetyintl.continuousperformance.de","stevenscollege.continuousperformance.de"],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["flowerstorm","iocs","cloudflare","phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T13:20:34.778Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e628228cf9938a05a3c669","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e5ff33953b2bfaa5b6c105","source":"otx","category":"threat-intel","severity":"medium","title":"FakeWallet crypto stealer spreading in the App Store","description":"In March 2026, over twenty phishing applications were discovered in the Apple App Store masquerading as popular cryptocurrency wallets. These malicious apps redirect users to browser pages that distribute trojanized versions of legitimate wallets designed to steal recovery phrases and private keys.…","indicators":{"cves":[],"ips":[],"domains":["appstoreios.com","iosfc.com","crypto-stroe.cc","helllo2025.com","kkkhhhnnn.com","nmu8n.com","sxsfcc.com","yjzhengruol.com","zmx6f.com","6688cf.jhxrpbgq.com","api.dc1637.xyz","mgi1y.siyangoil.com","mti4ywy4.lahuafa.com","mtjln.siyangoil.com","mziyytm5ytk.ahroar.com","ngy2yjq0otlj.ahroar.com","ntm0mdkzymy3n.oukwww.com","nziwytu5n.lahuafa.com","odm0.siyangoil.com","www.gxzhrc.cn","xz.apps-store.im","zdrhnmjjndu.ulbcl.com"],"urls":["https://139.180.139.209/prod-api/system/confData/getUserConfByKey/","https://6688cf.jhxrpbgq.com/6axqkwuq","https://api.dc1637.xyz","https://api.npoint.io/153b165a59f8f7d7b097","https://appstoreios.com/DjZH?key=646556306F6Q465O313L737N3332939Y353I830F31","https://crypto-stroe.cc/","https://helllo2025.com/api/open/postByTokenpocket","https://iosfc.com/ledger/ios/Rsakeycatch.php","https://kkkhhhnnn.com/api/open/postByTokenpocket","https://mgi1y.siyangoil.com/vmzLvi4Dh/1Dd0m4BmAuhVVCbzF","https://mti4ywy4.lahuafa.com/UVB2U/mw2ZmvXKUEbzI0n","https://mtjln.siyangoil.com/08dT284P/1ZMz5Xmb0EoQZVvS5","https://mziyytm5ytk.ahroar.com/kAN2pIEaariFb8Yc","https://ngy2yjq0otlj.ahroar.com/17pIWJfr9DBiXYrSb","https://ngy2yjq0otlj.ahroar.com/EpCXMKDMx1roYGJ","https://nmu8n.com/tpocket/ios/Rsakeyword.php","https://ntm0mdkzymy3n.oukwww.com/7nhn7jvv5YieDe7P?0e7b9c78e=686989d97cf0d70346cbde2031207cbf","https://ntm0mdkzymy3n.oukwww.com/jFms03nKTf7RIZN8?61f68b07f8=0565364633b5acdd24a498a6a9ab4eca","https://nziwytu5n.lahuafa.com/10RsW/mw2ZmvXKUEbzI0n","https://odm0.siyangoil.com/TYTmtV8t/JG6T5nvM1AYqAcN","https://sxsfcc.com/api/open/postByTokenpocket","https://www.gxzhrc.cn/download/","https://xz.apps-store.im/CqDq?key=646R563V6F6Y465K313J737G343C3352383R336O35","https://xz.apps-store.im/DjZH?key=646B563L6F6N4657313B737U3436335E3833331737","https://xz.apps-store.im/s/dDan?key=646756376F6A465D313L737J333993473233038L39&c=","https://xz.apps-store.im/s/iuXt?key=646Y563Y6F6H465J313X737U333S9342323N030R34&c=","https://yjzhengruol.com/s/3f605f","https://zdrhnmjjndu.ulbcl.com/7uchSEp6DIEAqux?a3f65e=417ae7f384c49de8c672aec86d5a2860","https://zdrhnmjjndu.ulbcl.com/tWe0ASmXJbDz3KGh?4a1bbe6d=31d25ddf2697b9e13ee883fff328b22f","https://zmx6f.com/btp/ios/receiRsakeyword.php"],"hashes":{"md5":"fd0dc5d4bba740c7b4cc78c4b19a5840","sha1":null,"sha256":null}},"tags":["provisioning profiles","fakewallet","chinese targeting","enterprise certificates","ios","phishing apps","cryptocurrency","sparkkitty","phishing","supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T10:25:55.404Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e5ff33953b2bfaa5b6c105","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e2417e5e4fdd5f16c75dbe","source":"otx","category":"threat-intel","severity":"medium","title":"Untangling a Linux Incident With an OpenAI Twist","description":"A technology sector organization experienced a multi-actor compromise on a Linux endpoint where cryptominers were deployed and credential harvesting occurred. The incident became complex when the legitimate user attempted to troubleshoot suspected malicious activity using OpenAI's Codex AI agent whi…","indicators":{"cves":["CVE-2025-47812"],"ips":["62.60.246.210"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["codex ai","multi-actor","living-off-the-land","linux compromise","edr evasion","credential theft","monero mining","cryptominer","phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:19:42.479Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e2417e5e4fdd5f16c75dbe","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e27c47d37f66809a367479","source":"otx","category":"threat-intel","severity":"medium","title":"From fake Proton VPN sites to gaming mods, this Windows infostealer is everywhere","description":"Multiple campaigns are distributing NWHStealer through diverse delivery methods including fake VPN downloads, hardware utilities, and gaming modifications. The malware collects browser data, saved passwords, and cryptocurrency wallet information. Distribution occurs via fake websites impersonating l…","indicators":{"cves":[],"ips":[],"domains":["get-proton-vpn.com","vpn-proton-setup.com","newworld-helloworld.icu"],"urls":["https://www.onworks.net/software/windows/app-hardware-visualizer"],"hashes":{"md5":"15b2bb2a3d57e2553ff79a7e47101550","sha1":"eaa4260a222b6cf41fb9033a8f3ee213ce85983f","sha256":"e97cb6cbcf2583fe4d8dcabd70d3f67f6cc977fc9a8cbb42f8a2284efe24a1e3"}},"tags":["nwhstealer","fake vpn","dll hijacking","infostealer","process injection","cryptocurrency wallet theft","browser data theft","uac bypass","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T18:30:31.161Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e27c47d37f66809a367479","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e389bd5760ef67b7f37472","source":"otx","category":"threat-intel","severity":"medium","title":"Operation PhantomCLR: Stealth Execution via AppDomain Hijacking and In-Memory .NET Abuse","description":"A highly sophisticated multi-stage post-exploitation framework targeting organizations in the Middle East and EMEA financial sectors exploits legitimate digitally signed Intel utilities through .NET AppDomainManager mechanism abuse. The attack leverages trusted binary proxy execution, bypassing EDR…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"c84e5bb76d90607bc03de133215f800e","sha1":"da346cb32cacd215b9f0b245ad0048815a718dee","sha256":"f2266b45d60f5443c5c9304b5f0246348ad82ca4f63c7554c46642311e3f8b83"}},"tags":["financial sector","reflective loading","jit trampolining","middle east targeting","cloudfront domain fronting","syscall usage","sandbox evasion","appdomainmanager hijacking","apt","phishing","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T13:40:13.550Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e389bd5760ef67b7f37472","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e1f0e855758d808bea9915","source":"otx","category":"threat-intel","severity":"medium","title":"Joomla SEO Spam Injector: Obfuscated PHP Backdoor Hijacking Site Visitors","description":"A compromised Joomla website displayed suspicious product links unrelated to the business. Investigation revealed heavily obfuscated PHP code injected at the top of index.php that contacted external command-and-control servers to receive instructions and manipulate content. The malware acts as a rem…","indicators":{"cves":[],"ips":[],"domains":["lashowroom.com","cdn.erpsaz.com","cdn.saholerp.com"],"urls":["http://cdn.erpsaz.com/admin.php"],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["obfuscation","php backdoor","dynamic content injection","remote loader","joomla","search engine manipulation","command-and-control","seo spam","ransomware","botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:35:52.341Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e1f0e855758d808bea9915","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e1fb9b3bbb36c5db446094","source":"otx","category":"threat-intel","severity":"medium","title":"Direct-Sys Loader and CGrabber Stealer Five-Stage Malware Chain","description":"A sophisticated five-stage malware operation delivers two new malware families: Direct-Sys Loader and CGrabber Stealer. The attack begins with ZIP archives distributed via GitHub user attachment URLs, exploiting a legitimate Microsoft-signed binary (Launcher_x64.exe) for DLL sideloading. Direct-Sys…","indicators":{"cves":[],"ips":[],"domains":["sinixproduction.com","evasivestars.com","attackzombie.com","gogenbydet.cc","playbergs.info","startbuldingship.com","technologytorg.com"],"urls":["http://technologytorg.com/api/auth","http://technologytorg.com/api/upload/chunk","http://technologytorg.com/api/upload/complete","http://technologytorg.com/api/upload/start"],"hashes":{"md5":"ed770654eb36947eec999ea1492452c9","sha1":"c686657afbb6c86e97e1a546cb3a5035b9770f3b","sha256":"fd8bba8b570050cbe0a82f21209eafe1ddaf007f4f5aec100b8b29cae9a76d49"}},"tags":["information stealer","cryptocurrency theft","syscall","direct-sys loader","cgrabber stealer","anti-analysis","dll sideloading","github distribution"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T09:21:31.050Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e1fb9b3bbb36c5db446094","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e0dddf690d636ed8ac9c40","source":"otx","category":"threat-intel","severity":"medium","title":"Beyond the breach: inside a cargo theft actor's post-compromise playbook","description":"A cargo theft threat actor maintained access to a decoy environment for over a month, providing extensive visibility into post-compromise operations. The attacker established redundant persistence using multiple remote access tools, including four ScreenConnect instances, Pulseway RMM, and SimpleHel…","indicators":{"cves":[],"ips":[],"domains":["qto12q.top","carrier-packets-docs.com","amtechcomputers.net","nq251os.top","officcee404.com","af124i1agga.anondns.net","screlay.amtechcomputers.net","signer.bulbcentral.com"],"urls":["https://carrier-packets-docs.com/FREEDOM_FREIGHT_SERVICES_CARRIERS_ONBOARDING.vbs","https://qto12q.top/pdf.ps1"],"hashes":{"md5":"03b8a9da7ca89c139a13681e360d3082","sha1":"d45d60b20006bc3a39ae1761cb5f5f5b067b4ee5","sha256":"f4977bfeae2a957add1aaf01804d2de2a5a5f9f1338f719db661ac4f53528747"}},"tags":["cargo theft","freight fraud","screenconnect","rmm tools","transportation targeting","cryptocurrency stealer","load board compromise","signing-as-a-service","ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T13:02:23.747Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e0dddf690d636ed8ac9c40","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"otx-69e09f9d80e986921250a6f3","source":"otx","category":"threat-intel","severity":"medium","title":"CVE-2026-39987 update: How attackers weaponized marimo to deploy a blockchain botnet via HuggingFace","description":"Three days after disclosure of a critical pre-authorization remote code execution vulnerability in the marimo Python notebook platform, multiple threat actors deployed malware hosted on HuggingFace Spaces. A previously undocumented NKAbuse variant was delivered through a typosquatted HuggingFace Spa…","indicators":{"cves":["CVE-2017-5638","CVE-2026-39987"],"ips":["111.90.145.139","160.30.128.96","185.225.17.176","38.147.173.172","120.227.46.184","185.187.207.193","45.147.97.11","60.249.14.39","92.208.115.60"],"domains":["bskke4.dnslog.cn"],"urls":[],"hashes":{"md5":"bdcb5867f73beae89c3fce46ad5185be","sha1":"9c363fbcc86662ce15cee15e5dd16b71b769ceb4","sha256":"f2960805f89990cb28898e892bbdc5a2f86b6089c68f4ab7f2f5e456a8d0c21d"}},"tags":["huggingface","cve-2026-39987","nkn blockchain","marimo","botnet","rce","supply-chain"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T08:36:45.830Z","fetchedAt":"2026-04-23T03:00:01.373Z","references":[{"url":"https://otx.alienvault.com/pulse/69e09f9d80e986921250a6f3","label":"OTX Pulse","domainType":"primary"}],"feedLabel":null},{"id":"news-webinar-eliminate-ghost-identities-before-they-expose-your-enterprise-data","source":"general-news","category":"news","severity":"medium","title":"[Webinar] Eliminate Ghost Identities Before They Expose Your Enterprise Data","description":"In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching.\nFor every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI agent…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T08:07:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/webinar-find-and-eliminate-orphaned-non.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-obsidian-plugin-abuse-delivers-phantompulse-rat-in-targeted-finance-crypto-attac","source":"general-news","category":"news","severity":"medium","title":"Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks","description":"A \"novel\" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financial and cryptocurrenc…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T10:20:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/obsidian-plugin-abuse-delivers.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-tycoon-2fa-phishers-scatter-adopt-device-code-phishing","source":"general-news","category":"news","severity":"medium","title":"Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing","description":"In embracing device code phishing, attackers trick victims into handing over account access by using a service's legitimate new-device login flow.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T19:05:51.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.darkreading.com/threat-intelligence/tycoon-2fa-hackers-device-code-phishing","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-surge-in-silent-subject-phishing-attacks-targets-vip-users","source":"general-news","category":"news","severity":"medium","title":"Surge in Silent Subject Phishing Attacks Targets VIP Users","description":"Null subject phishing campaigns bypass filters and target VIPs with QR code and RMM abuse","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T13:00:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://www.infosecurity-magazine.com/news/silent-subject-phishing-campaigns/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"nvd-CVE-2026-40947","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-40947 — Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an u…","description":"Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path.","indicators":{"cves":["CVE-2026-40947"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T00:16:29.223Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://www.yubico.com/support/security-advisories/ysa-2026-01/","label":"cve@mitre.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40505","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-40505 — MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject…","description":"MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running mutool…","indicators":{"cves":["CVE-2026-40505"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware","phishing"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T02:16:11.887Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=0f17d789fe8c29b41e47663be82514aaca3a4dfb","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://github.com/ArtifexSoftware/mupdf/commit/0f17d789fe8c29b41e47663be82514aaca3a4dfb","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/ArtifexSoftware/mupdf/releases/tag/1.27.0","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/mupdf-mutool-ansi-injection-via-metadata","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3155","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-3155 — The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to authorization bypass in…","description":"The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.8.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscri…","indicators":{"cves":["CVE-2026-3155"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T12:16:07.507Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3501190/onesignal-free-web-push-notifications","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/58337bbc-ba10-4876-b91c-78657afc67d1?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41080","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-41080 — libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML…","description":"libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.","indicators":{"cves":["CVE-2026-41080"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T17:16:54.917Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/libexpat/libexpat/issues/47","label":"cve@mitre.org","domainType":"primary"},{"url":"https://github.com/libexpat/libexpat/pull/1183","label":"cve@mitre.org","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40263","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-40263 — Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the login endpoin…","description":"Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the login endpoint performs bcrypt password verification only when the supplied username exists, returning immediately for nonexistent usernames. This timing discrepancy allows unauthenticated attackers to enumerate v…","indicators":{"cves":["CVE-2026-40263"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T01:17:40.137Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/enchant97/note-mark/commit/cf4c6f6acf70b569d80396d323b067c00d45c034","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/enchant97/note-mark/security/advisories/GHSA-w6m9-39cv-2fwp","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/enchant97/note-mark/security/advisories/GHSA-w6m9-39cv-2fwp","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6486","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6486 — A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of th…","description":"A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manipulation of the argument displayname results in cross site scripting. The attack can be executed remot…","indicators":{"cves":["CVE-2026-6486"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ransomware"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T13:16:14.117Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/classroombookings/classroombookings/","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/classroombookings/classroombookings/commit/69c3c9bb8a17f1ea572d8f4502bf238f0214c98a","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/classroombookings/classroombookings/pull/83","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/classroombookings/classroombookings/releases/tag/v2.17.1","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/sudo-secure/security-research/blob/main/classroombookings/stored-xss/PoC.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/786154","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358027","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358027/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6493","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6493 — A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file…","description":"A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/[locale]/(auth)/reset-password/components/reset-password-form.tsx of the component Reset Password Handler. Executing a manipulation of the argument redirectTo can lead to cross site s…","indicators":{"cves":["CVE-2026-6493"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T15:16:52.313Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://gist.github.com/TrebledJ/0bd0494a28daaa16abb565b2cef4bd7c","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/lukevella/rallly/","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/lukevella/rallly/pull/2245","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://github.com/lukevella/rallly/releases/tag/v4.8.0","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/787347","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358037","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358037/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33436","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-33436 — Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. I…","description":"Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. In versions prior to 2.0.0, file upload endpoints render user-supplied filenames directly into HTML using unsafe methods like innerHTML without sanitization. An attacker can craft a file with a malicio…","indicators":{"cves":["CVE-2026-33436"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:32.750Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-q5j3-4m5w-wp75","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-q5j3-4m5w-wp75","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40334","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-40334 — libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing…","description":"libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptp_unpack_Canon_FE() in camlibs/ptp2/ptp-pack.c (line 1377). The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the resu…","indicators":{"cves":["CVE-2026-40334"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:37.257Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/gphoto/libgphoto2/commit/259fc7d3bfe534ce4b114c464f55b448670ab873","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gphoto/libgphoto2/security/advisories/GHSA-ph87-cc3j-c6hm","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40336","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-40336 — libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory…","description":"libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (lines 884–885). When processing a secondary enumeration list (introduced in 2024+ Sony cameras), the function overwrites dpd->FORM.Enum.S…","indicators":{"cves":["CVE-2026-40336"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["botnet"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:37.523Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/gphoto/libgphoto2/commit/404ff02c75f3cb280196fc260a63c4d26cf1a8f6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gphoto/libgphoto2/security/advisories/GHSA-g8xw-p5wj-mrxv","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40341","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-40341 — libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of…","description":"libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB devices. Commit c385b34af260595dfbb5f9329526be5158985987 contains a patch. No known…","indicators":{"cves":["CVE-2026-40341"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:38.220Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/gphoto/libgphoto2/commit/c385b34af260595dfbb5f9329526be5158985987","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/gphoto/libgphoto2/security/advisories/GHSA-vjx3-gjp6-r2g2","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-32690","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-32690 — Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables…","description":"Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked.\n\nIf you do not store variables with sensitive values in JSON form, you are not affected. Otherwise please upgrade to Apa…","indicators":{"cves":["CVE-2026-32690"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T07:16:10.683Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/apache/airflow/pull/63480","label":"security@apache.org","domainType":"primary"},{"url":"https://lists.apache.org/thread/7rnzxofntcznqxnhsmjvvlvygwph7rn5","label":"security@apache.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/17/6","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6570","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6570 — A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function ini…","description":"A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argument path results in authorization bypass. The attack may be initiated remotely. The exploit has been…","indicators":{"cves":["CVE-2026-6570"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T12:16:32.763Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://vuldb.com/submit/789983","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358204","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358204/cti","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vulnplus-note.wetolink.com/share/byd7AQVs42VY","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6592","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6592 — A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the functi…","description":"A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/user_manager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed…","indicators":{"cves":["CVE-2026-6592"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T02:16:15.230Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/YLChen-007/50f0cdc5e3f7b737ce99c783e487ca0d","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791113","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358227","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358227/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6593","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6593 — A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functional…","description":"A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functionality of the file server.py of the component View Endpoint. Performing a manipulation results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public…","indicators":{"cves":["CVE-2026-6593"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T02:16:15.437Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/YLChen-007/1d91fabb465284d7a974746f7e6cc5cc","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791114","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358228","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358228/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6597","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6597 — A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_…","description":"A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/core.py of the component Flow Using API. This manipulation causes unprotected storage of credentials. The attack can be initiated…","indicators":{"cves":["CVE-2026-6597"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T03:16:17.153Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/chenhouser2025/b93261c6e651f14800a4f2e4365f357b","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791920","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358232","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358232/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6600","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6600 — A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the f…","description":"A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of the component Frontend React Component Rendering. Executing a manipulation can lead to cross site scr…","indicators":{"cves":["CVE-2026-6600"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T04:16:54.603Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/chenhouser2025/935aa5d4556264ba408059eec0960b1a","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/791923","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358235","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358235/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6610","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6610 — A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an…","description":"A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file djangoblog/settings.py of the component Setting Handler. Such manipulation of the argument USER/PASSWORD leads to hard-coded credentials. The attack may be launched remote…","indicators":{"cves":["CVE-2026-6610"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T06:16:22.233Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-12-DEBUG-Enabled-Hardcoded-DB-Creds.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/790289","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358245","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358245/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6611","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6611 — A vulnerability was found in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function…","description":"A vulnerability was found in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component File Upload Endpoint. Performing a manipulation of the argument SECRET_KEY results in use of hard-coded cryptographic key\r . Remote exploitation of…","indicators":{"cves":["CVE-2026-6611"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T07:16:15.650Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-11-Weak-File-Upload-Auth.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/790313","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358246","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358246/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6619","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6619 — A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTa…","description":"A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The manipulation of the argument filename leads to cross site scripting. The attack may be initiat…","indicators":{"cves":["CVE-2026-6619"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T09:16:09.800Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://gist.github.com/chenhouser2025/a8ac169dad5cf84811cf9c0505491ea8","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792242","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358254","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358254/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6622","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6622 — A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknow…","description":"A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknown function of the file /?\\_route=customers/edit/ of the component Customer Handler. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit is publicly availa…","indicators":{"cves":["CVE-2026-6622"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T10:16:17.207Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/4m3rr0r/PoCVulDb/issues/18","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792393","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358257","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358257/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6623","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6623 — A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an u…","description":"A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an unknown function of the file /?_route=settings/users-view/ of the component Profile Page Handler. Performing a manipulation results in cross site scripting. The attack is possible to be carried out rem…","indicators":{"cves":["CVE-2026-6623"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T10:16:17.403Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/4m3rr0r/PoCVulDb/issues/17","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792394","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358258","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358258/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6624","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6624 — A weakness has been identified in BichitroGan ISP Billing Software 2025.3.20. Affected is an unknown…","description":"A weakness has been identified in BichitroGan ISP Billing Software 2025.3.20. Affected is an unknown function of the file /?\\_route=pool/add of the component Pool List Interface. Executing a manipulation can lead to cross site scripting. The attack may be performed from remote. The exploit has been…","indicators":{"cves":["CVE-2026-6624"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T10:16:17.580Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/4m3rr0r/PoCVulDb/issues/16","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/792395","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358259","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358259/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6633","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6633 — A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function…","description":"A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifang_backend_account/logic/admin/L_rbac_admin.php of the component Extended Management Module. The manipulation of the argument Account results in cross site scripting. The…","indicators":{"cves":["CVE-2026-6633"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T12:16:09.303Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/shiyifei999-ux/cve/issues/1","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/793352","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358267","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358267/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6648","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6648 — A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionalit…","description":"A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionality of the component Internal Message Module. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and could be used. The ven…","indicators":{"cves":["CVE-2026-6648"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T13:16:11.647Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://tcn60zf28jhk.feishu.cn/wiki/FHHMwcwCliOd0Bke3XkcEz3Enuc?from=from_copylink","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/793450","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358282","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358282/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6651","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6651 — A security flaw has been discovered in erponline.xyz ERP Online up to 4.0.0. This vulnerability affe…","description":"A security flaw has been discovered in erponline.xyz ERP Online up to 4.0.0. This vulnerability affects unknown code of the component Inventory Edit Item Page. The manipulation of the argument Item Name results in cross site scripting. The attack may be launched remotely. The exploit has been releas…","indicators":{"cves":["CVE-2026-6651"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:16:55.810Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://olografix.org/acme/ERP_Online-POC.gif","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/793806","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358285","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358285/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-39396","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-39396 — OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, `Extract…","description":"OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, `ExtractPluginFromImage()` in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via `io.Copy` with no upper bound on the number of bytes writte…","indicators":{"cves":["CVE-2026-39396"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T01:16:06.507Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/openbao/openbao/security/advisories/GHSA-r65v-xgwc-g56j","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/openbao/openbao/security/advisories/GHSA-r65v-xgwc-g56j","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-31369","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-31369 — PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may af…","description":"PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability","indicators":{"cves":["CVE-2026-31369"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T07:16:09.323Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://www.honor.com/global/security/CVE-2026-31369/","label":"3836d913-7555-4dd0-a509-f5667fdf5fe4","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-31958","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2025-31958 — HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulne…","description":"HCL BigFix Service Management is susceptible to HTTP Request Smuggling.  HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end server…","indicators":{"cves":["CVE-2025-31958"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:16:35.440Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124209","label":"psirt@hcl.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-27937","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-27937 — October is a Content Management System (CMS) and web platform. Prior to 3.7.16 and 4.1.16, a reflect…","description":"October is a Content Management System (CMS) and web platform. Prior to 3.7.16 and 4.1.16, a reflected Cross-Site Scripting (XSS) vulnerability was identified in the backend DataTable widget where a query parameter was rendered without proper output escaping. This vulnerability is fixed in 3.7.16 an…","indicators":{"cves":["CVE-2026-27937"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:35.900Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/octobercms/october/security/advisories/GHSA-jj38-h5w5-mvpf","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-29179","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-29179 — October is a Content Management System (CMS) and web platform. Prior to 3.7.16 and 4.1.16, fine-grai…","description":"October is a Content Management System (CMS) and web platform. Prior to 3.7.16 and 4.1.16, fine-grained sub-permission checks for asset and blueprint file operations were not enforced in the CMS and Tailor editor extensions. This only affects backend users who were explicitly granted editor access b…","indicators":{"cves":["CVE-2026-29179"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:36.053Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/octobercms/october/security/advisories/GHSA-jvwg-phxx-j3rp","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40279","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-40279 — BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3,…","description":"BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decode_signed32() in src/bacnet/bacint.c reconstructs a 32-bit signed integer from four APDU bytes using signed left shifts. When any of the four bytes has bit 7 set (value ≥ 0x80), the left-shift ope…","indicators":{"cves":["CVE-2026-40279"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:54.853Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/bacnet-stack/bacnet-stack/security/advisories/GHSA-326g-j95f-gmxv","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/bacnet-stack/bacnet-stack/security/advisories/GHSA-326g-j95f-gmxv","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6743","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6743 — A vulnerability has been found in WebSystems WebTOTUM 2026. This impacts an unknown function of the…","description":"A vulnerability has been found in WebSystems WebTOTUM 2026. This impacts an unknown function of the component Calendar. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading the affected component…","indicators":{"cves":["CVE-2026-6743"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:58.157Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://olografix.org/acme/WebTOTUM-POC.gif","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/794617","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358434","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358434/cti","label":"cna@vuldb.com","domainType":"other"},{"url":"https://www.websys.eu/gestionale-online-in-cloud-per-pmi-callcenter","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6745","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6745 — A vulnerability was determined in Bagisto up to 2.3.15. Affected by this vulnerability is an unknown…","description":"A vulnerability was determined in Bagisto up to 2.3.15. Affected by this vulnerability is an unknown functionality of the component Custom Scripts Handler. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be…","indicators":{"cves":["CVE-2026-6745"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T19:16:18.917Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://drive.google.com/drive/folders/10p6SYcSVyfaaTg_dgItzMJvqixcmKnHR?usp=sharing","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/submit/794681","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358436","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/358436/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22008","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-22008 — Vulnerability in Oracle Java SE (component: Libraries). The supported version that is affected is Or…","description":"Vulnerability in Oracle Java SE (component: Libraries).   The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE.  Successful attacks of this vulnerab…","indicators":{"cves":["CVE-2026-22008"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:26.690Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22014","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-22014 — Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Workflow…","description":"Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Workflow and Business Events).  Supported versions that are affected are 12.2.7-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User…","indicators":{"cves":["CVE-2026-22014"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:28.140Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34312","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-34312 — Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected…","description":"Vulnerability in the RDBMS component of Oracle Database Server.  Supported versions that are affected are 19.3-19.30. Easily exploitable vulnerability allows high privileged attacker having Row Access Method privilege with network access via multiple protocols to compromise RDBMS.  Successful attack…","indicators":{"cves":["CVE-2026-34312"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:36.650Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","label":"secalert_us@oracle.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6830","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6830 — nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching…","description":"nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys and…","indicators":{"cves":["CVE-2026-6830"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T22:16:20.863Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/nesquena/hermes-webui/commit/88dc8bbe26a6055161d3251b70f5cd3d3c5831b0","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/nesquena/hermes-webui/pull/351","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/nesquena/hermes-webui/releases/tag/v0.50.12","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/nesquena/hermes-webui/releases/tag/v0.50.132","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/nesquena-hermes-webui-environment-variable-credential-leakage-via-profile-switch","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41144","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-41144 — F´ (F Prime) is a framework that enables development and deployment of spaceflight and other embedde…","description":"F´ (F Prime) is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize > fileSize uses U32 addition that wraps around on overflow. An attacker-crafted DataPacket with byteOffset=0xFFF…","indicators":{"cves":["CVE-2026-41144"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T00:16:29.550Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/nasa/fprime/commit/cacdd555456bd83ab395b521d56c0330470ea798","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nasa/fprime/security/advisories/GHSA-qmvv-rxh4-ccqh","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-6392","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6392 — Tanium addressed an information disclosure vulnerability in Threat Response.","description":"Tanium addressed an information disclosure vulnerability in Threat Response.","indicators":{"cves":["CVE-2026-6392"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T03:16:01.420Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://security.tanium.com/TAN-2026-011","label":"3938794e-25f5-4123-a1ba-5cbd7f104512","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6408","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6408 — Tanium addressed an information disclosure vulnerability in Tanium Server.","description":"Tanium addressed an information disclosure vulnerability in Tanium Server.","indicators":{"cves":["CVE-2026-6408"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T03:16:01.540Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://security.tanium.com/TAN-2026-012","label":"3938794e-25f5-4123-a1ba-5cbd7f104512","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6416","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6416 — Tanium addressed an uncontrolled resource consumption vulnerability in Interact.","description":"Tanium addressed an uncontrolled resource consumption vulnerability in Interact.","indicators":{"cves":["CVE-2026-6416"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T03:16:01.643Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://security.tanium.com/TAN-2026-010","label":"3938794e-25f5-4123-a1ba-5cbd7f104512","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-22746","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-22746 — Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAc…","description":"Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAccountNonExpired, or #isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, o…","indicators":{"cves":["CVE-2026-22746"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T06:16:02.780Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://spring.io/security/cve-2026-22746","label":"security@vmware.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6842","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-6842 — A flaw was found in nano. In environments with permissive umask settings, a local attacker can explo…","description":"A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions (0777 instead of 0700) for the `~/.local` directory. This allows the attacker to inject a malicious `.desktop` launcher, which could lead to unintended actions or in…","indicators":{"cves":["CVE-2026-6842"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:16:13.170Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6842","label":"secalert@redhat.com","domainType":"other"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460018","label":"secalert@redhat.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33596","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-33596 — A client might theoretically be able to cause a mismatch between queries sent to a backend and the r…","description":"A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DNS over TLS backend.","indicators":{"cves":["CVE-2026-33596"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:54.073Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33597","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-33597 — PRSD detection denial of service","description":"PRSD detection denial of service","indicators":{"cves":["CVE-2026-33597"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:54.187Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-33599","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-33599 — A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, whe…","description":"A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade (Lua) option to newServer or auto_upgrade (YAML) settings. DDR upgrade is not enabled by default.","indicators":{"cves":["CVE-2026-33599"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:54.410Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html","label":"security@open-xchange.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-9957","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2025-9957 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10…","description":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user with project owner permissions to bypass group fork prevention settings due to improper…","indicators":{"cves":["CVE-2025-9957"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:33.557Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/","label":"cve@gitlab.com","domainType":"other"},{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/567781","label":"cve@gitlab.com","domainType":"other"},{"url":"https://hackerone.com/reports/3275222","label":"cve@gitlab.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35342","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35342 — The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable…","description":"The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the curren…","indicators":{"cves":["CVE-2026-35342"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:36.217Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/pull/10566","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.6.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35343","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35343 — The cut utility in uutils coreutils incorrectly handles the -s (only-delimited) option when a newlin…","description":"The cut utility in uutils coreutils incorrectly handles the -s (only-delimited) option when a newline character is specified as the delimiter. The implementation fails to verify the only_delimited flag in the cut_fields_newline_char_delim function, causing the utility to print non-delimited lines th…","indicators":{"cves":["CVE-2026-35343"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:36.357Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/pull/11143","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.7.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35344","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35344 — The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditio…","description":"The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok() on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular files and directories…","indicators":{"cves":["CVE-2026-35344"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:36.490Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/issues/9745","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35346","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35346 — The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on…","description":"The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::from_utf8_lossy(), which replaces invalid UTF-8 byte sequences with the Unicode replacement character (U+FFFD). This behavior differs from GNU comm, w…","indicators":{"cves":["CVE-2026-35346"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:36.760Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/issues/10192","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/pull/10206","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.6.0","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/10192","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35353","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35353 — The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by crea…","description":"The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions (typically 0755) before subsequently changing them to the requested mode via a separate chmod system call. In multi-user environments, this introduces a…","indicators":{"cves":["CVE-2026-35353"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:37.723Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://github.com/uutils/coreutils/pull/10036","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.6.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35361","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35361 — The mknod utility in uutils coreutils fails to handle security labels atomically by creating device…","description":"The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::remove_dir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind with…","indicators":{"cves":["CVE-2026-35361"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:38.827Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/pull/10582","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.6.0","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/pull/10582","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35362","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35362 — The safe_traversal module in uutils coreutils, which provides protection against Time-of-Check to Ti…","description":"The safe_traversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of-Use (TOCTOU) symlink races using file-descriptor-relative syscalls, is incorrectly limited to Linux targets. On other Unix-like systems such as macOS and FreeBSD, the utility fails to utilize th…","indicators":{"cves":["CVE-2026-35362"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:38.960Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/pull/9792","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.6.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35367","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35367 — The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying…","description":"The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file (0644). In multi-user environments, this allows any user on the…","indicators":{"cves":["CVE-2026-35367"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:40.423Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/issues/10021","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/10021","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35371","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35371 — The id utility in uutils coreutils exhibits incorrect behavior in its \"pretty print\" output when the…","description":"The id utility in uutils coreutils exhibits incorrect behavior in its \"pretty print\" output when the real UID and effective UID differ. The implementation incorrectly uses the effective GID instead of the effective UID when performing a name lookup for the effective user. This results in misleading…","indicators":{"cves":["CVE-2026-35371"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:40.987Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/issues/10006","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/issues/10006","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35373","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35373 — A logic error in the ln utility of uutils coreutils causes the program to reject source paths contai…","description":"A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms (e.g., ln SOURCE... DIRECTORY). While GNU ln treats filenames as raw bytes and creates the links correctly, the uutils implementation en…","indicators":{"cves":["CVE-2026-35373"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:41.997Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/pull/11403","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35375","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35375 — A logic error in the split utility of uutils coreutils causes the corruption of output filenames whe…","description":"A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes to_string_lossy() when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8 r…","indicators":{"cves":["CVE-2026-35375"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:42.293Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/pull/11397","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.8.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35377","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35377 — A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-lin…","description":"A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S (split-string) option. In GNU env, backslashes within single quotes are treated literally (with the exceptions of \\\\ and \\'). However, the uutils implementation incor…","indicators":{"cves":["CVE-2026-35377"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:42.577Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/pull/11512","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35378","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35378 — A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized s…","description":"A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR (|) and AND (&) operatio…","indicators":{"cves":["CVE-2026-35378"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:42.730Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/pull/11395","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.8.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35379","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35379 — A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the [:g…","description":"A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the [:graph:] and [:print:] character classes. The implementation mistakenly includes the ASCII space character (0x20) in the [:graph:] class and excludes it from the [:print:] class, effectively reversing t…","indicators":{"cves":["CVE-2026-35379"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:42.887Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/pull/11405","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.8.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35381","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-35381 — A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s (only-delim…","description":"A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s (only-delimited) flag when using the -z (null-terminated) and -d '' (empty delimiter) options together. The implementation incorrectly routes this specific combination through a specialized newline-delimiter cod…","indicators":{"cves":["CVE-2026-35381"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:43.200Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/uutils/coreutils/pull/11394","label":"security@ubuntu.com","domainType":"primary"},{"url":"https://github.com/uutils/coreutils/releases/tag/0.8.0","label":"security@ubuntu.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-1272","source":"nvd","category":"vulnerability","severity":"low","title":"CVE-2026-1272 — IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnera…","description":"IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel.","indicators":{"cves":["CVE-2026-1272"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:44.407Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://www.ibm.com/support/pages/node/7269445","label":"psirt@us.ibm.com","domainType":"other"}],"feedLabel":null},{"id":"cisa-adv-cisa-adds-one-known-exploited-vulnerability-to-catalog","source":"cisa-advisories","category":"advisory","severity":"unknown","title":"CISA Adds One Known Exploited Vulnerability to Catalog","description":"CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.\nCVE-2026-33825 Microsoft Defender Insufficient Granularity of Access Control Vulnerability\nThis type of vulnerability is a frequent attack vector for malicious cyber a…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T12:00:00.000Z","fetchedAt":"2026-04-23T03:00:00.173Z","references":[{"url":"https://www.cisa.gov/news-events/alerts/2026/04/22/cisa-adds-one-known-exploited-vulnerability-catalog","label":"CISA Advisory","domainType":"primary"},{"url":"https://www.cisa.gov/news-events/alerts/2026/04/16/cisa-adds-one-known-exploited-vulnerability-catalog","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"cisa-adv-cisa-adds-eight-known-exploited-vulnerabilities-to-catalog","source":"cisa-advisories","category":"advisory","severity":"unknown","title":"CISA Adds Eight Known Exploited Vulnerabilities to Catalog","description":"CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. \nCVE-2023-27351 PaperCut NG/MF Improper Authentication Vulnerability\nCVE-2024-27199 JetBrains TeamCity Relative Path Traversal Vulnerability\nCVE-2025-2749 Kentico…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T12:00:00.000Z","fetchedAt":"2026-04-23T03:00:00.173Z","references":[{"url":"https://www.cisa.gov/news-events/alerts/2026/04/20/cisa-adds-eight-known-exploited-vulnerabilities-catalog","label":"CISA Advisory","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5363","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5363 — Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allow…","description":"Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. \nAn adjacent attacker with the ability to inter…","indicators":{"cves":["CVE-2026-5363"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T00:16:29.547Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://www.tp-link.com/us/support/faq/3562/","label":"f23511db-6c3e-4e32-a477-6aa17d310630","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-1880","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-1880 — An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update…","description":"An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update process allows privilege escalation due to improper protection of required execution resources during the validation phase, permitting a local user to make unprivileged modifications. This allows the…","indicators":{"cves":["CVE-2026-1880"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T03:16:25.857Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://www.asus.com/security-advisory","label":"54bf65a7-a193-42d2-b1ba-8e150d3c35e1","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3428","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-3428 — A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center…","description":"A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center(华硕大厅) allows a local user to achieve privilege escalation to Administrator via exploitation of a Time-of-check Time-of-use (TOC-TOU) during the update process, where an unexpected payload is substitu…","indicators":{"cves":["CVE-2026-3428"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T03:16:26.937Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://www.asus.com/security-advisory/","label":"54bf65a7-a193-42d2-b1ba-8e150d3c35e1","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6349","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-6349 — The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated…","description":"The \niSherlock developed by HGiga  has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.","indicators":{"cves":["CVE-2026-6349"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T03:16:30.660Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://www.twcert.org.tw/en/cp-139-10841-4f504-2.html","label":"twcert@cert.org.tw","domainType":"other"},{"url":"https://www.twcert.org.tw/tw/cp-132-10842-3f255-1.html","label":"twcert@cert.org.tw","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40118","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40118 — UDP Console provided by Arcserve contains an incorrectly specified destination in a communication ch…","description":"UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the affected product to a dummy URL, the product may unintentionally communicate with the dummy domain, causing information…","indicators":{"cves":["CVE-2026-40118"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T05:16:14.860Z","fetchedAt":"2026-04-23T03:00:26.076Z","references":[{"url":"https://jvn.jp/en/jp/JVN88396700/","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://support.arcserve.com/s/article/P00003790?language=en_US&r=94&ui-knowledge-components-aura-actions.KnowledgeArticleVersionCreateDraftFromOnlineAction.createDraftFromOnlineArticle=1","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-15621","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2025-15621 — Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client do…","description":"Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication","indicators":{"cves":["CVE-2025-15621"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T13:16:43.423Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://sparxsystems.com/products/ea/17.1/history.html","label":"db4dfee8-a97e-4877-bfae-eba6d14a2166","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5968","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5968 — Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in…","description":"Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.","indicators":{"cves":["CVE-2026-5968"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T13:16:51.603Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[],"feedLabel":null},{"id":"nvd-CVE-2026-6409","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-6409 — A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of unt…","description":"A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability.","indicators":{"cves":["CVE-2026-6409"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T15:17:41.910Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-p2gh-cfq4-4wjc","label":"cve-coordination@google.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-27820","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-27820 — zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3…","description":"zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output but…","indicators":{"cves":["CVE-2026-27820"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T18:16:44.770Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68w","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://hackerone.com/reports/3467067","label":"security-advisories@github.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-2336","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-2336 — A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user…","description":"A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax_auth session cookie and forge a new cookie with administrative privileges.This issue affects IStaX before 2026.03.","indicators":{"cves":["CVE-2026-2336"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T18:16:44.927Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/istax-privilege-escalation-via-weak-cookie-authentication","label":"dc3f6da9-85b5-4a73-84a2-2ec90b40fca5","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-54510","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2025-54510 — A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticate…","description":"A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity.","indicators":{"cves":["CVE-2025-54510"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T19:16:32.897Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3034.html","label":"psirt@amd.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-54502","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2025-54502 — Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a…","description":"Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution.","indicators":{"cves":["CVE-2025-54502"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T20:16:37.393Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-7054.html","label":"psirt@amd.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35469","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-35469 — spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and bel…","description":"spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count in…","indicators":{"cves":["CVE-2026-35469"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T22:16:37.920Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/moby/spdystream/releases/tag/v0.5.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-39313","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-39313 — mcp-framework is a framework for building Model Context Protocol (MCP) servers. In versions 0.2.21 a…","description":"mcp-framework is a framework for building Model Context Protocol (MCP) servers. In versions 0.2.21 and below, the readRequestBody() function in the HTTP transport concatenates request body chunks into a string with no size limit. Although a maxMessageSize configuration value exists, it is never enfo…","indicators":{"cves":["CVE-2026-39313"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T22:16:38.073Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/QuantGeekDev/mcp-framework/commit/f97d2bb76d6359faf10cd1fc54b4911476b62524","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/QuantGeekDev/mcp-framework/security/advisories/GHSA-353c-v8x9-v7c3","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40308","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40308 — My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mc_…","description":"My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mc_ajax_mcjs_action AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments through parse_str() without validation, allowing injection of arbitrary parameters including a site…","indicators":{"cves":["CVE-2026-40308"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T22:16:38.940Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://github.com/joedolson/my-calendar/releases/tag/v3.7.7","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/joedolson/my-calendar/security/advisories/GHSA-2mvx-f5qm-v2ch","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/joedolson/my-calendar/security/advisories/GHSA-2mvx-f5qm-v2ch","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-21719","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-21719 — An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with…","description":"An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command.","indicators":{"cves":["CVE-2026-21719"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T06:16:29.430Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://community.cubecart.com/t/cubecart-6-6-0-released-the-biggest-update-in-years/62405","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://jvn.jp/en/jp/JVN78422311/","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35496","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-35496 — A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an adm…","description":"A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible.","indicators":{"cves":["CVE-2026-35496"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T06:16:29.867Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://community.cubecart.com/t/cubecart-6-6-0-released-the-biggest-update-in-years/62405","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://jvn.jp/en/jp/JVN78422311/","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6482","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-6482 — The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation attack t…","description":"The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standar…","indicators":{"cves":["CVE-2026-6482"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T06:16:30.593Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://docs.rapid7.com/insight/release-notes-2026-april/#improvements-and-fixes","label":"cve@rapid7.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-15622","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2025-15622 — Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Archit…","description":"Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication flow.","indicators":{"cves":["CVE-2025-15622"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T09:16:03.633Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://sparxsystems.com/products/ea/17.1/history.html","label":"db4dfee8-a97e-4877-bfae-eba6d14a2166","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-15623","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2025-15623 — Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System In…","description":"Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.\n\nUnauthenticated user can retrieve database password in plaintext in certain situations","indicators":{"cves":["CVE-2025-15623"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T09:16:04.593Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://sparxsystems.com/products/procloudserver/6.1/history.html","label":"db4dfee8-a97e-4877-bfae-eba6d14a2166","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-15624","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2025-15624 — Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a…","description":"Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. \nIn a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext.","indicators":{"cves":["CVE-2025-15624"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T09:16:04.723Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://sparxsystems.com/products/procloudserver/6.1/history.html","label":"db4dfee8-a97e-4877-bfae-eba6d14a2166","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-15625","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2025-15625 — Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in…","description":"Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases.","indicators":{"cves":["CVE-2025-15625"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T09:16:04.850Z","fetchedAt":"2026-04-23T03:00:26.077Z","references":[{"url":"https://sparxsystems.com/products/procloudserver/6.1/history.html","label":"db4dfee8-a97e-4877-bfae-eba6d14a2166","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5131","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5131 — GREENmod uses named pipes for communication between plugins, the web portal, and the system service,…","description":"GREENmod uses named pipes for communication between plugins, the web portal, and the system service, but the access control lists for these pipes are configured incorrectly. This allows an attacker to communicate with the stream and upload any XML or JSON file, which will be processed by the named p…","indicators":{"cves":["CVE-2026-5131"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T11:16:11.000Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://cert.pl/posts/2026/04/CVE-2026-5131","label":"cvd@cert.pl","domainType":"other"},{"url":"https://www.nomios.pl/greenmod/","label":"cvd@cert.pl","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40319","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40319 — Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMa…","description":"Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search() without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking,…","indicators":{"cves":["CVE-2026-40319"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T18:16:32.063Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/Giskard-AI/giskard-oss/releases/tag/giskard-checks%2Fv1.0.2b1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/Giskard-AI/giskard-oss/security/advisories/GHSA-rq2q-4r55-9877","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40320","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40320 — Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the Conform…","description":"Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template() constructor, silently interpreting template expressions at runtime. If check definitions are loaded from an untrusted sou…","indicators":{"cves":["CVE-2026-40320"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T18:16:32.203Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/Giskard-AI/giskard-oss/releases/tag/giskard-checks%2Fv1.0.2b1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/Giskard-AI/giskard-oss/security/advisories/GHSA-7xjm-g8f4-rp26","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-32105","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-32105 — xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification…","description":"xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code (MAC) signature of encrypted RDP packets when using the \"Classic RDP Security\" layer. While the sender correctly generates signatures, the receiving logic lacks the…","indicators":{"cves":["CVE-2026-32105"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:33.517Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j2jm-c596-c5q3","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33516","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-33516 — xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerabili…","description":"xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when memory is accessed before validating the remaining buffer length. A remote, unauthenticated attacker can trigger this vulnerability b…","indicators":{"cves":["CVE-2026-33516"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T20:16:34.723Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-rvh9-9wm3-28c7","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33689","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-33689 — xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability…","description":"xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger this flaw by sending a specially crafted sequence of packets during the initial connection phase. Th…","indicators":{"cves":["CVE-2026-33689"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:32.963Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-92mr-6wpp-27jj","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35402","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-35402 — mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions…","description":"mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the read_only mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in ver…","indicators":{"cves":["CVE-2026-35402"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:33.170Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/neo4j-contrib/mcp-neo4j/releases/tag/mcp-neo4j-cypher-v0.6.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/neo4j-contrib/mcp-neo4j/security/advisories/GHSA-x3cv-r3g3-fpg9","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40299","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40299 — next-intl provides internationalization for Next.js. Applications using the `next-intl` middleware p…","description":"next-intl provides internationalization for Next.js. Applications using the `next-intl` middleware prior to version 4.9.1with `localePrefix: 'as-needed'` could construct URLs where path handling and the WHATWG URL parser resolved a relative redirect target to another host (e.g. scheme-relative `//`…","indicators":{"cves":["CVE-2026-40299"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T21:16:34.707Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/amannn/next-intl/commit/1c80b668aa6d853f470319eec10a3f61e78a70e6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/amannn/next-intl/pull/2304","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/amannn/next-intl/releases/tag/v4.9.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/amannn/next-intl/security/advisories/GHSA-8f24-v5vv-gm5j","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-29013","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-29013 — libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling wher…","description":"libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malfo…","indicators":{"cves":["CVE-2026-29013"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T22:16:31.063Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/obgm/libcoap/commit/b7847c4dbb0dbee7c90b09a673d4cae256f03718","label":"disclosure@vulncheck.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40353","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40353 — wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the attribution_…","description":"wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the attribution_link property in AbstractLicenseModel constructs HTML by directly interpolating user-controlled license fields (such as license_author) without escaping, and templates render the result using Django's…","indicators":{"cves":["CVE-2026-40353"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T22:16:33.077Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/wger-project/wger/releases/tag/2.5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/wger-project/wger/security/advisories/GHSA-6f54-qjvm-wwq3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/wger-project/wger/security/advisories/GHSA-6f54-qjvm-wwq3","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40476","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40476 — graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCa…","description":"graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCanBeMerged validation rule performs O(n²) pairwise comparisons of fields sharing the same response name. An attacker can send a query with thousands of repeated identical fields, causing excessive CPU…","indicators":{"cves":["CVE-2026-40476"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T22:16:33.360Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/webonyx/graphql-php/releases/tag/v15.31.5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/webonyx/graphql-php/security/advisories/GHSA-68jq-c3rv-pcrr","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5720","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5720 — miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remot…","description":"miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting improp…","indicators":{"cves":["CVE-2026-5720"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T22:16:33.803Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/miniupnp/miniupnp/","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/miniupnp/miniupnp/commit/b5e5d2eb069822b7f00d56c8e61033b9d500e60c","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/miniupnpd-integer-underflow-soapaction-header-parsing","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40481","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40481 — monetr is a budgeting application for recurring expenses. In versions 1.12.3 and below, the public S…","description":"monetr is a budgeting application for recurring expenses. In versions 1.12.3 and below, the public Stripe webhook endpoint buffers the entire request body into memory before validating the Stripe signature. A remote unauthenticated attacker can send oversized POST payloads to cause uncontrolled memo…","indicators":{"cves":["CVE-2026-40481"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T23:16:12.457Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/monetr/monetr/releases/tag/v1.12.4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/monetr/monetr/security/advisories/GHSA-v7xq-3wx6-fqc2","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5250","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5250 — Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.","description":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.","indicators":{"cves":["CVE-2026-5250","CVE-2026-6056","CVE-2026-4872","CVE-2026-4049"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T23:16:12.730Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[],"feedLabel":null},{"id":"nvd-CVE-2026-40323","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40323 — SP1 is a zero‑knowledge virtual machine that proves the correct execution of programs compiled for t…","description":"SP1 is a zero‑knowledge virtual machine that proves the correct execution of programs compiled for the RISC-V architecture. In versions 6.0.0 through 6.0.2, a soundness vulnerability in the SP1 V6 recursive shard verifier allows a malicious prover to construct a recursive proof from a shard proof th…","indicators":{"cves":["CVE-2026-40323"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:36.767Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/succinctlabs/sp1/releases/tag/v6.1.0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/succinctlabs/sp1/security/advisories/GHSA-63x8-x938-vx33","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40346","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40346 — NocoBase is an AI-powered no-code/low-code platform for building business applications and enterpris…","description":"NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.37, NocoBase's workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-provided URLs without any SSRF protection. An auth…","indicators":{"cves":["CVE-2026-40346"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:38.360Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/nocobase/nocobase/commit/2853368243ed07339c62c548b7d475f4eeaada59","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nocobase/nocobase/pull/9079","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nocobase/nocobase/releases/tag/v2.0.37","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nocobase/nocobase/security/advisories/GHSA-mvvv-v22x-xqwp","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40480","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40480 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the GET /api/perso…","description":"ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the GET /api/person/{personId} endpoint loads and returns person records without performing object-level authorization checks. Although the legacy PersonView.php page enforces canEditPerson() restrictions, the API laye…","indicators":{"cves":["CVE-2026-40480"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:38.960Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/ChurchCRM/CRM/commit/28ea7a2965fc2fe30e150fadb1ae38a97f8225c2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/issues/8617","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/pull/8616","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/security/advisories/GHSA-5w59-32c8-933v","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/security/advisories/GHSA-5w59-32c8-933v","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40482","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40482 — ChurchCRM is an open-source church management system. Versions prior to 7.2.0 have SQL injection in…","description":"ChurchCRM is an open-source church management system. Versions prior to 7.2.0 have SQL injection in FinancialService::getMemberByScanString() via unsanitized $routeAndAccount concatenated into raw SQL. This issue has been fixed in version 7.2.0.","indicators":{"cves":["CVE-2026-40482"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:39.110Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/ChurchCRM/CRM/commit/214694eb83778e1f5e52b3dfa2a99d0e965c1850","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/pull/8607","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/security/advisories/GHSA-hc37-vx3w-34fg","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40582","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40582 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the /api/public/us…","description":"ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the /api/public/user/login endpoint validates only the username and password before returning the user's API key, bypassing the normal authentication flow that enforces account lockout and two-factor authentication che…","indicators":{"cves":["CVE-2026-40582"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T00:16:39.827Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/ChurchCRM/CRM/commit/214694eb83778e1f5e52b3dfa2a99d0e965c1850","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/pull/8607","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ChurchCRM/CRM/security/advisories/GHSA-8cwr-x83m-mh9x","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40489","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40489 — editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsi…","description":"editorconfig-core-c  is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ec_glob() that allows an attacker to crash any application using libeditorconfig by providing a specially crafted direct…","indicators":{"cves":["CVE-2026-40489"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T02:16:11.827Z","fetchedAt":"2026-04-23T03:00:26.078Z","references":[{"url":"https://github.com/editorconfig/editorconfig-core-c/commit/5159be88ad50641d9843289adda791ba300421ff","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/editorconfig/editorconfig-core-c/releases/tag/v0.12.11","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/editorconfig/editorconfig-core-c/security/advisories/GHSA-97xg-vrcq-254h","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41242","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41242 — protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1…","description":"protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the \"type\" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the is…","indicators":{"cves":["CVE-2026-41242"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T17:16:13.983Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/protobufjs/protobuf.js/commit/535df444ac060243722ac5d672db205e5c531d75","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-xq3m-2v4x-88gg","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-32963","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-32963 — SD-330AC and AMC Manager provided by silex technology, Inc. contain a reflected cross-site scripting…","description":"SD-330AC and AMC Manager provided by silex technology, Inc. contain a reflected cross-site scripting vulnerability. When a user logs in to the affected device and access some crafted web page, arbitrary script may be executed on the user's browser.","indicators":{"cves":["CVE-2026-32963"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T04:16:44.987Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://jvn.jp/en/vu/JVNVU94271449/","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.silex.jp/support/security-advisories/en/2026-001","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-39454","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-39454 — SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder…","description":"SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may be e…","indicators":{"cves":["CVE-2026-39454"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T09:16:08.933Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://jvn.jp/en/jp/JVN63376363/","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://www.skyseaclientview.net/news/260420_01/","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-13480","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2025-13480 — Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain a…","description":"Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings.\nThis vulnerability has been fixe…","indicators":{"cves":["CVE-2025-13480"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T10:16:16.060Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://cert.pl/en/posts/2026/04/CVE-2025-13480","label":"cvd@cert.pl","domainType":"other"},{"url":"https://download.fudosecurity.com/documentation/fudo/5_6/rn/RN_5.6.3.pdf","label":"cvd@cert.pl","domainType":"other"},{"url":"https://www.fudosecurity.com/product/enterprise","label":"cvd@cert.pl","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31429","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31429 — In the Linux kernel, the following vulnerability has been resolved: net: skb: fix cross-cache free o…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skb: fix cross-cache free of KFENCE-allocated skb head\n\nSKB_SMALL_HEAD_CACHE_SIZE is intentionally set to a non-power-of-2\nvalue (e.g. 704 on x86_64) to avoid collisions with generic kmalloc\nbucket sizes. This ensures that skb…","indicators":{"cves":["CVE-2026-31429"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T10:16:16.737Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://git.kernel.org/stable/c/0f42e3f4fe2a58394e37241d02d9ca6ab7b7d516","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/2d64618ea846d8d033477311f805ca487d6a6696","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/474e00b935db250cac320d10c1d3cf4e44b46721","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/60313768a8edc7094435975587c00c2d7b834083","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31430","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31430 — In the Linux kernel, the following vulnerability has been resolved: X.509: Fix out-of-bounds access…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nX.509: Fix out-of-bounds access when parsing extensions\n\nLeo reports an out-of-bounds access when parsing a certificate with\nempty Basic Constraints or Key Usage extension because the first byte of\nthe extension is read before chec…","indicators":{"cves":["CVE-2026-31430"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T10:16:16.877Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://git.kernel.org/stable/c/206121294b9cf27f0589857f80d64f87e496ffb2","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/30ab358fad0c7daa1d282ec48089901b21b36a20","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/672b526def1f94c1be8eb11b885b803da0d8c2f1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7fb4dadc2734f4020d7543d688b8d49c8e569c61","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d702c3408213bb12bd570bb97204d8340d141c51","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5958","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5958 — When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file(…","description":"When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file() performs two separate, non-atomic filesystem operations on the same path: \n1. resolves symlink to its target and stores the resolved path for determining when output is written,\n2. opens the origina…","indicators":{"cves":["CVE-2026-5958"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T12:16:08.433Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://cert.pl/en/posts/2026/04/CVE-2026-5958","label":"cvd@cert.pl","domainType":"other"},{"url":"https://www.gnu.org/software/sed/","label":"cvd@cert.pl","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6369","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-6369 — An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.…","description":"An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by sending an unauthenticated request to the livepatchd.sock Unix domain socket. This vulnerability is expl…","indicators":{"cves":["CVE-2026-6369"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T14:16:22.380Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://discourse.ubuntu.com/t/security-notice-canonical-livepatch-client-snap-vulnerability/80662","label":"security@ubuntu.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3219","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-3219 — pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is…","description":"pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing \"incorrect\" files according to the filename of the archive. New behavior only proceeds with i…","indicators":{"cves":["CVE-2026-3219"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T16:16:45.430Z","fetchedAt":"2026-04-23T03:00:26.079Z","references":[{"url":"https://github.com/pypa/pip/pull/13870","label":"cna@python.org","domainType":"primary"},{"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ/","label":"cna@python.org","domainType":"other"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/20/8","label":"af854a3a-2127-422b-91ae-364da2661108","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-23758","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-23758 — GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the ticket subjec…","description":"GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the ticket subject field that allows authenticated staff members to inject malicious JavaScript by manipulating the editsubject POST parameter. Attackers can inject XSS payloads through inadequate sanitization in Cont…","indicators":{"cves":["CVE-2026-23758"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T18:16:24.643Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://gfi.ai/products-and-solutions/email-and-messaging-solutions/helpdesk/resources/product-releases","label":"disclosure@vulncheck.com","domainType":"other"},{"url":"https://www.vulncheck.com/advisories/gfi-helpdesk-stored-xss-via-editsubject-parameter","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-11249","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2025-11249 — Rejected reason: This CVE id was assigned as a duplicate of CVE-2025-66414.","description":"Rejected reason: This CVE id was assigned as a duplicate of CVE-2025-66414.","indicators":{"cves":["CVE-2025-11249"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T19:16:07.780Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[],"feedLabel":null},{"id":"nvd-CVE-2026-32311","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-32311 — Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, tr…","description":"Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are comprised of nodes and relat…","indicators":{"cves":["CVE-2026-32311"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T20:16:48.653Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/reconurge/flowsint/commit/b52cbbb904c8013b74308d58af88bc7dbb1b055c","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/reconurge/flowsint/security/advisories/GHSA-9g44-8xv2-f2m9","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/reconurge/flowsint/security/advisories/GHSA-9g44-8xv2-f2m9","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33431","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-33431 — Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to vers…","description":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the POST /config/<service>/show API endpoint accepts a configver parameter that is directly appended to a base directory path to construct a local file path, which is subsequently opened…","indicators":{"cves":["CVE-2026-33431"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:34.823Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/roxy-wi/roxy-wi/commit/d4d100067dd0ee04317f05d3b51be8fcfdc3f802","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-w3c9-36jf-qrw4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-w3c9-36jf-qrw4","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-33432","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-33432 — Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions u…","description":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions up to and including 8.2.8.2, when LDAP authentication is enabled, Roxy-WI constructs an LDAP search filter by directly concatenating the user-supplied login username into the filter string without esca…","indicators":{"cves":["CVE-2026-33432"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:34.970Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/roxy-wi/roxy-wi/blob/v8.2.8.2/app/modules/roxywi/auth.py","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-hv3x-4w38-r92m","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-hv3x-4w38-r92m","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5358","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5358 — Rejected reason: REJECTED: CVE-2026-5358 is rejected for two reasons. Firstly it has been discovered…","description":"Rejected reason: REJECTED: CVE-2026-5358 is rejected for two reasons. Firstly it has been discovered that no NIS+ client or server was ever released for any Linux-based OS distributions and as such this makes the API provisional and unused.  Secondly it has been discovered that the NIS+ cold start c…","indicators":{"cves":["CVE-2026-5358"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:16:36.713Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[],"feedLabel":null},{"id":"nvd-CVE-2026-0930","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-0930 — Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request.…","description":"Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output.","indicators":{"cves":["CVE-2026-0930"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T22:16:23.210Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/wolfssl/wolfssh/pull/846","label":"facts@wolfssl.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-22051","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-22051 — StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.13 and 12.0.0.6 are susceptible…","description":"StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.13 and 12.0.0.6 are susceptible to a Information Disclosure vulnerability. Successful exploit could allow an authenticated attacker with low privileges to run arbitrary metrics queries, revealing metric results that they do not hav…","indicators":{"cves":["CVE-2026-22051"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T22:16:23.367Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://security.netapp.com/advisory/ntap-20260420-0001","label":"security-alert@netapp.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-34082","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-34082 — Dify is an open-source LLM app development platform. Prior to 1.13.1, the method `DELETE /console/ap…","description":"Dify is an open-source LLM app development platform. Prior to 1.13.1, the method `DELETE /console/api/installed-apps/<appId>/conversations/<conversationId>` has poor authorization checking and allows any Dify-authenticated user to delete someone else's chat history. Version 1.13.1 patches the issue.","indicators":{"cves":["CVE-2026-34082"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T23:16:24.250Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/langgenius/dify/releases/tag/1.13.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/langgenius/dify/security/advisories/GHSA-fxq3-hh7x-c63p","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/langgenius/dify/security/advisories/GHSA-fxq3-hh7x-c63p","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-34839","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-34839 — Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Glances…","description":"Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Glances web server exposes a REST API (`/api/4/*`) that is accessible without authentication and allows cross-origin requests from any origin due to a permissive CORS policy (`Access-Control-Allow-Origin: *`…","indicators":{"cves":["CVE-2026-34839"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:27.910Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/nicolargo/glances/commit/fdfb977b1d91b5e410bc06c4e19f8bedb0005ce9","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nicolargo/glances/security/advisories/GHSA-gfc2-9qmw-w7vh","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nicolargo/glances/security/advisories/GHSA-gfc2-9qmw-w7vh","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-35587","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-35587 — Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Si…","description":"Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery (SSRF) vulnerability exists in the Glances IP plugin due to improper validation of the public_api configuration parameter. The value of public_api is used directly in outbound HTTP…","indicators":{"cves":["CVE-2026-35587"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T00:16:29.030Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/nicolargo/glances/commit/d6808be66728956477cc4b544bab1acd71ac65fb","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nicolargo/glances/security/advisories/GHSA-g5pq-48mj-jvw8","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/nicolargo/glances/security/advisories/GHSA-g5pq-48mj-jvw8","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-39388","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-39388 — OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao'…","description":"OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and `disable_binding=true` is set, attempts to verify the current request's presented mTLS certificate matches the original. Toke…","indicators":{"cves":["CVE-2026-39388"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T01:16:06.357Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/openbao/openbao/security/advisories/GHSA-7ccv-rp6m-rffr","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-39861","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-39861 — Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not preven…","description":"Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace. When Claude Code subsequently wrote to a path within such a symlink, its unsandboxed process followed the syml…","indicators":{"cves":["CVE-2026-39861"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T01:16:06.647Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/anthropics/claude-code/security/advisories/GHSA-vp62-r36r-9xqp","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-39946","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-39946 — OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when Ope…","description":"OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when OpenBao revoked privileges on a role in the PostgreSQL database secrets engine, OpenBao failed to use proper database quoting on schema names provided by PostgreSQL. This could lead to role revocation fa…","indicators":{"cves":["CVE-2026-39946"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T01:16:06.790Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/openbao/openbao/security/advisories/GHSA-6vgr-cp5c-ffx3","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40264","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40264 — OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide mul…","description":"OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. This is addressed in v2.5.3.","indicators":{"cves":["CVE-2026-40264"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T01:16:06.917Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/openbao/openbao/security/advisories/GHSA-p49j-v9wc-wg57","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-39866","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-39866 — Lawnchair is a free, open-source home app for Android. Prior to commit fcba413f55dd47f8a392144525284…","description":"Lawnchair is a free, open-source home app for Android. Prior to commit fcba413f55dd47f8a3921445252849126c6266b2, command injection in release_update.yml workflow dispatch input allows arbitrary code execution. Commit fcba413f55dd47f8a3921445252849126c6266b2 patches the issue.","indicators":{"cves":["CVE-2026-39866"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T02:16:06.807Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/LawnchairLauncher/lawnchair/commit/fcba413f55dd47f8a3921445252849126c6266b2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/LawnchairLauncher/lawnchair/security/advisories/GHSA-9prc-pp2c-3427","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/LawnchairLauncher/lawnchair/security/advisories/GHSA-9prc-pp2c-3427","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40496","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40496 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment d…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment download tokens are generated using a weak and predictable formula: `md5(APP_KEY + attachment_id + size)`. Since attachment_id is sequential and size can be brute-forced in a small range, an unauthenti…","indicators":{"cves":["CVE-2026-40496"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T02:16:08.350Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/dbdf8f2260b43a21818255c70f0b61b9de9cd555","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.213","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-2783-wxmm-wmwr","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2025-13826","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2025-13826 — Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset req…","description":"Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attacker can exploit this vulnerability by sending malicious requests. If the vulnerability is successfull…","indicators":{"cves":["CVE-2025-13826"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T09:16:06.087Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-input-validation-zervit-portable-httpweb-server","label":"cve-coordination@incibe.es","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3317","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-3317 — Reflected Cross-Site Scripting (XSS) vulnerability in Navigate Content Management System. The vulner…","description":"Reflected Cross-Site Scripting (XSS) vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker to…","indicators":{"cves":["CVE-2026-3317"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T10:16:30.623Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-navigate-cms-application","label":"cve-coordination@incibe.es","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41037","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41037 — This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protec…","description":"This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative credenti…","indicators":{"cves":["CVE-2026-41037"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T10:16:30.957Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0200","label":"vdisclose@cert-in.org.in","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6553","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-6553 — Changing backend users' passwords via the user settings module results in storing the cleartext pass…","description":"Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0.","indicators":{"cves":["CVE-2026-6553"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T10:16:31.220Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/TYPO3/typo3/commit/9a6e913f70767f63b322ae3e2d2f4e302624c291","label":"f4fb688c-4412-4426-b4b8-421ecf27b14a","domainType":"primary"},{"url":"https://typo3.org/security/advisory/typo3-core-sa-2026-005","label":"f4fb688c-4412-4426-b4b8-421ecf27b14a","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41038","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41038 — This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password p…","description":"This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing password guessing or brute-force attacks against user accounts, leading to…","indicators":{"cves":["CVE-2026-41038"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T11:16:20.160Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0200","label":"vdisclose@cert-in.org.in","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41039","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41039 — This vulnerability exists in Quantum Networks router due to improper access control and insecure def…","description":"This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could exploit this vulnerability by accessing exposed API endpoints on the targeted device.\n\nSuccessful exploitati…","indicators":{"cves":["CVE-2026-41039"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T11:16:20.287Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0200","label":"vdisclose@cert-in.org.in","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-32147","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-32147 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erla…","description":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to modify file attributes outside the configured chroot directory.\n\nThe SFTP daemon (ssh_sftpd) stores the raw, user-supplied path in fi…","indicators":{"cves":["CVE-2026-32147"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:15:58.800Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://cna.erlef.org/cves/CVE-2026-32147.html","label":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","domainType":"other"},{"url":"https://github.com/erlang/otp/commit/28c5d5a6c5f873dc701b597276271763e7d1c004","label":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","domainType":"primary"},{"url":"https://github.com/erlang/otp/security/advisories/GHSA-28jg-mw9x-hpm5","label":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","domainType":"primary"},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-32147","label":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","domainType":"other"},{"url":"https://www.erlang.org/doc/system/versions.html#order-of-versions","label":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-10354","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2025-10354 — Cross-Site Scripting (XSS) vulnerability reflected in Semantic MediaWiki. This vulnerability allows…","description":"Cross-Site Scripting (XSS) vulnerability reflected in Semantic MediaWiki. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the '/index.php/Speciaal:GefacetteerdZoeken' endpoint parameter. This vulnerability can be exploite…","indicators":{"cves":["CVE-2025-10354"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:16:34.290Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-semantic-mediawiki","label":"cve-coordination@incibe.es","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3298","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-3298 — The method \"sock_recvfrom_into()\" of \"asyncio.ProacterEventLoop\" (Windows only) was missing a bounda…","description":"The method \"sock_recvfrom_into()\" of \"asyncio.ProacterEventLoop\" (Windows only) was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected.","indicators":{"cves":["CVE-2026-3298"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:16:37.047Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://github.com/python/cpython/commit/1274766d3c29007ab77245a72abbf8dce2a9db4d","label":"cna@python.org","domainType":"primary"},{"url":"https://github.com/python/cpython/commit/27522b7d6e6588f03e61099dd858cd5a9314e2f2","label":"cna@python.org","domainType":"primary"},{"url":"https://github.com/python/cpython/commit/95633d2aad4721e25e4dfd9f43dfb6e1edcbd741","label":"cna@python.org","domainType":"primary"},{"url":"https://github.com/python/cpython/issues/148808","label":"cna@python.org","domainType":"primary"},{"url":"https://github.com/python/cpython/pull/148809","label":"cna@python.org","domainType":"primary"},{"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/KWTPIQBOOOUNQP7UFSLBI437NJDFLA3F/","label":"cna@python.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-41011","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2025-41011 — HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to re…","description":"HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a request to '/reports/generate/specific_customer', ussing 'start_date_formatted' y 'end_date_formatted' p…","indicators":{"cves":["CVE-2025-41011"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T16:16:19.143Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/html-injection-php-point-sale-0","label":"cve-coordination@incibe.es","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2025-41029","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2025-41029 — SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an at…","description":"SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameter 'phonenumber' in '/private/continue-upload.php'.","indicators":{"cves":["CVE-2025-41029"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T16:16:19.350Z","fetchedAt":"2026-04-23T03:00:26.080Z","references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-zeon-academy-pro-zeon-global-tech","label":"cve-coordination@incibe.es","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40570","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40570 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the `load_cu…","description":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the `load_customer_info` action in `POST /conversation/ajax` returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retr…","indicators":{"cves":["CVE-2026-40570"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:55.593Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/f35b4249c72d9bdac6ab1ea4e288f5894be34057","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.213","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-w77q-wjfp-c822","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-w77q-wjfp-c822","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40583","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40583 — UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit…","description":"UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit a signed SmartOp::Vote transaction that passes signature, nonce, and balance prechecks, but fails authorization only after state mutation has already occurred.","indicators":{"cves":["CVE-2026-40583"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T17:16:56.083Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/UltraDAGcom/core/commit/2f5a3a237ea519b48d71e6e3093c89f60694c7be","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/UltraDAGcom/core/commit/45bcf7064741897319b6196d3d9f9e1307093511","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/UltraDAGcom/core/security/advisories/GHSA-q8wx-2crx-c7pp","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/UltraDAGcom/core/security/advisories/GHSA-q8wx-2crx-c7pp","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40599","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40599 — ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies.…","description":"ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.5, ClearanceKit incorrectly treats a process with an empty Team ID and a non-empty Signing ID as an Apple platform binary. This bug allows a malicious software to impersonate an apple pr…","indicators":{"cves":["CVE-2026-40599","CVE-2026-40604"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:16:51.693Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/craigjbass/clearancekit/security/advisories/GHSA-w253-42qp-5f2x","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/craigjbass/clearancekit/security/advisories/GHSA-5r9w-9fg6-266q","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40614","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40614 — PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier,…","description":"PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is a buffer overflow when decoding Opus audio frames due to insufficient buffer size validation in the Opus codec decode path. The FEC decode buffers (dec_frame[].buf) were allocated based on a…","indicators":{"cves":["CVE-2026-40614","CVE-2026-40892"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T19:16:17.880Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/pjsip/pjproject/commit/17897e835818f8ee03b1806ddcd7b95ea16d2c0e","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-j59p-4xrr-fp8g","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/pjsip/pjproject/commit/c82123ea6f3c3652bbc9ebd5e9e658c301451687","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-2wcg-w3c4-48r7","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40865","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40865 — Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure dir…","description":"Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR f…","indicators":{"cves":["CVE-2026-40865","CVE-2026-40866"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T19:16:18.017Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/horilla/horilla-hr/security/advisories/GHSA-85cj-fwjh-fjv7","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/horilla/horilla-hr/security/advisories/GHSA-q2qh-v828-r4p7","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40867","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40867 — Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, a broken access…","description":"Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, a broken access control vulnerability in the helpdesk attachment viewer allows any authenticated user to view attachments from other tickets by changing the attachment ID. This can expose sensitive support files and…","indicators":{"cves":["CVE-2026-40867"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T19:16:18.293Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/horilla/horilla-hr/security/advisories/GHSA-j6qp-j853-qrff","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/horilla/horilla-hr/security/advisories/GHSA-j6qp-j853-qrff","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41456","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41456 — Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the se…","description":"Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit crafte…","indicators":{"cves":["CVE-2026-41456"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T19:16:18.557Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://gist.github.com/thepiyushkumarshukla/36b213cdb3c7d603e23fd23605cd681e","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/bludit/bludit/commit/6732ddedda8b73ce0a017a1b6adf685100244e01","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/bludit/bludit/pull/1691","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/bludit-cms-reflected-xss-via-search-plugin","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40872","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40872 — mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 20…","description":"mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover logs render the EMailAddress value (logged as the \"user\" field) without HTML escaping. By submitting an unauthenticated Autodiscover request with a crafted E…","indicators":{"cves":["CVE-2026-40872","CVE-2026-40873","CVE-2026-40874","CVE-2026-40875","CVE-2026-40878"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:00.673Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-f9xf-vc72-rcgm","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-2xjc-rg88-jvpp","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-jjxh-rm7p-hjc3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-jprq-w83q-q62h","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-xv9r-j862-5hqf","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40876","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40876 — goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP root escape…","description":"goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP root escape caused by prefix-based path validation. An authenticated SFTP user can read from and write to filesystem paths outside the configured SFTP root, which breaks the intended jail boundary and can expose…","indicators":{"cves":["CVE-2026-40876"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:01.263Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/patrickhener/goshs/security/advisories/GHSA-5h6h-7rc9-3824","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/patrickhener/goshs/security/advisories/GHSA-5h6h-7rc9-3824","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40880","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40880 — ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus ve…","description":"ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus version 5.0.2, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By carefully submitting a transaction that is valid for height H+1 but i…","indicators":{"cves":["CVE-2026-40880"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:01.687Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-xvj8-ph7x-65gf","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40881","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40881 — ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-network vers…","description":"ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-network version 5.0.1, when deserializing addr or addrv2 messages, which contain vectors of addresses, Zebra would fully deserialize them up to a maximum length (over 233,000) that was derived from the 2 MiB mess…","indicators":{"cves":["CVE-2026-40881"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:01.850Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-xr93-pcq3-pxf8","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-xr93-pcq3-pxf8","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40883","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40883 — goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs contains a cross…","description":"goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs contains a cross-site request forgery issue in its state-changing HTTP GET routes. An external attacker can cause an already authenticated browser to trigger destructive actions such as ?delete and ?mkdir because gos…","indicators":{"cves":["CVE-2026-40883"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:01.983Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/patrickhener/goshs/security/advisories/GHSA-jrq5-hg6x-j6g3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/patrickhener/goshs/security/advisories/GHSA-jrq5-hg6x-j6g3","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40888","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40888 — Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.1 an…","description":"Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting certain api endpoint. Versions 15.58.1 and 16.4.1 contain a patch. No known workarounds are availabl…","indicators":{"cves":["CVE-2026-40888"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T20:17:02.537Z","fetchedAt":"2026-04-23T03:00:26.081Z","references":[{"url":"https://github.com/frappe/hrms/releases/tag/v15.58.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/frappe/hrms/releases/tag/v16.4.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/frappe/hrms/security/advisories/GHSA-4375-7rxj-9hfx","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40895","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40895 — follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that a…","description":"follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. Prior to 1.16.0, when an HTTP request follows a cross-domain redirect (301/302/307/308), follow-redirects only strips authorization, proxy-authorization, and cookie hea…","indicators":{"cves":["CVE-2026-40895"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:16:44.337Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40939","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40939 — The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and F…","description":"The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. This…","indicators":{"cves":["CVE-2026-40939","CVE-2026-40942"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T22:16:19.547Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://dsf.dev/operations/v2.1.0/bpe/oidc.html","label":"security-advisories@github.com","domainType":"other"},{"url":"https://dsf.dev/operations/v2.1.0/fhir/oidc.html","label":"security-advisories@github.com","domainType":"other"},{"url":"https://github.com/datasharingframework/dsf/commit/f4ecb002f7d12642f92da6b79371ed367d0140e7","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/datasharingframework/dsf/security/advisories/GHSA-gj7p-595x-qwf5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/datasharingframework/dsf/commit/31c2e974dfd4351756104ee8c53dbcd666192fef","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/datasharingframework/dsf/commit/d3ca59b4daccde16a006fedeccce28fd1f826908","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/datasharingframework/dsf/security/advisories/GHSA-xmj9-7625-f634","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40943","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40943 — Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session…","description":"Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session heartbeat processing and session closure can cause the server to panic with send on closed channel. The heartbeat() method uses a blocking channel send while holding a mutex, and under specific timing…","indicators":{"cves":["CVE-2026-40943"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T22:16:19.847Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/oxia-db/oxia/security/advisories/GHSA-5gqc-qhrj-9xw8","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40944","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40944 — Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool() function in…","description":"Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool() function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates (e.g., intermediate + root CA), only the first certificate is loaded.…","indicators":{"cves":["CVE-2026-40944"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T22:16:19.980Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/oxia-db/oxia/security/advisories/GHSA-7jrq-q4pq-rhm6","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40945","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40945 — Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, t…","description":"Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. This vulnera…","indicators":{"cves":["CVE-2026-40945"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T22:16:20.107Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/oxia-db/oxia/security/advisories/GHSA-pm7q-rjjx-979p","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40946","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40946 — Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider…","description":"Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling the standard audience (aud) claim validation at the library level. This allows tokens issued for unrelated…","indicators":{"cves":["CVE-2026-40946"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T22:16:20.230Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/oxia-db/oxia/security/advisories/GHSA-fhvp-9hcj-6m33","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-3307","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-3307 — An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an att…","description":"An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the owner_id parameter in the request body.…","indicators":{"cves":["CVE-2026-3307"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:19.950Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.25","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.20","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.16","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.13","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.7","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.4","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.1","label":"product-cna@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-4296","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-4296 — An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowe…","description":"An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An attacker with knowledge of a first-party OAuth application's registered callback URL could craft a malicious authorization link that, when cli…","indicators":{"cves":["CVE-2026-4296"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:21.807Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.26","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.21","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.17","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.14","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.8","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.5","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.1","label":"product-cna@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-4821","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-4821 — An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Ser…","description":"An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Management Console administrator to execute arbitrary OS commands via shell metacharacter injection in proxy configuration fields such as http_proxy. Exploitation of…","indicators":{"cves":["CVE-2026-4821"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:22.037Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.24","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.21","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.17","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.14","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.8","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.5","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.1","label":"product-cna@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5512","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5512 — An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an a…","description":"An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and validation error messa…","indicators":{"cves":["CVE-2026-5512"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:22.297Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.26","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.21","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.17","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.14","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.8","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.5","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.1","label":"product-cna@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5845","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5845 — An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHu…","description":"An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write operations, via an authorization fallback that trea…","indicators":{"cves":["CVE-2026-5845"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:22.473Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.26","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.21","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.17","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.14","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.8","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.5","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.1","label":"product-cna@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-5921","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5921 — A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that a…","description":"A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing side-channel attack against the notebook rendering service. When private mode was disabled, the noteboo…","indicators":{"cves":["CVE-2026-5921"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T23:16:22.667Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.26","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.21","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.17","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.14","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.8","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.5","label":"product-cna@github.com","domainType":"primary"},{"url":"https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.1","label":"product-cna@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40343","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40343 — free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generat…","description":"free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.2, a fail-open request handling flaw in the UDR service causes the `/nudr-dr/v2/policy-data/subs-to-notify` POST handler to continue…","indicators":{"cves":["CVE-2026-40343"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T00:16:27.670Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-jwch-w7wh-gqjm","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41128","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41128 — Craft CMS is a content management system (CMS). In versions 5.6.0 through 5.9.14, the `actionSavePer…","description":"Craft CMS is a content management system (CMS). In versions 5.6.0 through 5.9.14, the `actionSavePermissions()` endpoint allows a user with only `viewUsers` permission to remove arbitrary users from all user groups. While `_saveUserGroups()` enforces per-group authorization for additions, it perform…","indicators":{"cves":["CVE-2026-41128"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T00:16:28.593Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/craftcms/cms/commit/b135384808ad43fcf8836a9dd9b877fb0087bc27","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/craftcms/cms/security/advisories/GHSA-jq2f-59pj-p3m3","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41129","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41129 — Craft CMS is a content management system (CMS). Versions on the 4.x branch through 4.17.8 and the 5.…","description":"Craft CMS is a content management system (CMS). Versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14 are vulnerable to Server-Side Request Forgery. The exploitation requires a few permissions to be enabled in the used GraphQL schema: \"Edit assets in the <VolumeName> volume\" an…","indicators":{"cves":["CVE-2026-41129"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T00:16:28.733Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/craftcms/cms/commit/d20aecfaa0eae076c4154be3b17e1f9fa05ce46f","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/craftcms/cms/security/advisories/GHSA-3m9m-24vh-39wx","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41130","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41130 — Craft CMS is a content management system (CMS). In versions on the 4.x branch through 4.17.8 and the…","description":"Craft CMS is a content management system (CMS). In versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14, the `resource-js` endpoint in Craft CMS allows unauthenticated requests to proxy remote JavaScript resources. \nWhen `trustedHosts` is not explicitly restricted (default con…","indicators":{"cves":["CVE-2026-41130"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T00:16:28.880Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/craftcms/cms/commit/ebe7e85f1c89700d64332f72492be2e9a594e783","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/craftcms/cms/security/advisories/GHSA-95wr-3f2v-v2wh","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/craftcms/cms/security/advisories/GHSA-95wr-3f2v-v2wh","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41136","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41136 — free5GC AMF provides Access & Mobility Management Function (AMF) for free5GC, an an open-source proj…","description":"free5GC AMF provides Access & Mobility Management Function (AMF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. Prior to version 1.4.3, the `HTTPUEContextTransfer` handler in `internal/sbi/api_communication.go` does not include a `default` case in the `Content-T…","indicators":{"cves":["CVE-2026-41136"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T00:16:29.423Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/free5gc/amf/releases/tag/v1.4.3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-r99v-75p9-xqm5","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-r99v-75p9-xqm5","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-40344","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40344 — MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prio…","description":"MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler (`PutObjectExtractHandler`) allows any user who knows a valid access key to write arb…","indicators":{"cves":["CVE-2026-40344","CVE-2026-41145"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T01:16:05.430Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/minio/minio/commit/76913a9fd5c6e5c2dbd4e8c7faf56ed9e9e24091","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/minio/minio/pull/16484","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/minio/minio/security/advisories/GHSA-9c4q-hq6p-c237","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/minio/minio/security/advisories/GHSA-hv4r-mvr4-25vw","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41146","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41146 — facil.io is a C micro-framework for web applications. Prior to commit 5128747363055201d3ecf0e29bf0a9…","description":"facil.io is a C micro-framework for web applications. Prior to commit 5128747363055201d3ecf0e29bf0a961703c9fa0, `fio_json_parse` can enter an infinite loop when it encounters a nested JSON value starting with `i` or `I`. The process spins in user space and pegs one CPU core at ~100% instead of retur…","indicators":{"cves":["CVE-2026-41146"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T02:16:02.237Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/boazsegev/facil.io/commit/5128747363055201d3ecf0e29bf0a961703c9fa0","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/boazsegev/facil.io/security/advisories/GHSA-2x79-gwq3-vxxm","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/boazsegev/facil.io/security/advisories/GHSA-2x79-gwq3-vxxm","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41457","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41457 — OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and fi…","description":"OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit in…","indicators":{"cves":["CVE-2026-41457"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T03:16:00.613Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/owntone/owntone-server/commit/d4784ebf2099ed1a4203333aee957e5c7553c217","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/owntone-server-sql-injection-via-query-and-filter-parameters","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41458","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41458 — OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login h…","description":"OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login handler that allows unauthenticated attackers to crash the server by exploiting unsynchronized access to the global DAAP session list. Attackers can flood the DAAP /login endpoint with concurrent reque…","indicators":{"cves":["CVE-2026-41458"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T03:16:01.067Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/owntone/owntone-server/commit/dca94641a5ed66500822dd51281774794cdb6c22","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://github.com/owntone/owntone-server/pull/1980","label":"disclosure@vulncheck.com","domainType":"primary"},{"url":"https://www.vulncheck.com/advisories/owntone-server-race-condition-dos-via-daap-login","label":"disclosure@vulncheck.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40451","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40451 — DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vuln…","description":"DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vulnerability, which allows an attacker to execute arbitrary script in a user's browser, and inject malicious HTML into web pages viewed by the user.","indicators":{"cves":["CVE-2026-40451"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T05:16:23.253Z","fetchedAt":"2026-04-23T03:00:26.082Z","references":[{"url":"https://github.com/DeepLcom/deepl-chrome-extension/security/advisories/GHSA-4x2r-q3p9-xhx4","label":"vultures@jpcert.or.jp","domainType":"primary"},{"url":"https://jvn.jp/en/jp/JVN37524771/","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31431","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31431 — In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to o…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination…","indicators":{"cves":["CVE-2026-31431"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:21.270Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31432","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31432 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix OOB write in QUERY_IN…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix OOB write in QUERY_INFO for compound requests\n\nWhen a compound request such as READ + QUERY_INFO(Security) is received,\nand the first command (READ) consumes most of the response buffer,\nksmbd could write beyond the allo…","indicators":{"cves":["CVE-2026-31432"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:21.410Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/075ea208c648cc2bcd616295b711d3637c61de45","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/515c2daab46021221bdf406bef19bc90a44ec617","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d48c64fb80ad78b3dd29fb7d79b6ec7bd72bfc09","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/fda9522ed6afaec45cabc198d8492270c394c7bc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31433","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31433 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial OOB in get_…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix potencial OOB in get_file_all_info() for compound requests\n\nWhen a compound request consists of QUERY_DIRECTORY + QUERY_INFO\n(FILE_ALL_INFORMATION) and the first command consumes nearly the entire\nmax_trans_size, get_fil…","indicators":{"cves":["CVE-2026-31433"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:16:21.573Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/358cdaa1f7fbf2712cb4c5f6b59cb9a5c673c5fe","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3a852f9d1c981fb14f6bf4e24999e0ea8088a7d7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4cca3eff2099b18672934a39cee70aed835d652c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7aec5a769d2356cbf344d85bcfd36de592ac96a5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9d7032851d6f5adbe2739601ca456c0ad3b422f0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/b0cd9725fe2bcc9f37d096b132318a9060373f5d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/beef2634f81f1c086208191f7228bce1d366493d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-0539","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-0539 — Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local att…","description":"Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NT\\SYSTEM privileges on boot. This issue affects all ve…","indicators":{"cves":["CVE-2026-0539"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:30.317Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://labs.infoguard.ch/advisories/cve-2026-0539_pcvisit_local-privilege-escalation/","label":"vulnerability@ncsc.ch","domainType":"other"},{"url":"https://www.pcvisit.de/kundenbereich/release-notes","label":"vulnerability@ncsc.ch","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31434","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31434 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix leak of kobject name…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix leak of kobject name for sub-group space_info\n\nWhen create_space_info_sub_group() allocates elements of\nspace_info->sub_group[], kobject_init_and_add() is called for each\nelement via btrfs_sysfs_add_space_info_type(). Ho…","indicators":{"cves":["CVE-2026-31434"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:36.533Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/1737ddeafbb1304f41ec2eede4f7366082e7c96a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3c645c6f7e5470debbb81666b230056de48f36dc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3c844d01f9874a43004c82970d8da94f9aba8949","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/416484f21a9d1280cf6daa7ebc10c79b59c46e48","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/94054ffd311a1f76b7093ba8ebf50bdb0d28337c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a4376d9a5d4c9610e69def3fc0b32c86a7ab7a41","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31435","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31435 — In the Linux kernel, the following vulnerability has been resolved: netfs: Fix read abandonment duri…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix read abandonment during retry\n\nUnder certain circumstances, all the remaining subrequests from a read\nrequest will get abandoned during retry.  The abandonment process expects\nthe 'subreq' variable to be set to the place…","indicators":{"cves":["CVE-2026-31435"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:36.710Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/3e5fd8f53b575ff2188f82071da19c977ca56c41","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7e57523490cd2efb52b1ea97f2e0a74c0fb634cd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8f2f2bd128a8d9edbc1e785760da54ada3df69b7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31436","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31436 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wr…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc()\n\nAt the end of this function, d is the traversal cursor of flist, but the\ncode completes found instead. This can lead to issues such as NULL pointer\nde…","indicators":{"cves":["CVE-2026-31436"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:36.843Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/0e4f43779d550e559be13a5cdb763bad92c4cc99","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/82656e8daf8de00935ae91b91bed43f4d6e0d644","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e1c9866173c5f8521f2d0768547a01508cb9ff27","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e21da2ad8844585040fe4b82be1ad2fe99d40074","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31437","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31437 — In the Linux kernel, the following vulnerability has been resolved: netfs: Fix NULL pointer derefere…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix NULL pointer dereference in netfs_unbuffered_write() on retry\n\nWhen a write subrequest is marked NETFS_SREQ_NEED_RETRY, the retry path\nin netfs_unbuffered_write() unconditionally calls stream->prepare_write()\nwithout che…","indicators":{"cves":["CVE-2026-31437"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:36.980Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/7a5482f5ce891decbf36f2e6fab1e9fc4a76a684","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a4d1b4ba9754bac3efebd06f583a44a7af52c0ab","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e9075e420a1eb3b52c60f3b95893a55e77419ce8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31438","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31438 — In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel BUG in netfs_l…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix kernel BUG in netfs_limit_iter() for ITER_KVEC iterators\n\nWhen a process crashes and the kernel writes a core dump to a 9P\nfilesystem, __kernel_write() creates an ITER_KVEC iterator. This\niterator reaches netfs_limit_ite…","indicators":{"cves":["CVE-2026-31438"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:37.100Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/00d6df7115f6972370974212de9088087820802e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/18c2e20b42dd21db599e42d05ddaeeb647b2bb6d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4bc2d72c7695cedf6d4e1a558924903c2b28a78e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/67e467a11f62ff64ad219dc6aa5459e132c79d14","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31439","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31439 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix reg…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: xilinx: xdma: Fix regmap init error handling\n\ndevm_regmap_init_mmio returns an ERR_PTR() upon error, not NULL.\nFix the error check and also fix the error message. Use the error code\nfrom ERR_PTR() instead of the wrong va…","indicators":{"cves":["CVE-2026-31439"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:37.240Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/4b6e1da50b22e5528b9003f376a3cecccce4decc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/59f6ccd0f3345be2e8a78bdef2103e93f180633a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9787b3d9b908785b40bc3f2e6d7082fdb8fdd98a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e0adbf74e2a0455a6bc9628726ba87bcd0b42bf8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f27197ccfd2ecd2c71f27fd57c6d507e892ad24d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31440","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31440 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix leaking eve…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix leaking event log memory\n\nDuring the device remove process, the device is reset, causing the\nconfiguration registers to go back to their default state, which is\nzero. As the driver is checking if the event log…","indicators":{"cves":["CVE-2026-31440"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:37.390Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/9dfa00967e6ef43a9dd0887fe5c3a721a39da92e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d94f9b0ba28a205caf95902ee88b42bdb8af83d0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ee66bc29578391c9b48523dc9119af67bd5c7c0f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/facd0012708e942fc12890708738aebde497564e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31441","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31441 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix memory leak…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix memory leak when a wq is reset\n\nidxd_wq_disable_cleanup() which is called from the reset path for a\nworkqueue, sets the wq type to NONE, which for other parts of the\ndriver mean that the wq is empty (all its re…","indicators":{"cves":["CVE-2026-31441"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:37.530Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/0c3d3ac57e3c52b570b8c695903306bff07e04c8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/39c1504e0e76bcfb93991fd94288a83e05d13b51","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/54d77cc0c40ca2f894859dc7b3c52997574f1a2a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a16098a2f0c11ee5e04e23aa7478ca1fcfb0f658","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a9e7815d38629bcf59d3005001f1f315424a58de","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d9cfb5193a047a92a4d3c0e91ea4cc87c8f7c478","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31442","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31442 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix possible in…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix possible invalid memory access after FLR\n\nIn the case that the first Function Level Reset (FLR) concludes\ncorrectly, but in the second FLR the scratch area for the saved\nconfiguration cannot be allocated, it's…","indicators":{"cves":["CVE-2026-31442"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:37.703Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/504c0e6751001ac46917c73e703f2b1b92cfc026","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/867d0c801f21370d561420fa32f2ea1a7dc3a22d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d6077df7b75d26e4edf98983836c05d00ebabd8d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31443","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31443 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix crash when…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix crash when the event log is disabled\n\nIf reporting errors to the event log is not supported by the hardware,\nand an error that causes Function Level Reset (FLR) is received, the\ndriver will try to restore the e…","indicators":{"cves":["CVE-2026-31443"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:37.860Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/0e761079d653c25f838380cf7cef2730832110cc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/52d2edea0d63c935e82631e4b9e4a94eccf97b5b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/aa0ffc6d3990ec35976308a068dc23178037e564","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31444","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31444 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free and NU…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free and NULL deref in smb_grant_oplock()\n\nsmb_grant_oplock() has two issues in the oplock publication sequence:\n\n1) opinfo is linked into ci->m_op_list (via opinfo_add) before\n   add_lease_global_list() is cal…","indicators":{"cves":["CVE-2026-31444"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:38.010Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/48623ec358c1c600fa1e38368746f933e0f1a617","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6d7e5a918c1d0aad06db0e17677b66fc9a471021","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7de55bba69cbf0f9280daaea385daf08bc076121","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9e785f004cbc56390479b77375726ea9b0d1a8a6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a5c6f6d6ceefed2d5210ee420fb75f8362461f46","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31445","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31445 — In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: avoid use of half…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/core: avoid use of half-online-committed context\n\nOne major usage of damon_call() is online DAMON parameters update.  It is\ndone by calling damon_commit_ctx() inside the damon_call() callback\nfunction.  damon_commit_ctx()…","indicators":{"cves":["CVE-2026-31445"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:38.177Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/1b247cd0654a3a306996fa80741d79296c683a56","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/26f775a054c3cda86ad465a64141894a90a9e145","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9c495f9d3781cd692bd199531cabd4627155e8cd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31446","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31446 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in upda…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix use-after-free in update_super_work when racing with umount\n\nCommit b98535d09179 (\"ext4: fix bug_on in start_this_handle during umount\nfilesystem\") moved ext4_unregister_sysfs() before flushing s_sb_upd_work\nto prevent ne…","indicators":{"cves":["CVE-2026-31446"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:38.340Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/034053378dd81837fd6c7a43b37ee2e58d4f0b4e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/08b10e6f37fc533a759e9833af0692242e8b3f93","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9449f99ba04f5dd1c8423ad8a90b3651d7240d1d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c4d829737329f2290dd41e290b7d75effdb2a7ff","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c8fe17a1b308c3d8c703ebfb049b325f844342c3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c97e282f7bfd0c3554c63d289964a5ca6a1d2ffe","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d15e4b0a418537aafa56b2cb80d44add83e83697","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31447","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31447 — In the Linux kernel, the following vulnerability has been resolved: ext4: reject mount if bigalloc w…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: reject mount if bigalloc with s_first_data_block != 0\n\nbigalloc with s_first_data_block != 0 is not supported, reject mounting\nit.","indicators":{"cves":["CVE-2026-31447"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:38.577Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/3822743dc20386d9897e999dbb990befa3a5b3f8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3a926957cc95899ef88529710836edadc03c71a1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5ad6d994255e27a3254079dfb50ca861fc31f2d0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7b58c110b4e1f028eb38eec9ed3555e9be81c8b0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7d5b04290156c3fc316eecc86a4f9d201ab7d44a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ad1f6d608f33f59d21a3d025615d6786a6443998","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/b77de3fceafbb39f30e4ff5dc986f863d5456417","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d787d3ae96648dc14a3b7ca8fde817177e82c1c7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31448","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31448 — In the Linux kernel, the following vulnerability has been resolved: ext4: avoid infinite loops cause…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid infinite loops caused by residual data\n\nOn the mkdir/mknod path, when mapping logical blocks to physical blocks,\nif inserting a new extent into the extent tree fails (in this example,\nbecause the file system disabled th…","indicators":{"cves":["CVE-2026-31448"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:38.760Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/3a7667595bcad84da53fc156a418e110267c3412","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/416c86f30f91b4fb2642ef6b102596ca898f41a5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5422fe71d26d42af6c454ca9527faaad4e677d6c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/64f425b06b3bea9abc8977fd3982779b3ad070c9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c66545e83a802c3851d9be27a41c0479dd29ff0c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ecc50bfca9b5c2ee6aeef998181689b80477367b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31449","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31449 — In the Linux kernel, the following vulnerability has been resolved: ext4: validate p_idx bounds in e…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: validate p_idx bounds in ext4_ext_correct_indexes\n\next4_ext_correct_indexes() walks up the extent tree correcting\nindex entries when the first extent in a leaf is modified. Before\naccessing path[k].p_idx->ei_block, there is n…","indicators":{"cves":["CVE-2026-31449"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:38.933Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/01bf1e0b997d82c0e353b51ed74ef99698043c33","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/2acb5c12ebd860f30e4faf67e6cc8c44ddfe5fe8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/407c944f217c17d4343148011acafebc604d55e1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/93f2e975ed658ce09db4d4c2877ca2c06540df83","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31451","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31451 — In the Linux kernel, the following vulnerability has been resolved: ext4: replace BUG_ON with proper…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: replace BUG_ON with proper error handling in ext4_read_inline_folio\n\nReplace BUG_ON() with proper error handling when inline data size\nexceeds PAGE_SIZE. This prevents kernel panic and allows the system to\ncontinue running wh…","indicators":{"cves":["CVE-2026-31451"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:39.310Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/356227096eb66e41b23caf7045e6304877322edf","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/65c6c30ce6362c1c684568744ea510c921a756cd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/823849a26af089ffc5dfdd2ae4b9d446b46a0cda","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a7d600e04732a7d29b107c91fe3aec64cf6ce7f2","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d4b3f370c3d8f7ce565d4a718572c9f7c12f77ed","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31452","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31452 — In the Linux kernel, the following vulnerability has been resolved: ext4: convert inline data to ext…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: convert inline data to extents when truncate exceeds inline size\n\nAdd a check in ext4_setattr() to convert files from inline data storage\nto extent-based storage when truncate() grows the file size beyond the\ninline capacity.…","indicators":{"cves":["CVE-2026-31452"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:39.460Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/07c1a31af18290054da3d18221b8bf58983c5d3a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/110d7ef602659ce4d7947c5480f7ca2779696aaf","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/699bac4d4c951974d55b045c983d1de777215949","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7920dcc571cef3d8aa9ee109c136125d61d41669","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/93cb2d103e5c707de0f7ad58a39b7f0fddc27aa6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c047332be7195833a5c5126816c2502df8269fe4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ed9356a30e59c7cc3198e7fc46cfedf3767b9b17","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f53a5d9f32924bc2a810d2df243b7714da58b636","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31453","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31453 — In the Linux kernel, the following vulnerability has been resolved: xfs: avoid dereferencing log ite…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: avoid dereferencing log items after push callbacks\n\nAfter xfsaild_push_item() calls iop_push(), the log item may have been\nfreed if the AIL lock was dropped during the push. Background inode\nreclaim or the dquot shrinker can f…","indicators":{"cves":["CVE-2026-31453"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:39.653Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/451c6329d9afa45862c36fe6677eb7750db60617","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7121b22b0bac89394cc4c6a54b5aebc15347bdf5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/79ef34ec0554ec04bdbafafbc9836423734e1bd6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/95fb5d643cc70959baa54cd17f52f80ffc3295e7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c4d603e8e58a3bf35480135ccca2b4f7238abda5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c8a2ab339b88d10fc34a3318c92f07d8a467019d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31454","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31454 — In the Linux kernel, the following vulnerability has been resolved: xfs: save ailp before dropping t…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: save ailp before dropping the AIL lock in push callbacks\n\nIn xfs_inode_item_push() and xfs_qm_dquot_logitem_push(), the AIL lock\nis dropped to perform buffer IO. Once the cluster buffer no longer\nprotects the log item from rec…","indicators":{"cves":["CVE-2026-31454"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:39.823Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/19437e4f7bb909afde832b39372aa2f3ce3cfd88","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/394d70b86fae9fe865e7e6d9540b7696f73aa9b6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4c7d50147316cf049462f327c4a3e9dc2b7f1dd0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/50f5f056807b7bed74f4f307f2ca0ed92f3e556d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6dbe17f19c290a72ce57d5abc70e1fad0c3e14e5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/75669e987137f49c99ca44406bf0200d1892dd16","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d8fc60bbaf5aea1604bf9f4ed565da6a1ac7a87d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/edd1637d4e3911ab6c760f553f2040fe72f61a13","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31455","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31455 — In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushing…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: stop reclaim before pushing AIL during unmount\n\nThe unmount sequence in xfs_unmount_flush_inodes() pushed the AIL while\nbackground reclaim and inodegc are still running. This is broken\nindependently of any use-after-free issue…","indicators":{"cves":["CVE-2026-31455"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:40.013Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/239d734c00644072862fa833805c4471573b1445","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4f24a767e3d64a5f58c595b5c29b6063a201f1e3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/558e3275d8a3b101be18a7fe7d1634053e9d9b07","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8147e304d7d32fd5c3e943babc296ce2873dc279","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a89434a6188d8430ea31120da96e3e4cefb58686","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/bda27fc0b4eb3a425d9a18475c4cb94fbe862c60","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d38135af04a3ad8a585c899d176efc8e97853115","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e6cc490048f78b009259a5f032acead9f789c34c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31457","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31457 — In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts->…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs: check contexts->nr in repeat_call_fn\n\ndamon_sysfs_repeat_call_fn() calls damon_sysfs_upd_tuned_intervals(),\ndamon_sysfs_upd_schemes_stats(), and\ndamon_sysfs_upd_schemes_effective_quotas() without checking contexts->…","indicators":{"cves":["CVE-2026-31457","CVE-2026-31458"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:41.133Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/3527e9fdc38570cea0f6ddb7a2c9303d4044b217","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/652cd0641a763dd0e846b0d12814977fadb2b7d8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6557004a8b59c7701e695f02be03c7e20ed1cc15","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/1bfe9fb5ed2667fb075682408b776b5273162615","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/1e8da792672481d603fa7cd0d815577220a3ee27","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/708033c231bd782858f4ddbb46ee874a5a5fbdab","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/aba546061341b56e9ffb37e1eb661a3628b6ec12","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/bbe03ad3fb9e714191757ca7b41582f930be7be2","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31459","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31459 — In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fix param_ctx le…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs: fix param_ctx leak on damon_sysfs_new_test_ctx() failure\n\nPatch series \"mm/damon/sysfs: fix memory leak and NULL dereference\nissues\", v4.\n\nDAMON_SYSFS can leak memory under allocation failure, and do NULL pointer\nde…","indicators":{"cves":["CVE-2026-31459"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:41.417Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/7fe000eb32904758a85e62f6ea9483f89d5dabfc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e9de9f3ce06b133a348006668bc8d25c6e504867","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f76f0a964bc3d7b7e253b43c669c41356bc54e71","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31462","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31462 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: prevent immediate PA…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: prevent immediate PASID reuse case\n\nPASID resue could cause interrupt issue when process\nimmediately runs into hw state left by previous\nprocess exited with the same PASID, it's possible that\npage faults are still pendi…","indicators":{"cves":["CVE-2026-31462"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:41.787Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/14b81abe7bdc25f8097906fc2f91276ffedb2d26","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/51ccaf0e30c303149244c34820def83d74c86288","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9e5ebfe99b223bb0eb9c50a125c9c02f4ef4c71b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c0b3882836de8ac991b626823966f385555bbcff","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31463","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31463 — In the Linux kernel, the following vulnerability has been resolved: iomap: fix invalid folio access…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\niomap: fix invalid folio access when i_blkbits differs from I/O granularity\n\nCommit aa35dd5cbc06 (\"iomap: fix invalid folio access after\nfolio_end_read()\") partially addressed invalid folio access for folios\nwithout an ifs attached…","indicators":{"cves":["CVE-2026-31463"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:42.323Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/4a927f670cdb0def226f9f85f42a9f19d9e09c88","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/bd71fb3fea9945987053968f028a948997cba8cc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31464","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31464 — In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Fix OOB access in…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done()\n\nA malicious or compromised VIO server can return a num_written value in the\ndiscover targets MAD response that exceeds max_targets. This value is\nstored directly in vh…","indicators":{"cves":["CVE-2026-31464"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:42.450Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/394a1cac3c12fdd7d77f19ccfd222ab5ff87ef89","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4ed727e35b0ab17d3eeeb1e8023768396e2be161","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/61d099ac4a7a8fb11ebdb6e2ec8d77f38e77362f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/786f10b1966e485046839f992e89f2c18cbd1983","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a007246cb6c9ebdc93dafbf63cc2d43d98f402cc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/bae4df0a643fa7f84663473aa3082a9c2ed139db","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d1466bf991b2343cf2ba8336e440c8faf3cbb780","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d842348f8a00d5b1d7358f207eb34ffcf5b16df3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31465","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31465 — In the Linux kernel, the following vulnerability has been resolved: writeback: don't block sync for…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nwriteback: don't block sync for filesystems with no data integrity guarantees\n\nAdd a SB_I_NO_DATA_INTEGRITY superblock flag for filesystems that cannot\nguarantee data persistence on sync (eg fuse). For superblocks with this\nflag se…","indicators":{"cves":["CVE-2026-31465"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:42.633Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/5c24a13d8a0466ca0446e58309e51f2606520164","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/76f9377cd2ab7a9220c25d33940d9ca20d368172","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/83800f8ef358ea2fc9b1ae4986b83f2bc24be927","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31466","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31466 — In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix folio isn't…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/huge_memory: fix folio isn't locked in softleaf_to_folio()\n\nOn arm64 server, we found folio that get from migration entry isn't locked\nin softleaf_to_folio().  This issue triggers when mTHP splitting and\nzap_nonpresent_ptes() ra…","indicators":{"cves":["CVE-2026-31466"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:42.780Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/426ee10711586617da869c8bb798214965337617","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4c5e7f0fcd592801c9cc18f29f80fbee84eb8669","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/722cfaf6b31d31123439e67b5deac6b1261a3dea","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7ad1997b9bc8032603df8f091761114479285769","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7ddcf4a245c1c5a91fdd9698757e3d95179ffe41","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8bfb8414e9f2ce6f5f2f0e3d0da52f2d132128e7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/b8c49ad888892ad7b77062b9c102b799a3e9b4f8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f1acf5887c2bbaf998dc3fe32c72b7a8b84a3ddd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31467","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31467 — In the Linux kernel, the following vulnerability has been resolved: erofs: add GFP_NOIO in the bio c…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: add GFP_NOIO in the bio completion if needed\n\nThe bio completion path in the process context (e.g. dm-verity)\nwill directly call into decompression rather than trigger another\nworkqueue context for minimal scheduling latenci…","indicators":{"cves":["CVE-2026-31467"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:42.977Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/378949f46e897204384f3f5f91e42e93e3f87568","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5c8ecdcfbfb0b0c6a82a4ebadc1ddea61609b902","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c23df30915f83e7257c8625b690a1cece94142a0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d6565ea662e17d45a577184b0011bd69de22dc2b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d9d8360cb66e3b599d89d2526e7da8b530ebf2ff","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/da40464064599eefe78749f75cd2bba371044c04","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e83e20b82859f0588e9a52a6fa9fea704a2061cf","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31468","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31468 — In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Fix double free in dma…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Fix double free in dma-buf feature\n\nThe error path through vfio_pci_core_feature_dma_buf() ignores its\nown advice to only use dma_buf_put() after dma_buf_export(), instead\nfalling through the entire unwind chain.  In the…","indicators":{"cves":["CVE-2026-31468"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:43.143Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/83ad334afc9a645cef1062f5346526b1e36d6516","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e98137f0a874ab36d0946de4707aa48cb7137d1c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31469","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31469 — In the Linux kernel, the following vulnerability has been resolved: virtio_net: Fix UAF on dst_ops w…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false\n\nA UAF issue occurs when the virtio_net driver is configured with napi_tx=N\nand the device's IFF_XMIT_DST_RELEASE flag is cleared\n(e.g., durin…","indicators":{"cves":["CVE-2026-31469"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:43.260Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/63d45077b97bb0e0fe0c75931acbbca7a47af141","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8a4790850e710fd6771e4d2112168ed1dd6c0e54","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9a18629f2525781f0f3dda7be72b204e4cf77d08","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ba8bda9a0896746053aa97ac6c3e08168729172c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/be0e63f3b97bbaf453c542e8a15ba2a536e2ac01","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c1ec36cb3768574b916f20d2d7415fd14fa1bf12","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f04733c4dc40c43899c3d1c97afbae5831a3770f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/fedd2e1630cac920844997227ccbe7b26a76375a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31470","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31470 — In the Linux kernel, the following vulnerability has been resolved: virt: tdx-guest: Fix handling of…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nvirt: tdx-guest: Fix handling of host controlled 'quote' buffer length\n\nValidate host controlled value `quote_buf->out_len` that determines how\nmany bytes of the quote are copied out to guest userspace. In TDX\nenvironments with rem…","indicators":{"cves":["CVE-2026-31470"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:43.473Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/02ca2d9d197723696cb9cc0cb159eb7e8bf5f89b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6f3c8795ae9ba74fa10fe979293d1904712d3fb1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a079a62883e3365de592cea9f7a669d8115433b0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c3fd16c3b98ed726294feab2f94f876290bf7b61","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31471","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31471 — In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: only publish mode_d…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: iptfs: only publish mode_data after clone setup\n\niptfs_clone_state() stores x->mode_data before allocating the reorder\nwindow. If that allocation fails, the code frees the cloned state and\nreturns -ENOMEM, leaving x->mode_dat…","indicators":{"cves":["CVE-2026-31471"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:43.610Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/371a43c4ac70cac0de9f9b1fc5b1660b9565b9f1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5784a1e2889c9525a8f036cb586930e232170bf7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d849a2f7309fc0616e79d13b008b0a47e0458b6e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31472","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31472 — In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: validate inner IPv4…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: iptfs: validate inner IPv4 header length in IPTFS payload\n\nAdd validation of the inner IPv4 packet tot_len and ihl fields parsed\nfrom decrypted IPTFS payloads in __input_process_payload(). A crafted\nESP packet containing an i…","indicators":{"cves":["CVE-2026-31472"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:43.740Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/0d10393d5eac33cbd92f7a41fddca12c41d3cb7e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3db7d4f777a00164582061ccaa99569cd85011a3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/de6d8e8ce5187f7402c9859b443355e7120c5f09","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31473","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31473 — In the Linux kernel, the following vulnerability has been resolved: media: mc, v4l2: serialize REINI…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex\n\nMEDIA_REQUEST_IOC_REINIT can run concurrently with VIDIOC_REQBUFS(0)\nqueue teardown paths. This can race request object cleanup against vb2\nqueue cancellation and…","indicators":{"cves":["CVE-2026-31473"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:43.863Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/1a0d9083c24fbd5d22f7100f09d11e4d696a5f01","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/2c685e99efb3b3bd2b78699fba6b1cf321975db0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/331242998a7ade5c2f65e14988901614629f3db5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/585fd9a2063dacce8b2820f675ef23d5d17434c5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/72b9e81e0203f03c40f3adb457f55bd4c8eb112d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/bef4f4a88b73e4cc550d25f665b8a9952af22773","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/cf2023e84f0888f96f4b65dc0804e7f3651969c1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d8549a453d5bdc0a71de66ad47a1106703406a56","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31474","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31474 — In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix tx.buf use-after…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ncan: isotp: fix tx.buf use-after-free in isotp_sendmsg()\n\nisotp_sendmsg() uses only cmpxchg() on so->tx.state to serialize access\nto so->tx.buf. isotp_release() waits for ISOTP_IDLE via\nwait_event_interruptible() and then calls kfr…","indicators":{"cves":["CVE-2026-31474"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:44.053Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/2e62e7051eca75a7f2e3d52d62ec10d7d7aa358c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/424e95d62110cdbc8fd12b40918f37e408e35a92","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9649d051e54413049c009638ec1dc23962c884a4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/cb3d6efa78460e6d50bf68806d0db66265709f64","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/eec8a1b18a79600bd4419079dc0026c1db72a830","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31475","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31475 — In the Linux kernel, the following vulnerability has been resolved: ASoC: sma1307: fix double free o…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: sma1307: fix double free of devm_kzalloc() memory\n\nA previous change added NULL checks and cleanup for allocation\nfailures in sma1307_setting_loaded().\n\nHowever, the cleanup for mode_set entries is wrong. Those entries are\nal…","indicators":{"cves":["CVE-2026-31475"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:44.207Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/1a82c3272626db9006f4c2cad3adf2916417aed6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d472d1a52985211b92883bb64bbe710b45980190","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/fe757092d2329c397ecb32f2bf68a5b1c4bd9193","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31476","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31476 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: do not expire session on…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: do not expire session on binding failure\n\nWhen a multichannel session binding request fails (e.g. wrong password),\nthe error path unconditionally sets sess->state = SMB2_SESSION_EXPIRED.\nHowever, during binding, sess points…","indicators":{"cves":["CVE-2026-31476"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:44.337Z","fetchedAt":"2026-04-23T03:00:26.083Z","references":[{"url":"https://git.kernel.org/stable/c/1d1888b4a7aec518b707f6eca0bf08992c0e8da3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6fafc4c4238e538969f1375f9ecdc6587c53f1cc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9bbb19d21ded7d78645506f20d8c44895e3d0fb9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a897064a457056acb976e20e3007cdf553de340f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e0e5edc81b241c70355217de7e120c97c3429deb","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f5300690c23c5ac860499bb37dbc09cf43fd62e6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31477","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31477 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leaks and NULL…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix memory leaks and NULL deref in smb2_lock()\n\nsmb2_lock() has three error handling issues after list_del() detaches\nsmb_lock from lock_list at no_check_cl:\n\n1) If vfs_lock_file() returns an unexpected error in the non-UNLO…","indicators":{"cves":["CVE-2026-31477"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:44.440Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/309b44ed684496ed3f9c5715d10b899338623512","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3cdacd11b41569ce75b3162142240f2355e04900","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/91aeaa7256006d79a37298f5a1df23325db91599","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/aab42f0795620cf0d3955a520f571f697d0f9a2a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c9b95ef6f5039f19e46c3a521a4fe1752d91dfe9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/cdac6f7e7e428dc70e3b5898ac6999a72ed13993","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31478","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31478 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: replace hardcoded hdr2_le…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()\n\nAfter this commit (e2b76ab8b5c9 \"ksmbd: add support for read compound\"),\nresponse buffer management was changed to use dynamic iov array.\nIn the new…","indicators":{"cves":["CVE-2026-31478"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:44.630Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/0e55f63dd08f09651d39e1b709a91705a8a0ddcb","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4cb537ae4f37d7d0f617815ed4bed7173fb50861","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6aef1765d6807e0f027cd87f6ac973eb0879a46d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/70b4c414889492c522b6e4331562360f49be2361","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/80824c7e527b70cf9039534e60aff592e8f209d1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9a7166f0ef8cbb7bb48dd05e2471d995566003f5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c3a89e3ec1ccf64fa6a34e391e1581ebbcba8683","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31480","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31480 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix potential deadlock…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix potential deadlock in cpu hotplug with osnoise\n\nThe following sequence may leads deadlock in cpu hotplug:\n\n    task1        task2        task3\n    -----        -----        -----\n\n mutex_lock(&interface_lock)…","indicators":{"cves":["CVE-2026-31480"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:45.170Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/03474a01c199de17a8e2d39b51df6beb9c76e831","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/1f9885732248d22f788e4992c739a98c88ab8a55","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7a41d4633cd2c15eb5ed31e8f3b16910e50a8c9f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7aa095ce7d224308cb6979956f0de8607df93d4f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/cf929c21eeed5bd39873fb14bfdfff963fa6f1da","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ef41a85a55022e27cdaebf22a6676910b66f65aa","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f278b8ebf7eba2a1699cfc7bf30dd3ef898d60d7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31481","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31481 — In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Drain deferred trigger frees if kthread creation fails\n\nBoot-time trigger registration can fail before the trigger-data cleanup\nkthread exists. Deferring those frees until late init is fine, but the\npost-boot fallback must…","indicators":{"cves":["CVE-2026-31481"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:45.340Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/250ab25391edeeab8462b68be42e4904506c409c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/771624b7884a83bb9f922ae64ee41a5f8b7576c9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31482","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31482 — In the Linux kernel, the following vulnerability has been resolved: s390/entry: Scrub r12 register o…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ns390/entry: Scrub r12 register on kernel entry\n\nBefore commit f33f2d4c7c80 (\"s390/bp: remove TIF_ISOLATE_BP\"),\nall entry handlers loaded r12 with the current task pointer\n(lg %r12,__LC_CURRENT) for use by the BPENTER/BPEXIT macros.…","indicators":{"cves":["CVE-2026-31482"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:45.457Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/0738d395aab8fae3b5a3ad3fc640630c91693c27","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7f4e3233faa8470dd0627bc49b2809f2bfebd909","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/95c899cd791803a5bf7b73e5994fbbe1cc1a9c36","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/99a8b420f3f0e162eb9c9c9253929d4d23f9bd30","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a58d298a83a3a9b7ca99ded9d60a1e77231159ef","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31483","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31483 — In the Linux kernel, the following vulnerability has been resolved: s390/syscalls: Add spectre bound…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ns390/syscalls: Add spectre boundary for syscall dispatch table\n\nThe s390 syscall number is directly controlled by userspace, but does\nnot have an array_index_nospec() boundary to prevent access past the\nsyscall function pointer tab…","indicators":{"cves":["CVE-2026-31483"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:45.627Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/1cb9c7bc9025c637564fabc7fcc3c9343949e310","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3c3b97064764899c39a0abbd35a6caa031e70333","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/48b8814e25d073dd84daf990a879a820bad2bcbd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4d05dd18d867d58c6952a3bc260d244899da7256","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7a5260fbc6e79a1595328ec5c6aa3f937504a1f0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/87776f02449e3bded95b2ccbd6b012e9ae64e6f3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f8c444b918d639e1f9a621ee20fe481c1d10dfc4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31484","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31484 — In the Linux kernel, the following vulnerability has been resolved: io_uring/fdinfo: fix OOB read in…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/fdinfo: fix OOB read in SQE_MIXED wrap check\n\n__io_uring_show_fdinfo() iterates over pending SQEs and, for 128-byte\nSQEs on an IORING_SETUP_SQE_MIXED ring, needs to detect when the second\nhalf of the SQE would be past the…","indicators":{"cves":["CVE-2026-31484"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:45.800Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/5170efd9c344c68a8075dcb8ed38d3f8a60e7ed4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ba21ab247a5be5382da7464b95afbe5f0e9aa503","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31485","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31485 — In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-lpspi: fix teardown…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-fsl-lpspi: fix teardown order issue (UAF)\n\nThere is a teardown order issue in the driver. The SPI controller is\nregistered using devm_spi_register_controller(), which delays\nunregistration of the SPI controller until after…","indicators":{"cves":["CVE-2026-31485"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:45.923Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/15650dfbaeeb14bcaaf053b93cf631db8d465300","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/adb25339b66112393fd6892ceff926765feb5b86","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/b341c1176f2e001b3adf0b47154fc31589f7410e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ca4483f36ac1b62e69f8b182c5b8f059e0abecfb","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d5d01f24bc6fbde40b4e567ef9160194b61267bc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e3fd54f8b0317fbccc103961ddd660f2a32dcf0b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e89e2b97253c124d37bf88e96e5e8ce5c3aeeec3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/fbe6f40caeebb0b1ea9dfedc259124c1d3cda7a6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31486","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31486 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (pmbus/core) Protect regu…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (pmbus/core) Protect regulator operations with mutex\n\nThe regulator operations pmbus_regulator_get_voltage(),\npmbus_regulator_set_voltage(), and pmbus_regulator_list_voltage()\naccess PMBus registers and shared data but were…","indicators":{"cves":["CVE-2026-31486"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:46.160Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/2c77ae315f3ce9d2c8e1609be74c9358c1fe4e07","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4e9d723d9f198b86f6882a84c501ba1f39e8d055","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/754bd2b4a084b90b5e7b630e1f423061a9b9b761","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31487","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31487 — In the Linux kernel, the following vulnerability has been resolved: spi: use generic driver_override…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: use generic driver_override infrastructure\n\nWhen a driver is probed through __driver_attach(), the bus' match()\ncallback is called without the device lock held, thus accessing the\ndriver_override field without a lock, which ca…","indicators":{"cves":["CVE-2026-31487"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:46.307Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/c73a58661a760373d08a6883af4f0bb5cc991a67","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/cc34d77dd48708d810c12bfd6f5bf03304f6c824","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e0ae367a2de06c49aa1de6ec9b1ab6860bbb2cf0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/eedf220442d13b6d97294e5b0ac8a2c38ee1a1a0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31489","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31489 — In the Linux kernel, the following vulnerability has been resolved: spi: meson-spicc: Fix double-put…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: meson-spicc: Fix double-put in remove path\n\nmeson_spicc_probe() registers the controller with\ndevm_spi_register_controller(), so teardown already drops the\ncontroller reference via devm cleanup.\n\nCalling spi_controller_put() a…","indicators":{"cves":["CVE-2026-31489"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:46.603Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/40ad0334c17b23d8b66b1082ad1478a6202e90e2","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/63542bb402b7013171c9f621c28b609eda4dbf1f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9b812ceb75a6260c17c91db4b9e74ead8cfa06f5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/da06a104f0486355073ff0d1bcb1fcbebb7080d6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31490","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31490 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix use-after-free in…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/pf: Fix use-after-free in migration restore\n\nWhen an error is returned from xe_sriov_pf_migration_restore_produce(),\nthe data pointer is not set to NULL, which can trigger use-after-free\nin subsequent .write() calls.\nSet the…","indicators":{"cves":["CVE-2026-31490"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:46.763Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/87997b6c6516e049cbaf2fc6810b213d587a06b1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e28552b4ddea5cb4725380dd08237831af835124","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31491","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31491 — In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Harden depth calcula…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Harden depth calculation functions\n\nAn issue was exposed where OS can pass in U32_MAX for SQ/RQ/SRQ size.\nThis can cause integer overflow and truncation of SQ/RQ/SRQ depth\nreturning a success when it should have failed.…","indicators":{"cves":["CVE-2026-31491"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:46.880Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/3f08351de5ca4f2f724b86ad252fbc21289467e1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/cbd852f5700eb3f64392452faf693ac45cae8281","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e37afcb56ae070477741fe2d6e61fc0c542cce2d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31492","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31492 — In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Initialize free_qp c…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Initialize free_qp completion before using it\n\nIn irdma_create_qp, if ib_copy_to_udata fails, it will call\nirdma_destroy_qp to clean up which will attempt to wait on\nthe free_qp completion, which is not initialized yet.…","indicators":{"cves":["CVE-2026-31492"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:47.010Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/11a95521fb93c91e2d4ef9d53dc80ef0a755549b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3cb88c12461b71c7d9c604aa2e6a9a477ecfa147","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ac1da7bd224d406b6f1b84414f0f652ab43b6bd8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/af310407f79d5816fc0ab3638e1588b6193316dd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/cd1534c8f4984432382c240f6784408497f5bb0a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f72996834f7bdefc2b95e3eec30447ee195df44e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31493","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31493 — In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix use of completion…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/efa: Fix use of completion ctx after free\n\nOn admin queue completion handling, if the admin command completed with\nerror we print data from the completion context. The issue is that we\nalready freed the completion context in p…","indicators":{"cves":["CVE-2026-31493"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:47.170Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/0dd98aea1c0c45987fa2dd92f988b0eb1a72c125","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/1cf95fe5dc5471efea947b4c6f8913da6bc7976e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ef3b06742c8a201d0e83edc9a33a89a4fe3009f8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31494","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31494 — In the Linux kernel, the following vulnerability has been resolved: net: macb: use the current queue…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: macb: use the current queue number for stats\n\nThere's a potential mismatch between the memory reserved for statistics\nand the amount of memory written.\n\ngem_get_sset_count() correctly computes the number of stats based on the…","indicators":{"cves":["CVE-2026-31494"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:47.293Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/240c5302eed83e34e98db18f6795ee5f40814024","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/72d96e4e24bbefdcfbc68bdb9341a05d8f5cb6e5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7ff87da099210856cbfe2f2f7f52ddfa57af4f0c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/95246341945163ad9a250a87ca5bd1c1252777ae","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9596759a84e1dbf2670518d85e969208960041f9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9738be665544281aa624842812c2fbfed6f88226","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9d74d10e4e26672e139a8bcf8bf95957bf2d160f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e182fe273cdf5a8931592228196ef514ffac392b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31495","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31495 — In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use netlin…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: use netlink policy range checks\n\nReplace manual range and mask validations with netlink policy\nannotations in ctnetlink code paths, so that the netlink core rejects\ninvalid values early and can generate extack…","indicators":{"cves":["CVE-2026-31495"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:47.500Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/2ef71307c86a9f866d6e28f1a0c06e2e9d794474","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/435b576cd2faa75154777868f8cbb73bf71644d3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/45c33e79ae705b7af97e3117672b6cd258dd0b1b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4f7d25f3f0786402ba48ff7d13b6241d77d975f5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/675c913b940488a84effdeeac5a1cfb657b59804","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8f15b5071b4548b0aafc03b366eb45c9c6566704","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c6cb41eaae875501eaaa487b8db6539feb092292","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/fcec5ce2d73a41668b24e3f18c803541602a59f6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31496","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31496 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_expect:…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conntrack_expect: skip expectations in other netns via proc\n\nSkip expectations that do not reside in this netns.\n\nSimilar to e77e6ff502ea (\"netfilter: conntrack: do not dump other netns's\nconntrack entries via proc\").","indicators":{"cves":["CVE-2026-31496"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:47.693Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/168145c87444619e3e649322bbe7719ecd00d411","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/2028405ea6987b4448784e439413202cfe19f43f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3265ad619987cb551edaf797ed056d80ac450225","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3db5647984de03d9cae0dcddb509b058351f0ee4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9ca8c7452493d915f9bbf2f39331e6c583d07a23","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/dcfcd95b3ae7683e8ae55c92284b3430ce614bc7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31497","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31497 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: clamp SCO alts…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btusb: clamp SCO altsetting table indices\n\nbtusb_work() maps the number of active SCO links to USB alternate\nsettings through a three-entry lookup table when CVSD traffic uses\ntransparent voice settings. The lookup curre…","indicators":{"cves":["CVE-2026-31497"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:47.857Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/1019028eb124564cf7bca58a16f1df8a1ca30726","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/129fa608b6ad08b8ab7178eeb2ec272c993aaccc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/21c254202f9d78abe0fcd642a92966deb92bd226","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/312c4450fe23014665c163f480edd5ad2e27bbb8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/476c9262b430c38c6a701a3b8176a3f48689085b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6fba3c3d48c927e55611a0f5ea34da88138ed0ff","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/834cf890d2c3d29cbfa1ee2376c40469c28ec297","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9dd13a8641de79bc1bc93da55cdd35259a002683","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31498","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31498 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix ERTM re-in…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop\n\nl2cap_config_req() processes CONFIG_REQ for channels in BT_CONNECTED\nstate to support L2CAP reconfiguration (e.g. MTU changes). However,\nsince both CONF_INPUT_DONE…","indicators":{"cves":["CVE-2026-31498"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:48.067Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/042e2cd4bb11e5313b19b87593616524949e4c52","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/25f420a0d4cfd61d3d23ec4b9c56d9f443d91377","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/52667c859fe33f70c2e711cb81bbd505d5eb8e75","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/900e4db5385ec2cacd372345a80ab9c8e105b3a3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9760b83cfd24b38caee663f429011a0dd6064fa9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9a21a631ee034b1573dce14b572a24943dbfd7ae","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/de37e2655b7abc3f59254c6b72256840f39fc6d5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e7aab23b7df89a3d754a5f0a7d2237548b328bd0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31499","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31499 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix deadlock i…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix deadlock in l2cap_conn_del()\n\nl2cap_conn_del() calls cancel_delayed_work_sync() for both info_timer\nand id_addr_timer while holding conn->lock. However, the work functions\nl2cap_info_timeout() and l2cap_conn_u…","indicators":{"cves":["CVE-2026-31499"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:48.283Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/00fdebbbc557a2fc21321ff2eaa22fd70c078608","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3f26ecbd9cde621dd94be7ef252c7210b965a5c7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d008460de352e534f6721de829b093368564ec66","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31500","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31500 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: serialize bt…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock\n\nbtintel_hw_error() issues two __hci_cmd_sync() calls (HCI_OP_RESET\nand Intel exception-info retrieval) without holding\nhci_req_sync_lock().  This lets it race…","indicators":{"cves":["CVE-2026-31500"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:48.427Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/5f84e845648dfa86e42de5487f1a774b42f0444d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/66696648af477dc87859e5e4b607112f5f29d010","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/94d8e6fe5d0818e9300e514e095a200bd5ff93ae","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e10a4cb72468686ffbe8bb2b0520e37f6be1a0c5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f7d84737663ad4a120d2d8ef1561a4df91282c2e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31501","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31501 — In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix use-a…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ti: icssg-prueth: fix use-after-free of CPPI descriptor in RX path\n\ncppi5_hdesc_get_psdata() returns a pointer into the CPPI descriptor.\nIn both emac_rx_packet() and emac_rx_packet_zc(), the descriptor is\nfreed via k3_cppi_des…","indicators":{"cves":["CVE-2026-31501"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:48.597Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/d5827316debcb677679bb014885d7be92c410e11","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/eb8c426c9803beb171f89d15fea17505eb517714","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31502","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31502 — In the Linux kernel, the following vulnerability has been resolved: team: fix header_ops type confus…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nteam: fix header_ops type confusion with non-Ethernet ports\n\nSimilar to commit 950803f72547 (\"bonding: fix type confusion in\nbond_setup_by_slave()\") team has the same class of header_ops type\nconfusion.\n\nFor non-Ethernet ports, tea…","indicators":{"cves":["CVE-2026-31502"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:48.713Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/0a7468ed49a6b65d34abcc6eb60e15f7f6d34da0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/20491d384d973a63fbdaf7a71e38d69b0659ea55","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/425000dbf17373a4ab8be9428f5dc055ef870a56","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6d3161fa3eee64d46b766fb0db33ec7f300ef52d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31503","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31503 — In the Linux kernel, the following vulnerability has been resolved: udp: Fix wildcard bind conflict…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nudp: Fix wildcard bind conflict check when using hash2\n\nWhen binding a udp_sock to a local address and port, UDP uses\ntwo hashes (udptable->hash and udptable->hash2) for collision\ndetection. The current code switches to \"hash2\" whe…","indicators":{"cves":["CVE-2026-31503"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:48.863Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/0a360f7f73a06ac88f18917055fbcc79694252d7","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/18d84c45def3671d5c89fbdd5d4ab8a3217fe4b4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/2297e38114316b26ae02f2d205c49b5511c5ed55","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d6ace0dbcbb7fd285738bb87b42b71b01858c952","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e537dd15d0d4ad989d56a1021290f0c674dd8b28","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f1bed05a832ae79be5f7a105da56810eaa59a5f1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31504","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31504 — In the Linux kernel, the following vulnerability has been resolved: net: fix fanout UAF in packet_re…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix fanout UAF in packet_release() via NETDEV_UP race\n\n`packet_release()` has a race window where `NETDEV_UP` can re-register a\nsocket into a fanout group's `arr[]` array. The re-registration is not\ncleaned up by `fanout_relea…","indicators":{"cves":["CVE-2026-31504"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:49.040Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/1b4c03f8892d955385c202009af7485364731bb9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/42156f93d123436f2a27c468f18c966b7e5db796","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/42cfd7898eeed290c9fb73f732af1f7d6b0a703e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/654386baef228c2992dbf604c819e4c7c35fc71b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/75fe6db23705a1d55160081f7b37db9665b1880b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ceccbfc6de720ad633519a226715989cfb065af1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d0c7cdc15fdf8c4f91aca1928e52295d175b6ec6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ee642b1962caa9aa231c01abbd58bc453ae6b66e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31505","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31505 — In the Linux kernel, the following vulnerability has been resolved: iavf: fix out-of-bounds writes i…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\niavf: fix out-of-bounds writes in iavf_get_ethtool_stats()\n\niavf incorrectly uses real_num_tx_queues for ETH_SS_STATS. Since the\nvalue could change in runtime, we should use num_tx_queues instead.\n\nMoreover iavf_get_ethtool_stats()…","indicators":{"cves":["CVE-2026-31505"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:49.233Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/1f931dee5b726df1940348ec31614d64bac03aa6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/bb85741d2dc2be207353a412f51b83697fcbefcf","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/fdf902bf86a80bf15792a1d20a67a5302498d7f1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/fecacfc95f195b99c71c579a472120d0b4ed65fa","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31506","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31506 — In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix double free of…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bcmasp: fix double free of WoL irq\n\nWe do not need to free wol_irq since it was instantiated with\ndevm_request_irq(). So devres will free for us.","indicators":{"cves":["CVE-2026-31506"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:49.397Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/121a6ad9cd42ba3bfc57deae93e3326515c2afe1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8a30509ce6a29bdf18e0802383c524a7b2357ec0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9e5f5c07cc7d66522f8c9676c28605eba5d4a20e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/cbfa5be2bf64511d49b854a0f9fd6d0b5118621f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31507","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31507 — In the Linux kernel, the following vulnerability has been resolved: net/smc: fix double-free of smc_…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer\n\nsmc_rx_splice() allocates one smc_spd_priv per pipe_buffer and stores\nthe pointer in pipe_buffer.private.  The pipe_buf_operations for these\nbuffers…","indicators":{"cves":["CVE-2026-31507"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:49.523Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/24dd586bb4cbba1889a50abe74143817a095c1c9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3cc76380fea749280c026f410af56a28aaac388a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/54c87a730157868543ebdfa0ecb21b4590ed23a5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7bcb974c771c863e8588cea0012ac204443a7126","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7e8916f46c2f48607f907fd401590093753a6bc5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/81acbd345d405994875d419d43b319fee0b9ad62","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/98ba5cb274768146e25ffbfde47753652c1c20d3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ae5575e660410c8d2c5d38fb28a0f37aea945676","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31508","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31508 — In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Avoid releasin…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: Avoid releasing netdev before teardown completes\n\nThe patch cited in the Fixes tag below changed the teardown code for\nOVS ports to no longer unconditionally take the RTNL. After this change,\nthe netdev_destroy()…","indicators":{"cves":["CVE-2026-31508"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:49.727Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/33609454be4f582e686a4bf13d4482a5ca0f6c4b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/43579baa17270aa51f93eb09b6e4af6e047b7f6e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4c3e25a7b711a402fcbbbcfbbdf2868ece1ae7c8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5fdeaf591a0942772c2d18ff3563697a49ad01c6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/755a6300afbd743cda4b102f24f343380ec0e0ff","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7c770dadfda5cbbde6aa3c4363ed513f1d212bf8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/95265232b49765a4d00f4d028c100bb7185600f4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/df3c95be76103604e752131d9495a24814915ece","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31509","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31509 — In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix circular locking d…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: fix circular locking dependency in nci_close_device\n\nnci_close_device() flushes rx_wq and tx_wq while holding req_lock.\nThis causes a circular locking dependency because nci_rx_work()\nrunning on rx_wq can end up taking re…","indicators":{"cves":["CVE-2026-31509"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:49.947Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/09143c0e8f3b03517e6233aad42f45c794d8df8e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/1edc12d2bbcb7a8d0f1088e6fccb9d8c01bb1289","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4527025d440ce84bf56e75ce1df2e84cb8178616","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5eef9ebec7f5738f12cadede3545c05b34bf5ac3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7ed00a3edc8597fe2333f524401e2889aa1b5edf","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ca54e904a071aa65ef3ad46ba42d51aaac6b73b4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d89b74bf08f067b55c03d7f999ba0a0e73177eb3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/eb435d150ca74b4d40f77f1a2266f3636ed64a79","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31511","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31511 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix dangling po…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete\n\nThis fixes the condition checking so mgmt_pending_valid is executed\nwhenever status != -ECANCELED otherwise calling mgmt_pending_free(cmd)\nwould kfree…","indicators":{"cves":["CVE-2026-31511"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:50.343Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/340666172cf747de58c283d2eef1f335f050538b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3a89c33deffb3cb7877a7ea2e50734cd12b064f2","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5f5fa4cd35f707344f65ce9e225b6528691dbbaa","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/bafec9325d4de26b6c49db75b5d5172de652aae0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31512","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31512 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate PDU l…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()\n\nl2cap_ecred_data_rcv() reads the SDU length field from skb->data using\nget_unaligned_le16() without first verifying that skb contains at lea…","indicators":{"cves":["CVE-2026-31512"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:50.490Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/3340be2bafdcc806f048273ea6d8e82a6597aa1b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/40c7f7eea2f4d9cb0b3e924254c8c9053372168f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/477ad4976072056c348937e94f24583321938df4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5ad981249be52f5e4e92e0e97b436b569071cb86","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8c96f3bd4ae0802db90630be8e9851827e9c9209","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c65bd945d1c08c3db756821b6bf9f1c4a77b29c6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/cef09691cfb61f6c91cc27c3d69634f81c8ab949","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e47315b84d0eb188772c3ff5cf073cdbdefca6b4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31513","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31513 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix stack-out-…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix stack-out-of-bounds read in l2cap_ecred_conn_req\n\nSyzbot reported a KASAN stack-out-of-bounds read in l2cap_build_cmd()\nthat is triggered by a malformed Enhanced Credit Based Connection Request.\n\nThe vulnerabi…","indicators":{"cves":["CVE-2026-31513"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:50.673Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/5b35f8211a913cfe7ab9d54fa36a272d2059a588","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9d87cb22195b2c67405f5485d525190747ad5493","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a3d9c50d69785ae02e153f000da1b5fd6dbfdf1b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c8e1a27edb8b4e5afb56b384acd7b6c2dec1b7cc","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31514","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31514 — In the Linux kernel, the following vulnerability has been resolved: erofs: set fileio bio failed in…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: set fileio bio failed in short read case\n\nFor file-backed mount, IO requests are handled by vfs_iocb_iter_read().\nHowever, it can be interrupted by SIGKILL, returning the number of\nbytes actually copied. Unused folios in bio…","indicators":{"cves":["CVE-2026-31514"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:50.810Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/5a5f23ef5431639db1ac3a0b274aef3a84cc413c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5cf3972c8221abdb1b464a14ccf8103d840b9085","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d1ba7d6b3cd1757b108d7b6856c92ae661d6c323","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/eade54040384f54b7fb330e4b0975c5734850b3c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31515","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31515 — In the Linux kernel, the following vulnerability has been resolved: af_key: validate families in pfk…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\naf_key: validate families in pfkey_send_migrate()\n\nsyzbot was able to trigger a crash in skb_put() [1]\n\nIssue is that pfkey_send_migrate() does not check old/new families,\nand that set_ipsecrequest() @family argument was truncated,…","indicators":{"cves":["CVE-2026-31515"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:50.940Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/7b18692c59afb8e5c364c8e3ac01e51dd6b52028","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/83f644ea92987c100b82d8481ae2230faeed3d34","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8ddf8de7e758f6888988467af9ffc8adf589fb16","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d0c5aa8dd38887714f1aad04236a3620b56a5e4e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d3225e6b9bd51ec177970a628fe4b11237ce87d5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e06b596fc4eb01936a2e5dccad17c946d660bab8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/eb2d16a7d599dc9d4df391b5e660df9949963786","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ee836e820a40e2ca4da8af7310bff92d586772d4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31516","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31516 — In the Linux kernel, the following vulnerability has been resolved: xfrm: prevent policy_hthresh.wor…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: prevent policy_hthresh.work from racing with netns teardown\n\nA XFRM_MSG_NEWSPDINFO request can queue the per-net work item\npolicy_hthresh.work onto the system workqueue.\n\nThe queued callback, xfrm_hash_rebuild(), retrieves th…","indicators":{"cves":["CVE-2026-31516"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:51.130Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/29fe3a61bcdce398ee3955101c39f89c01a8a77e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4e2e77843fef473ef47e322d52436d8308582a96","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/56ea2257b83ee29a543f158159e3d1abc1e3e4fe","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/8854e9367465d784046362698731c1111e3b39b8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31517","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31517 — In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix skb_put() panic…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: iptfs: fix skb_put() panic on non-linear skb during reassembly\n\nIn iptfs_reassem_cont(), IP-TFS attempts to append data to the new inner\npacket 'newskb' that is being reassembled. First a zero-copy approach is\ntried if it suc…","indicators":{"cves":["CVE-2026-31517"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:51.273Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/0b352f83cabfefdaafa806d6471f0eca117dc7d5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/33a7b36268933c75bdc355e5531951e0ea9f1951","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7fdfe8f6efeb0e1200e22a903f2471539f54522b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31518","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31518 — In the Linux kernel, the following vulnerability has been resolved: esp: fix skb leak with espintcp…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nesp: fix skb leak with espintcp and async crypto\n\nWhen the TX queue for espintcp is full, esp_output_tail_tcp will\nreturn an error and not free the skb, because with synchronous crypto,\nthe common xfrm output code will drop the pac…","indicators":{"cves":["CVE-2026-31518"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:51.410Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/0c0eef8ccd2413b0a10eb6bbd3442333b1e64dd2","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/41aafca57de4a4c026701622bd4648f112a9edcd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4820847e036ff1035b01b69ad68dfc17e7028fe9","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6a3ec6efbc4f90e0ccb2e71574f07351f19996f4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6aa9841d917532d0f2d932d1ff2f3a94305aaf47","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/88d386243ed374ac969dabd3bbc1409a31d81818","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/aca3ad0c262f54a5b5c95dda80a48365997d1224","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/df6f995358dc1f3c42484f5cfe241d7bd3e1cd15","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31519","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31519 — In the Linux kernel, the following vulnerability has been resolved: btrfs: set BTRFS_ROOT_ORPHAN_CLE…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create\n\nWe have recently observed a number of subvolumes with broken dentries.\nls-ing the parent dir looks like:\n\ndrwxrwxrwt 1 root root 16 Jan 23 16:49 .\ndrwxr-xr-x 1 root root 24…","indicators":{"cves":["CVE-2026-31519"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:51.580Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/2ec578e6452138ab76f6c9a9c18711fcd197649f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5131fa077f9bb386a1b901bf5b247041f0ec8f80","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/696683f214495db3cdacab9a713efaaced8660f8","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a41a9b8d19a98b45591528c6e54d31cc66271d1e","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c57276ced3c3207f42182dfa2f0d8e860357e111","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d43da8de0ed376abafbad8a245a1835e8f66cb0f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31520","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31520 — In the Linux kernel, the following vulnerability has been resolved: HID: apple: avoid memory leak in…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nHID: apple: avoid memory leak in apple_report_fixup()\n\nThe apple_report_fixup() function was returning a\nnewly kmemdup()-allocated buffer, but never freeing it.\n\nThe caller of report_fixup() does not take ownership of the returned…","indicators":{"cves":["CVE-2026-31520"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:51.770Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/239c15116d80f67d32f00acc34575f1a6b699613","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/2635d0c715f3fb177e0f80ecd5fa48feb6bf3884","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/31860c3f7ac66ab897a8c90dc4e74fa17ca0b624","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/be1a341c161430282acdfe2ac99b413271575cf1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e2f090aeb7b9930a964e151910f4d45b04c8a7e5","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/e652ebd29928181c3e6820e303da25873e9917d4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31521","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31521 — In the Linux kernel, the following vulnerability has been resolved: module: Fix kernel panic when a…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nmodule: Fix kernel panic when a symbol st_shndx is out of bounds\n\nThe module loader doesn't check for bounds of the ELF section index in\nsimplify_symbols():\n\n       for (i = 1; i < symsec->sh_size / sizeof(Elf_Sym); i++) {\n\t\tconst…","indicators":{"cves":["CVE-2026-31521"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:51.930Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/082f15d2887329e0f43fd3727e69365f5bfe5d2c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4bbdb0e48176fd281c2b9a211b110db6fd94e175","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/5d16f519b6eb1d071807e57efe0df2baa8d32ad6","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6ba6957c640f58dc8ef046981a045da43e47ea23","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ec2b22a58073f80739013588af448ff6e2ab906f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ef75dc1401d8e797ee51559a0dd0336c225e1776","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f9d69d5e7bde2295eb7488a56f094ac8f5383b92","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31522","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31522 — In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: avoid memory le…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nHID: magicmouse: avoid memory leak in magicmouse_report_fixup()\n\nThe magicmouse_report_fixup() function was returning a\nnewly kmemdup()-allocated buffer, but never freeing it.\n\nThe caller of report_fixup() does not take ownership o…","indicators":{"cves":["CVE-2026-31522"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:52.100Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/136f605e246b4bfe7ac2259471d1ff814aed0084","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/579c4c9857acdc8380fa99803f355f878bd766cb","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/79e5dcc95d9abed6f8203cfd529f4ec71f0e505d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7edfe4346b052b708645d0acc0f186425766b785","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/91e8c6e601bdc1ccdf886479b6513c01c7e51c2c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d84c21aabaab517b9aaf9bc1d785922cb9db2f31","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/fa95b0146358b49f9858139b67314591fd5871b0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31523","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31523 — In the Linux kernel, the following vulnerability has been resolved: nvme-pci: ensure we're polling a…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: ensure we're polling a polled queue\n\nA user can change the polled queue count at run time. There's a brief\nwindow during a reset where a hipri task may try to poll that queue\nbefore the block layer has updated the queue m…","indicators":{"cves":["CVE-2026-31523"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:52.263Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/0685dd9cb855ab77fcf3577b4702ba1d6df1c98d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/166e31d7dbf6aa44829b98aa446bda5c9580f12a","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6f12734c4b619f923a4df0b1a46b8098b187d324","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/965e2c943f065122f14282a88d70a8a92e12a4da","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/acbc72dd1a09df53cafcf577259f4678be6afd6d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/b222680ba55e018426c4535067a008f1d81a5d21","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/b96c7b25eb1b748f3e3b1832ebf028b0b223d7e3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ba167d5982e2eb6ff9356d409eca592ce99555da","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31524","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31524 — In the Linux kernel, the following vulnerability has been resolved: HID: asus: avoid memory leak in…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nHID: asus: avoid memory leak in asus_report_fixup()\n\nThe asus_report_fixup() function was returning a newly allocated\nkmemdup()-allocated buffer, but never freeing it.  Switch to\ndevm_kzalloc() to ensure the memory is managed and f…","indicators":{"cves":["CVE-2026-31524"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:52.430Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/2bad24c17742fc88973d6aea526ce1353f5334a3","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/2e4fe6b15c2f390c023b20d728b1a3fe7ea4f973","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/726765b43deb2b4723869d673cc5fc6f7a3b2059","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7a6d6e4d8af044f94fa97e97af5ff2771e1fbebd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/84724ac4821a160d47b84289adf139023027bdbb","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/a41cc7c1668e44ff2c2d36f9a6353253ffc43e3c","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/ede95cfcab8064d9a08813fbd7ed42cea8843dcf","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f20f17cffbe34fb330267e0f8084f5565f807444","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31525","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31525 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix undefined behavior in i…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN\n\nThe BPF interpreter's signed 32-bit division and modulo handlers use\nthe kernel abs() macro on s32 operands. The abs() macro documentation\n(include/linux/math.h) exp…","indicators":{"cves":["CVE-2026-31525"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:52.607Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/0d5d8c3ce45c734aaf3c51cbef59155a6746157d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/694ea55f1b1c74f9942d91ec366ae9e822422e42","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9ab1227765c446942f290c83382f0b19887c55cf","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c77b30bd1dcb61f66c640ff7d2757816210c7cb0","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f14ca604c0ff274fba19f73f1f0485c0047c1396","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31526","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31526 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix exception exit lock che…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix exception exit lock checking for subprogs\n\nprocess_bpf_exit_full() passes check_lock = !curframe to\ncheck_resource_leak(), which is false in cases when bpf_throw() is\ncalled from a static subprog. This makes check_resource…","indicators":{"cves":["CVE-2026-31526"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:52.763Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/5a399f3117642494e35545f6ca397d3e177c1f9b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/6c2128505f61b504c79a20b89596feba61388112","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/c0281da1f2aa5c2fca3a05f79b86bea96591c358","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31527","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31527 — In the Linux kernel, the following vulnerability has been resolved: driver core: platform: use gener…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: platform: use generic driver_override infrastructure\n\nWhen a driver is probed through __driver_attach(), the bus' match()\ncallback is called without the device lock held, thus accessing the\ndriver_override field withou…","indicators":{"cves":["CVE-2026-31527"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:52.903Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/2b38efc05bf7a8568ec74bfffea0f5cfa62bc01d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/7c02a9bd7d14a89065fcf672b86d8e1d1a41d3b1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/9a6086d2a828dd2ff74cf9abcae456670febd71f","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/edee7ee5a14c3b33f6d54641f5af5c5e9180992d","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31528","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31528 — In the Linux kernel, the following vulnerability has been resolved: perf: Make sure to use pmu_ctx->…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Make sure to use pmu_ctx->pmu for groups\n\nOliver reported that x86_pmu_del() ended up doing an out-of-bound memory access\nwhen group_sched_in() fails and needs to roll back.\n\nThis *should* be handled by the transaction callba…","indicators":{"cves":["CVE-2026-31528"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:53.040Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/35f7914e54fe7f13654c22ee045b05e4b6d8062b","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/3a696e84a8b1fafdd774bb30d62919faf844d9e4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4b9ce671960627b2505b3f64742544ae9801df97","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/4c759446046500a1a6785b25725725c3ff087ace","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/656f35b463995bee024d948440128230aacd81e1","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31529","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31529 — In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix leakage in __con…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/region: Fix leakage in __construct_region()\n\nFailing the first sysfs_update_group() needs to explicitly\nkfree the resource as it is too early for cxl_region_iomem_release()\nto do so.","indicators":{"cves":["CVE-2026-31529"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:53.183Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/77b310bb7b5ff8c017524df83292e0242ba89791","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f1b4741adf08b0063291ec1b0dfa9c3d55644933","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-31530","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-31530 — In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use after free of…","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/port: Fix use after free of parent_port in cxl_detach_ep()\n\ncxl_detach_ep() is called during bottom-up removal when all CXL memory\ndevices beneath a switch port have been removed. For each port in the\nhierarchy it locks both th…","indicators":{"cves":["CVE-2026-31530"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:16:53.293Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://git.kernel.org/stable/c/19d2f0b97a131198efc2c4ca3eb7f980bba8c2b4","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/2c32141462045cf93d54a5146a0ba572b83533dd","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/d216a4bd138eb57cc4ae7c43b2f709e3482af7e2","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"},{"url":"https://git.kernel.org/stable/c/f7dc6f381a1e5f068333f1faa9265d6af1df4235","label":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5749","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5749 — Inadequate access control in the registration process in Fullstep V5, which could allow unauthentica…","description":"Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact with authenticated API resources. Successful exploitation of this vulnerability could allow an unauthenticated attacker to compromise the c…","indicators":{"cves":["CVE-2026-5749"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:17:05.993Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fullstep","label":"cve-coordination@incibe.es","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-5750","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-5750 — An insecure direct object reference (IDOR) vulnerability in the Fullstep V5 registration process all…","description":"An insecure direct object reference (IDOR) vulnerability in the Fullstep V5 registration process allows authenticated users to access data belonging to other registered users through various vulnerable authenticated resources in the application. The vulnerable endpoints result from: '/api/suppliers/…","indicators":{"cves":["CVE-2026-5750"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:17:06.173Z","fetchedAt":"2026-04-23T03:00:26.084Z","references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fullstep","label":"cve-coordination@incibe.es","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-35382","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-35382 — Rejected reason: Voluntarily withdrawn","description":"Rejected reason: Voluntarily withdrawn","indicators":{"cves":["CVE-2026-35382"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T17:16:43.360Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[],"feedLabel":null},{"id":"nvd-CVE-2026-28950","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-28950 — A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iP…","description":"A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2. Notifications marked for deletion could be unexpectedly retained on the device.","indicators":{"cves":["CVE-2026-28950"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T19:17:00.847Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://support.apple.com/en-us/127002","label":"product-security@apple.com","domainType":"other"},{"url":"https://support.apple.com/en-us/127003","label":"product-security@apple.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3673","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-3673 — An authenticated attacker can store a crafted tag value in _user_tags and trigger JavaScript executi…","description":"An authenticated attacker can store a crafted tag value in _user_tags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interpolates tag content into HTML attributes and element content without escaping.\nThis issue affects Frap…","indicators":{"cves":["CVE-2026-3673"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T20:16:41.790Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://fluidattacks.com/es/advisories/silvio","label":"help@fluidattacks.com","domainType":"other"},{"url":"https://github.com/frappe/frappe","label":"help@fluidattacks.com","domainType":"primary"},{"url":"https://fluidattacks.com/es/advisories/silvio","label":"134c704f-9b21-4f2e-91b3-4a467353bcc0","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6019","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-6019 — http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes \" for JavaScript…","description":"http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes \" for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence </script> inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie v…","indicators":{"cves":["CVE-2026-6019"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T20:16:42.617Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/python/cpython/commit/76b3923d688c0efc580658476c5f525ec8735104","label":"cna@python.org","domainType":"primary"},{"url":"https://github.com/python/cpython/issues/90309","label":"cna@python.org","domainType":"primary"},{"url":"https://github.com/python/cpython/pull/148848","label":"cna@python.org","domainType":"primary"},{"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/IVNWGV2BBNC3RHQAFS22UP4DY56SAXX3/","label":"cna@python.org","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-3837","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-3837 — An authenticated attacker can persist crafted values in multiple field types and trigger client-side…","description":"An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter implementations interpolate stored values into raw HTML attributes and element content without escapin…","indicators":{"cves":["CVE-2026-3837"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T21:17:08.523Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://fluidattacks.com/es/advisories/sabina","label":"help@fluidattacks.com","domainType":"other"},{"url":"https://github.com/frappe/frappe","label":"help@fluidattacks.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41134","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41134 — Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a cod…","description":"Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a code-generation literal injection vulnerability in multiple writer sinks (for example: serialization/deserialization keys, path/query parameter mappings, URL template metadata, enum/property metadata, an…","indicators":{"cves":["CVE-2026-41134"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T21:17:09.027Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/microsoft/kiota/security/advisories/GHSA-2hx3-vp6r-mg3f","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41168","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41168 — pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability presen…","description":"pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large `/Size` values or object streams with wrong large `/N` values. This h…","indicators":{"cves":["CVE-2026-41168","CVE-2026-41312","CVE-2026-41313","CVE-2026-41314"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T21:17:09.450Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/py-pdf/pypdf/commit/62338e9d36419cf193ccec7331784f45df1d70b3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/py-pdf/pypdf/pull/3733","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/py-pdf/pypdf/releases/tag/6.10.1","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-jj6c-8h6c-hppx","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/py-pdf/pypdf/pull/3734","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/py-pdf/pypdf/releases/tag/6.10.2","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-7gw9-cf7v-778f","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/py-pdf/pypdf/commit/c50a0104cf083356f7c7f5d61410466a57f5c88a","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/py-pdf/pypdf/pull/3735","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-4pxv-j86v-mhcw","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-x284-j5p8-9c5p","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41171","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41171 — Squidex is an open source headless content management system and content management hub. Versions pr…","description":"Squidex is an open source headless content management system and content management hub. Versions prior to 7.23.0 have a Server-Side Request Forgery (SSRF) vulnerability due to missing SSRF protection on the `Jint` HTTP client used by scripting engine functions (`getJSON`, `request`, etc.). An authe…","indicators":{"cves":["CVE-2026-41171"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T22:16:31.543Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/Squidex/squidex/commit/b81d75e1d9c1a8e30993c2ee59b350002b9aeda4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/Squidex/squidex/security/advisories/GHSA-4m22-gvqm-jv97","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-1726","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-1726 — IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1","description":"IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1","indicators":{"cves":["CVE-2026-1726"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:44.920Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://www.ibm.com/support/pages/node/7268697","label":"psirt@us.ibm.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-29198","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-29198 — In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injec…","description":"In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OAuth app is configured.","indicators":{"cves":["CVE-2026-29198"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:45.060Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/RocketChat/Rocket.Chat/pull/39492","label":"support@hackerone.com","domainType":"primary"},{"url":"https://hackerone.com/reports/3564655","label":"support@hackerone.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-32679","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-32679 — The installers of LiveOn Meet Client for Windows (Downloader5Installer.exe and Downloader5InstallerF…","description":"The installers of LiveOn Meet Client for Windows (Downloader5Installer.exe and Downloader5InstallerForAdmin.exe) and the installers of Canon Network Camera Plugin (CanonNWCamPlugin.exe and CanonNWCamPluginForAdmin.exe) insecurely load Dynamic Link Libraries (DLLs). If a malicious DLL is placed at th…","indicators":{"cves":["CVE-2026-32679"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:45.157Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://jvn.jp/en/jp/JVN45563482/","label":"vultures@jpcert.or.jp","domainType":"other"},{"url":"https://web.liveon.ne.jp/wp-content/uploads/2026/04/JMSSA2026-001.pdf","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-40062","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-40062 — A path Traversal vulnerability exists in Ziostation2 v2.9.8.7 and earlier. A remote unauthenticated…","description":"A path Traversal vulnerability exists in Ziostation2 v2.9.8.7 and earlier. A remote unauthenticated attacker may get sensitive information on the operating system.","indicators":{"cves":["CVE-2026-40062"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:45.467Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://jvn.jp/en/jp/JVN00575116/","label":"vultures@jpcert.or.jp","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-41176","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41176 — Rclone is a command-line program to sync files and directories to and from different cloud storage p…","description":"Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint `options/set` is exposed without `AuthRequired: true`, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pr…","indicators":{"cves":["CVE-2026-41176","CVE-2026-41179"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:45.800Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/rc/config.go","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/rc/rcserver/rcserver.go","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/rclone/rclone/security/advisories/GHSA-25qr-6mpr-f7qx","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/backend/webdav/webdav.go","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/operations/rc.go","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/rc/cache.go","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/rclone/rclone/security/advisories/GHSA-jfwf-28xr-xw6q","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41196","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41196 — Luanti (formerly Minetest) is an open source voxel game-creation platform. Starting in version 5.0.0…","description":"Luanti (formerly Minetest) is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the ser…","indicators":{"cves":["CVE-2026-41196"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:17.900Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/luanti-org/luanti/commit/8a929dfb97aa08337f49ba1bb96a56d6557dc896","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/luanti-org/luanti/security/advisories/GHSA-g596-mf82-w8c3","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41197","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41197 — Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compat…","description":"Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and Brillig is the bytecode ACIR uses for non-determinism. Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA instructi…","indicators":{"cves":["CVE-2026-41197"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:18.127Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/noir-lang/noir/releases/tag/v1.0.0-beta.19","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/noir-lang/noir/security/advisories/GHSA-jj7c-x25r-r8r3","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41200","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41200 — STIG Manager is an API and web client for managing Security Technical Implementation Guides (STIG) a…","description":"STIG Manager is an API and web client for managing  Security Technical Implementation Guides (STIG) assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting (XSS) vulnerability in the OIDC authentication error handling code in `src/init.js` and `public/…","indicators":{"cves":["CVE-2026-41200"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:18.333Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/NUWCDIVNPT/stig-manager/security/advisories/GHSA-wg33-j3rv-jq72","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41206","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41206 — PySpector is a static analysis security testing (SAST) Framework engineered for modern Python develo…","description":"PySpector is a static analysis security testing (SAST) Framework engineered for modern Python development workflows. The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. Prior to version 0.1.8, the blocklist implemented in…","indicators":{"cves":["CVE-2026-41206"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:18.533Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/ParzivalHack/PySpector/commit/3c9547157fc07396f22b26b3484a9a91eba98555","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ParzivalHack/PySpector/commit/4e279e078c53d760fd321ff9b698d683c65ccb8e","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ParzivalHack/PySpector/security/advisories/GHSA-vp22-38m5-r39r","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41211","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41211 — Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, `download…","description":"Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, `downloadPackageManager()` accepts an untrusted `version` string and uses it directly in filesystem paths. A caller can supply `../` segments or an absolute path to escape the `VP_HOME/package_manager/<pm>/` c…","indicators":{"cves":["CVE-2026-41211"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:18.860Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/voidzero-dev/vite-plus/security/advisories/GHSA-33r3-4whc-44c2","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41243","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41243 — OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0…","description":"OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when `safeMode` is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit 844b2…","indicators":{"cves":["CVE-2026-41243"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:19.040Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/siemvk/OpenLearn/commit/844b2a40a69d0c4911580fe501923f0b391313ab","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/siemvk/OpenLearn/security/advisories/GHSA-4rv3-hfh6-vqvm","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-26171-net-denial-of-service-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-26171 .NET Denial of Service Vulnerability","description":"The CVE was updated to include Powershell 7.6 and 7.5","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:00:00.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26171","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-5928-static-buffer-overflow-in-deprecated-nis-local-principal","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-5928 Static buffer overflow in deprecated nis_local_principal","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:01:18.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5928","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5358","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-5958-race-condition-in-gnu-sed","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-5958 Race Condition in GNU Sed","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:01:51.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5958","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2025-14821-libssh-libssh-insecure-default-configuration-leads-to-local-man-i","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2025-14821 Libssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windows","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:46:10.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-14821","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-4786-incomplete-mitigation-of-cve-2026-4519-action-expansion-for-comman","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:37:33.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-4786","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-5450-scanf-mc-off-by-one-heap-buffer-overflow","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-5450 scanf %mc off-by-one heap buffer overflow","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:01:30.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5450","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-31430-x-509-fix-out-of-bounds-access-when-parsing-extensions","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-31430 X.509: Fix out-of-bounds access when parsing extensions","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:01:36.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-31430","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-31429-net-skb-fix-cross-cache-free-of-kfence-allocated-skb-head","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-31429 net: skb: fix cross-cache free of KFENCE-allocated skb head","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:01:41.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-31429","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-32223-windows-usb-printing-stack-usbprint-sys-elevation-of-privilege-vu","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-32223 Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability","description":"Acknowledgement added. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T14:00:00.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32223","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-26168-windows-ancillary-function-driver-for-winsock-elevation-of-privil","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability","description":"Acknowledgement added. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T14:00:00.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26168","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-40372-asp-net-core-elevation-of-privilege-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-40372 ASP.NET Core Elevation of Privilege Vulnerability","description":"Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T14:00:00.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40372","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-32288-unbounded-allocation-for-old-gnu-sparse-in-archive-tar","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T08:40:30.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32288","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-41254","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-41254 ","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T08:01:24.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41254","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-32077-windows-upnp-device-host-elevation-of-privilege-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-32077 Windows UPnP Device Host Elevation of Privilege Vulnerability","description":"Added Security Only packages to Windows Server 2012 security updates. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T14:00:00.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32077","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-26149-microsoft-power-apps-spoofing-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-26149 Microsoft Power Apps Spoofing Vulnerability","description":"","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T14:00:00.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26149","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-5160","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-5160 ","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T08:01:39.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5160","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-6100-use-after-free-in-lzma-lzmadecompressor-bz2-bz2decompressor-and-gz","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T08:01:45.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6100","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-33056-tar-rs-unpack-in-can-chmod-arbitrary-directories-by-following-sym","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T08:01:24.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33056","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-33055-tar-rs-incorrectly-ignores-pax-size-headers-if-header-size-is-non","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-19T08:01:18.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33055","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6296-heap-buffer-overflow-in-angle","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6296 Heap buffer overflow in ANGLE","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:46.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6296","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6363-type-confusion-in-v8","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6363 Type Confusion in V8","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:13.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6363","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6359-use-after-free-in-video","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6359 Use after free in Video","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:09.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6359","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6302","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6364-out-of-bounds-read-in-skia","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6364 Out of bounds read in Skia","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:14.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6364","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6362-use-after-free-in-codecs","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6362 Use after free in Codecs","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:12.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6362","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6318","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6303","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6313-insufficient-policy-enforcement-in-cors","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6313 Insufficient policy enforcement in CORS","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:04.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6313","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6314-out-of-bounds-write-in-gpu","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6314 Out of bounds write in GPU","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:05.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6314","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6361-heap-buffer-overflow-in-pdfium","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6361 Heap buffer overflow in PDFium","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:11.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6361","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6306","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6305","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6310-use-after-free-in-dawn","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6310 Use after free in Dawn","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:02.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6310","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6360-use-after-free-in-filesystem","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6360 Use after free in FileSystem","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:10.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6360","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6316-use-after-free-in-forms","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6316 Use after free in Forms","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:06.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6316","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6309-use-after-free-in-viz","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6309 Use after free in Viz","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:01.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6309","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6311-uninitialized-use-in-accessibility","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6311 Uninitialized Use in Accessibility","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:03.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6311","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6307-type-confusion-in-turbofan","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6307 Type Confusion in Turbofan","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:59.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6307","label":"Microsoft MSRC","domainType":"primary"},{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6301","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6308-out-of-bounds-read-in-media","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6308 Out of bounds read in Media","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:00.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6308","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6300-use-after-free-in-css","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6300 Use after free in CSS","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:52.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6300","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6304-use-after-free-in-graphite","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6304 Use after free in Graphite","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:56.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6304","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6317-use-after-free-in-cast","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6317 Use after free in Cast","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:08.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6317","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6312-insufficient-policy-enforcement-in-passwords","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6312 Insufficient policy enforcement in Passwords","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:04.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6312","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6298-heap-buffer-overflow-in-skia","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6298 Heap buffer overflow in Skia","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:50.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6298","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6297-use-after-free-in-proxy","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6297 Use after free in Proxy","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:49.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6297","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-chromium-cve-2026-6299-use-after-free-in-prerender","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Chromium: CVE-2026-6299 Use after free in Prerender","description":"This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:00:51.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6299","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-33948-jq-embedded-nul-truncation-in-cli-json-input-path-causes-prefix-o","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-33948 jq: Embedded-NUL Truncation in CLI JSON Input Path Causes Prefix-Only Validation of Malformed Input","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:01:34.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33948","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-40164-jq-algorithmic-complexity-dos-via-hardcoded-murmurhash3-seed","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-40164 jq: Algorithmic complexity DoS via hardcoded MurmurHash3 seed","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:01:51.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40164","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-35469-spdystream-dos-on-cri","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-35469 SpdyStream: DOS on CRI","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:01:59.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35469","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-39956-jq-missing-runtime-type-checks-for-strindices-lead-to-crash-and-l","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-39956 jq: Missing runtime type checks for _strindices lead to crash and limited memory disclosure","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:02:19.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-39956","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-35201-discount-has-an-out-of-bounds-read-in-rdiscount","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-35201 Discount has an Out-of-bounds Read in rdiscount","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:40:21.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35201","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-32316-jq-integer-overflow-in-jvp-string-append-allows-heap-based-buffer","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-32316 jq: Integer overflow in jvp_string_append() allows Heap-based Buffer Overflow","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:01:17.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32316","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-33947-jq-unbounded-recursion-in-jv-setpath-jv-getpath-and-delpaths-sort","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-33947 jq: Unbounded Recursion in jv_setpath(), jv_getpath() and delpaths_sorted()","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:01:26.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33947","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-39979-jq-out-of-bounds-read-in-jv-parse-sized-error-formatting-for-non-","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-39979 jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counted Buffers","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:01:42.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-39979","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-41035","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-41035 ","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:02:04.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41035","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-35199-symcrypt-symcryptxmsssign-function-heap-overflow-via-64-32-bit-le","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-35199 SymCrypt SymCryptXmssSign function - Heap overflow via 64->32-bit leaf-count truncation","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:02:11.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35199","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-40179-prometheus-stored-xss-via-metric-names-and-label-values-in-web-ui","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-40179 Prometheus: Stored XSS via metric names and label values in web UI tooltips and metrics explorer","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:02:33.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40179","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2026-2673-openssl-tls-1-3-server-may-choose-unexpected-key-agreement-group","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group","description":"Information published.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T08:02:38.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2673","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-cve-2025-64669-windows-admin-center-elevation-of-privilege-vulnerability","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"CVE-2025-64669 Windows Admin Center Elevation of Privilege Vulnerability","description":"Acknowledgement added. This is an informational change only.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T14:00:00.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64669","label":"Microsoft MSRC","domainType":"primary"}],"feedLabel":null},{"id":"vendor-bad-apples-weaponizing-native-macos-primitives-for-movement-and-execution","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Bad Apples: Weaponizing native macOS primitives for movement and execution","description":"Cisco Talos documents several macOS living-off-the-land (LOTL) techniques, demonstrating that native pathways for movement and execution remain accessible to those who understand the underlying architecture.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T10:00:29.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://blog.talosintelligence.com/bad-apples-weaponizing-native-macos-primitives-for-movement-and-execution/","label":"Cisco Talos","domainType":"other"}],"feedLabel":null},{"id":"vendor-foxit-libraw-vulnerabilities","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Foxit, LibRaw vulnerabilities","description":"Cisco Talos’ Vulnerability Discovery & Research team recently disclosed one Foxit Reader vulnerability, and six LibRaw file reader vulnerabilities.\nThe vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability dis…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T19:00:24.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://blog.talosintelligence.com/foxit-libraw-vulnerabilities/","label":"Cisco Talos","domainType":"other"}],"feedLabel":null},{"id":"vendor-the-q1-vulnerability-pulse","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"The Q1 vulnerability pulse","description":"Thor provides an overview of the Q1 2026 vulnerability statistics, highlighting key trends in legacy CVEs and the evolving impact of AI on the threat landscape.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T18:00:31.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://blog.talosintelligence.com/the-q1-vulnerability-pulse/","label":"Cisco Talos","domainType":"other"}],"feedLabel":null},{"id":"vendor-more-than-pretty-pictures-wendy-bishop-on-visual-storytelling-in-tech","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"More than pretty pictures: Wendy Bishop on visual storytelling in tech","description":"Wendy shares the unique challenges and rewards of bridging the gap between artistic expression and highly technical research.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T10:00:28.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://blog.talosintelligence.com/more-than-pretty-pictures-wendy-bishop-on-visual-storytelling-in-tech/","label":"Cisco Talos","domainType":"other"}],"feedLabel":null},{"id":"vendor-ncsc-flags-widening-gap-between-cyber-threats-and-national-resilience-urges-acti","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"NCSC flags widening gap between cyber threats and national resilience, urges action as AI fuels rise in disruptive attacks","description":"The U.K.’s National Cyber Security Centre (NCSC) is warning that organizations delivering critical services must urgently prepare for...\nThe post NCSC flags widening gap between cyber threats and national resilience, urges action as AI fuels rise in disruptive attacks appeared first on Industrial Cy…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T16:11:32.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://industrialcyber.co/threat-landscape/ncsc-flags-widening-gap-between-cyber-threats-and-national-resilience-urges-action-as-ai-fuels-rise-in-disruptive-attacks/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"vendor-bridge-break-reveals-22-vulnerabilities-in-serial-to-ip-converters-enabling-disr","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"BRIDGE:BREAK reveals 22 vulnerabilities in serial-to-IP converters enabling disruption and lateral movement across OT","description":"New research from Forescout Technologies uncovers 22 previously unknown vulnerabilities in serial-to-IP converters, with thousands of exposed devices...\nThe post BRIDGE:BREAK reveals 22 vulnerabilities in serial-to-IP converters enabling disruption and lateral movement across OT appeared first on In…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T16:02:10.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://industrialcyber.co/reports/bridgebreak-reveals-22-vulnerabilities-in-serial-to-ip-converters-enabling-disruption-and-lateral-movement-across-ot/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"vendor-australia-s-cisc-tightens-cyber-reporting-rules-to-capture-ai-driven-incidents-i","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Australia’s CISC tightens cyber reporting rules to capture AI-driven incidents in critical infrastructure","description":"Australia’s Cyber and Infrastructure Security Centre (CISC) outlined how regulatory obligations under the Security of Critical Infrastructure Act...\nThe post Australia’s CISC tightens cyber reporting rules to capture AI-driven incidents in critical infrastructure appeared first on Industrial Cyber.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T15:59:24.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://industrialcyber.co/regulation-standards-and-compliance/australias-cisc-tightens-cyber-reporting-rules-to-capture-ai-driven-incidents-in-critical-infrastructure/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"vendor-servicenow-closes-armis-deal-to-extend-ai-powered-cyber-risk-visibility-across-o","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"ServiceNow closes Armis deal to extend AI-powered cyber risk visibility across OT and IoT","description":"ServiceNow completed its acquisition of Armis, a cyber exposure management and security company, delivering a comprehensive AI-powered solution...\nThe post ServiceNow closes Armis deal to extend AI-powered cyber risk visibility across OT and IoT appeared first on Industrial Cyber.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T15:22:38.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://industrialcyber.co/news/servicenow-closes-armis-deal-to-extend-ai-powered-cyber-risk-visibility-across-ot-and-iot/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"vendor-ssh-brings-privx-ot-to-nokia-industrial-edge-to-secure-remote-access-in-ot-envir","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"SSH brings PrivX OT to Nokia Industrial Edge to secure remote access in OT environments","description":"SSH Communications Security, a defensive cybersecurity company for humans, systems, and networks, announced on Tuesday that its PrivX...\nThe post SSH brings PrivX OT to Nokia Industrial Edge to secure remote access in OT environments appeared first on Industrial Cyber.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T16:15:48.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://industrialcyber.co/news/ssh-brings-privx-ot-to-nokia-industrial-edge-to-secure-remote-access-in-ot-environments/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"vendor-txone-introduces-stellar-discover-to-extend-ot-security-from-discovery-to-risk-i","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"TXOne introduces Stellar Discover to extend OT security from discovery to risk insight","description":"TXOne Networks, an operations-first OT security partner, announced preview of Stellar Discover, a lightweight endpoint sensor designed to...\nThe post TXOne introduces Stellar Discover to extend OT security from discovery to risk insight appeared first on Industrial Cyber.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T16:15:14.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://industrialcyber.co/news/txone-introduces-stellar-discover-to-extend-ot-security-from-discovery-to-risk-insight/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"vendor-industrial-defender-partners-with-kyron-to-boost-ot-resilience-and-nis2-readines","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Industrial Defender partners with KYrON to boost OT resilience and NIS2 readiness in France","description":"Industrial Defender, vendor of OT asset visibility and risk management, announced a partnership with KYrON, a cybersecurity integration...\nThe post Industrial Defender partners with KYrON to boost OT resilience and NIS2 readiness in France appeared first on Industrial Cyber.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T16:14:56.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://industrialcyber.co/news/industrial-defender-partners-with-kyron-to-boost-ot-resilience-and-nis2-readiness-in-france/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"vendor-semperis-extends-purple-knight-identity-security-assessment-tool-to-us-federal-d","source":"vendor-blogs","category":"advisory","severity":"unknown","title":"Semperis extends Purple Knight identity security assessment tool to US federal, defense GCC High environments","description":"Semperis, an identity-driven cyber resilience and crisis response company, announced that Purple Knight, its free, community-driven Active Directory...\nThe post Semperis extends Purple Knight identity security assessment tool to US federal, defense GCC High environments appeared first on Industrial…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T16:14:37.000Z","fetchedAt":"2026-04-23T03:00:06.969Z","references":[{"url":"https://industrialcyber.co/news/semperis-extends-purple-knight-identity-security-assessment-tool-to-us-federal-defense-gcc-high-environments/","label":"Industrial Cyber","domainType":"other"}],"feedLabel":null},{"id":"news-apple-fixes-ios-bug-that-retained-deleted-notification-data","source":"general-news","category":"news","severity":"unknown","title":"Apple fixes iOS bug that retained deleted notification data","description":"Apple has released out-of-band security updates for iPhone and iPad devices to fix a Notification Services flaw that could allow notifications marked for deletion to remain stored on the device. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T20:58:58.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/apple-fixes-ios-bug-that-retained-deleted-notification-data/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-new-gogra-malware-for-linux-uses-microsoft-graph-api-for-comms","source":"general-news","category":"news","severity":"unknown","title":"New GoGra malware for Linux uses Microsoft Graph API for comms","description":"A Linux variant of the GoGra backdoor uses legitimate Microsoft infrastructure, relying on an Outlook inbox for stealthy payload delivery. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:00:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/new-gogra-malware-for-linux-uses-microsoft-graph-api-for-comms/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-microsoft-releases-emergency-patches-for-critical-asp-net-flaw","source":"general-news","category":"news","severity":"unknown","title":"Microsoft releases emergency patches for critical ASP.NET flaw","description":"Microsoft has released out-of-band (OOB) security updates to patch a critical ASP.NET Core privilege escalation vulnerability. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:08:16.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-security-updates-for-critical-aspnet-flaw/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-french-govt-agency-confirms-breach-as-hacker-offers-to-sell-data","source":"general-news","category":"news","severity":"unknown","title":"French govt agency confirms breach as hacker offers to sell data","description":"France Titres, the government agency in France for issuing and managing administrative documents has disclosed a data breach after a threat actor claimed the attack and stealing citizen data. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T21:46:04.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/french-govt-agency-confirms-breach-as-hacker-offers-to-sell-data/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-new-lotus-data-wiper-used-against-venezuelan-energy-utility-firms","source":"general-news","category":"news","severity":"unknown","title":"New Lotus data wiper used against Venezuelan energy, utility firms","description":"A previously undocumented data-wiping malware dubbed Lotus was used last year in targeted attacks against energy and utilities organizations in Venezuela. [...]","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:38:40.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.bleepingcomputer.com/news/security/new-lotus-data-wiper-used-against-venezuelan-energy-utility-firms/","label":"BleepingComputer","domainType":"media"}],"feedLabel":null},{"id":"news-lotus-wiper-malware-targets-venezuelan-energy-systems-in-destructive-attack","source":"general-news","category":"news","severity":"unknown","title":"Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack","description":"Cybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last year and the start of 2026.\nDubbed Lotus Wiper, the novel file wiper has been used in a destructive campaign targeting the energy and utilities sector i…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:55:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/lotus-wiper-malware-targets-venezuelan.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-toxic-combinations-when-cross-app-permissions-stack-into-risk","source":"general-news","category":"news","severity":"unknown","title":"Toxic Combinations: When Cross-App Permissions Stack into Risk","description":"On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses and 1.5 million agent API tokens across 770,000 active agents.\nThe more worrying part sat inside the private messages. Some of those conver…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:41:36.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/toxic-combinations-when-cross-app.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-microsoft-patches-critical-asp-net-core-cve-2026-40372-privilege-escalation-bug","source":"general-news","category":"news","severity":"unknown","title":"Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug","description":"Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges.\nThe vulnerability, tracked as CVE-2026-40372, carries a CVSS score of 9.1 out of 10.0. It's rated Important in severity. An anonymous researcher has bee…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T09:29:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/microsoft-patches-critical-aspnet-core.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-cohere-ai-terrarium-sandbox-flaw-enables-root-code-execution-container-escape","source":"general-news","category":"news","severity":"unknown","title":"Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape","description":"A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution.\nThe vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system.\n\"Sandbox escape vulnerability in Terrarium allows arbitrary code execut…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T07:16:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/cohere-ai-terrarium-sandbox-flaw.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-22-bridge-break-flaws-expose-thousands-of-lantronix-and-silex-serial-to-ip-conve","source":"general-news","category":"news","severity":"unknown","title":"22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters","description":"Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged by them.\nThe vulnerabilities have been collectively codenamed BRIDGE:BREAK by Fo…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T15:46:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/22-bridgebreak-flaws-expose-20000.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-ngate-campaign-targets-brazil-trojanizes-handypay-to-steal-nfc-data-and-pins","source":"general-news","category":"news","severity":"unknown","title":"NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs","description":"Cybersecurity researchers have discovered a new iteration of an Android malware family called NGate that has been found to abuse a legitimate application called HandyPay instead of NFCGate.\n\"The threat actors took the app, which is used to relay NFC data, and patched it with malicious code that appe…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T12:45:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/ngate-campaign-targets-brazil.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-google-patches-antigravity-ide-flaw-enabling-prompt-injection-code-execution","source":"general-news","category":"news","severity":"unknown","title":"Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution","description":"Cybersecurity researchers have discovered a vulnerability in Google's agentic integrated development environment (IDE), Antigravity, that could be exploited to achieve code execution.\nThe flaw, since patched, combines Antigravity's permitted file-creation capabilities with an insufficient input sani…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T10:22:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/google-patches-antigravity-ide-flaw.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-cisa-adds-8-exploited-flaws-to-kev-sets-april-may-2026-federal-deadlines","source":"general-news","category":"news","severity":"unknown","title":"CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines","description":"The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation.\nThe list of vulnerabilities is as fo…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T06:23:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/cisa-adds-8-exploited-flaws-to-kev-sets.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-weekly-recap-vercel-hack-push-fraud-qemu-abused-new-android-rats-emerge-more","source":"general-news","category":"news","severity":"unknown","title":"⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More","description":"Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels are used to push pay…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T13:41:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/weekly-recap-vercel-hack-push-fraud.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-vercel-breach-tied-to-context-ai-hack-exposes-limited-customer-credentials","source":"general-news","category":"news","severity":"unknown","title":"Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials","description":"Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to \"certain\" internal Vercel systems.\nThe incident stemmed from the compromise of Context.ai, a third-party artificial intelligence (AI) tool, that was used by an employee at the com…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T03:35:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/vercel-breach-tied-to-context-ai-hack.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-13-74m-hack-shuts-down-sanctioned-grinex-exchange-after-intelligence-claims","source":"general-news","category":"news","severity":"unknown","title":"$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims","description":"Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending operations after it blamed Western intelligence agencies for a $13.74 million hack.\nThe exchange said it fell victim to what it described as a large-scale cyber attack that b…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-18T07:59:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/1374m-hack-shuts-down-sanctioned-grinex.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-nist-limits-cve-enrichment-after-263-surge-in-vulnerability-submissions","source":"general-news","category":"news","severity":"unknown","title":"NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions","description":"The National Institute of Standards and Technology (NIST) has announced changes to the way it handles cybersecurity vulnerabilities and exposures (CVEs) listed in its National Vulnerability Database (NVD), stating it will only enrich those that fulfil certain conditions owing to an explosion in CVE…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T07:14:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/nist-limits-cve-enrichment-after-263.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-apache-activemq-cve-2026-34197-added-to-cisa-kev-amid-active-exploitation","source":"general-news","category":"news","severity":"unknown","title":"Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation","description":"A recently disclosed high-severity security flaw in Apache ActiveMQ Classic has come under active exploitation in the wild, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA).\nTo that end, the agency has added the vulnerability, tracked as CVE-2026-34197 (CVSS score: 8.8), to its K…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T03:22:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/apache-activemq-cve-2026-34197-added-to.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-cisco-patches-four-critical-identity-services-webex-flaws-enabling-code-executio","source":"general-news","category":"news","severity":"unknown","title":"Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution","description":"Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any user within the service.\nThe details of the vulnerabilities are below -\n\nCVE-2026-20184 (CVSS scor…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T11:27:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/cisco-patches-four-critical-identity.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-uac-0247-targets-ukrainian-clinics-and-government-in-data-theft-malware-campaign","source":"general-news","category":"news","severity":"unknown","title":"UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign","description":"The Computer Emergencies Response Team of Ukraine (CERT-UA) has disclosed details of a new campaign that has targeted governments and municipal healthcare institutions, mainly clinics and emergency hospitals, to deliver malware capable of stealing sensitive data from Chromium-based web browsers and…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T06:20:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://thehackernews.com/2026/04/uac-0247-targets-ukrainian-clinics-and.html","label":"The Hacker News","domainType":"media"}],"feedLabel":null},{"id":"news-dprk-fake-job-scams-self-propagate-in-contagious-interview","source":"general-news","category":"news","severity":"unknown","title":"DPRK Fake Job Scams Self-Propagate in 'Contagious Interview'","description":"A compromised developer's repository serves as a worm-like infection vector to spread remote access Trojans (RATs) and other malware.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:48:05.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.darkreading.com/cyberattacks-data-breaches/dprk-fake-job-scams-self-propagate-contagious-interview","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-exploits-turn-windows-defender-into-attacker-tool","source":"general-news","category":"news","severity":"unknown","title":"Exploits Turn Windows Defender Into Attacker Tool","description":"Three proof-of-concept exploits are being used in active attacks against Microsoft's built-in security platform; two are unpatched.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T19:12:40.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.darkreading.com/cyberattacks-data-breaches/exploits-turn-windows-defender-attacker-tool","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-vercel-employee-s-ai-tool-access-led-to-data-breach","source":"general-news","category":"news","severity":"unknown","title":"Vercel Employee's AI Tool Access Led to Data Breach","description":"Stolen OAuth tokens, which are at the root of these breaches, \"are the new attack surface, the new lateral movement,\" a researcher notes.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:01:31.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.darkreading.com/application-security/vercel-employees-ai-tool-access-data-breach","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-serial-to-ip-devices-hide-thousands-of-old-amp-new-bugs","source":"general-news","category":"news","severity":"unknown","title":"Serial-to-IP Devices Hide Thousands of Old &amp; New Bugs","description":"The OT devices that translate machine talk into Internet-speak are riddled with vulnerabilities and more frequently targeted for attacks, researchers say.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T21:00:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.darkreading.com/ics-ot-security/serial-ip-devices-thousands-of-bugs","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-whatsapp-leaks-user-metadata-to-attackers","source":"general-news","category":"news","severity":"unknown","title":"WhatsApp Leaks User Metadata to Attackers","description":"Strangers can infer limited info about you without knowing or messaging you, which could theoretically aid certain kinds of malicious activity.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T14:33:35.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.darkreading.com/endpoint-security/whatsapp-leaks-user-metadata","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-every-old-vulnerability-is-now-an-ai-vulnerability","source":"general-news","category":"news","severity":"unknown","title":"Every Old Vulnerability Is Now an AI Vulnerability","description":"AI's danger isn't that it's creating new bugs, it's that it's amplifying old ones.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T14:47:18.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.darkreading.com/vulnerabilities-threats/every-old-vulnerability-ai-vulnerability","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-coast-guard-s-new-cybersecurity-rules-offer-lessons-for-cisos","source":"general-news","category":"news","severity":"unknown","title":"Coast Guard's New Cybersecurity Rules Offer Lessons for CISOs","description":"The Maritime Transportation Security Act (MTSA) requires plans to protect OT systems, audits by independent third parties, and a hybrid OT-security role.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["transport"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T13:00:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.darkreading.com/cybersecurity-operations/coast-guards-cybersecurity-rules-lessons-cisos","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-nist-revamps-cve-framework-to-focus-on-high-impact-vulnerabilities","source":"general-news","category":"news","severity":"unknown","title":"NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities","description":"The National Institute of Standards and Technology is carving a new path for vulnerability remediation by changing the way it prioritizes software flaws.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T21:47:31.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.darkreading.com/vulnerabilities-threats/nist-revamps-cve-framework-to-focus-on-high-impact-vulnerabilities","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-north-korea-uses-clickfix-to-target-macos-users-data","source":"general-news","category":"news","severity":"unknown","title":"North Korea Uses ClickFix to Target macOS Users' Data","description":"Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials and sensitive data from Macs.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T19:42:45.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.darkreading.com/application-security/north-korea-clickfix-target-macos-users-data","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-harmless-global-adware-transforms-into-an-av-killer","source":"general-news","category":"news","severity":"unknown","title":"'Harmless' Global Adware Transforms Into an AV Killer","description":"A benign looking update Dragon Boss pushed out in March 2025 established persistence via scheduled tasks and arranged for future payloads to be excluded from Windows Defender.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T19:07:26.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.darkreading.com/cyberattacks-data-breaches/harmless-global-adware-av-killer","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-microsoft-s-original-windows-secure-boot-certificate-is-expiring","source":"general-news","category":"news","severity":"unknown","title":"Microsoft's Original Windows Secure Boot Certificate Is Expiring","description":"The Secure Boot refresh is one of the largest coordinated security maintenance efforts across the Windows ecosystem, Microsoft said. In other words, update those PCs soon.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T15:16:30.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.darkreading.com/endpoint-security/microsoftoriginal-windows-secure-boot-certificates-expire","label":"Dark Reading","domainType":"media"}],"feedLabel":null},{"id":"news-after-bluesky-mastodon-targeted-in-ddos-attack","source":"general-news","category":"news","severity":"unknown","title":"After Bluesky, Mastodon Targeted in DDoS Attack","description":"The DDoS attack caused a major outage, but Mastodon mitigated it within a few hours.\nThe post After Bluesky, Mastodon Targeted in DDoS Attack appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T14:26:00.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.securityweek.com/after-bluesky-mastodon-targeted-in-ddos-attack/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-most-serious-cyberattacks-against-the-uk-now-from-russia-iran-and-china-cyber-ch","source":"general-news","category":"news","severity":"unknown","title":"Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says","description":"British businesses need to prepare themselves to defend against cyberattacks because the U.K. could be targeted “at scale,” if it became involved in an international conflict.\nThe post Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says appeared first on Securi…","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T12:57:01.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.securityweek.com/most-serious-cyberattacks-against-the-uk-now-from-russia-iran-and-china-cyber-chief-says/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-new-wiper-malware-targeted-venezuelan-energy-sector-prior-to-us-intervention","source":"general-news","category":"news","severity":"unknown","title":"New Wiper Malware Targeted Venezuelan Energy Sector Prior to US Intervention ","description":"Dubbed Lotus Wiper, the malware targets recovery mechanisms, overwrites drives, and systematically deletes files.\nThe post New Wiper Malware Targeted Venezuelan Energy Sector Prior to US Intervention  appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T12:10:28.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.securityweek.com/new-wiper-malware-targeted-venezuelan-energy-sector-prior-to-us-intervention/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-north-korean-hackers-use-applescript-clickfix-in-fresh-macos-attacks","source":"general-news","category":"news","severity":"unknown","title":"North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks","description":"The campaigns focus on financial organizations, including cryptocurrency, venture capital, and blockchain entities.\nThe post North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:49:52.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.securityweek.com/north-korean-hackers-use-applescript-clickfix-in-fresh-macos-attacks/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-oracle-patches-450-vulnerabilities-with-april-2026-cpu","source":"general-news","category":"news","severity":"unknown","title":"Oracle Patches 450 Vulnerabilities With April 2026 CPU","description":"The company released 481 new security patches across 28 product families, including over 300 fixes for remotely exploitable, unauthenticated flaws.\nThe post Oracle Patches 450 Vulnerabilities With April 2026 CPU appeared first on SecurityWeek.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:41:10.000Z","fetchedAt":"2026-04-23T03:00:02.616Z","references":[{"url":"https://www.securityweek.com/oracle-patches-450-vulnerabilities-with-april-2026-cpu/","label":"SecurityWeek","domainType":"media"}],"feedLabel":null},{"id":"news-macos-native-tools-enable-stealthy-enterprise-attacks","source":"general-news","category":"news","severity":"unknown","title":"MacOS Native Tools Enable Stealthy Enterprise Attacks","description":"macOS LOTL techniques bypass detection using native tools and metadata abuse","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T16:30:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://www.infosecurity-magazine.com/news/macos-lotl-techniques-enterprise/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-ncsc-unveils-silentglass-a-plug-in-device-to-protect-monitors-from-cyber-attacks","source":"general-news","category":"news","severity":"unknown","title":"NCSC Unveils SilentGlass, a Plug-In Device to Protect Monitors from Cyber-Attacks","description":"The UK’s cybersecurity agency said the devices will be available for purchase by organizations around the world","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T15:00:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://www.infosecurity-magazine.com/news/ncsc-silentglass-a-plugin-stop/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-uk-faces-a-cyber-perfect-storm-driven-by-tech-advances-and-nation-state-threats-","source":"general-news","category":"news","severity":"unknown","title":"UK Faces a Cyber ‘Perfect Storm’ Driven by Tech Advances and Nation State Threats, NCSC Warns","description":"The convergence of global tensions and rapid technological change is driving a new era of cyber risk, the NCSC warns","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T08:07:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://www.infosecurity-magazine.com/news/uk-faces-a-cyber-perfect-storm-ncsc/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-trojanized-android-app-fuels-new-wave-of-nfc-fraud","source":"general-news","category":"news","severity":"unknown","title":"Trojanized Android App Fuels New Wave of NFC Fraud","description":"NGate malware abuses HandyPay app to steal NFC card data and PINs in Brazil","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T16:00:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://www.infosecurity-magazine.com/news/trojanized-android-handle-nfc/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-unchecked-ai-agents-cause-cybersecurity-incidents-at-two-thirds-of-firms","source":"general-news","category":"news","severity":"unknown","title":"Unchecked AI Agents Cause Cybersecurity Incidents at Two Thirds of Firms ","description":"Data exposure, operational disruption and financial losses among issues faced by businesses struggling with the rapid rise of AI agents, warns Cloud Security Alliance report","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T13:00:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://www.infosecurity-magazine.com/news/unchecked-ai-agents-cause/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-vercel-confirms-cyber-incident-after-sophisticated-attacker-exploits-third-party","source":"general-news","category":"news","severity":"unknown","title":"Vercel Confirms Cyber Incident After Sophisticated Attacker Exploits Third‑Party Tool","description":"Cloud app developer Vercel appears to have suffered a security breach","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T09:10:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://www.infosecurity-magazine.com/news/vercel-cyber-incident-threat-actor/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-formbook-malware-campaign-uses-multiple-obfuscation-techniques-to-avoid-detectio","source":"general-news","category":"news","severity":"unknown","title":"Formbook Malware Campaign Uses Multiple Obfuscation Techniques to Avoid Detection","description":"Formbook attacks use combination of DLL Side-Loading and Obfuscated JavaScript to stay hidden, researchers at WatchGuard have uncovered","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T15:01:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://www.infosecurity-magazine.com/news/formbook-malware-multiple/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-ncsc-outlines-coordinated-plan-to-boost-nhs-cyber-resilience","source":"general-news","category":"news","severity":"unknown","title":"NCSC Outlines Coordinated Plan to Boost NHS Cyber Resilience","description":"The National Cyber Security Centre has shared an update of its resilience-building efforts for the NHS","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-20T09:30:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://www.infosecurity-magazine.com/news/ncsc-plan-boost-nhs-cyber/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-commercial-ai-models-show-rapid-gains-in-vulnerability-research","source":"general-news","category":"news","severity":"unknown","title":"Commercial AI Models Show Rapid Gains in Vulnerability Research ","description":"AI models are making rapid gains in vulnerability research and exploit development, raising new cybersecurity risks, a Forescout study finds","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-17T13:20:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://www.infosecurity-magazine.com/news/ai-models-rapid-gains/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-apk-malformation-found-in-thousands-of-android-malware-samples","source":"general-news","category":"news","severity":"unknown","title":"APK Malformation Found in Thousands of Android Malware Samples","description":"APK malformation tactic now appears in over 3000 Android malware samples evading static analysis","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T15:45:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://www.infosecurity-magazine.com/news/apk-malformation-android-malware/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-nist-drops-nvd-enrichment-for-pre-march-2026-vulnerabilities","source":"general-news","category":"news","severity":"unknown","title":"NIST Drops NVD Enrichment for Pre-March 2026 Vulnerabilities","description":"NIST’s National Vulnerability Database will now prioritize enriching new and exploited flaws to address the record growth of reported CVEs","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T12:43:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://www.infosecurity-magazine.com/news/nvd-enrichment-premarch-2026/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-systemic-flaw-in-mcp-protocol-could-expose-150-million-downloads","source":"general-news","category":"news","severity":"unknown","title":"Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads","description":"Ox Security claims as many as 200,000 servers are exposed by newly discovered MCP vulnerability","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-16T09:40:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://www.infosecurity-magazine.com/news/systemic-flaw-mcp-expose-150/","label":"InfoSecurity Magazine","domainType":"media"}],"feedLabel":null},{"id":"news-north-korean-hackers-siphon-more-than-12-million-from-crypto-users-in-sprawling-","source":"general-news","category":"news","severity":"unknown","title":"North Korean hackers siphon more than $12 million from crypto users in sprawling campaign","description":"Researchers said the group stole up to $12 million in cryptocurrency in the first three months of 2026 through malware attacks on personal devices.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T20:48:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://therecord.media/north-korean-hackers-siphon-12-million-from-crypto-users","label":"The Record","domainType":"media"}],"feedLabel":null},{"id":"news-hackers-deployed-wiper-malware-in-destructive-attacks-on-venezuela-s-energy-sect","source":"general-news","category":"news","severity":"unknown","title":"Hackers deployed wiper malware in destructive attacks on Venezuela’s energy sector","description":"Hackers deployed a previously unknown wiper malware against Venezuela’s energy and utilities sector in an attack that appears to have been designed to destroy systems.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T19:00:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://therecord.media/hackers-venezuela-wiper-malware-oil","label":"The Record","domainType":"media"}],"feedLabel":null},{"id":"news-french-police-arrest-suspected-hacker-behind-dozens-of-data-breaches","source":"general-news","category":"news","severity":"unknown","title":"French police arrest suspected hacker behind dozens of data breaches","description":"French authorities have arrested a suspected hacker believed to be behind dozens of data breaches targeting public institutions, sports federations and private organizations across the country.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T15:30:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://therecord.media/french-hacker-cyberattacks-arrest","label":"The Record","domainType":"media"}],"feedLabel":null},{"id":"news-uk-cyber-agency-handling-four-major-incidents-a-week-as-nation-state-attacks-sur","source":"general-news","category":"news","severity":"unknown","title":"UK cyber agency handling four major incidents a week as nation-state attacks surge","description":"Britain's cybersecurity chief warned Tuesday that the country is handling four nationally significant cyber incidents every week, with the majority now traced back to hostile foreign governments rather than criminal hackers.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T12:45:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://therecord.media/UK-cyberattacks-ncsc-china","label":"The Record","domainType":"media"}],"feedLabel":null},{"id":"news-the-ai-era-demands-a-different-kind-of-ciso","source":"general-news","category":"news","severity":"unknown","title":"The AI era demands a different kind of CISO","description":"When attackers can discover and exploit vulnerabilities in minutes, last quarter's audit doesn't mean much. CISOs need to shift from static measurement to real-time awareness -- and fast.\nThe post The AI era demands a different kind of CISO appeared first on CyberScoop.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-22T10:00:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://cyberscoop.com/ciso-strategy-ai-real-time-risk-op-ed/","label":"CyberScoop","domainType":"media"}],"feedLabel":null},{"id":"news-scottish-man-pleads-guilty-to-attack-spree-that-created-scattered-spider-s-notor","source":"general-news","category":"news","severity":"unknown","title":"Scottish man pleads guilty to attack spree that created Scattered Spider’s notoriety","description":"Tyler Robert Buchanan “was the glue that held this gang together,” a cybercrime researcher said. He faces up to 22 years in federal prison.\nThe post Scottish man pleads guilty to attack spree that created Scattered Spider’s notoriety appeared first on CyberScoop.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T18:51:01.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://cyberscoop.com/the-com-scattered-spider-hacker-tyler-robert-buchanan-guilty-plea/","label":"CyberScoop","domainType":"media"}],"feedLabel":null},{"id":"news-mythos-can-find-the-vulnerability-it-can-t-tell-you-what-to-do-about-it","source":"general-news","category":"news","severity":"unknown","title":"Mythos can find the vulnerability. It can’t tell you what to do about it.","description":"Anthropic’s new model can find vulnerabilities faster and cheaper than ever. The hardest part is still everything that comes after.\nThe post Mythos can find the vulnerability. It can’t tell you what to do about it. appeared first on CyberScoop.","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-21T10:00:00.000Z","fetchedAt":"2026-04-23T03:00:02.617Z","references":[{"url":"https://cyberscoop.com/anthropic-mythos-vulnerability-discovery-op-ed/","label":"CyberScoop","domainType":"media"}],"feedLabel":null}],"llmPrompt":"You are a cybersecurity analyst. Summarize this daily threat intelligence report for 2026-04-23.\nTotal items collected: 1334 from sources: cisa-kev: 7, otx: 33, cisa-advisories: 18, vendor-blogs: 87, nvd: 1071, malware-bazaar: 16, abuse-ipdb: 20, threatfox: 2, general-news: 96.\n\nTop threats by severity:\n1. [CRITICAL] Hardy Barth Salia EV Charge Controller\n2. [CRITICAL] Delta Electronics ASDA-Soft\n3. [CRITICAL] Anviz Multiple Products\n4. [CRITICAL] CVE-2026-4880 — The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale)…\n5. [CRITICAL] CVE-2026-40959 — Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.\n6. [CRITICAL] CVE-2026-40504 — Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec f…\n7. [CRITICAL] CVE-2026-6350 — MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing…\n8. [CRITICAL] CVE-2026-3596 — The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versi…\n9. [CRITICAL] CVE-2026-31843 — The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/a…\n10. [CRITICAL] CVE-2026-6270 — @fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child pl…\n\nProvide: (1) Executive summary (2-3 sentences), (2) Key threats to watch,\n(3) Recommended actions for security teams, (4) Notable trends.\nBe concise and actionable. Focus on what matters most to defenders."}