{
"Source": "CVE FEED",
"Title": "CVE-2026-26942 - Dell PowerProtect Data Domain OS Command Injection Vulnerability",
"Content": "CVE ID :CVE-2026-26942
Published : April 20, 2026, 4:34 p.m. | 23 minutes ago
Description :Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-26942 - Dell PowerProtect Data Domain OS Command Injection Vulnerability",
"Content": "CVE ID :CVE-2026-26942
Published : April 20, 2026, 4:34 p.m. | 23 minutes ago
Description :Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-26943 - Dell PowerProtect Data Domain OS Command Injection Vulnerability",
"Content": "CVE ID :CVE-2026-26943
Published : April 20, 2026, 4:28 p.m. | 29 minutes ago
Description :Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-26943 - Dell PowerProtect Data Domain OS Command Injection Vulnerability",
"Content": "CVE ID :CVE-2026-26943
Published : April 20, 2026, 4:28 p.m. | 29 minutes ago
Description :Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-28684 - python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback",
"Content": "CVE ID :CVE-2026-28684
Published : April 20, 2026, 4:25 p.m. | 33 minutes ago
Description :python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, `set_key()` and `unset_key()` in python-dotenv follow symbolic links when rewriting `.env` files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a cross-device rename fallback is triggered. Users should upgrade to v.1.2.2 or, as a workaround, apply the patch manually.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-28684 - python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback",
"Content": "CVE ID :CVE-2026-28684
Published : April 20, 2026, 4:25 p.m. | 33 minutes ago
Description :python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, `set_key()` and `unset_key()` in python-dotenv follow symbolic links when rewriting `.env` files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a cross-device rename fallback is triggered. Users should upgrade to v.1.2.2 or, as a workaround, apply the patch manually.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-40488 - OpenMage LTS has Customer File Upload Extension Blocklist Bypass that Leads to Remote Code Execution",
"Content": "CVE ID :CVE-2026-40488
Published : April 20, 2026, 4:23 p.m. | 35 minutes ago
Description :Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the product custom option file upload in OpenMage LTS uses an incomplete blocklist (`forbidden_extensions = php,exe`) to prevent dangerous file uploads. This blocklist can be trivially bypassed by using alternative PHP-executable extensions such as `.phtml`, `.phar`, `.php3`, `.php4`, `.php5`, `.php7`, and `.pht`. Files are stored in the publicly accessible `media/custom_options/quote/` directory, which lacks server-side execution restrictions for some configurations, enabling Remote Code Execution if this directory is not explicitly denied script execution. Version 20.17.0 patches the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-40488 - OpenMage LTS has Customer File Upload Extension Blocklist Bypass that Leads to Remote Code Execution",
"Content": "CVE ID :CVE-2026-40488
Published : April 20, 2026, 4:23 p.m. | 35 minutes ago
Description :Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the product custom option file upload in OpenMage LTS uses an incomplete blocklist (`forbidden_extensions = php,exe`) to prevent dangerous file uploads. This blocklist can be trivially bypassed by using alternative PHP-executable extensions such as `.phtml`, `.phar`, `.php3`, `.php4`, `.php5`, `.php7`, and `.pht`. Files are stored in the publicly accessible `media/custom_options/quote/` directory, which lacks server-side execution restrictions for some configurations, enabling Remote Code Execution if this directory is not explicitly denied script execution. Version 20.17.0 patches the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-24506 - Dell PowerProtect Data Domain OS Command Injection Vulnerability",
"Content": "CVE ID :CVE-2026-24506
Published : April 20, 2026, 4:22 p.m. | 36 minutes ago
Description :Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution as root.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-24506 - Dell PowerProtect Data Domain OS Command Injection Vulnerability",
"Content": "CVE ID :CVE-2026-24506
Published : April 20, 2026, 4:22 p.m. | 36 minutes ago
Description :Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution as root.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-40098 - OpenMage LTS imports cross-user wishlist item via shared wishlist code, leading to private option disclosure and file-disclosure variant",
"Content": "CVE ID :CVE-2026-40098
Published : April 20, 2026, 4:19 p.m. | 38 minutes ago
Description :Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the shared wishlist add-to-cart endpoint authorizes access with a public `sharing_code`, but loads the acted-on wishlist item by a separate global `wishlist_item_id` and never verifies that the item belongs to the shared wishlist referenced by that code. This lets an attacker use a valid shared wishlist code for wishlist A and a wishlist item ID belonging to victim wishlist B to import victim item B into the attacker's cart through the shared wishlist flow for wishlist A. Because the victim item's stored `buyRequest` is reused during cart import, the victim's private custom-option data is copied into the attacker's quote. If the product uses a file custom option, this can be elevated to cross-user file disclosure because the imported file metadata is preserved and the download endpoint is not ownership-bound. Version 20.17.0 patches the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-40098 - OpenMage LTS imports cross-user wishlist item via shared wishlist code, leading to private option disclosure and file-disclosure variant",
"Content": "CVE ID :CVE-2026-40098
Published : April 20, 2026, 4:19 p.m. | 38 minutes ago
Description :Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the shared wishlist add-to-cart endpoint authorizes access with a public `sharing_code`, but loads the acted-on wishlist item by a separate global `wishlist_item_id` and never verifies that the item belongs to the shared wishlist referenced by that code. This lets an attacker use a valid shared wishlist code for wishlist A and a wishlist item ID belonging to victim wishlist B to import victim item B into the attacker's cart through the shared wishlist flow for wishlist A. Because the victim item's stored `buyRequest` is reused during cart import, the victim's private custom-option data is copied into the attacker's quote. If the product uses a file custom option, this can be elevated to cross-user file disclosure because the imported file metadata is preserved and the download endpoint is not ownership-bound. Version 20.17.0 patches the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-41445 - KissFFT Integer Overflow Heap Buffer Overflow via kiss_fftndr_alloc()",
"Content": "CVE ID :CVE-2026-41445
Published : April 20, 2026, 4:18 p.m. | 39 minutes ago
Description :KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) overflows signed 32-bit integer arithmetic before being widened to size_t, causing malloc() to allocate an undersized buffer. Attackers can trigger heap buffer overflow by providing crafted dimensions that cause the multiplication to exceed INT_MAX, allowing writes beyond the allocated buffer region when kiss_fftndr() processes the data.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-41445 - KissFFT Integer Overflow Heap Buffer Overflow via kiss_fftndr_alloc()",
"Content": "CVE ID :CVE-2026-41445
Published : April 20, 2026, 4:18 p.m. | 39 minutes ago
Description :KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) overflows signed 32-bit integer arithmetic before being widened to size_t, causing malloc() to allocate an undersized buffer. Attackers can trigger heap buffer overflow by providing crafted dimensions that cause the multiplication to exceed INT_MAX, allowing writes beyond the allocated buffer region when kiss_fftndr() processes the data.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-6652 - Pagekit CMS StringStorage Template PhpEngine.php evaluate eval injection",
"Content": "CVE ID :CVE-2026-6652
Published : April 20, 2026, 4:16 p.m. | 41 minutes ago
Description :A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-6652 - Pagekit CMS StringStorage Template PhpEngine.php evaluate eval injection",
"Content": "CVE ID :CVE-2026-6652
Published : April 20, 2026, 4:16 p.m. | 41 minutes ago
Description :A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-6650 - Z-BlogPHP ZBA File app_upload.php UnPack unrestricted upload",
"Content": "CVE ID :CVE-2026-6650
Published : April 20, 2026, 4:16 p.m. | 41 minutes ago
Description :A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zb_users/plugin/AppCentre/app_upload.php of the component ZBA File Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-6650 - Z-BlogPHP ZBA File app_upload.php UnPack unrestricted upload",
"Content": "CVE ID :CVE-2026-6650
Published : April 20, 2026, 4:16 p.m. | 41 minutes ago
Description :A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zb_users/plugin/AppCentre/app_upload.php of the component ZBA File Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-6651 - erponline.xyz ERP Online Inventory Edit Item cross site scripting",
"Content": "CVE ID :CVE-2026-6651
Published : April 20, 2026, 4:16 p.m. | 41 minutes ago
Description :A security flaw has been discovered in erponline.xyz ERP Online up to 4.0.0. This vulnerability affects unknown code of the component Inventory Edit Item Page. The manipulation of the argument Item Name results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-6651 - erponline.xyz ERP Online Inventory Edit Item cross site scripting",
"Content": "CVE ID :CVE-2026-6651
Published : April 20, 2026, 4:16 p.m. | 41 minutes ago
Description :A security flaw has been discovered in erponline.xyz ERP Online up to 4.0.0. This vulnerability affects unknown code of the component Inventory Edit Item Page. The manipulation of the argument Item Name results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-6066 - Unencrypted ClientโServer Communication in ConnectWise Automateโข Solution Center",
"Content": "CVE ID :CVE-2026-6066
Published : April 20, 2026, 4:16 p.m. | 41 minutes ago
Description :ConnectWise has released a security update for ConnectWise Automateโข that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow networkโbased interception of Solution Center traffic in Automate deployments. The issue has been resolved in Automate 2026.4 by enforcing secure communication for affected Solution Center connections.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-6066 - Unencrypted ClientโServer Communication in ConnectWise Automateโข Solution Center",
"Content": "CVE ID :CVE-2026-6066
Published : April 20, 2026, 4:16 p.m. | 41 minutes ago
Description :ConnectWise has released a security update for ConnectWise Automateโข that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow networkโbased interception of Solution Center traffic in Automate deployments. The issue has been resolved in Automate 2026.4 by enforcing secure communication for affected Solution Center connections.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-41245 - Junrar: Path Traversal (Zip-Slip) via Sibling Directory Name Prefix",
"Content": "CVE ID :CVE-2026-41245
Published : April 20, 2026, 4:16 p.m. | 41 minutes ago
Description :Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when a crafted RAR archive is extracted. Version 7.5.10 fixes the issue.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-41245 - Junrar: Path Traversal (Zip-Slip) via Sibling Directory Name Prefix",
"Content": "CVE ID :CVE-2026-41245
Published : April 20, 2026, 4:16 p.m. | 41 minutes ago
Description :Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when a crafted RAR archive is extracted. Version 7.5.10 fixes the issue.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-40896 - OpenProject has Cross-Project Meeting Agenda Item Injection via Unscoped Section Lookup",
"Content": "CVE ID :CVE-2026-40896
Published : April 20, 2026, 4:16 p.m. | 41 minutes ago
Description :OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with `manage_agendas` permission in any project can inject agenda items into meetings belonging to any other project on the instance โ even projects they have no access to. No knowledge of the target project, meeting, or victim is required; the attacker can blindly spray items into every meeting on the instance by iterating sequential section IDs. Version 17.3.0 patches the issue.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-40896 - OpenProject has Cross-Project Meeting Agenda Item Injection via Unscoped Section Lookup",
"Content": "CVE ID :CVE-2026-40896
Published : April 20, 2026, 4:16 p.m. | 41 minutes ago
Description :OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with `manage_agendas` permission in any project can inject agenda items into meetings belonging to any other project on the instance โ even projects they have no access to. No knowledge of the target project, meeting, or victim is required; the attacker can blindly spray items into every meeting on the instance by iterating sequential section IDs. Version 17.3.0 patches the issue.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-39918 - Vvveb < 1.0.8.1 Code Injection via Installation Endpoint",
"Content": "CVE ID :CVE-2026-39918
Published : April 20, 2026, 4:16 p.m. | 41 minutes ago
Description :Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration file without escaping or validation. Attackers can inject arbitrary PHP code by breaking out of the string context in the define statement to achieve unauthenticated remote code execution as the web server user.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-39918 - Vvveb < 1.0.8.1 Code Injection via Installation Endpoint",
"Content": "CVE ID :CVE-2026-39918
Published : April 20, 2026, 4:16 p.m. | 41 minutes ago
Description :Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration file without escaping or validation. Attackers can inject arbitrary PHP code by breaking out of the string context in the define statement to achieve unauthenticated remote code execution as the web server user.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-3219 - pip doesn't reject concatenated ZIP and tar archives",
"Content": "CVE ID :CVE-2026-3219
Published : April 20, 2026, 4:16 p.m. | 41 minutes ago
Description :pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-3219 - pip doesn't reject concatenated ZIP and tar archives",
"Content": "CVE ID :CVE-2026-3219
Published : April 20, 2026, 4:16 p.m. | 41 minutes ago
Description :pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-26944 - Dell PowerProtect Data Domain Remote Root Command Execution Vulnerability",
"Content": "CVE ID :CVE-2026-26944
Published : April 20, 2026, 4:16 p.m. | 41 minutes ago
Description :Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges. Exploitation requires an authenticated user to perform a specific action.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-26944 - Dell PowerProtect Data Domain Remote Root Command Execution Vulnerability",
"Content": "CVE ID :CVE-2026-26944
Published : April 20, 2026, 4:16 p.m. | 41 minutes ago
Description :Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges. Exploitation requires an authenticated user to perform a specific action.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-23774 - Dell PowerProtect Data Domain DD OS OS Command Injection Vulnerability",
"Content": "CVE ID :CVE-2026-23774
Published : April 20, 2026, 4:16 p.m. | 42 minutes ago
Description :Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-23774 - Dell PowerProtect Data Domain DD OS OS Command Injection Vulnerability",
"Content": "CVE ID :CVE-2026-23774
Published : April 20, 2026, 4:16 p.m. | 42 minutes ago
Description :Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-24467 - OpenAEV's Improper Password Reset Token Management Leads to Unauthenticated Account Takeover and Platform Compromise",
"Content": "CVE ID :CVE-2026-24467
Published : April 20, 2026, 4:16 p.m. | 42 minutes ago
Description :OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's password reset implementation contains multiple security weaknesses that together allow reliable account takeover. The primary issue is that password reset tokens do not expire. Once a token is generated, it remains valid indefinitely, even if significant time has passed or if newer tokens are issued for the same account. This allows an attacker to accumulate valid password reset tokens over time and reuse them at any point in the future to reset a victimโs password. A secondary weakness is that password reset tokens are only 8 digits long. While an 8-digit numeric token provides 100,000,000 possible combinations (which is secure enough), the ability to generate large numbers of valid tokens drastically reduces the required number of attempts to guess a valid password reset token. For example, if an attacker generates 2,000 valid tokens, the brute-force effort is reduced to approximately 50,000 attempts, which is a trivially achievable number of requests for an automated attack. (100 requests per second can mathematically find a valid password reset token in 500 seconds.) By combining these flaws, an attacker can mass-generate valid password reset tokens and then brute-force them efficiently until a match is found, allowing the attacker to reset the victimโs password to a value of their choosing. The original password is not required, and the attack can be performed entirely without authentication. This vulnerability enables full account takeover that leads to platform compromise. An unauthenticated remote attacker can reset the password of any registered user account and gain complete access without authentication. Because user email addresses are exposed to other users by design, a single guessed or observed email address is sufficient to compromise even administrator accounts with non-guessable email addresses. This design flaw results in a reliable and scalable account takeover vulnerability that affects any registered user account in the system. Note: The vulnerability does not require OpenAEV to have the email service configured. The exploit does not depend on the target email address to be a real email address. It just needs to be registered to OpenAEV. Successful exploitation allows an unauthenticated remote attacker to access sensitive data (such as the Findings section of a simulation), modify payloads executed by deployed agents to compromise all hosts where agents are installed (therefore the Scope is changed). Users should upgrade to version 2.0.13 to receive a fix.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-24467 - OpenAEV's Improper Password Reset Token Management Leads to Unauthenticated Account Takeover and Platform Compromise",
"Content": "CVE ID :CVE-2026-24467
Published : April 20, 2026, 4:16 p.m. | 42 minutes ago
Description :OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's password reset implementation contains multiple security weaknesses that together allow reliable account takeover. The primary issue is that password reset tokens do not expire. Once a token is generated, it remains valid indefinitely, even if significant time has passed or if newer tokens are issued for the same account. This allows an attacker to accumulate valid password reset tokens over time and reuse them at any point in the future to reset a victimโs password. A secondary weakness is that password reset tokens are only 8 digits long. While an 8-digit numeric token provides 100,000,000 possible combinations (which is secure enough), the ability to generate large numbers of valid tokens drastically reduces the required number of attempts to guess a valid password reset token. For example, if an attacker generates 2,000 valid tokens, the brute-force effort is reduced to approximately 50,000 attempts, which is a trivially achievable number of requests for an automated attack. (100 requests per second can mathematically find a valid password reset token in 500 seconds.) By combining these flaws, an attacker can mass-generate valid password reset tokens and then brute-force them efficiently until a match is found, allowing the attacker to reset the victimโs password to a value of their choosing. The original password is not required, and the attack can be performed entirely without authentication. This vulnerability enables full account takeover that leads to platform compromise. An unauthenticated remote attacker can reset the password of any registered user account and gain complete access without authentication. Because user email addresses are exposed to other users by design, a single guessed or observed email address is sufficient to compromise even administrator accounts with non-guessable email addresses. This design flaw results in a reliable and scalable account takeover vulnerability that affects any registered user account in the system. Note: The vulnerability does not require OpenAEV to have the email service configured. The exploit does not depend on the target email address to be a real email address. It just needs to be registered to OpenAEV. Successful exploitation allows an unauthenticated remote attacker to access sensitive data (such as the Findings section of a simulation), modify payloads executed by deployed agents to compromise all hosts where agents are installed (therefore the Scope is changed). Users should upgrade to version 2.0.13 to receive a fix.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-24468 - OpenAEV Vulnerable to Username/Email Enumeration Through Differential HTTP Responses in Password Reset API",
"Content": "CVE ID :CVE-2026-24468
Published : April 20, 2026, 4:16 p.m. | 42 minutes ago
Description :OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.11.0 and prior to version 2.0.13, the /api/reset endpoint behaves differently depending on whether the supplied username exists in the system. When a non-existent email is provided in the login parameter, the endpoint returns an HTTP 400 response (Bad Request). When a valid email is supplied, the endpoint responds with HTTP 200. This difference in server responses creates an observable discrepancy that allows an attacker to reliably determine which emails are registered in the application. By automating requests with a list of possible email addresses, an attacker can quickly build a list of valid accounts without any authentication. The endpoint should return a consistent response regardless of whether the username exists in order to prevent account enumeration. Version 2.0.13 fixes this issue.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-24468 - OpenAEV Vulnerable to Username/Email Enumeration Through Differential HTTP Responses in Password Reset API",
"Content": "CVE ID :CVE-2026-24468
Published : April 20, 2026, 4:16 p.m. | 42 minutes ago
Description :OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.11.0 and prior to version 2.0.13, the /api/reset endpoint behaves differently depending on whether the supplied username exists in the system. When a non-existent email is provided in the login parameter, the endpoint returns an HTTP 400 response (Bad Request). When a valid email is supplied, the endpoint responds with HTTP 200. This difference in server responses creates an observable discrepancy that allows an attacker to reliably determine which emails are registered in the application. By automating requests with a list of possible email addresses, an attacker can quickly build a list of valid accounts without any authentication. The endpoint should return a consistent response regardless of whether the username exists in order to prevent account enumeration. Version 2.0.13 fixes this issue.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-25058 - Vexa's unauthenticated internal transcript endpoint exposed by default",
"Content": "CVE ID :CVE-2026-25058
Published : April 20, 2026, 4:16 p.m. | 41 minutes ago
Description :Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa transcription-collector service exposes an internal endpoint `GET /internal/transcripts/{meeting_id}` that returns transcript data for any meeting without any authentication or authorization checks. An unauthenticated attacker can enumerate all meeting IDs, access any user's meeting transcripts without credentials, and steal confidential business conversations, passwords, and/or PII. Version 0.10.0-260419-1910 patches the issue.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-25058 - Vexa's unauthenticated internal transcript endpoint exposed by default",
"Content": "CVE ID :CVE-2026-25058
Published : April 20, 2026, 4:16 p.m. | 41 minutes ago
Description :Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa transcription-collector service exposes an internal endpoint `GET /internal/transcripts/{meeting_id}` that returns transcript data for any meeting without any authentication or authorization checks. An unauthenticated attacker can enumerate all meeting IDs, access any user's meeting transcripts without credentials, and steal confidential business conversations, passwords, and/or PII. Version 0.10.0-260419-1910 patches the issue.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Apr 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น