{
"Source": "CVE FEED",
"Title": "CVE-2025-40841 - Ericsson Indoor Connect 8855 - Cross-Site Request Forgery Vulnerability",
"Content": "CVE ID :CVE-2025-40841
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a
Cross-Site Request Forgery (CSRF) vulnerability which, if exploited, can lead
to unauthorized modification of certain information.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-40841 - Ericsson Indoor Connect 8855 - Cross-Site Request Forgery Vulnerability",
"Content": "CVE ID :CVE-2025-40841
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a
Cross-Site Request Forgery (CSRF) vulnerability which, if exploited, can lead
to unauthorized modification of certain information.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-40842 - Ericsson Indoor Connect 8855 - Improper Neutralization of Input During Web Page Generation Vulnerability",
"Content": "CVE ID :CVE-2025-40842
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a
Cross-Site Scripting (XSS) vulnerability which, if exploited, can lead to
unauthorized disclosure and modification of certain information.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-40842 - Ericsson Indoor Connect 8855 - Improper Neutralization of Input During Web Page Generation Vulnerability",
"Content": "CVE ID :CVE-2025-40842
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a
Cross-Site Scripting (XSS) vulnerability which, if exploited, can lead to
unauthorized disclosure and modification of certain information.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2024-51347 - LSC Smart Indoor IP Camera Buffer Overflow Vulnerability",
"Content": "CVE ID :CVE-2024-51347
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :A buffer overflow vulnerability in the dgiot binary in LSC Smart Indoor IP Camera V7.6.32. The flaw exists in the handling of the Time Zone (TZ) parameter within the ONVIF configuration interface. The time zone (TZ) parameter does not have its length properly validated before being copied into a fixed-size buffer using the insecure strcpy function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2024-51347 - LSC Smart Indoor IP Camera Buffer Overflow Vulnerability",
"Content": "CVE ID :CVE-2024-51347
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :A buffer overflow vulnerability in the dgiot binary in LSC Smart Indoor IP Camera V7.6.32. The flaw exists in the handling of the Time Zone (TZ) parameter within the ONVIF configuration interface. The time zone (TZ) parameter does not have its length properly validated before being copied into a fixed-size buffer using the insecure strcpy function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2024-51348 - BS Producten Petcam P2P API Stack-Based Buffer Overflow Remote Code Execution",
"Content": "CVE ID :CVE-2024-51348
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :A stack-based buffer overflow vulnerability in the P2P API service in BS Producten Petcam with firmware 33.1.0.0818 allows unauthenticated attackers within network range to overwrite the instruction pointer and achieve Remote Code Execution (RCE) by sending a specially crafted HTTP request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2024-51348 - BS Producten Petcam P2P API Stack-Based Buffer Overflow Remote Code Execution",
"Content": "CVE ID :CVE-2024-51348
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :A stack-based buffer overflow vulnerability in the P2P API service in BS Producten Petcam with firmware 33.1.0.0818 allows unauthenticated attackers within network range to overwrite the instruction pointer and achieve Remote Code Execution (RCE) by sending a specially crafted HTTP request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2024-51346 - Eufy Homebase 2 Cryptographic Information Disclosure Vulnerability",
"Content": "CVE ID :CVE-2024-51346
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :An issue in Eufy Homebase 2 version 3.3.4.1h allows a local attacker to obtain sensitive information via the cryptographic scheme.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2024-51346 - Eufy Homebase 2 Cryptographic Information Disclosure Vulnerability",
"Content": "CVE ID :CVE-2024-51346
Published : March 25, 2026, 2:16 p.m. | 27 minutes ago
Description :An issue in Eufy Homebase 2 version 3.3.4.1h allows a local attacker to obtain sensitive information via the cryptographic scheme.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-4761 - Unnecessary permissions on private keys of certificates installed by Network and Security Wizard",
"Content": "CVE ID :CVE-2026-4761
Published : March 25, 2026, 1:16 p.m. | 1 hour, 27 minutes ago
Description :When
a certificate and its private key are installed in the Windows machine
certificate store using Network and Security tool, access rights to the private
key are unnecessarily
granted to the operator group.
* Installations based on Panorama Suite 2025 (25.00.004) are vulnerable unless update PS-2500-00-0357 (or higher) is installed
*
Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are not vulnerable
Please refer to security bulletin BS-036, available on the Panorama CSIRT website: .
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-4761 - Unnecessary permissions on private keys of certificates installed by Network and Security Wizard",
"Content": "CVE ID :CVE-2026-4761
Published : March 25, 2026, 1:16 p.m. | 1 hour, 27 minutes ago
Description :When
a certificate and its private key are installed in the Windows machine
certificate store using Network and Security tool, access rights to the private
key are unnecessarily
granted to the operator group.
* Installations based on Panorama Suite 2025 (25.00.004) are vulnerable unless update PS-2500-00-0357 (or higher) is installed
*
Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are not vulnerable
Please refer to security bulletin BS-036, available on the Panorama CSIRT website: .
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-4760 - Potential unauthorized access to files on the Web HMI server host",
"Content": "CVE ID :CVE-2026-4760
Published : March 25, 2026, 1:16 p.m. | 1 hour, 27 minutes ago
Description :From
Panorama Web HMI, an attacker can gain read access to certain Web HMI server
files, if he knows their paths and if these files are accessible to the Servin
process execution account.
* Installations based on Panorama Suite 2022-SP1 (22.50.005) are vulnerable unless update PS-2210-02-4079 (or higher) is installed
* Installations based on Panorama Suite 2023 (23.00.004) are vulnerable
unless updates PS-2300-03-3078 (or higher) and PS-2300-04-3078 (or higher)
and PS-2300-82-3078
(or higher)
are installed
* Installations based on Panorama Suite 2025 (25.00.016)
are vulnerable unless updates PS-2500-02-1078 (or higher) and PS-2500-04-1078 (or higher) are installed
* Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007)
are vulnerable unless updates PS-2510-02-1077 (or higher) and PS-2510-04-1077 (or higher)
are installed
Please refer to security bulletin BS-035, available on the Panorama CSIRT website: .
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-4760 - Potential unauthorized access to files on the Web HMI server host",
"Content": "CVE ID :CVE-2026-4760
Published : March 25, 2026, 1:16 p.m. | 1 hour, 27 minutes ago
Description :From
Panorama Web HMI, an attacker can gain read access to certain Web HMI server
files, if he knows their paths and if these files are accessible to the Servin
process execution account.
* Installations based on Panorama Suite 2022-SP1 (22.50.005) are vulnerable unless update PS-2210-02-4079 (or higher) is installed
* Installations based on Panorama Suite 2023 (23.00.004) are vulnerable
unless updates PS-2300-03-3078 (or higher) and PS-2300-04-3078 (or higher)
and PS-2300-82-3078
(or higher)
are installed
* Installations based on Panorama Suite 2025 (25.00.016)
are vulnerable unless updates PS-2500-02-1078 (or higher) and PS-2500-04-1078 (or higher) are installed
* Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007)
are vulnerable unless updates PS-2510-02-1077 (or higher) and PS-2510-04-1077 (or higher)
are installed
Please refer to security bulletin BS-035, available on the Panorama CSIRT website: .
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-13078 - Improper Validation of Specified Quantity in Input in GitLab",
"Content": "CVE ID :CVE-2025-13078
Published : March 25, 2026, 4:35 p.m. | 17 minutes ago
Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when processing certain webhook configuration inputs.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-13078 - Improper Validation of Specified Quantity in Input in GitLab",
"Content": "CVE ID :CVE-2025-13078
Published : March 25, 2026, 4:35 p.m. | 17 minutes ago
Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when processing certain webhook configuration inputs.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-13436 - Allocation of Resources Without Limits or Throttling in GitLab",
"Content": "CVE ID :CVE-2025-13436
Published : March 25, 2026, 4:34 p.m. | 17 minutes ago
Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when handling certain CI-related inputs.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-13436 - Allocation of Resources Without Limits or Throttling in GitLab",
"Content": "CVE ID :CVE-2025-13436
Published : March 25, 2026, 4:34 p.m. | 17 minutes ago
Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when handling certain CI-related inputs.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-14595 - Missing Authorization in GitLab",
"Content": "CVE ID :CVE-2025-14595
Published : March 25, 2026, 4:34 p.m. | 17 minutes ago
Description :GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user with Planner role to view security category metadata and attributes in group security configuration due to improper access control
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-14595 - Missing Authorization in GitLab",
"Content": "CVE ID :CVE-2025-14595
Published : March 25, 2026, 4:34 p.m. | 17 minutes ago
Description :GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user with Planner role to view security category metadata and attributes in group security configuration due to improper access control
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-1724 - Missing Authentication for Critical Function in GitLab",
"Content": "CVE ID :CVE-2026-1724
Published : March 25, 2026, 4:34 p.m. | 18 minutes ago
Description :GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to access API tokens of self-hosted AI models due to improper access control.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-1724 - Missing Authentication for Critical Function in GitLab",
"Content": "CVE ID :CVE-2026-1724
Published : March 25, 2026, 4:34 p.m. | 18 minutes ago
Description :GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to access API tokens of self-hosted AI models due to improper access control.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2745 - Authentication Bypass Using an Alternate Path or Channel in GitLab",
"Content": "CVE ID :CVE-2026-2745
Published : March 25, 2026, 4:34 p.m. | 18 minutes ago
Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsistent input validation in the authentication process.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2745 - Authentication Bypass Using an Alternate Path or Channel in GitLab",
"Content": "CVE ID :CVE-2026-2745
Published : March 25, 2026, 4:34 p.m. | 18 minutes ago
Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsistent input validation in the authentication process.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2726 - Incorrect Authorization in GitLab",
"Content": "CVE ID :CVE-2026-2726
Published : March 25, 2026, 4:34 p.m. | 18 minutes ago
Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access control during cross-repository operations.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2726 - Incorrect Authorization in GitLab",
"Content": "CVE ID :CVE-2026-2726
Published : March 25, 2026, 4:34 p.m. | 18 minutes ago
Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access control during cross-repository operations.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2973 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab",
"Content": "CVE ID :CVE-2026-2973
Published : March 25, 2026, 4:34 p.m. | 18 minutes ago
Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to execute arbitrary JavaScript in a user's browser due to improper sanitization of entity-encoded content in Mermaid diagrams.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2973 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab",
"Content": "CVE ID :CVE-2026-2973
Published : March 25, 2026, 4:34 p.m. | 18 minutes ago
Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to execute arbitrary JavaScript in a user's browser due to improper sanitization of entity-encoded content in Mermaid diagrams.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2995 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab",
"Content": "CVE ID :CVE-2026-2995
Published : March 25, 2026, 4:33 p.m. | 18 minutes ago
Description :GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2995 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab",
"Content": "CVE ID :CVE-2026-2995
Published : March 25, 2026, 4:33 p.m. | 18 minutes ago
Description :GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-3857 - Cross-Site Request Forgery (CSRF) in GitLab",
"Content": "CVE ID :CVE-2026-3857
Published : March 25, 2026, 4:33 p.m. | 18 minutes ago
Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to execute arbitrary GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-3857 - Cross-Site Request Forgery (CSRF) in GitLab",
"Content": "CVE ID :CVE-2026-3857
Published : March 25, 2026, 4:33 p.m. | 18 minutes ago
Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to execute arbitrary GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-3988 - Inefficient Algorithmic Complexity in GitLab",
"Content": "CVE ID :CVE-2026-3988
Published : March 25, 2026, 4:33 p.m. | 18 minutes ago
Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to cause a denial of service by making the GitLab instance unresponsive due to improper input validation in GraphQL request processing.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-3988 - Inefficient Algorithmic Complexity in GitLab",
"Content": "CVE ID :CVE-2026-3988
Published : March 25, 2026, 4:33 p.m. | 18 minutes ago
Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to cause a denial of service by making the GitLab instance unresponsive due to improper input validation in GraphQL request processing.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-27659 - CSRF vulnerability in UpdateAccessControlPolicyActiveStatus endpoint",
"Content": "CVE ID :CVE-2026-27659
Published : March 25, 2026, 4:33 p.m. | 19 minutes ago
Description :Mattermost versions 11.2.x <=<=<=<=
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-27659 - CSRF vulnerability in UpdateAccessControlPolicyActiveStatus endpoint",
"Content": "CVE ID :CVE-2026-27659
Published : March 25, 2026, 4:33 p.m. | 19 minutes ago
Description :Mattermost versions 11.2.x <=<=<=<=
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-20719 - DoS via URL Previews Rendering Malicious SVGs",
"Content": "CVE ID :CVE-2026-20719
Published : March 25, 2026, 4:30 p.m. | 21 minutes ago
Description :Mattermost versions 11.4.x <=<=<=<=
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-20719 - DoS via URL Previews Rendering Malicious SVGs",
"Content": "CVE ID :CVE-2026-20719
Published : March 25, 2026, 4:30 p.m. | 21 minutes ago
Description :Mattermost versions 11.4.x <=<=<=<=
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-27656 - Account Takeover via Substring Matching in OpenID Connect Authentication",
"Content": "CVE ID :CVE-2026-27656
Published : March 25, 2026, 4:28 p.m. | 24 minutes ago
Description :Mattermost versions 11.4.x <=<=<=<=
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-27656 - Account Takeover via Substring Matching in OpenID Connect Authentication",
"Content": "CVE ID :CVE-2026-27656
Published : March 25, 2026, 4:28 p.m. | 24 minutes ago
Description :Mattermost versions 11.4.x <=<=<=<=
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-26233 - Denial of Service via HTTP/2 single packet attack on login endpoint",
"Content": "CVE ID :CVE-2026-26233
Published : March 25, 2026, 4:24 p.m. | 27 minutes ago
Description :Mattermost versions 11.4.x <=<=<=<=
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-26233 - Denial of Service via HTTP/2 single packet attack on login endpoint",
"Content": "CVE ID :CVE-2026-26233
Published : March 25, 2026, 4:24 p.m. | 27 minutes ago
Description :Mattermost versions 11.4.x <=<=<=<=
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹