{
"Source": "CVE FEED",
"Title": "CVE-2026-28526 - BlueKitchen BTstack < 1.8.1 AVRCP Controller LIST_PLAYER_APPLICATION_SETTING_* Handlers OOB Read",
"Content": "CVE ID :CVE-2026-28526
Published : March 30, 2026, 2:16 p.m. | 1 hour, 8 minutes ago
Description :BlueKitchen BTstack contains an out-of-bounds read vulnerability in the AVRCP Controller LIST_PLAYER_APPLICATION_SETTING_ATTRIBUTES and LIST_PLAYER_APPLICATION_SETTING_VALUES handlers that allows attackers to read beyond buffer boundaries. A nearby attacker with a paired Bluetooth Classic connection can send a specially crafted VENDOR_DEPENDENT response with an attacker-controlled count value to trigger an out-of-bounds read from the L2CAP receive buffer, potentially causing a crash on resource-constrained devices.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-28526 - BlueKitchen BTstack < 1.8.1 AVRCP Controller LIST_PLAYER_APPLICATION_SETTING_* Handlers OOB Read",
"Content": "CVE ID :CVE-2026-28526
Published : March 30, 2026, 2:16 p.m. | 1 hour, 8 minutes ago
Description :BlueKitchen BTstack contains an out-of-bounds read vulnerability in the AVRCP Controller LIST_PLAYER_APPLICATION_SETTING_ATTRIBUTES and LIST_PLAYER_APPLICATION_SETTING_VALUES handlers that allows attackers to read beyond buffer boundaries. A nearby attacker with a paired Bluetooth Classic connection can send a specially crafted VENDOR_DEPENDENT response with an attacker-controlled count value to trigger an out-of-bounds read from the L2CAP receive buffer, potentially causing a crash on resource-constrained devices.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5122 - osrg GoBGP BGP OPEN Message bgp.go DecodeFromBytes access control",
"Content": "CVE ID :CVE-2026-5122
Published : March 30, 2026, 2:15 p.m. | 1 hour, 9 minutes ago
Description :A security flaw has been discovered in osrg GoBGP up to 4.3.0. This affects the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP OPEN Message Handler. Performing a manipulation of the argument domainNameLen results in improper access controls. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The patch is named 2b09db390a3d455808363c53e409afe6b1b86d2d. It is suggested to install a patch to address this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5122 - osrg GoBGP BGP OPEN Message bgp.go DecodeFromBytes access control",
"Content": "CVE ID :CVE-2026-5122
Published : March 30, 2026, 2:15 p.m. | 1 hour, 9 minutes ago
Description :A security flaw has been discovered in osrg GoBGP up to 4.3.0. This affects the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP OPEN Message Handler. Performing a manipulation of the argument domainNameLen results in improper access controls. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The patch is named 2b09db390a3d455808363c53e409afe6b1b86d2d. It is suggested to install a patch to address this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-27508 - Smoothwall Express < 3.1 Update 13 Reflected XSS in redirect.cgi via url Parameter",
"Content": "CVE ID :CVE-2026-27508
Published : March 30, 2026, 4:51 p.m. | 37 minutes ago
Description :Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript in victims' browsers when clicked through the unsanitized link.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-27508 - Smoothwall Express < 3.1 Update 13 Reflected XSS in redirect.cgi via url Parameter",
"Content": "CVE ID :CVE-2026-27508
Published : March 30, 2026, 4:51 p.m. | 37 minutes ago
Description :Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript in victims' browsers when clicked through the unsanitized link.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-26352 - Smoothwall Express < 3.1 Update 13 Stored XSS in vpnmain.cgi via VPN_IP Parameter",
"Content": "CVE ID :CVE-2026-26352
Published : March 30, 2026, 4:49 p.m. | 39 minutes ago
Description :Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPN_IP parameter. Authenticated attackers can inject arbitrary JavaScript through VPN configuration settings that executes when the affected page is viewed by other users.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-26352 - Smoothwall Express < 3.1 Update 13 Stored XSS in vpnmain.cgi via VPN_IP Parameter",
"Content": "CVE ID :CVE-2026-26352
Published : March 30, 2026, 4:49 p.m. | 39 minutes ago
Description :Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPN_IP parameter. Authenticated attackers can inject arbitrary JavaScript through VPN configuration settings that executes when the affected page is viewed by other users.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5123 - osrg GoBGP bgp.go DecodeFromBytes off-by-one",
"Content": "CVE ID :CVE-2026-5123
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go. Executing a manipulation of the argument data[1] can lead to off-by-one. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitability is said to be difficult. This patch is called 67c059413470df64bc20801c46f64058e88f800f. A patch should be applied to remediate this issue.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5123 - osrg GoBGP bgp.go DecodeFromBytes off-by-one",
"Content": "CVE ID :CVE-2026-5123
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go. Executing a manipulation of the argument data[1] can lead to off-by-one. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitability is said to be difficult. This patch is called 67c059413470df64bc20801c46f64058e88f800f. A patch should be applied to remediate this issue.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5170 - Users could trigger a crash of mongod primaries during promotion to sharded",
"Content": "CVE ID :CVE-2026-5170
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary of the replica set.
This issue affects MongoDB Server v8.2 versions prior to 8.2.2, MongoDB Server v8.0 versions between 8.0.18, MongoDB Server v7.0 versions between 7.0.31.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5170 - Users could trigger a crash of mongod primaries during promotion to sharded",
"Content": "CVE ID :CVE-2026-5170
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary of the replica set.
This issue affects MongoDB Server v8.2 versions prior to 8.2.2, MongoDB Server v8.0 versions between 8.0.18, MongoDB Server v7.0 versions between 7.0.31.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-34472 - ZTE ZXHN H188A Unauthenticated Credential Disclosure Vulnerability",
"Content": "CVE ID :CVE-2026-34472
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK, and PPPoE credentials. In some observed cases, configuration changes may also be performed without authentication.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-34472 - ZTE ZXHN H188A Unauthenticated Credential Disclosure Vulnerability",
"Content": "CVE ID :CVE-2026-34472
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK, and PPPoE credentials. In some observed cases, configuration changes may also be performed without authentication.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-33643 - SchemaHero MySQL Column Parameter SQL Injection",
"Content": "CVE ID :CVE-2026-33643
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the mysqlColumnAsInsert function in file plugins/mysql/lib/column.go.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-33643 - SchemaHero MySQL Column Parameter SQL Injection",
"Content": "CVE ID :CVE-2026-33643
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the mysqlColumnAsInsert function in file plugins/mysql/lib/column.go.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-30557 - SourceCodester Sales and Inventory System Reflected Cross-Site Scripting",
"Content": "CVE ID :CVE-2026-30557
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_category.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-30557 - SourceCodester Sales and Inventory System Reflected Cross-Site Scripting",
"Content": "CVE ID :CVE-2026-30557
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_category.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-30558 - SourceCodester Sales and Inventory System Reflected Cross-Site Scripting (XSS)",
"Content": "CVE ID :CVE-2026-30558
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_customer.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-30558 - SourceCodester Sales and Inventory System Reflected Cross-Site Scripting (XSS)",
"Content": "CVE ID :CVE-2026-30558
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_customer.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-30559 - SourceCodester Sales and Inventory System Reflected XSS",
"Content": "CVE ID :CVE-2026-30559
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_sales.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-30559 - SourceCodester Sales and Inventory System Reflected XSS",
"Content": "CVE ID :CVE-2026-30559
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_sales.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-30560 - SourceCodester Sales and Inventory System Reflected Cross-Site Scripting (XSS)",
"Content": "CVE ID :CVE-2026-30560
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_supplier.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-30560 - SourceCodester Sales and Inventory System Reflected Cross-Site Scripting (XSS)",
"Content": "CVE ID :CVE-2026-30560
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_supplier.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-30561 - SourceCodester Sales and Inventory System Reflected Cross-Site Scripting (XSS)",
"Content": "CVE ID :CVE-2026-30561
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_purchase.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-30561 - SourceCodester Sales and Inventory System Reflected Cross-Site Scripting (XSS)",
"Content": "CVE ID :CVE-2026-30561
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_purchase.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-30562 - SourceCodester Sales and Inventory System Reflected Cross-Site Scripting (XSS)",
"Content": "CVE ID :CVE-2026-30562
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_stock.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-30562 - SourceCodester Sales and Inventory System Reflected Cross-Site Scripting (XSS)",
"Content": "CVE ID :CVE-2026-30562
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_stock.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-30556 - SourceCodester Sales and Inventory System Reflected Cross-Site Scripting (XSS)",
"Content": "CVE ID :CVE-2026-30556
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-30556 - SourceCodester Sales and Inventory System Reflected Cross-Site Scripting (XSS)",
"Content": "CVE ID :CVE-2026-30556
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-29597 - DDSN Interactive Acora CMS File Access Bypass",
"Content": "CVE ID :CVE-2026-29597
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :Incorrect access control in the file_details.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allows attackers with editor privileges to access sensitive files via crafted requests.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-29597 - DDSN Interactive Acora CMS File Access Bypass",
"Content": "CVE ID :CVE-2026-29597
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :Incorrect access control in the file_details.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allows attackers with editor privileges to access sensitive files via crafted requests.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-29953 - SchemaHero PostgreSQL SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-29953
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-29953 - SchemaHero PostgreSQL SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-29953
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2275 - CVE-2026-2275",
"Content": "CVE ID :CVE-2026-2275
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can enable RCE through arbitrary C function calling.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2275 - CVE-2026-2275",
"Content": "CVE ID :CVE-2026-2275
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can enable RCE through arbitrary C function calling.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2285 - CVE-2026-2285",
"Content": "CVE ID :CVE-2026-2285
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2285 - CVE-2026-2285",
"Content": "CVE ID :CVE-2026-2285
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2286 - CVE-2026-2286",
"Content": "CVE ID :CVE-2026-2286
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2286 - CVE-2026-2286",
"Content": "CVE ID :CVE-2026-2286
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2287 - CVE-2026-2287",
"Content": "CVE ID :CVE-2026-2287
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2287 - CVE-2026-2287",
"Content": "CVE ID :CVE-2026-2287
Published : March 30, 2026, 4:16 p.m. | 1 hour, 12 minutes ago
Description :CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Mar 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹