{
"Source": "CVE FEED",
"Title": "CVE-2026-34833 - Bulwark Webmail: Information Exposure: password returned in /api/auth/session",
"Content": "CVE ID :CVE-2026-34833
Published : April 2, 2026, 8:16 p.m. | 1 hour, 3 minutes ago
Description :Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the GET /api/auth/session endpoint previously included the user's plaintext password in the JSON response. This exposed credentials to browser logs, local caches, and network proxie. This issue has been patched in version 1.4.10.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-34833 - Bulwark Webmail: Information Exposure: password returned in /api/auth/session",
"Content": "CVE ID :CVE-2026-34833
Published : April 2, 2026, 8:16 p.m. | 1 hour, 3 minutes ago
Description :Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the GET /api/auth/session endpoint previously included the user's plaintext password in the JSON response. This exposed credentials to browser logs, local caches, and network proxie. This issue has been patched in version 1.4.10.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-34834 - Bulwark Webmail: Authentication Bypass in verifyIdentity() due to missing cookie validation",
"Content": "CVE ID :CVE-2026-34834
Published : April 2, 2026, 8:16 p.m. | 1 hour, 3 minutes ago
Description :Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the verifyIdentity() function contained logic that returned true if no session cookies were present. This allowed unauthenticated attackers to bypass security checks and access/modify user settings via the /api/settings endpoint by providing arbitrary headers. This issue has been patched in version 1.4.10.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-34834 - Bulwark Webmail: Authentication Bypass in verifyIdentity() due to missing cookie validation",
"Content": "CVE ID :CVE-2026-34834
Published : April 2, 2026, 8:16 p.m. | 1 hour, 3 minutes ago
Description :Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the verifyIdentity() function contained logic that returned true if no session cookies were present. This allowed unauthenticated attackers to bypass security checks and access/modify user settings via the /api/settings endpoint by providing arbitrary headers. This issue has been patched in version 1.4.10.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-34825 - NocoBase Has SQL Injection via template variable substitution in workflow SQL node",
"Content": "CVE ID :CVE-2026-34825
Published : April 2, 2026, 8:16 p.m. | 1 hour, 3 minutes ago
Description :NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.30, NocoBase plugin-workflow-sql substitutes template variables directly into raw SQL strings via getParsedValue() without parameterization or escaping. Any user who triggers a workflow containing a SQL node with template variables from user-controlled data can inject arbitrary SQL. This issue has been patched in version 2.0.30.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-34825 - NocoBase Has SQL Injection via template variable substitution in workflow SQL node",
"Content": "CVE ID :CVE-2026-34825
Published : April 2, 2026, 8:16 p.m. | 1 hour, 3 minutes ago
Description :NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.30, NocoBase plugin-workflow-sql substitutes template variables directly into raw SQL strings via getParsedValue() without parameterization or escaping. Any user who triggers a workflow containing a SQL node with template variables from user-controlled data can inject arbitrary SQL. This issue has been patched in version 2.0.30.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-34760 - vLLM: Downmix Implementation Differences as Attack Vectors Against Audio AI Models",
"Content": "CVE ID :CVE-2026-34760
Published : April 2, 2026, 8:16 p.m. | 1 hour, 3 minutes ago
Description :vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing (to_mono), while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy results in inconsistency between audio heard by humans (e.g., through headphones/regular speakers) and audio processed by AI models (Which infra via Librosa, such as vllm, transformer). This issue has been patched in version 0.18.0.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-34760 - vLLM: Downmix Implementation Differences as Attack Vectors Against Audio AI Models",
"Content": "CVE ID :CVE-2026-34760
Published : April 2, 2026, 8:16 p.m. | 1 hour, 3 minutes ago
Description :vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing (to_mono), while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy results in inconsistency between audio heard by humans (e.g., through headphones/regular speakers) and audio processed by AI models (Which infra via Librosa, such as vllm, transformer). This issue has been patched in version 0.18.0.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-34761 - Ella Core Panics Upon NGAP handover failure",
"Content": "CVE ID :CVE-2026-34761
Published : April 2, 2026, 8:16 p.m. | 1 hour, 3 minutes ago
Description :Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, Ella Core panics when processing a NGAP handover failure message. An attacker able to cause a gNodeB to send NGAP handover failure messages to Ella Core can crash the process, causing service disruption for all connected subscribers. This issue has been patched in version 1.8.0.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-34761 - Ella Core Panics Upon NGAP handover failure",
"Content": "CVE ID :CVE-2026-34761
Published : April 2, 2026, 8:16 p.m. | 1 hour, 3 minutes ago
Description :Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, Ella Core panics when processing a NGAP handover failure message. An attacker able to cause a gNodeB to send NGAP handover failure messages to Ella Core can crash the process, causing service disruption for all connected subscribers. This issue has been patched in version 1.8.0.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-34762 - Ella Core Has Audit Log Falsification via Path/Body IMSI Mismatch in UpdateSubscriber",
"Content": "CVE ID :CVE-2026-34762
Published : April 2, 2026, 8:16 p.m. | 1 hour, 3 minutes ago
Description :Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/{imsi} API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify any subscriber's policy while the audit trail records a fabricated or unrelated subscriber IMSI. This issue has been patched in version 1.8.0.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-34762 - Ella Core Has Audit Log Falsification via Path/Body IMSI Mismatch in UpdateSubscriber",
"Content": "CVE ID :CVE-2026-34762
Published : April 2, 2026, 8:16 p.m. | 1 hour, 3 minutes ago
Description :Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/{imsi} API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify any subscriber's policy while the audit trail records a fabricated or unrelated subscriber IMSI. This issue has been patched in version 1.8.0.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2022-4986 - Hirschmann EagleSDV Denial of Service via TLS",
"Content": "CVE ID :CVE-2022-4986
Published : April 2, 2026, 10:16 p.m. | 1 hour, 4 minutes ago
Description :Hirschmann EagleSDV contains a denial-of-service vulnerability that causes the device to crash during session establishment when using TLS 1.0 or TLS 1.1. Attackers can trigger a crash by initiating TLS connections with these protocol versions to disrupt service availability.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2022-4986 - Hirschmann EagleSDV Denial of Service via TLS",
"Content": "CVE ID :CVE-2022-4986
Published : April 2, 2026, 10:16 p.m. | 1 hour, 4 minutes ago
Description :Hirschmann EagleSDV contains a denial-of-service vulnerability that causes the device to crash during session establishment when using TLS 1.0 or TLS 1.1. Attackers can trigger a crash by initiating TLS connections with these protocol versions to disrupt service availability.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-30251 - Interzen Consulting S.r.l ZenShare Suite Reflected Cross-Site Scripting (XSS)",
"Content": "CVE ID :CVE-2026-30251
Published : April 2, 2026, 9:16 p.m. | 2 hours, 4 minutes ago
Description :A reflected cross-site scripting (XSS) vulnerability in the login_newpwd.php endpoint of Interzen Consulting S.r.l ZenShare Suite v17.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted URL injected into the codice_azienda parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-30251 - Interzen Consulting S.r.l ZenShare Suite Reflected Cross-Site Scripting (XSS)",
"Content": "CVE ID :CVE-2026-30251
Published : April 2, 2026, 9:16 p.m. | 2 hours, 4 minutes ago
Description :A reflected cross-site scripting (XSS) vulnerability in the login_newpwd.php endpoint of Interzen Consulting S.r.l ZenShare Suite v17.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted URL injected into the codice_azienda parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-30252 - Interzen Consulting S.r.l ZenShare Suite Cross-Site Scripting (XSS)",
"Content": "CVE ID :CVE-2026-30252
Published : April 2, 2026, 9:16 p.m. | 2 hours, 4 minutes ago
Description :Multiple reflected cross-site scripting (XSS) vulnerabilities in the login.php endpoint of Interzen Consulting S.r.l ZenShare Suite v17.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted URL injected into the codice_azienda and red_url parameters.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-30252 - Interzen Consulting S.r.l ZenShare Suite Cross-Site Scripting (XSS)",
"Content": "CVE ID :CVE-2026-30252
Published : April 2, 2026, 9:16 p.m. | 2 hours, 4 minutes ago
Description :Multiple reflected cross-site scripting (XSS) vulnerabilities in the login.php endpoint of Interzen Consulting S.r.l ZenShare Suite v17.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted URL injected into the codice_azienda and red_url parameters.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-33105 - Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability",
"Content": "CVE ID :CVE-2026-33105
Published : April 3, 2026, 12:16 a.m. | 1 hour, 7 minutes ago
Description :Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-33105 - Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability",
"Content": "CVE ID :CVE-2026-33105
Published : April 3, 2026, 12:16 a.m. | 1 hour, 7 minutes ago
Description :Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-33107 - Azure Databricks Elevation of Privilege Vulnerability",
"Content": "CVE ID :CVE-2026-33107
Published : April 3, 2026, 12:16 a.m. | 1 hour, 7 minutes ago
Description :Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-33107 - Azure Databricks Elevation of Privilege Vulnerability",
"Content": "CVE ID :CVE-2026-33107
Published : April 3, 2026, 12:16 a.m. | 1 hour, 7 minutes ago
Description :Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-26135 - Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability",
"Content": "CVE ID :CVE-2026-26135
Published : April 3, 2026, 12:16 a.m. | 1 hour, 7 minutes ago
Description :Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-26135 - Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability",
"Content": "CVE ID :CVE-2026-26135
Published : April 3, 2026, 12:16 a.m. | 1 hour, 7 minutes ago
Description :Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-32173 - Azure SRE Agent Information Disclosure Vulnerability",
"Content": "CVE ID :CVE-2026-32173
Published : April 3, 2026, 12:16 a.m. | 1 hour, 7 minutes ago
Description :Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-32173 - Azure SRE Agent Information Disclosure Vulnerability",
"Content": "CVE ID :CVE-2026-32173
Published : April 3, 2026, 12:16 a.m. | 1 hour, 7 minutes ago
Description :Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-32211 - Azure MCP Server Information Disclosure Vulnerability",
"Content": "CVE ID :CVE-2026-32211
Published : April 3, 2026, 12:16 a.m. | 1 hour, 7 minutes ago
Description :Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-32211 - Azure MCP Server Information Disclosure Vulnerability",
"Content": "CVE ID :CVE-2026-32211
Published : April 3, 2026, 12:16 a.m. | 1 hour, 7 minutes ago
Description :Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-32213 - Azure AI Foundry Elevation of Privilege Vulnerability",
"Content": "CVE ID :CVE-2026-32213
Published : April 3, 2026, 12:16 a.m. | 1 hour, 7 minutes ago
Description :Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-32213 - Azure AI Foundry Elevation of Privilege Vulnerability",
"Content": "CVE ID :CVE-2026-32213
Published : April 3, 2026, 12:16 a.m. | 1 hour, 7 minutes ago
Description :Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-35535 - Sudo Privilege Escalation Vulnerability",
"Content": "CVE ID :CVE-2026-35535
Published : April 3, 2026, 2:21 a.m. | 1 hour, 2 minutes ago
Description :In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-35535 - Sudo Privilege Escalation Vulnerability",
"Content": "CVE ID :CVE-2026-35535
Published : April 3, 2026, 2:21 a.m. | 1 hour, 2 minutes ago
Description :In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-35508 - Shynet XSS Vulnerability in urldisplay and iconify Template Filters",
"Content": "CVE ID :CVE-2026-35508
Published : April 3, 2026, 2:16 a.m. | 1 hour, 7 minutes ago
Description :Shynet before 0.14.0 allows XSS in urldisplay and iconify template filters,
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-35508 - Shynet XSS Vulnerability in urldisplay and iconify Template Filters",
"Content": "CVE ID :CVE-2026-35508
Published : April 3, 2026, 2:16 a.m. | 1 hour, 7 minutes ago
Description :Shynet before 0.14.0 allows XSS in urldisplay and iconify template filters,
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-35507 - Shynet Host Header Injection Vulnerability",
"Content": "CVE ID :CVE-2026-35507
Published : April 3, 2026, 2:16 a.m. | 1 hour, 7 minutes ago
Description :Shynet before 0.14.0 allows Host header injection in the password reset flow.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-35507 - Shynet Host Header Injection Vulnerability",
"Content": "CVE ID :CVE-2026-35507
Published : April 3, 2026, 2:16 a.m. | 1 hour, 7 minutes ago
Description :Shynet before 0.14.0 allows Host header injection in the password reset flow.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-28815 - Apple Swift-Crypto Out-of-Bounds Read",
"Content": "CVE ID :CVE-2026-28815
Published : April 3, 2026, 1:32 a.m. | 1 hour, 51 minutes ago
Description :A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-28815 - Apple Swift-Crypto Out-of-Bounds Read",
"Content": "CVE ID :CVE-2026-28815
Published : April 3, 2026, 1:32 a.m. | 1 hour, 51 minutes ago
Description :A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-35549 - MariaDB Server Caching Sha2 Password Authentication Plugin Crash Vulnerability",
"Content": "CVE ID :CVE-2026-35549
Published : April 3, 2026, 5 a.m. | 25 minutes ago
Description :An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256_crypt_r uses alloca.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-35549 - MariaDB Server Caching Sha2 Password Authentication Plugin Crash Vulnerability",
"Content": "CVE ID :CVE-2026-35549
Published : April 3, 2026, 5 a.m. | 25 minutes ago
Description :An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256_crypt_r uses alloca.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5454 - GRID Organiser App co.gridapp.organiser app.json hard-coded key",
"Content": "CVE ID :CVE-2026-5454
Published : April 3, 2026, 4:45 a.m. | 40 minutes ago
Description :A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file file res/raw/app.json of the component co.gridapp.organiser. Performing a manipulation of the argument SegmentWriteKey results in use of hard-coded cryptographic key
. The attack is only possible with local access. The exploit has been made public and could be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5454 - GRID Organiser App co.gridapp.organiser app.json hard-coded key",
"Content": "CVE ID :CVE-2026-5454
Published : April 3, 2026, 4:45 a.m. | 40 minutes ago
Description :A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file file res/raw/app.json of the component co.gridapp.organiser. Performing a manipulation of the argument SegmentWriteKey results in use of hard-coded cryptographic key
. The attack is only possible with local access. The exploit has been made public and could be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹