{
"Source": "CVE FEED",
"Title": "CVE-2026-5584 - Fosowl agenticSeek query Endpoint PyInterpreter.py PyInterpreter.execute code injection",
"Content": "CVE ID :CVE-2026-5584
Published : April 5, 2026, 5:16 p.m. | 1 hour, 48 minutes ago
Description :A vulnerability has been found in Fosowl agenticSeek 0.1.0. Impacted is the function PyInterpreter.execute of the file sources/tools/PyInterpreter.py of the component query Endpoint. Such manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5584 - Fosowl agenticSeek query Endpoint PyInterpreter.py PyInterpreter.execute code injection",
"Content": "CVE ID :CVE-2026-5584
Published : April 5, 2026, 5:16 p.m. | 1 hour, 48 minutes ago
Description :A vulnerability has been found in Fosowl agenticSeek 0.1.0. Impacted is the function PyInterpreter.execute of the file sources/tools/PyInterpreter.py of the component query Endpoint. Such manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2019-25704 - Kados R10 GreenBee SQL Injection via filter_user_mail",
"Content": "CVE ID :CVE-2019-25704
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the filter_user_mail parameter. Attackers can send crafted requests with malicious SQL statements to extract sensitive database information or modify data.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2019-25704 - Kados R10 GreenBee SQL Injection via filter_user_mail",
"Content": "CVE ID :CVE-2019-25704
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the filter_user_mail parameter. Attackers can send crafted requests with malicious SQL statements to extract sensitive database information or modify data.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2019-25700 - Kados R10 GreenBee SQL Injection via sort_direction Parameter",
"Content": "CVE ID :CVE-2019-25700
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the sort_direction parameter. Attackers can submit malicious SQL statements in the sort_direction parameter to extract sensitive database information or modify data.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2019-25700 - Kados R10 GreenBee SQL Injection via sort_direction Parameter",
"Content": "CVE ID :CVE-2019-25700
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the sort_direction parameter. Attackers can submit malicious SQL statements in the sort_direction parameter to extract sensitive database information or modify data.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2019-25702 - Kados R10 GreenBee SQL Injection via id_project Parameter",
"Content": "CVE ID :CVE-2019-25702
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id_project parameter. Attackers can send crafted requests with malicious SQL statements in the id_project parameter to extract sensitive database information or modify data.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2019-25702 - Kados R10 GreenBee SQL Injection via id_project Parameter",
"Content": "CVE ID :CVE-2019-25702
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id_project parameter. Attackers can send crafted requests with malicious SQL statements in the id_project parameter to extract sensitive database information or modify data.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2019-25698 - Kados R10 GreenBee SQL Injection via id_to_delete Parameter",
"Content": "CVE ID :CVE-2019-25698
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id_to_delete parameter. Attackers can send crafted requests with malicious SQL statements in the id_to_delete field to extract or modify sensitive database information.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2019-25698 - Kados R10 GreenBee SQL Injection via id_to_delete Parameter",
"Content": "CVE ID :CVE-2019-25698
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id_to_delete parameter. Attackers can send crafted requests with malicious SQL statements in the id_to_delete field to extract or modify sensitive database information.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2019-25694 - Kados R10 GreenBee SQL Injection via user2reset",
"Content": "CVE ID :CVE-2019-25694
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user2reset parameter. Attackers can send crafted requests with malicious SQL payloads to extract sensitive database information or modify data.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2019-25694 - Kados R10 GreenBee SQL Injection via user2reset",
"Content": "CVE ID :CVE-2019-25694
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user2reset parameter. Attackers can send crafted requests with malicious SQL payloads to extract sensitive database information or modify data.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2019-25696 - Kados R10 GreenBee SQL Injection via language_tag Parameter",
"Content": "CVE ID :CVE-2019-25696
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the language_tag parameter. Attackers can submit malicious SQL statements in the language_tag parameter to extract sensitive database information or modify data.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2019-25696 - Kados R10 GreenBee SQL Injection via language_tag Parameter",
"Content": "CVE ID :CVE-2019-25696
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the language_tag parameter. Attackers can submit malicious SQL statements in the language_tag parameter to extract sensitive database information or modify data.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2019-25692 - Kados R10 GreenBee SQL Injection via id_to_modify Parameter",
"Content": "CVE ID :CVE-2019-25692
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id_to_modify' parameter. Attackers can send crafted requests with malicious SQL statements in the id_to_modify field to extract sensitive database information or modify data.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2019-25692 - Kados R10 GreenBee SQL Injection via id_to_modify Parameter",
"Content": "CVE ID :CVE-2019-25692
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id_to_modify' parameter. Attackers can send crafted requests with malicious SQL statements in the id_to_modify field to extract sensitive database information or modify data.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2019-25690 - Kados R10 GreenBee SQL Injection via mng_profile_id",
"Content": "CVE ID :CVE-2019-25690
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mng_profile_id parameter. Attackers can send crafted requests with malicious SQL payloads in the mng_profile_id parameter to extract sensitive database information.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2019-25690 - Kados R10 GreenBee SQL Injection via mng_profile_id",
"Content": "CVE ID :CVE-2019-25690
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mng_profile_id parameter. Attackers can send crafted requests with malicious SQL payloads in the mng_profile_id parameter to extract sensitive database information.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2019-25687 - Pegasus CMS 1.0 Remote Code Execution via extra_fields.php",
"Content": "CVE ID :CVE-2019-25687
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious PHP code in the action parameter to achieve code execution and obtain an interactive shell.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2019-25687 - Pegasus CMS 1.0 Remote Code Execution via extra_fields.php",
"Content": "CVE ID :CVE-2019-25687
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious PHP code in the action parameter to achieve code execution and obtain an interactive shell.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2019-25688 - Kados R10 GreenBee SQL Injection via menu_lev1 Parameter",
"Content": "CVE ID :CVE-2019-25688
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the menu_lev1 parameter. Attackers can send crafted requests with malicious SQL payloads in the menu_lev1 parameter to extract sensitive database information or modify database contents.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2019-25688 - Kados R10 GreenBee SQL Injection via menu_lev1 Parameter",
"Content": "CVE ID :CVE-2019-25688
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the menu_lev1 parameter. Attackers can send crafted requests with malicious SQL payloads in the menu_lev1 parameter to extract sensitive database information or modify database contents.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2019-25686 - Core FTP 2.0 build 653 PBSZ Unauthenticated Denial of Service",
"Content": "CVE ID :CVE-2019-25686
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :Core FTP 2.0 build 653 contains a denial of service vulnerability in the PBSZ command that allows unauthenticated attackers to crash the service by sending a malformed command with an oversized buffer. Attackers can send a PBSZ command with a payload exceeding 211 bytes to trigger an access violation and crash the FTP server process.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2019-25686 - Core FTP 2.0 build 653 PBSZ Unauthenticated Denial of Service",
"Content": "CVE ID :CVE-2019-25686
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :Core FTP 2.0 build 653 contains a denial of service vulnerability in the PBSZ command that allows unauthenticated attackers to crash the service by sending a malformed command with an oversized buffer. Attackers can send a PBSZ command with a payload exceeding 211 bytes to trigger an access violation and crash the FTP server process.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2019-25685 - phpBB Arbitrary File Upload via Phar Deserialization",
"Content": "CVE ID :CVE-2019-25685
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by exploiting the plupload functionality and phar:// stream wrapper. Attackers can upload a crafted zip file containing serialized PHP objects that execute arbitrary code when deserialized through the imagick parameter in attachment settings.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2019-25685 - phpBB Arbitrary File Upload via Phar Deserialization",
"Content": "CVE ID :CVE-2019-25685
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by exploiting the plupload functionality and phar:// stream wrapper. Attackers can upload a crafted zip file containing serialized PHP objects that execute arbitrary code when deserialized through the imagick parameter in attachment settings.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2019-25684 - OpenDocMan 1.3.4 SQL Injection via where Parameter",
"Content": "CVE ID :CVE-2019-25684
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'where' parameter. Attackers can send GET requests to search.php with malicious SQL payloads in the 'where' parameter to extract sensitive database information.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2019-25684 - OpenDocMan 1.3.4 SQL Injection via where Parameter",
"Content": "CVE ID :CVE-2019-25684
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'where' parameter. Attackers can send GET requests to search.php with malicious SQL payloads in the 'where' parameter to extract sensitive database information.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2019-25683 - FileZilla 3.40.0 Denial of Service via Local Search",
"Content": "CVE ID :CVE-2019-25683
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters followed by 'BBBB' and 'CCCC' sequences in the search directory field and initiating a local search operation.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2019-25683 - FileZilla 3.40.0 Denial of Service via Local Search",
"Content": "CVE ID :CVE-2019-25683
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters followed by 'BBBB' and 'CCCC' sequences in the search directory field and initiating a local search operation.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2019-25681 - Xlight FTP Server 3.9.1 SEH Overwrite Buffer Overflow",
"Content": "CVE ID :CVE-2019-25681
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :Xlight FTP Server 3.9.1 contains a structured exception handler (SEH) overwrite vulnerability that allows local attackers to crash the application and overwrite SEH pointers by supplying a crafted buffer string. Attackers can inject a 428-byte payload through the program execution field in virtual server configuration to trigger a buffer overflow that corrupts the SEH chain and enables potential code execution.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2019-25681 - Xlight FTP Server 3.9.1 SEH Overwrite Buffer Overflow",
"Content": "CVE ID :CVE-2019-25681
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :Xlight FTP Server 3.9.1 contains a structured exception handler (SEH) overwrite vulnerability that allows local attackers to crash the application and overwrite SEH pointers by supplying a crafted buffer string. Attackers can inject a 428-byte payload through the program execution field in virtual server configuration to trigger a buffer overflow that corrupts the SEH chain and enables potential code execution.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2019-25682 - CMSsite 1.0 Cross-Site Request Forgery via users.php",
"Content": "CVE ID :CVE-2019-25682
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :CMSsite 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting crafted pages that submit POST requests to the users.php endpoint with parameters like source=add_user, source=edit_user, or del=1 to create, modify, or delete admin accounts.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2019-25682 - CMSsite 1.0 Cross-Site Request Forgery via users.php",
"Content": "CVE ID :CVE-2019-25682
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :CMSsite 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting crafted pages that submit POST requests to the users.php endpoint with parameters like source=add_user, source=edit_user, or del=1 to create, modify, or delete admin accounts.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2019-25680 - Advance Gift Shop Pro Script 2.0.3 SQL Injection via search",
"Content": "CVE ID :CVE-2019-25680
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can submit crafted SQL payloads in the 's' parameter of search requests to extract sensitive database information including version details and other data.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2019-25680 - Advance Gift Shop Pro Script 2.0.3 SQL Injection via search",
"Content": "CVE ID :CVE-2019-25680
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can submit crafted SQL payloads in the 's' parameter of search requests to extract sensitive database information including version details and other data.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2019-25678 - C4G BLIS 3.4 SQL Injection via users_select.php",
"Content": "CVE ID :CVE-2019-25678
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the site parameter. Attackers can send GET requests to the users_select.php endpoint with crafted SQL payloads to extract sensitive database information including patient records and system credentials.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2019-25678 - C4G BLIS 3.4 SQL Injection via users_select.php",
"Content": "CVE ID :CVE-2019-25678
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the site parameter. Attackers can send GET requests to the users_select.php endpoint with crafted SQL payloads to extract sensitive database information including patient records and system credentials.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2019-25679 - RealTerm Serial Terminal 2.0.0.70 Buffer Overflow SEH",
"Content": "CVE ID :CVE-2019-25679
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a buffer overflow payload with a POP POP RET gadget chain and shellcode that triggers code execution when pasted into the Port field and the Change button is clicked.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2019-25679 - RealTerm Serial Terminal 2.0.0.70 Buffer Overflow SEH",
"Content": "CVE ID :CVE-2019-25679
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a buffer overflow payload with a POP POP RET gadget chain and shellcode that triggers code execution when pasted into the Port field and the Change button is clicked.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2019-25677 - WinRAR 5.61 Denial of Service via Malformed Language File",
"Content": "CVE ID :CVE-2019-25677
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :WinRAR 5.61 contains a denial of service vulnerability that allows local attackers to crash the application by placing a malformed winrar.lng language file in the installation directory. Attackers can trigger the crash by opening an archive and pressing the test button, causing an access violation at memory address 004F1DB8 when the application attempts to read invalid data.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2019-25677 - WinRAR 5.61 Denial of Service via Malformed Language File",
"Content": "CVE ID :CVE-2019-25677
Published : April 5, 2026, 8:45 p.m. | 20 minutes ago
Description :WinRAR 5.61 contains a denial of service vulnerability that allows local attackers to crash the application by placing a malformed winrar.lng language file in the installation directory. Attackers can trigger the crash by opening an archive and pressing the test button, causing an access violation at memory address 004F1DB8 when the application attempts to read invalid data.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹