{
"Source": "CVE FEED",
"Title": "CVE-2026-39697 - WordPress MAIO β The new AI GEO / SEO tool plugin <= 6.2.8 - broken access control vulnerability",
"Content": "CVE ID :CVE-2026-39697
Published : April 8, 2026, 9:16 a.m. | 1 hour, 2 minutes ago
Description :Missing Authorization vulnerability in HBSS Technologies MAIO β The new AI GEO / SEO tool maio-the-new-ai-geo-seo-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAIO β The new AI GEO / SEO tool: from n/a through <=
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2026-39697 - WordPress MAIO β The new AI GEO / SEO tool plugin <= 6.2.8 - broken access control vulnerability",
"Content": "CVE ID :CVE-2026-39697
Published : April 8, 2026, 9:16 a.m. | 1 hour, 2 minutes ago
Description :Missing Authorization vulnerability in HBSS Technologies MAIO β The new AI GEO / SEO tool maio-the-new-ai-geo-seo-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAIO β The new AI GEO / SEO tool: from n/a through <=
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2026-5208 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in coolercontrold",
"Content": "CVE ID :CVE-2026-5208
Published : April 8, 2026, 11:36 a.m. | 44 minutes ago
Description :Command injection in alerts in CoolerControl/coolercontrold <4.0.0
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2026-5208 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in coolercontrold",
"Content": "CVE ID :CVE-2026-5208
Published : April 8, 2026, 11:36 a.m. | 44 minutes ago
Description :Command injection in alerts in CoolerControl/coolercontrold <4.0.0
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2026-28264 - Dell PowerProtect Agent Service Incorrect Permission Assignment for Critical Resource Information Exposure",
"Content": "CVE ID :CVE-2026-28264
Published : April 8, 2026, 11:24 a.m. | 55 minutes ago
Description :Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2026-28264 - Dell PowerProtect Agent Service Incorrect Permission Assignment for Critical Resource Information Exposure",
"Content": "CVE ID :CVE-2026-28264
Published : April 8, 2026, 11:24 a.m. | 55 minutes ago
Description :Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2026-2481 - Beaver Builder Page Builder β Drag and Drop Website Builder <= 2.10.1.1 - authenticated (author+) stored cross-site scripting via 'settings[js]'",
"Content": "CVE ID :CVE-2026-2481
Published : April 8, 2026, 11:16 a.m. | 1 hour, 3 minutes ago
Description :The Beaver Builder Page Builder β Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings[js]' parameter in versions up to, and including, 2.10.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2026-2481 - Beaver Builder Page Builder β Drag and Drop Website Builder <= 2.10.1.1 - authenticated (author+) stored cross-site scripting via 'settings[js]'",
"Content": "CVE ID :CVE-2026-2481
Published : April 8, 2026, 11:16 a.m. | 1 hour, 3 minutes ago
Description :The Beaver Builder Page Builder β Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings[js]' parameter in versions up to, and including, 2.10.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2026-1672 - BEAR β Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - cross-site request forgery to product data modification",
"Content": "CVE ID :CVE-2026-1672
Published : April 8, 2026, 11:16 a.m. | 1 hour, 3 minutes ago
Description :The BEAR β Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the woobe_redraw_table_row() function. This makes it possible for unauthenticated attackers to update WooCommerce product data including prices, descriptions, and other product fields via a forged request granted they can trick a site administrator or shop manager into performing an action such as clicking on a link.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2026-1672 - BEAR β Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - cross-site request forgery to product data modification",
"Content": "CVE ID :CVE-2026-1672
Published : April 8, 2026, 11:16 a.m. | 1 hour, 3 minutes ago
Description :The BEAR β Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the woobe_redraw_table_row() function. This makes it possible for unauthenticated attackers to update WooCommerce product data including prices, descriptions, and other product fields via a forged request granted they can trick a site administrator or shop manager into performing an action such as clicking on a link.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2026-3396 - WCAPF β WooCommerce Ajax Product Filter <= 4.2.3 - unauthenticated time-based sql injection",
"Content": "CVE ID :CVE-2026-3396
Published : April 8, 2026, 11:16 a.m. | 1 hour, 3 minutes ago
Description :WCAPF β WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2026-3396 - WCAPF β WooCommerce Ajax Product Filter <= 4.2.3 - unauthenticated time-based sql injection",
"Content": "CVE ID :CVE-2026-3396
Published : April 8, 2026, 11:16 a.m. | 1 hour, 3 minutes ago
Description :WCAPF β WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2026-1673 - BEAR β Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - cross-site request forgery to taxonomy term deletion",
"Content": "CVE ID :CVE-2026-1673
Published : April 8, 2026, 11:16 a.m. | 1 hour, 3 minutes ago
Description :The BEAR β Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the woobe_delete_tax_term() function. This makes it possible for unauthenticated attackers to delete WooCommerce taxonomy terms (categories, tags, etc.) via a forged request granted they can trick a site administrator or shop manager into performing an action such as clicking on a link.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2026-1673 - BEAR β Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - cross-site request forgery to taxonomy term deletion",
"Content": "CVE ID :CVE-2026-1673
Published : April 8, 2026, 11:16 a.m. | 1 hour, 3 minutes ago
Description :The BEAR β Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the woobe_delete_tax_term() function. This makes it possible for unauthenticated attackers to delete WooCommerce taxonomy terms (categories, tags, etc.) via a forged request granted they can trick a site administrator or shop manager into performing an action such as clicking on a link.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2026-3243 - Advanced Members for ACF <= 1.2.5 - authenticated (subscriber+) arbitrary file deletion via path traversal",
"Content": "CVE ID :CVE-2026-3243
Published : April 8, 2026, 11:16 a.m. | 1 hour, 3 minutes ago
Description :The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the create_crop function in all versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The vulnerability was partially patched in version 1.2.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2026-3243 - Advanced Members for ACF <= 1.2.5 - authenticated (subscriber+) arbitrary file deletion via path traversal",
"Content": "CVE ID :CVE-2026-3243
Published : April 8, 2026, 11:16 a.m. | 1 hour, 3 minutes ago
Description :The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the create_crop function in all versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The vulnerability was partially patched in version 1.2.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2026-1865 - User Registration & Membership <= 5.1.2 - authenticated (subscriber+) sql injection via membership_ids[]",
"Content": "CVE ID :CVE-2026-1865
Published : April 8, 2026, 11:16 a.m. | 1 hour, 3 minutes ago
Description :The User Registration & Membership β Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to SQL Injection via the βmembership_ids[]β parameter in all versions up to, and including, 5.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2026-1865 - User Registration & Membership <= 5.1.2 - authenticated (subscriber+) sql injection via membership_ids[]",
"Content": "CVE ID :CVE-2026-1865
Published : April 8, 2026, 11:16 a.m. | 1 hour, 3 minutes ago
Description :The User Registration & Membership β Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to SQL Injection via the βmembership_ids[]β parameter in all versions up to, and including, 5.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-58713 - Rhpam: privilege escalation via excessive /etc/passwd permissions",
"Content": "CVE ID :CVE-2025-58713
Published : April 8, 2026, 1:55 p.m. | 25 minutes ago
Description :A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-58713 - Rhpam: privilege escalation via excessive /etc/passwd permissions",
"Content": "CVE ID :CVE-2025-58713
Published : April 8, 2026, 1:55 p.m. | 25 minutes ago
Description :A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-57854 - Osus-operator: privilege escalation via excessive /etc/passwd permissions",
"Content": "CVE ID :CVE-2025-57854
Published : April 8, 2026, 1:55 p.m. | 25 minutes ago
Description :A container privilege escalation flaw was found in certain OpenShift Update Service (OSUS) images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-57854 - Osus-operator: privilege escalation via excessive /etc/passwd permissions",
"Content": "CVE ID :CVE-2025-57854
Published : April 8, 2026, 1:55 p.m. | 25 minutes ago
Description :A container privilege escalation flaw was found in certain OpenShift Update Service (OSUS) images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-57853 - Web-terminal: privilege escalation via excessive /etc/passwd permissions",
"Content": "CVE ID :CVE-2025-57853
Published : April 8, 2026, 1:55 p.m. | 25 minutes ago
Description :A container privilege escalation flaw was found in certain Web Terminal images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-57853 - Web-terminal: privilege escalation via excessive /etc/passwd permissions",
"Content": "CVE ID :CVE-2025-57853
Published : April 8, 2026, 1:55 p.m. | 25 minutes ago
Description :A container privilege escalation flaw was found in certain Web Terminal images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-57847 - Ansible-automation-platform: privilege escalation via excessive group writable /etc/passwd permissions",
"Content": "CVE ID :CVE-2025-57847
Published : April 8, 2026, 1:55 p.m. | 25 minutes ago
Description :A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file being created with group-writable permissions during the build process. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This vulnerability allows an attacker to add a new user with any arbitrary UID, including UID 0, gaining full root privileges within the container.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-57847 - Ansible-automation-platform: privilege escalation via excessive group writable /etc/passwd permissions",
"Content": "CVE ID :CVE-2025-57847
Published : April 8, 2026, 1:55 p.m. | 25 minutes ago
Description :A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file being created with group-writable permissions during the build process. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This vulnerability allows an attacker to add a new user with any arbitrary UID, including UID 0, gaining full root privileges within the container.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-57851 - Mce: privilege escalation via excessive /etc/passwd permissions",
"Content": "CVE ID :CVE-2025-57851
Published : April 8, 2026, 1:55 p.m. | 25 minutes ago
Description :A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-57851 - Mce: privilege escalation via excessive /etc/passwd permissions",
"Content": "CVE ID :CVE-2025-57851
Published : April 8, 2026, 1:55 p.m. | 25 minutes ago
Description :A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2026-5795 - Eclipse Jetty ThreadLocal Privilege Escalation Vulnerability",
"Content": "CVE ID :CVE-2026-5795
Published : April 8, 2026, 1:32 p.m. | 48 minutes ago
Description :In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable.
Upon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals.
A subsequent request using the same thread inherits the ThreadLocal values, leading to a broken access control and privilege escalation.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2026-5795 - Eclipse Jetty ThreadLocal Privilege Escalation Vulnerability",
"Content": "CVE ID :CVE-2026-5795
Published : April 8, 2026, 1:32 p.m. | 48 minutes ago
Description :In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable.
Upon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals.
A subsequent request using the same thread inherits the ThreadLocal values, leading to a broken access control and privilege escalation.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2026-2509 - Page Builder: Pagelayer <= 2.0.8 - authenticated (contributor+) stored cross-site scripting via button widget custom attributes",
"Content": "CVE ID :CVE-2026-2509
Published : April 8, 2026, 1:26 p.m. | 54 minutes ago
Description :The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget's Custom Attributes field in all versions up to, and including, 2.0.8. This is due to an incomplete event handler blocklist in the 'pagelayer_xss_content' XSS filtering function, which blocks common, but not all, event handlers. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2026-2509 - Page Builder: Pagelayer <= 2.0.8 - authenticated (contributor+) stored cross-site scripting via button widget custom attributes",
"Content": "CVE ID :CVE-2026-2509
Published : April 8, 2026, 1:26 p.m. | 54 minutes ago
Description :The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget's Custom Attributes field in all versions up to, and including, 2.0.8. This is due to an incomplete event handler blocklist in the 'pagelayer_xss_content' XSS filtering function, which blocks common, but not all, event handlers. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-14816 - Information Disclosure, Tampering, and Denial-of-Service Vulnerabilities in GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64",
"Content": "CVE ID :CVE-2025-14816
Published : April 8, 2026, 1:23 p.m. | 57 minutes ago
Description :Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials displayed in plain text in the GUI of the Hyper Historian Splitter feature by exploiting this vulnerability, when SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-14816 - Information Disclosure, Tampering, and Denial-of-Service Vulnerabilities in GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64",
"Content": "CVE ID :CVE-2025-14816
Published : April 8, 2026, 1:23 p.m. | 57 minutes ago
Description :Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.02 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.02 and prior allows a local attacker to disclose the SQL Server credentials displayed in plain text in the GUI of the Hyper Historian Splitter feature by exploiting this vulnerability, when SQL authentication is used for the SQL Server authentication. As a result, the unauthorized attacker could access the SQL Server and disclose, tamper with, or destroy data on the server, potentially cause a denial-of-service (DoS) condition on the system.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2026-5300 - Missing Authentication for Critical Function in coolercontrold",
"Content": "CVE ID :CVE-2026-5300
Published : April 8, 2026, 1:16 p.m. | 1 hour, 4 minutes ago
Description :Unauthenticated functionality in CoolerControl/coolercontrold <4.0.0
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2026-5300 - Missing Authentication for Critical Function in coolercontrold",
"Content": "CVE ID :CVE-2026-5300
Published : April 8, 2026, 1:16 p.m. | 1 hour, 4 minutes ago
Description :Unauthenticated functionality in CoolerControl/coolercontrold <4.0.0
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2026-5301 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in coolercontrol-ui",
"Content": "CVE ID :CVE-2026-5301
Published : April 8, 2026, 1:16 p.m. | 1 hour, 4 minutes ago
Description :Stored XSS in log viewer in CoolerControl/coolercontrol-ui <4.0.0
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2026-5301 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in coolercontrol-ui",
"Content": "CVE ID :CVE-2026-5301
Published : April 8, 2026, 1:16 p.m. | 1 hour, 4 minutes ago
Description :Stored XSS in log viewer in CoolerControl/coolercontrol-ui <4.0.0
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2026-5302 - Permissive Cross-domain Policy with Untrusted Domains in coolercontrold",
"Content": "CVE ID :CVE-2026-5302
Published : April 8, 2026, 1:16 p.m. | 1 hour, 4 minutes ago
Description :CORS misconfiguration in CoolerControl/coolercontrold <4.0.0
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2026-5302 - Permissive Cross-domain Policy with Untrusted Domains in coolercontrold",
"Content": "CVE ID :CVE-2026-5302
Published : April 8, 2026, 1:16 p.m. | 1 hour, 4 minutes ago
Description :CORS misconfiguration in CoolerControl/coolercontrold <4.0.0
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2026-5600 - Pretix Unauthenticated Access to Organizer's Check-in Event Data",
"Content": "CVE ID :CVE-2026-5600
Published : April 8, 2026, 1:16 p.m. | 1 hour, 4 minutes ago
Description :A new API endpoint introduced in pretix 2025 that is supposed to
return all check-in events of a specific event in fact returns all
check-in events belonging to the respective organizer. This allows an
API consumer to access information for all other events under the same
organizer, even those they should not have access to.
These records contain information on the time and result of every ticket scan as well as the ID of the matched ticket. Example:
{
"id": 123,
"successful": true,
"error_reason": null,
"error_explanation": null,
"position": 321,
"datetime": "2020-08-23T09:00:00+02:00",
"list": 456,
"created": "2020-08-23T09:00:00+02:00",
"auto_checked_in": false,
"gate": null,
"device": 1,
"device_id": 1,
"type": "entry"
}
An unauthorized user usually has no way to match these IDs (position) back to individual people.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2026-5600 - Pretix Unauthenticated Access to Organizer's Check-in Event Data",
"Content": "CVE ID :CVE-2026-5600
Published : April 8, 2026, 1:16 p.m. | 1 hour, 4 minutes ago
Description :A new API endpoint introduced in pretix 2025 that is supposed to
return all check-in events of a specific event in fact returns all
check-in events belonging to the respective organizer. This allows an
API consumer to access information for all other events under the same
organizer, even those they should not have access to.
These records contain information on the time and result of every ticket scan as well as the ID of the matched ticket. Example:
{
"id": 123,
"successful": true,
"error_reason": null,
"error_explanation": null,
"position": 321,
"datetime": "2020-08-23T09:00:00+02:00",
"list": 456,
"created": "2020-08-23T09:00:00+02:00",
"auto_checked_in": false,
"gate": null,
"device": 1,
"device_id": 1,
"type": "entry"
}
An unauthorized user usually has no way to match these IDs (position) back to individual people.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Apr 2026",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ