{
"Source": "CVE FEED",
"Title": "CVE-2026-5908 - Google Chrome Media Integer Overflow",
"Content": "CVE ID :CVE-2026-5908
Published : April 8, 2026, 10:16 p.m. | 21 minutes ago
Description :Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5908 - Google Chrome Media Integer Overflow",
"Content": "CVE ID :CVE-2026-5908
Published : April 8, 2026, 10:16 p.m. | 21 minutes ago
Description :Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5909 - Google Chrome Media Integer Overflow Vulnerability",
"Content": "CVE ID :CVE-2026-5909
Published : April 8, 2026, 10:16 p.m. | 21 minutes ago
Description :Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5909 - Google Chrome Media Integer Overflow Vulnerability",
"Content": "CVE ID :CVE-2026-5909
Published : April 8, 2026, 10:16 p.m. | 21 minutes ago
Description :Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5910 - Google Chrome Media Integer Overflow Vulnerability",
"Content": "CVE ID :CVE-2026-5910
Published : April 8, 2026, 10:16 p.m. | 21 minutes ago
Description :Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5910 - Google Chrome Media Integer Overflow Vulnerability",
"Content": "CVE ID :CVE-2026-5910
Published : April 8, 2026, 10:16 p.m. | 21 minutes ago
Description :Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5902 - Google Chrome Android Media Stream Metadata Corruption",
"Content": "CVE ID :CVE-2026-5902
Published : April 8, 2026, 10:16 p.m. | 21 minutes ago
Description :Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5902 - Google Chrome Android Media Stream Metadata Corruption",
"Content": "CVE ID :CVE-2026-5902
Published : April 8, 2026, 10:16 p.m. | 21 minutes ago
Description :Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5906 - Google Chrome Android Spoofing Vulnerability",
"Content": "CVE ID :CVE-2026-5906
Published : April 8, 2026, 10:16 p.m. | 21 minutes ago
Description :Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5906 - Google Chrome Android Spoofing Vulnerability",
"Content": "CVE ID :CVE-2026-5906
Published : April 8, 2026, 10:16 p.m. | 21 minutes ago
Description :Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5894 - Google Chrome PDF Navigation Bypass Vulnerability",
"Content": "CVE ID :CVE-2026-5894
Published : April 8, 2026, 10:16 p.m. | 21 minutes ago
Description :Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5894 - Google Chrome PDF Navigation Bypass Vulnerability",
"Content": "CVE ID :CVE-2026-5894
Published : April 8, 2026, 10:16 p.m. | 21 minutes ago
Description :Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5896 - Google Chrome Audio Policy Bypass Vulnerability",
"Content": "CVE ID :CVE-2026-5896
Published : April 8, 2026, 10:16 p.m. | 21 minutes ago
Description :Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass sandbox download restrictions via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5896 - Google Chrome Audio Policy Bypass Vulnerability",
"Content": "CVE ID :CVE-2026-5896
Published : April 8, 2026, 10:16 p.m. | 21 minutes ago
Description :Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass sandbox download restrictions via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5895 - Google Chrome iOS Omnibox Spoofing Vulnerability",
"Content": "CVE ID :CVE-2026-5895
Published : April 8, 2026, 10:16 p.m. | 21 minutes ago
Description :Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5895 - Google Chrome iOS Omnibox Spoofing Vulnerability",
"Content": "CVE ID :CVE-2026-5895
Published : April 8, 2026, 10:16 p.m. | 21 minutes ago
Description :Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5823 - itsourcecode Construction Management System borrowed_tool_report.php sql injection",
"Content": "CVE ID :CVE-2026-5823
Published : April 9, 2026, 12:16 a.m. | 25 minutes ago
Description :A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowed_tool_report.php. This manipulation of the argument Home causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5823 - itsourcecode Construction Management System borrowed_tool_report.php sql injection",
"Content": "CVE ID :CVE-2026-5823
Published : April 9, 2026, 12:16 a.m. | 25 minutes ago
Description :A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowed_tool_report.php. This manipulation of the argument Home causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5824 - code-projects Simple Laundry System userchecklogin.php sql injection",
"Content": "CVE ID :CVE-2026-5824
Published : April 9, 2026, 12:16 a.m. | 25 minutes ago
Description :A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /userchecklogin.php. Such manipulation of the argument userid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5824 - code-projects Simple Laundry System userchecklogin.php sql injection",
"Content": "CVE ID :CVE-2026-5824
Published : April 9, 2026, 12:16 a.m. | 25 minutes ago
Description :A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /userchecklogin.php. Such manipulation of the argument userid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5815 - D-Link DIR-645 hedwig.cgi hedwigcgi_main stack-based overflow",
"Content": "CVE ID :CVE-2026-5815
Published : April 9, 2026, 12:16 a.m. | 25 minutes ago
Description :A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5815 - D-Link DIR-645 hedwig.cgi hedwigcgi_main stack-based overflow",
"Content": "CVE ID :CVE-2026-5815
Published : April 9, 2026, 12:16 a.m. | 25 minutes ago
Description :A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5814 - PHPGurukul Online Course Registration check_availability.php sql injection",
"Content": "CVE ID :CVE-2026-5814
Published : April 9, 2026, 12:16 a.m. | 25 minutes ago
Description :A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/check_availability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5814 - PHPGurukul Online Course Registration check_availability.php sql injection",
"Content": "CVE ID :CVE-2026-5814
Published : April 9, 2026, 12:16 a.m. | 25 minutes ago
Description :A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/check_availability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-4916 - Missing Authorization in GitLab",
"Content": "CVE ID :CVE-2026-4916
Published : April 8, 2026, 11:17 p.m. | 1 hour, 24 minutes ago
Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization checks on member management operations.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-4916 - Missing Authorization in GitLab",
"Content": "CVE ID :CVE-2026-4916
Published : April 8, 2026, 11:17 p.m. | 1 hour, 24 minutes ago
Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization checks on member management operations.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5173 - Exposed Dangerous Method or Function in GitLab",
"Content": "CVE ID :CVE-2026-5173
Published : April 8, 2026, 11:17 p.m. | 1 hour, 24 minutes ago
Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to invoke unintended server-side methods through websocket connections due to improper access control.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5173 - Exposed Dangerous Method or Function in GitLab",
"Content": "CVE ID :CVE-2026-5173
Published : April 8, 2026, 11:17 p.m. | 1 hour, 24 minutes ago
Description :GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to invoke unintended server-side methods through websocket connections due to improper access control.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5811 - SourceCodester Online Food Ordering System POST Parameter Actions.php save_product logic error",
"Content": "CVE ID :CVE-2026-5811
Published : April 8, 2026, 11:17 p.m. | 1 hour, 24 minutes ago
Description :A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function save_product of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The attack may be performed from remote. The exploit is publicly available and might be used.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5811 - SourceCodester Online Food Ordering System POST Parameter Actions.php save_product logic error",
"Content": "CVE ID :CVE-2026-5811
Published : April 8, 2026, 11:17 p.m. | 1 hour, 24 minutes ago
Description :A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function save_product of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The attack may be performed from remote. The exploit is publicly available and might be used.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5812 - SourceCodester Pharmacy Product Management System POST Parameter add-sales.php logic error",
"Content": "CVE ID :CVE-2026-5812
Published : April 8, 2026, 11:17 p.m. | 1 hour, 24 minutes ago
Description :A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown part of the file add-sales.php of the component POST Parameter Handler. Performing a manipulation of the argument txtqty results in business logic errors. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5812 - SourceCodester Pharmacy Product Management System POST Parameter add-sales.php logic error",
"Content": "CVE ID :CVE-2026-5812
Published : April 8, 2026, 11:17 p.m. | 1 hour, 24 minutes ago
Description :A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown part of the file add-sales.php of the component POST Parameter Handler. Performing a manipulation of the argument txtqty results in business logic errors. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5813 - PHPGurukul Online Course Registration check_availability.php sql injection",
"Content": "CVE ID :CVE-2026-5813
Published : April 8, 2026, 11:17 p.m. | 1 hour, 24 minutes ago
Description :A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /check_availability.php. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5813 - PHPGurukul Online Course Registration check_availability.php sql injection",
"Content": "CVE ID :CVE-2026-5813
Published : April 8, 2026, 11:17 p.m. | 1 hour, 24 minutes ago
Description :A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /check_availability.php. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-3438 - Nexus Repository 3 - Reflected Cross-Site Scripting (XSS) in ?describe Pages",
"Content": "CVE ID :CVE-2026-3438
Published : April 8, 2026, 11:16 p.m. | 1 hour, 24 minutes ago
Description :A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted URL. Exploitation requires user interaction.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-3438 - Nexus Repository 3 - Reflected Cross-Site Scripting (XSS) in ?describe Pages",
"Content": "CVE ID :CVE-2026-3438
Published : April 8, 2026, 11:16 p.m. | 1 hour, 24 minutes ago
Description :A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted URL. Exploitation requires user interaction.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-4332 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab",
"Content": "CVE ID :CVE-2026-4332
Published : April 8, 2026, 11:16 p.m. | 1 hour, 24 minutes ago
Description :GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers due to improper input sanitization.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-4332 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab",
"Content": "CVE ID :CVE-2026-4332
Published : April 8, 2026, 11:16 p.m. | 1 hour, 24 minutes ago
Description :GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers due to improper input sanitization.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-4398 - CVE-2021-41773: Apple Safari HTML Injection",
"Content": "CVE ID :CVE-2026-4398
Published : April 8, 2026, 11:16 p.m. | 1 hour, 24 minutes ago
Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-4398 - CVE-2021-41773: Apple Safari HTML Injection",
"Content": "CVE ID :CVE-2026-4398
Published : April 8, 2026, 11:16 p.m. | 1 hour, 24 minutes ago
Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-1752 - Incorrect Authorization in GitLab",
"Content": "CVE ID :CVE-2026-1752
Published : April 8, 2026, 11:16 p.m. | 1 hour, 24 minutes ago
Description :GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in the API.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-1752 - Incorrect Authorization in GitLab",
"Content": "CVE ID :CVE-2026-1752
Published : April 8, 2026, 11:16 p.m. | 1 hour, 24 minutes ago
Description :GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in the API.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "09 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹