{
"Source": "CVE FEED",
"Title": "CVE-2021-47960 - Synology SSL VPN Client Information Disclosure",
"Content": "CVE ID :CVE-2021-47960
Published : April 10, 2026, 10:16 a.m. | 1 hour, 4 minutes ago
Description :A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web page, attackers may retrieve sensitive files such as configuration files, certificates, and logs, leading to information disclosure.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2021-47960 - Synology SSL VPN Client Information Disclosure",
"Content": "CVE ID :CVE-2021-47960
Published : April 10, 2026, 10:16 a.m. | 1 hour, 4 minutes ago
Description :A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web page, attackers may retrieve sensitive files such as configuration files, certificates, and logs, leading to information disclosure.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5412 - Juju CloudSpec API could leak senstive information",
"Content": "CVE ID :CVE-2026-5412
Published : April 10, 2026, 12:22 p.m. | 1 hour, 3 minutes ago
Description :In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This issue is resolved in Juju versions 2.9.57 and 3.6.21.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5412 - Juju CloudSpec API could leak senstive information",
"Content": "CVE ID :CVE-2026-5412
Published : April 10, 2026, 12:22 p.m. | 1 hour, 3 minutes ago
Description :In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This issue is resolved in Juju versions 2.9.57 and 3.6.21.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5777 - Security Misconfiguration Vulnerability in Atom 3x Projector",
"Content": "CVE ID :CVE-2026-5777
Published : April 10, 2026, 12:16 p.m. | 1 hour, 9 minutes ago
Description :This vulnerability exists in the Atom 3x Projector due to improper exposure of the Android Debug Bridge (ADB) service over the local network without authentication or access controls. An unauthenticated attacker on the same network can exploit this vulnerability to obtain root-level access, leading to complete compromise of the targeted device.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5777 - Security Misconfiguration Vulnerability in Atom 3x Projector",
"Content": "CVE ID :CVE-2026-5777
Published : April 10, 2026, 12:16 p.m. | 1 hour, 9 minutes ago
Description :This vulnerability exists in the Atom 3x Projector due to improper exposure of the Android Debug Bridge (ADB) service over the local network without authentication or access controls. An unauthenticated attacker on the same network can exploit this vulnerability to obtain root-level access, leading to complete compromise of the targeted device.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5774 - Juju API Server Denial of Service and Authentication Replay via Unsynchronized Token Map",
"Content": "CVE ID :CVE-2026-5774
Published : April 10, 2026, 12:10 p.m. | 1 hour, 14 minutes ago
Description :Improper synchronization of the userTokens map in the API server in Canonical Juju 4.0.5, 3.6.20, and 2.9.56 may allow an authenticated user to possibly cause a denial of service on the server or possibly reuse a single-use discharge token.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5774 - Juju API Server Denial of Service and Authentication Replay via Unsynchronized Token Map",
"Content": "CVE ID :CVE-2026-5774
Published : April 10, 2026, 12:10 p.m. | 1 hour, 14 minutes ago
Description :Improper synchronization of the userTokens map in the API server in Canonical Juju 4.0.5, 3.6.20, and 2.9.56 may allow an authenticated user to possibly cause a denial of service on the server or possibly reuse a single-use discharge token.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-36235 - iSourcecode Online Student Enrollment System SQL Injection",
"Content": "CVE ID :CVE-2026-36235
Published : April 10, 2026, 3:16 p.m. | 19 minutes ago
Description :A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'subjcode' parameter is directly embedded into the SQL query via string interpolation without any sanitization or validation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-36235 - iSourcecode Online Student Enrollment System SQL Injection",
"Content": "CVE ID :CVE-2026-36235
Published : April 10, 2026, 3:16 p.m. | 19 minutes ago
Description :A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'subjcode' parameter is directly embedded into the SQL query via string interpolation without any sanitization or validation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-36236 - SourceCodester Engineers Online Portal SQL Injection",
"Content": "CVE ID :CVE-2026-36236
Published : April 10, 2026, 3:16 p.m. | 19 minutes ago
Description :SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in update_password.php via the new_password parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-36236 - SourceCodester Engineers Online Portal SQL Injection",
"Content": "CVE ID :CVE-2026-36236
Published : April 10, 2026, 3:16 p.m. | 19 minutes ago
Description :SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in update_password.php via the new_password parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-36232 - iSourcecode Online Student Enrollment System SQL Injection",
"Content": "CVE ID :CVE-2026-36232
Published : April 10, 2026, 3:16 p.m. | 19 minutes ago
Description :A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'classId' parameter from $_GET['classId'] is directly concatenated into the SQL query without any sanitization or validation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-36232 - iSourcecode Online Student Enrollment System SQL Injection",
"Content": "CVE ID :CVE-2026-36232
Published : April 10, 2026, 3:16 p.m. | 19 minutes ago
Description :A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'classId' parameter from $_GET['classId'] is directly concatenated into the SQL query without any sanitization or validation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-36233 - iSourcecode Online Student Enrollment System SQL Injection",
"Content": "CVE ID :CVE-2026-36233
Published : April 10, 2026, 3:16 p.m. | 19 minutes ago
Description :A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious code via the parameter "subjcode" and use it directly in SQL queries without the need for appropriate cleaning or validation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-36233 - iSourcecode Online Student Enrollment System SQL Injection",
"Content": "CVE ID :CVE-2026-36233
Published : April 10, 2026, 3:16 p.m. | 19 minutes ago
Description :A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious code via the parameter "subjcode" and use it directly in SQL queries without the need for appropriate cleaning or validation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-36234 - Itsourcecode Online Student Enrollment System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36234
Published : April 10, 2026, 3:16 p.m. | 19 minutes ago
Description :itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php via the 'coursename' parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-36234 - Itsourcecode Online Student Enrollment System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36234
Published : April 10, 2026, 3:16 p.m. | 19 minutes ago
Description :itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php via the 'coursename' parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-23780 - BMC Control-M SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-23780
Published : April 10, 2026, 3:16 p.m. | 19 minutes ago
Description :An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable arbitrary file read/write operations and potentially lead to remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-23780 - BMC Control-M SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-23780
Published : April 10, 2026, 3:16 p.m. | 19 minutes ago
Description :An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable arbitrary file read/write operations and potentially lead to remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-23782 - BMC Control-M/MFT API Secret Disclosure Vulnerability",
"Content": "CVE ID :CVE-2026-23782
Published : April 10, 2026, 3:16 p.m. | 19 minutes ago
Description :An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to unauthorized access.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-23782 - BMC Control-M/MFT API Secret Disclosure Vulnerability",
"Content": "CVE ID :CVE-2026-23782
Published : April 10, 2026, 3:16 p.m. | 19 minutes ago
Description :An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to unauthorized access.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-29861 - MySQL PHP Login System SQL Injection",
"Content": "CVE ID :CVE-2026-29861
Published : April 10, 2026, 3:16 p.m. | 19 minutes ago
Description :PHP-MYSQL-User-Login-System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at login.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-29861 - MySQL PHP Login System SQL Injection",
"Content": "CVE ID :CVE-2026-29861
Published : April 10, 2026, 3:16 p.m. | 19 minutes ago
Description :PHP-MYSQL-User-Login-System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at login.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-31262 - Altenar Sportsbook Software Platform SB2 Cross Site Scripting (XSS)",
"Content": "CVE ID :CVE-2026-31262
Published : April 10, 2026, 3:16 p.m. | 19 minutes ago
Description :Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform (SB2) v.2.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the URL parameter
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-31262 - Altenar Sportsbook Software Platform SB2 Cross Site Scripting (XSS)",
"Content": "CVE ID :CVE-2026-31262
Published : April 10, 2026, 3:16 p.m. | 19 minutes ago
Description :Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform (SB2) v.2.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the URL parameter
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-44560 - Owntone-Server Buffer Overflow Vulnerability",
"Content": "CVE ID :CVE-2025-44560
Published : April 10, 2026, 3:16 p.m. | 19 minutes ago
Description :owntone-server 2ca10d9 is vulnerable to Buffer Overflow due to lack of recursive checking.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-44560 - Owntone-Server Buffer Overflow Vulnerability",
"Content": "CVE ID :CVE-2025-44560
Published : April 10, 2026, 3:16 p.m. | 19 minutes ago
Description :owntone-server 2ca10d9 is vulnerable to Buffer Overflow due to lack of recursive checking.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-40224 - "Systemd Machined Varlink Privilege Escalation"",
"Content": "CVE ID :CVE-2026-40224
Published : April 10, 2026, 3:14 p.m. | 21 minutes ago
Description :In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-40224 - "Systemd Machined Varlink Privilege Escalation"",
"Content": "CVE ID :CVE-2026-40224
Published : April 10, 2026, 3:14 p.m. | 21 minutes ago
Description :In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-29002 - CouchCMS Privilege Escalation via f_k_levels_list Parameter",
"Content": "CVE ID :CVE-2026-29002
Published : April 10, 2026, 3:11 p.m. | 24 minutes ago
Description :CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users to create SuperAdmin accounts by tampering with the f_k_levels_list parameter in user creation requests. Attackers can modify the parameter value from 4 to 10 in the HTTP request body to bypass authorization validation and gain full application control, circumventing restrictions on SuperAdmin account creation and privilege assignment.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-29002 - CouchCMS Privilege Escalation via f_k_levels_list Parameter",
"Content": "CVE ID :CVE-2026-29002
Published : April 10, 2026, 3:11 p.m. | 24 minutes ago
Description :CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users to create SuperAdmin accounts by tampering with the f_k_levels_list parameter in user creation requests. Attackers can modify the parameter value from 4 to 10 in the HTTP request body to bypass authorization validation and gain full application control, circumventing restrictions on SuperAdmin account creation and privilege assignment.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-40223 - Systemd Assert Vulnerability",
"Content": "CVE ID :CVE-2026-40223
Published : April 10, 2026, 3:10 p.m. | 24 minutes ago
Description :In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-40223 - Systemd Assert Vulnerability",
"Content": "CVE ID :CVE-2026-40223
Published : April 10, 2026, 3:10 p.m. | 24 minutes ago
Description :In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-6067 - CVE-2026-6067",
"Content": "CVE ID :CVE-2026-6067
Published : April 10, 2026, 2:16 p.m. | 1 hour, 19 minutes ago
Description :A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service (crash), and arbitrary code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-6067 - CVE-2026-6067",
"Content": "CVE ID :CVE-2026-6067
Published : April 10, 2026, 2:16 p.m. | 1 hour, 19 minutes ago
Description :A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service (crash), and arbitrary code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-6068 - CVE-2026-6068",
"Content": "CVE ID :CVE-2026-6068
Published : April 10, 2026, 2:16 p.m. | 1 hour, 19 minutes ago
Description :NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption or unexpected behavior.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-6068 - CVE-2026-6068",
"Content": "CVE ID :CVE-2026-6068
Published : April 10, 2026, 2:16 p.m. | 1 hour, 19 minutes ago
Description :NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption or unexpected behavior.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-6069 - CVE-2026-6069",
"Content": "CVE ID :CVE-2026-6069
Published : April 10, 2026, 2:16 p.m. | 1 hour, 19 minutes ago
Description :NASM’s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when `slen` exceeds the buffer capacity.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-6069 - CVE-2026-6069",
"Content": "CVE ID :CVE-2026-6069
Published : April 10, 2026, 2:16 p.m. | 1 hour, 19 minutes ago
Description :NASM’s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when `slen` exceeds the buffer capacity.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-40217 - LiteLLM Arbitrary Code Execution Vulnerability",
"Content": "CVE ID :CVE-2026-40217
Published : April 10, 2026, 2:16 p.m. | 1 hour, 19 minutes ago
Description :LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-40217 - LiteLLM Arbitrary Code Execution Vulnerability",
"Content": "CVE ID :CVE-2026-40217
Published : April 10, 2026, 2:16 p.m. | 1 hour, 19 minutes ago
Description :LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹