{
"Source": "CVE FEED",
"Title": "CVE-2026-40198 - Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass",
"Content": "CVE ID :CVE-2026-40198
Published : April 10, 2026, 10:16 p.m. | 1 hour, 33 minutes ago
Description :Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass.
_pack_ipv6() does not check that uncompressed IPv6 addresses (without ::) have exactly 8 hex groups. Inputs like "abcd", "1:2:3", or "1:2:3:4:5:6:7" are accepted and produce packed values of wrong length (3, 7, or 15 bytes instead of 17).
The packed values are used internally for mask and comparison operations. find() and bin_find() use Perl string comparison (lt/gt) on these values, and comparing strings of different lengths gives wrong results. This can cause find() to incorrectly report an address as inside or outside a range.
Example:
my $cidr = Net::CIDR::Lite->new("::/8");
$cidr->find("1:2:3"); # invalid input, incorrectly returns true
This is the same class of input validation issue as CVE-2021-47154 (IPv4 leading zeros) previously fixed in this module.
See also CVE-2026-40199, a related issue in the same function affecting IPv4 mapped IPv6 addresses.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-40198 - Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass",
"Content": "CVE ID :CVE-2026-40198
Published : April 10, 2026, 10:16 p.m. | 1 hour, 33 minutes ago
Description :Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass.
_pack_ipv6() does not check that uncompressed IPv6 addresses (without ::) have exactly 8 hex groups. Inputs like "abcd", "1:2:3", or "1:2:3:4:5:6:7" are accepted and produce packed values of wrong length (3, 7, or 15 bytes instead of 17).
The packed values are used internally for mask and comparison operations. find() and bin_find() use Perl string comparison (lt/gt) on these values, and comparing strings of different lengths gives wrong results. This can cause find() to incorrectly report an address as inside or outside a range.
Example:
my $cidr = Net::CIDR::Lite->new("::/8");
$cidr->find("1:2:3"); # invalid input, incorrectly returns true
This is the same class of input validation issue as CVE-2021-47154 (IPv4 leading zeros) previously fixed in this module.
See also CVE-2026-40199, a related issue in the same function affecting IPv4 mapped IPv6 addresses.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-40199 - Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass",
"Content": "CVE ID :CVE-2026-40199
Published : April 10, 2026, 10:16 p.m. | 1 hour, 33 minutes ago
Description :Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass.
_pack_ipv6() includes the sentinel byte from _pack_ipv4() when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of 17 bytes, misaligning the IPv4 part of the address.
The wrong length causes incorrect results in mask operations (bitwise AND truncates to the shorter operand) and in find() / bin_find() which use Perl string comparison (lt/gt). This can cause find() to incorrectly match or miss addresses.
Example:
my $cidr = Net::CIDR::Lite->new("::ffff:192.168.1.0/120");
$cidr->find("::ffff:192.168.2.0"); # incorrectly returns true
This is triggered by valid RFC 4291 IPv4 mapped addresses (::ffff:x.x.x.x).
See also CVE-2026-40198, a related issue in the same function affecting malformed IPv6 addresses.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-40199 - Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass",
"Content": "CVE ID :CVE-2026-40199
Published : April 10, 2026, 10:16 p.m. | 1 hour, 33 minutes ago
Description :Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass.
_pack_ipv6() includes the sentinel byte from _pack_ipv4() when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of 17 bytes, misaligning the IPv4 part of the address.
The wrong length causes incorrect results in mask operations (bitwise AND truncates to the shorter operand) and in find() / bin_find() which use Perl string comparison (lt/gt). This can cause find() to incorrectly match or miss addresses.
Example:
my $cidr = Net::CIDR::Lite->new("::ffff:192.168.1.0/120");
$cidr->find("::ffff:192.168.2.0"); # incorrectly returns true
This is triggered by valid RFC 4291 IPv4 mapped addresses (::ffff:x.x.x.x).
See also CVE-2026-40198, a related issue in the same function affecting malformed IPv6 addresses.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-3371 - Tutor LMS <= 3.9.7 - authenticated (subscriber+) insecure direct object reference to arbitrary course content modification",
"Content": "CVE ID :CVE-2026-3371
Published : April 11, 2026, 1:25 a.m. | 6 minutes ago
Description :The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authorization checks in the `save_course_content_order()` private method, which is called unconditionally by the `tutor_update_course_content_order` AJAX handler. While the handler's `content_parent` branch includes a `can_user_manage()` check, the `save_course_content_order()` call processes attacker-supplied `tutor_topics_lessons_sorting` JSON without any ownership or capability verification. This makes it possible for authenticated attackers with Subscriber-level access or above to detach lessons from topics, reorder course content, and reassign lessons between topics in any course, including admin-owned courses, by sending a crafted AJAX request with manipulated topic and lesson IDs.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-3371 - Tutor LMS <= 3.9.7 - authenticated (subscriber+) insecure direct object reference to arbitrary course content modification",
"Content": "CVE ID :CVE-2026-3371
Published : April 11, 2026, 1:25 a.m. | 6 minutes ago
Description :The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authorization checks in the `save_course_content_order()` private method, which is called unconditionally by the `tutor_update_course_content_order` AJAX handler. While the handler's `content_parent` branch includes a `can_user_manage()` check, the `save_course_content_order()` call processes attacker-supplied `tutor_topics_lessons_sorting` JSON without any ownership or capability verification. This makes it possible for authenticated attackers with Subscriber-level access or above to detach lessons from topics, reorder course content, and reassign lessons between topics in any course, including admin-owned courses, by sending a crafted AJAX request with manipulated topic and lesson IDs.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-4979 - UsersWP <= 1.2.58 - authenticated (subscriber+) server-side request forgery via 'uwp_crop' parameter",
"Content": "CVE ID :CVE-2026-4979
Published : April 11, 2026, 1:25 a.m. | 6 minutes ago
Description :The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to blind Server-Side Request Forgery in all versions up to, and including, 1.2.58. This is due to insufficient URL origin validation in the process_image_crop() method when processing avatar/banner image crop operations. The function accepts a user-controlled URL via the uwp_crop POST parameter and only validates it using esc_url() for sanitization and wp_check_filetype() for extension verification, without enforcing that the URL references a local uploads file. The URL is then passed to uwp_resizeThumbnailImage() which uses it in PHP image processing functions (getimagesize(), imagecreatefrom*()) that support URL wrappers and perform outbound HTTP requests. This makes it possible for authenticated attackers with subscriber-level access and above to coerce the WordPress server into making arbitrary HTTP requests to attacker-controlled or internal network destinations, enabling internal network scanning and potential access to sensitive services.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-4979 - UsersWP <= 1.2.58 - authenticated (subscriber+) server-side request forgery via 'uwp_crop' parameter",
"Content": "CVE ID :CVE-2026-4979
Published : April 11, 2026, 1:25 a.m. | 6 minutes ago
Description :The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to blind Server-Side Request Forgery in all versions up to, and including, 1.2.58. This is due to insufficient URL origin validation in the process_image_crop() method when processing avatar/banner image crop operations. The function accepts a user-controlled URL via the uwp_crop POST parameter and only validates it using esc_url() for sanitization and wp_check_filetype() for extension verification, without enforcing that the URL references a local uploads file. The URL is then passed to uwp_resizeThumbnailImage() which uses it in PHP image processing functions (getimagesize(), imagecreatefrom*()) that support URL wrappers and perform outbound HTTP requests. This makes it possible for authenticated attackers with subscriber-level access and above to coerce the WordPress server into making arbitrary HTTP requests to attacker-controlled or internal network destinations, enabling internal network scanning and potential access to sensitive services.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-3498 - BlockArt Blocks <= 2.2.15 - authenticated (author+) stored cross-site scripting via 'clientid' block attribute",
"Content": "CVE ID :CVE-2026-3498
Published : April 11, 2026, 1:24 a.m. | 6 minutes ago
Description :The BlockArt Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'clientId' block attribute in all versions up to, and including, 2.2.15. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-3498 - BlockArt Blocks <= 2.2.15 - authenticated (author+) stored cross-site scripting via 'clientid' block attribute",
"Content": "CVE ID :CVE-2026-3498
Published : April 11, 2026, 1:24 a.m. | 6 minutes ago
Description :The BlockArt Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'clientId' block attribute in all versions up to, and including, 2.2.15. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5144 - BuddyPress Groupblog <= 1.9.3 - authenticated (subscriber+) privilege escalation to administrator via group blog idor",
"Content": "CVE ID :CVE-2026-5144
Published : April 11, 2026, 1:24 a.m. | 6 minutes ago
Description :The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the `groupblog-blogid`, `default-member`, and `groupblog-silent-add` parameters from user input without proper authorization checks. The `groupblog-blogid` parameter allows any group admin (including Subscribers who create their own group) to associate their group with any blog on the Multisite network, including the main site (blog ID 1). The `default-member` parameter accepts any WordPress role, including `administrator`, without validation against a whitelist. When combined with `groupblog-silent-add`, any user who joins the attacker's group is automatically added to the targeted blog with the injected role. This makes it possible for authenticated attackers, with Subscriber-level access and above, to escalate any user (including themselves via a second account) to Administrator on the main site of the Multisite network.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5144 - BuddyPress Groupblog <= 1.9.3 - authenticated (subscriber+) privilege escalation to administrator via group blog idor",
"Content": "CVE ID :CVE-2026-5144
Published : April 11, 2026, 1:24 a.m. | 6 minutes ago
Description :The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the `groupblog-blogid`, `default-member`, and `groupblog-silent-add` parameters from user input without proper authorization checks. The `groupblog-blogid` parameter allows any group admin (including Subscribers who create their own group) to associate their group with any blog on the Multisite network, including the main site (blog ID 1). The `default-member` parameter accepts any WordPress role, including `administrator`, without validation against a whitelist. When combined with `groupblog-silent-add`, any user who joins the attacker's group is automatically added to the targeted blog with the injected role. This makes it possible for authenticated attackers, with Subscriber-level access and above, to escalate any user (including themselves via a second account) to Administrator on the main site of the Multisite network.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5207 - LifterLMS <= 9.2.1 - authenticated (custom+) sql injection via 'order' parameter",
"Content": "CVE ID :CVE-2026-5207
Published : April 11, 2026, 1:24 a.m. | 6 minutes ago
Description :The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Instructor-level access and above who have the edit_post capability on the quiz, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5207 - LifterLMS <= 9.2.1 - authenticated (custom+) sql injection via 'order' parameter",
"Content": "CVE ID :CVE-2026-5207
Published : April 11, 2026, 1:24 a.m. | 6 minutes ago
Description :The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Instructor-level access and above who have the edit_post capability on the quiz, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5217 - Optimole <= 4.2.2 - unauthenticated stored cross-site scripting via srcset descriptor parameter",
"Content": "CVE ID :CVE-2026-5217
Published : April 11, 2026, 1:24 a.m. | 6 minutes ago
Description :The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.2. This is due to insufficient input sanitization and output escaping on the user-supplied 's' parameter (srcset descriptor) in the unauthenticated /wp-json/optimole/v1/optimizations REST endpoint. The endpoint validates requests using an HMAC signature and timestamp, but these values are exposed directly in the frontend HTML making them accessible to any visitor. The plugin uses sanitize_text_field() on the descriptor value of rest.php, which strips HTML tags but does not escape double quotes. The poisoned descriptor is then stored via transients (backed by the WordPress options table) and later retrieved and injected verbatim into the srcset attribute of tag_replacer.php without proper escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts into pages that will execute whenever a user accesses the injected page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5217 - Optimole <= 4.2.2 - unauthenticated stored cross-site scripting via srcset descriptor parameter",
"Content": "CVE ID :CVE-2026-5217
Published : April 11, 2026, 1:24 a.m. | 6 minutes ago
Description :The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.2. This is due to insufficient input sanitization and output escaping on the user-supplied 's' parameter (srcset descriptor) in the unauthenticated /wp-json/optimole/v1/optimizations REST endpoint. The endpoint validates requests using an HMAC signature and timestamp, but these values are exposed directly in the frontend HTML making them accessible to any visitor. The plugin uses sanitize_text_field() on the descriptor value of rest.php, which strips HTML tags but does not escape double quotes. The poisoned descriptor is then stored via transients (backed by the WordPress options table) and later retrieved and injected verbatim into the srcset attribute of tag_replacer.php without proper escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts into pages that will execute whenever a user accesses the injected page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-4895 - Greenshift <= 12.8.9 - authenticated (contributor+) stored cross-site scripting via disablelazy attribute",
"Content": "CVE ID :CVE-2026-4895
Published : April 11, 2026, 1:24 a.m. | 6 minutes ago
Description :The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 12.8.9 This is due to insufficient input sanitization and output escaping in the gspb_greenShift_block_script_assets() function. The function uses str_replace() to insert 'fetchpriority="high"' before 'src=' attributes when processing greenshift-blocks/image blocks with the disablelazy attribute enabled. Because this replacement operates on the entire HTML string without parsing, contributors can inject the string 'src=' into HTML attribute values (such as class attributes). When the str_replace executes, the double quotes in the replacement string break out of the attribute context, allowing injection of malicious HTML attributes like onfocus with JavaScript payloads. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-4895 - Greenshift <= 12.8.9 - authenticated (contributor+) stored cross-site scripting via disablelazy attribute",
"Content": "CVE ID :CVE-2026-4895
Published : April 11, 2026, 1:24 a.m. | 6 minutes ago
Description :The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 12.8.9 This is due to insufficient input sanitization and output escaping in the gspb_greenShift_block_script_assets() function. The function uses str_replace() to insert 'fetchpriority="high"' before 'src=' attributes when processing greenshift-blocks/image blocks with the disablelazy attribute enabled. Because this replacement operates on the entire HTML string without parsing, contributors can inject the string 'src=' into HTML attribute values (such as class attributes). When the str_replace executes, the double quotes in the replacement string break out of the attribute context, allowing injection of malicious HTML attributes like onfocus with JavaScript payloads. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5226 - Optimole <= 4.2.3 - reflected cross-site scripting via page profiler url",
"Content": "CVE ID :CVE-2026-5226
Published : April 11, 2026, 1:24 a.m. | 6 minutes ago
Description :The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient output escaping on user-supplied URL paths in the get_current_url() function, which are inserted into JavaScript code via str_replace() without proper JavaScript context escaping in the replace_content() function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5226 - Optimole <= 4.2.3 - reflected cross-site scripting via page profiler url",
"Content": "CVE ID :CVE-2026-5226
Published : April 11, 2026, 1:24 a.m. | 6 minutes ago
Description :The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient output escaping on user-supplied URL paths in the get_current_url() function, which are inserted into JavaScript code via str_replace() without proper JavaScript context escaping in the replace_content() function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-3358 - Tutor LMS <= 3.9.7 - missing authorization to authenticated (subscriber+) unauthorized private course enrollment",
"Content": "CVE ID :CVE-2026-3358
Published : April 11, 2026, 1:24 a.m. | 6 minutes ago
Description :The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized private course enrollment in all versions up to, and including, 3.9.7. This is due to missing post_status validation in the `enroll_now()` and `course_enrollment()` functions. Both enrollment endpoints verify the nonce, user authentication, and whether the course is purchasable, but fail to check if the course has a `private` post_status. This makes it possible for authenticated attackers with Subscriber-level access or above to enroll in private courses by sending a crafted POST request with the target course ID. The enrollment record is created in the database and the private course title and enrollment status are exposed in the subscriber's dashboard, though WordPress core access control prevents the subscriber from viewing the actual course content (returns 404). Enrollment in private courses should be restricted to users with the `read_private_posts` capability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-3358 - Tutor LMS <= 3.9.7 - missing authorization to authenticated (subscriber+) unauthorized private course enrollment",
"Content": "CVE ID :CVE-2026-3358
Published : April 11, 2026, 1:24 a.m. | 6 minutes ago
Description :The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized private course enrollment in all versions up to, and including, 3.9.7. This is due to missing post_status validation in the `enroll_now()` and `course_enrollment()` functions. Both enrollment endpoints verify the nonce, user authentication, and whether the course is purchasable, but fail to check if the course has a `private` post_status. This makes it possible for authenticated attackers with Subscriber-level access or above to enroll in private courses by sending a crafted POST request with the target course ID. The enrollment record is created in the database and the private course title and enrollment status are exposed in the subscriber's dashboard, though WordPress core access control prevents the subscriber from viewing the actual course content (returns 404). Enrollment in private courses should be restricted to users with the `read_private_posts` capability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5058 - aws-mcp-server Command Injection Remote Code Execution Vulnerability",
"Content": "CVE ID :CVE-2026-5058
Published : April 11, 2026, 1:16 a.m. | 15 minutes ago
Description :aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of the allowed commands list. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the MCP server. Was ZDI-CAN-27968.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5058 - aws-mcp-server Command Injection Remote Code Execution Vulnerability",
"Content": "CVE ID :CVE-2026-5058
Published : April 11, 2026, 1:16 a.m. | 15 minutes ago
Description :aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of the allowed commands list. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the MCP server. Was ZDI-CAN-27968.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5059 - aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability",
"Content": "CVE ID :CVE-2026-5059
Published : April 11, 2026, 1:16 a.m. | 15 minutes ago
Description :aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of the allowed commands list. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the MCP server. Was ZDI-CAN-27969.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5059 - aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability",
"Content": "CVE ID :CVE-2026-5059
Published : April 11, 2026, 1:16 a.m. | 15 minutes ago
Description :aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of the allowed commands list. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the MCP server. Was ZDI-CAN-27969.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5494 - Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
"Content": "CVE ID :CVE-2026-5494
Published : April 11, 2026, 1:16 a.m. | 15 minutes ago
Description :Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the processing of PDSPRJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25719.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5494 - Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
"Content": "CVE ID :CVE-2026-5494
Published : April 11, 2026, 1:16 a.m. | 15 minutes ago
Description :Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the processing of PDSPRJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25719.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5495 - Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
"Content": "CVE ID :CVE-2026-5495
Published : April 11, 2026, 1:16 a.m. | 15 minutes ago
Description :Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the processing of PDSPRJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25720.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5495 - Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
"Content": "CVE ID :CVE-2026-5495
Published : April 11, 2026, 1:16 a.m. | 15 minutes ago
Description :Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the processing of PDSPRJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25720.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5496 - Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability",
"Content": "CVE ID :CVE-2026-5496
Published : April 11, 2026, 1:16 a.m. | 15 minutes ago
Description :Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDSPRJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25717.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5496 - Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability",
"Content": "CVE ID :CVE-2026-5496
Published : April 11, 2026, 1:16 a.m. | 15 minutes ago
Description :Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDSPRJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25717.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5055 - NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability",
"Content": "CVE ID :CVE-2026-5055
Published : April 11, 2026, 1:16 a.m. | 15 minutes ago
Description :NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the NoMachine Device Server. The product loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-28494.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5055 - NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability",
"Content": "CVE ID :CVE-2026-5055
Published : April 11, 2026, 1:16 a.m. | 15 minutes ago
Description :NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the NoMachine Device Server. The product loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-28494.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-5493 - Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
"Content": "CVE ID :CVE-2026-5493
Published : April 11, 2026, 1:16 a.m. | 15 minutes ago
Description :Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDSPRJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25718.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-5493 - Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
"Content": "CVE ID :CVE-2026-5493
Published : April 11, 2026, 1:16 a.m. | 15 minutes ago
Description :Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDSPRJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25718.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-4155 - ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability",
"Content": "CVE ID :CVE-2026-4155
Published : April 11, 2026, 1:16 a.m. | 15 minutes ago
Description :ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the genpw script. The issue results from the inclusion of a secret cryptographic seed value within the script. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-26340.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-4155 - ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability",
"Content": "CVE ID :CVE-2026-4155
Published : April 11, 2026, 1:16 a.m. | 15 minutes ago
Description :ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the genpw script. The issue results from the inclusion of a secret cryptographic seed value within the script. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-26340.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-4154 - GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability",
"Content": "CVE ID :CVE-2026-4154
Published : April 11, 2026, 1:16 a.m. | 15 minutes ago
Description :GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of XPM files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28901.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-4154 - GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability",
"Content": "CVE ID :CVE-2026-4154
Published : April 11, 2026, 1:16 a.m. | 15 minutes ago
Description :GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of XPM files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28901.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-4156 - ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability",
"Content": "CVE ID :CVE-2026-4156
Published : April 11, 2026, 1:16 a.m. | 15 minutes ago
Description :ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex EV chargers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of OCPP messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26339.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-4156 - ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability",
"Content": "CVE ID :CVE-2026-4156
Published : April 11, 2026, 1:16 a.m. | 15 minutes ago
Description :ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex EV chargers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of OCPP messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26339.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "11 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹