{
"Source": "CVE FEED",
"Title": "CVE-2019-25701 - Easy Video to iPod Converter 1.6.20 Local Buffer Overflow SEH",
"Content": "CVE ID :CVE-2019-25701
Published : April 12, 2026, 12:28 p.m. | 37 minutes ago
Description :Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that allows local attackers to overwrite the structured exception handler. Attackers can input a crafted payload exceeding 996 bytes in the username field to trigger SEH overwrite and execute arbitrary code with user privileges.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2019-25701 - Easy Video to iPod Converter 1.6.20 Local Buffer Overflow SEH",
"Content": "CVE ID :CVE-2019-25701
Published : April 12, 2026, 12:28 p.m. | 37 minutes ago
Description :Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that allows local attackers to overwrite the structured exception handler. Attackers can input a crafted payload exceeding 996 bytes in the username field to trigger SEH overwrite and execute arbitrary code with user privileges.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2019-25697 - CMSsite 1.0 SQL Injection via category.php",
"Content": "CVE ID :CVE-2019-25697
Published : April 12, 2026, 12:28 p.m. | 37 minutes ago
Description :CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can send GET requests to category.php with malicious cat_id values to extract sensitive database information including usernames and credentials.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2019-25697 - CMSsite 1.0 SQL Injection via category.php",
"Content": "CVE ID :CVE-2019-25697
Published : April 12, 2026, 12:28 p.m. | 37 minutes ago
Description :CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can send GET requests to category.php with malicious cat_id values to extract sensitive database information including usernames and credentials.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2019-25695 - R 3.4.4 Local Buffer Overflow Windows XP SP3",
"Content": "CVE ID :CVE-2019-25695
Published : April 12, 2026, 12:28 p.m. | 37 minutes ago
Description :R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP instruction to execute commands like calc.exe when the payload is pasted into the Language for menus and messages field.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2019-25695 - R 3.4.4 Local Buffer Overflow Windows XP SP3",
"Content": "CVE ID :CVE-2019-25695
Published : April 12, 2026, 12:28 p.m. | 37 minutes ago
Description :R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP instruction to execute commands like calc.exe when the payload is pasted into the Language for menus and messages field.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2019-25693 - ResourceSpace 8.6 SQL Injection via collection_edit.php",
"Content": "CVE ID :CVE-2019-25693
Published : April 12, 2026, 12:28 p.m. | 37 minutes ago
Description :ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to extract sensitive database information including schema names, user credentials, and other confidential data.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2019-25693 - ResourceSpace 8.6 SQL Injection via collection_edit.php",
"Content": "CVE ID :CVE-2019-25693
Published : April 12, 2026, 12:28 p.m. | 37 minutes ago
Description :ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to extract sensitive database information including schema names, user credentials, and other confidential data.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2019-25689 - HTML5 Video Player 1.2.5 Local Buffer Overflow Non-SEH",
"Content": "CVE ID :CVE-2019-25689
Published : April 12, 2026, 12:28 p.m. | 37 minutes ago
Description :HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payload exceeding 997 bytes and paste it into the KEY CODE field in the Help Register dialog to trigger code execution and spawn a calculator process.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2019-25689 - HTML5 Video Player 1.2.5 Local Buffer Overflow Non-SEH",
"Content": "CVE ID :CVE-2019-25689
Published : April 12, 2026, 12:28 p.m. | 37 minutes ago
Description :HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payload exceeding 997 bytes and paste it into the KEY CODE field in the Help Register dialog to trigger code execution and spawn a calculator process.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2019-25691 - Faleemi Desktop Software 1.8 Local Buffer Overflow SEH DEP Bypass",
"Content": "CVE ID :CVE-2019-25691
Published : April 12, 2026, 12:28 p.m. | 37 minutes ago
Description :Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can inject a crafted payload into the Save Path for Snapshot and Record file field to trigger a buffer overflow and execute arbitrary code via ROP chain gadgets.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2019-25691 - Faleemi Desktop Software 1.8 Local Buffer Overflow SEH DEP Bypass",
"Content": "CVE ID :CVE-2019-25691
Published : April 12, 2026, 12:28 p.m. | 37 minutes ago
Description :Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can inject a crafted payload into the Save Path for Snapshot and Record file field to trigger a buffer overflow and execute arbitrary code via ROP chain gadgets.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2018-25258 - RGui 3.5.0 Local Buffer Overflow SEH DEP Bypass",
"Content": "CVE ID :CVE-2018-25258
Published : April 12, 2026, 12:28 p.m. | 37 minutes ago
Description :RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based buffer overflow, execute a ROP chain for VirtualAlloc allocation, and achieve arbitrary code execution.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2018-25258 - RGui 3.5.0 Local Buffer Overflow SEH DEP Bypass",
"Content": "CVE ID :CVE-2018-25258
Published : April 12, 2026, 12:28 p.m. | 37 minutes ago
Description :RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based buffer overflow, execute a ROP chain for VirtualAlloc allocation, and achieve arbitrary code execution.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2018-25257 - Adianti Framework 5.5.0 and 5.6.0 SQL Injection via Profile",
"Content": "CVE ID :CVE-2018-25257
Published : April 12, 2026, 12:28 p.m. | 37 minutes ago
Description :Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user credentials and gain administrative access.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2018-25257 - Adianti Framework 5.5.0 and 5.6.0 SQL Injection via Profile",
"Content": "CVE ID :CVE-2018-25257
Published : April 12, 2026, 12:28 p.m. | 37 minutes ago
Description :Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user credentials and gain administrative access.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2017-20239 - MDwiki Cross-Site Scripting via Location Hash Parameter",
"Content": "CVE ID :CVE-2017-20239
Published : April 12, 2026, 12:28 p.m. | 37 minutes ago
Description :MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by injecting malicious code through the location hash parameter. Attackers can craft URLs with JavaScript payloads in the hash fragment that are parsed and rendered without sanitization, causing the injected scripts to execute in the victim's browser context.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2017-20239 - MDwiki Cross-Site Scripting via Location Hash Parameter",
"Content": "CVE ID :CVE-2017-20239
Published : April 12, 2026, 12:28 p.m. | 37 minutes ago
Description :MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by injecting malicious code through the location hash parameter. Attackers can craft URLs with JavaScript payloads in the hash fragment that are parsed and rendered without sanitization, causing the injected scripts to execute in the victim's browser context.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-40386 - Fujifilm/Olympus MakerNote Integer Underflow",
"Content": "CVE ID :CVE-2026-40386
Published : April 12, 2026, 6:19 p.m. | 52 minutes ago
Description :In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-40386 - Fujifilm/Olympus MakerNote Integer Underflow",
"Content": "CVE ID :CVE-2026-40386
Published : April 12, 2026, 6:19 p.m. | 52 minutes ago
Description :In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-40385 - Nikon Libexif Integer Overflow Vulnerability",
"Content": "CVE ID :CVE-2026-40385
Published : April 12, 2026, 6:16 p.m. | 55 minutes ago
Description :In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-40385 - Nikon Libexif Integer Overflow Vulnerability",
"Content": "CVE ID :CVE-2026-40385
Published : April 12, 2026, 6:16 p.m. | 55 minutes ago
Description :In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-6129 - zhayujie chatgpt-on-wechat CowAgent Agent Mode Service missing authentication",
"Content": "CVE ID :CVE-2026-6129
Published : April 12, 2026, 8:16 p.m. | 1 hour, 4 minutes ago
Description :A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects an unknown function of the component Agent Mode Service. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-6129 - zhayujie chatgpt-on-wechat CowAgent Agent Mode Service missing authentication",
"Content": "CVE ID :CVE-2026-6129
Published : April 12, 2026, 8:16 p.m. | 1 hour, 4 minutes ago
Description :A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects an unknown function of the component Agent Mode Service. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-40396 - Varnish Cache HTTP/1 Pipeline Denial of Service",
"Content": "CVE ID :CVE-2026-40396
Published : April 12, 2026, 8:16 p.m. | 1 hour, 4 minutes ago
Description :Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service (daemon panic) after timeout_linger. A malicious client could send an HTTP/1 request, wait long enough until the session releases its worker thread (timeout_linger) and resume traffic before the session is closed (timeout_idle) sending more than one request at once to trigger a pipelining operation between requests. This vulnerability affecting Varnish Cache 9.0.0 emerged from a port of the Varnish Enterprise non-blocking architecture for HTTP/2. New code was needed to adapt to a more recent workspace API that formalizes the pipelining operation. In addition to the workspace change on the Varnish Cache side, other differences created merge conflicts, like partial support for trailers in Varnish Enterprise. The conflict resolution missed one code path configuring pipelining to perform a complete workspace rollback, losing the guarantee that prefetched data would fit inside workspace_client during the transition from one request to the next. This can result in a workspace overflow, triggering a panic and crashing the Varnish server.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-40396 - Varnish Cache HTTP/1 Pipeline Denial of Service",
"Content": "CVE ID :CVE-2026-40396
Published : April 12, 2026, 8:16 p.m. | 1 hour, 4 minutes ago
Description :Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service (daemon panic) after timeout_linger. A malicious client could send an HTTP/1 request, wait long enough until the session releases its worker thread (timeout_linger) and resume traffic before the session is closed (timeout_idle) sending more than one request at once to trigger a pipelining operation between requests. This vulnerability affecting Varnish Cache 9.0.0 emerged from a port of the Varnish Enterprise non-blocking architecture for HTTP/2. New code was needed to adapt to a more recent workspace API that formalizes the pipelining operation. In addition to the workspace change on the Varnish Cache side, other differences created merge conflicts, like partial support for trailers in Varnish Enterprise. The conflict resolution missed one code path configuring pipelining to perform a complete workspace rollback, losing the guarantee that prefetched data would fit inside workspace_client during the transition from one request to the next. This can result in a workspace overflow, triggering a panic and crashing the Varnish server.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-40395 - Varnish Enterprise Workspace Overflow Denial of Service",
"Content": "CVE ID :CVE-2026-40395
Published : April 12, 2026, 8:16 p.m. | 1 hour, 4 minutes ago
Description :Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service (daemon panic) for shared VCL. The headerplus.write_req0() function from vmod_headerplus updates the underlying req0, which is normally the original read-only request from which req is derived (readable and writable from VCL). This is useful in the active VCL, after amending req, to prepare a refined req0 before switching to a different VCL with the return (vcl()) action. This is for example how the Varnish Controller operates shared VCL deployments. If the amended req contained too many header fields for req0, this would have resulted in a workspace overflow that would in turn trigger a panic and crash the Varnish Enterprise server. This could be used as a Denial of Service attack vector by malicious clients.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-40395 - Varnish Enterprise Workspace Overflow Denial of Service",
"Content": "CVE ID :CVE-2026-40395
Published : April 12, 2026, 8:16 p.m. | 1 hour, 4 minutes ago
Description :Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service (daemon panic) for shared VCL. The headerplus.write_req0() function from vmod_headerplus updates the underlying req0, which is normally the original read-only request from which req is derived (readable and writable from VCL). This is useful in the active VCL, after amending req, to prepare a refined req0 before switching to a different VCL with the return (vcl()) action. This is for example how the Varnish Controller operates shared VCL deployments. If the amended req contained too many header fields for req0, this would have resulted in a workspace overflow that would in turn trigger a panic and crash the Varnish Enterprise server. This could be used as a Denial of Service attack vector by malicious clients.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-40394 - Varnish Cache HTTP/2 Denial of Service",
"Content": "CVE ID :CVE-2026-40394
Published : April 12, 2026, 8:16 p.m. | 1 hour, 4 minutes ago
Description :Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service (daemon panic) for certain amounts of prefetched data. The setup of an HTTP/2 session starts with a speculative HTTP/1 transport, and upon upgrading to h2 the HTTP/1 request is repurposed as stream zero. During the upgrade, a buffer allocation is made to reserve space to send frames to the client. This allocation would split the original workspace, and depending on the amount of prefetched data, the next fetch could perform a pipelining operation that would run out of workspace.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-40394 - Varnish Cache HTTP/2 Denial of Service",
"Content": "CVE ID :CVE-2026-40394
Published : April 12, 2026, 8:16 p.m. | 1 hour, 4 minutes ago
Description :Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service (daemon panic) for certain amounts of prefetched data. The setup of an HTTP/2 session starts with a speculative HTTP/1 transport, and upon upgrading to h2 the HTTP/1 request is repurposed as stream zero. During the upgrade, a buffer allocation is made to reserve space to send frames to the client. This allocation would split the original workspace, and depending on the amount of prefetched data, the next fetch could perform a pipelining operation that would run out of workspace.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-40393 - Mesa WebGPU Out-of-Bounds Memory Access Vulnerability",
"Content": "CVE ID :CVE-2026-40393
Published : April 12, 2026, 7:16 p.m. | 2 hours, 4 minutes ago
Description :In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-40393 - Mesa WebGPU Out-of-Bounds Memory Access Vulnerability",
"Content": "CVE ID :CVE-2026-40393
Published : April 12, 2026, 7:16 p.m. | 2 hours, 4 minutes ago
Description :In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "12 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-6134 - Tenda F451 qossetting fromqossetting stack-based overflow",
"Content": "CVE ID :CVE-2026-6134
Published : April 12, 2026, 11 p.m. | 20 minutes ago
Description :A security flaw has been discovered in Tenda F451 1.0.0.7_cn_svn7958. This vulnerability affects the function fromqossetting of the file /goform/qossetting. Performing a manipulation of the argument qos results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-6134 - Tenda F451 qossetting fromqossetting stack-based overflow",
"Content": "CVE ID :CVE-2026-6134
Published : April 12, 2026, 11 p.m. | 20 minutes ago
Description :A security flaw has been discovered in Tenda F451 1.0.0.7_cn_svn7958. This vulnerability affects the function fromqossetting of the file /goform/qossetting. Performing a manipulation of the argument qos results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-6133 - Tenda F451 SafeUrlFilter fromSafeUrlFilter stack-based overflow",
"Content": "CVE ID :CVE-2026-6133
Published : April 12, 2026, 10:45 p.m. | 36 minutes ago
Description :A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. This affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-6133 - Tenda F451 SafeUrlFilter fromSafeUrlFilter stack-based overflow",
"Content": "CVE ID :CVE-2026-6133
Published : April 12, 2026, 10:45 p.m. | 36 minutes ago
Description :A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. This affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-6132 - Totolink A7100RU CGI cstecgi.cgi setLedCfg os command injection",
"Content": "CVE ID :CVE-2026-6132
Published : April 12, 2026, 10:30 p.m. | 51 minutes ago
Description :A vulnerability was determined in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-6132 - Totolink A7100RU CGI cstecgi.cgi setLedCfg os command injection",
"Content": "CVE ID :CVE-2026-6132
Published : April 12, 2026, 10:30 p.m. | 51 minutes ago
Description :A vulnerability was determined in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-6130 - chatboxai chatbox Model Context Protocol Server Management System ipc-stdio-transport.ts StdioClientTransport os command injection",
"Content": "CVE ID :CVE-2026-6130
Published : April 12, 2026, 10:16 p.m. | 1 hour, 5 minutes ago
Description :A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransport of the file src/main/mcp/ipc-stdio-transport.ts of the component Model Context Protocol Server Management System. Executing a manipulation of the argument args/env can lead to os command injection. The attack can be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-6130 - chatboxai chatbox Model Context Protocol Server Management System ipc-stdio-transport.ts StdioClientTransport os command injection",
"Content": "CVE ID :CVE-2026-6130
Published : April 12, 2026, 10:16 p.m. | 1 hour, 5 minutes ago
Description :A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransport of the file src/main/mcp/ipc-stdio-transport.ts of the component Model Context Protocol Server Management System. Executing a manipulation of the argument args/env can lead to os command injection. The attack can be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-6131 - Totolink A7100RU CGI cstecgi.cgi setTracerouteCfg os command injection",
"Content": "CVE ID :CVE-2026-6131
Published : April 12, 2026, 10:15 p.m. | 1 hour, 6 minutes ago
Description :A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument command results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-6131 - Totolink A7100RU CGI cstecgi.cgi setTracerouteCfg os command injection",
"Content": "CVE ID :CVE-2026-6131
Published : April 12, 2026, 10:15 p.m. | 1 hour, 6 minutes ago
Description :A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument command results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹