{
"Source": "CVE FEED",
"Title": "CVE-2026-0232 - Cortex XDR Agent: Local Administrator can disable the agent on Windows",
"Content": "CVE ID :CVE-2026-0232
Published : April 13, 2026, 8:16 a.m. | 1 hour, 23 minutes ago
Description :A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent. This issue may be leveraged by malware to perform malicious activity without detection.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-0232 - Cortex XDR Agent: Local Administrator can disable the agent on Windows",
"Content": "CVE ID :CVE-2026-0232
Published : April 13, 2026, 8:16 a.m. | 1 hour, 23 minutes ago
Description :A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent. This issue may be leveraged by malware to perform malicious activity without detection.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-6204 - LibreNMS Remote Code Execution Vulnerability",
"Content": "CVE ID :CVE-2026-6204
Published : April 13, 2026, 11:16 a.m. | 25 minutes ago
Description :LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-6204 - LibreNMS Remote Code Execution Vulnerability",
"Content": "CVE ID :CVE-2026-6204
Published : April 13, 2026, 11:16 a.m. | 25 minutes ago
Description :LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2728 - LibreNMS Authenticated Cross-site Scripting",
"Content": "CVE ID :CVE-2026-2728
Published : April 13, 2026, 11:16 a.m. | 25 minutes ago
Description :LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig page. Successful exploitation requires administrative privileges. Exploitation could result in XSS attacks being performed against other users with access to the page.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2728 - LibreNMS Authenticated Cross-site Scripting",
"Content": "CVE ID :CVE-2026-2728
Published : April 13, 2026, 11:16 a.m. | 25 minutes ago
Description :LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig page. Successful exploitation requires administrative privileges. Exploitation could result in XSS attacks being performed against other users with access to the page.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-35337 - Apache Storm Client: RCE through Unsafe Deserialization via Kerberos TGT Credential Handling",
"Content": "CVE ID :CVE-2026-35337
Published : April 13, 2026, 10:16 a.m. | 1 hour, 25 minutes ago
Description :Deserialization of Untrusted Data vulnerability in Apache Storm.
Versions Affected:
before 2.8.6.
Description:
When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject() without any class filtering or validation. An authenticated user with topology submission rights could supply a crafted serialized object in the "TGT" credential field, leading to remote code execution in both the Nimbus and Worker JVMs.
Mitigation:
2.x users should upgrade to 2.8.6.
Users who cannot upgrade immediately should monkey-patch an ObjectInputFilter allow-list to ClientAuthUtils.deserializeKerberosTicket() restricting deserialized classes to javax.security.auth.kerberos.KerberosTicket and its known dependencies. A guide on how to do this is available in the release notes of 2.8.6.
Credit: This issue was discovered by K.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-35337 - Apache Storm Client: RCE through Unsafe Deserialization via Kerberos TGT Credential Handling",
"Content": "CVE ID :CVE-2026-35337
Published : April 13, 2026, 10:16 a.m. | 1 hour, 25 minutes ago
Description :Deserialization of Untrusted Data vulnerability in Apache Storm.
Versions Affected:
before 2.8.6.
Description:
When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject() without any class filtering or validation. An authenticated user with topology submission rights could supply a crafted serialized object in the "TGT" credential field, leading to remote code execution in both the Nimbus and Worker JVMs.
Mitigation:
2.x users should upgrade to 2.8.6.
Users who cannot upgrade immediately should monkey-patch an ObjectInputFilter allow-list to ClientAuthUtils.deserializeKerberosTicket() restricting deserialized classes to javax.security.auth.kerberos.KerberosTicket and its known dependencies. A guide on how to do this is available in the release notes of 2.8.6.
Credit: This issue was discovered by K.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-35565 - Apache Storm UI: Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Storm UI",
"Content": "CVE ID :CVE-2026-35565
Published : April 13, 2026, 10:16 a.m. | 1 hour, 25 minutes ago
Description :Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Apache Storm UI
Versions Affected: before 2.8.6
Description: The Storm UI visualization component interpolates topology metadata including component IDs, stream names, and grouping values directly into HTML via innerHTML in parseNode() and parseEdge() without sanitization at any layer. An authenticated user with topology submission rights could craft a topology containing malicious HTML/JavaScript in component identifiers (e.g., a bolt ID containing an onerror event handler). This payload flows through Nimbus → Thrift → the Visualization API → vis.js tooltip rendering, resulting in stored cross-site scripting.
In multi-tenant deployments where topology submission is available to less-trusted users but the UI is accessed by operators or administrators, this enables privilege escalation through script execution in an admin's browser session.
Mitigation: 2.x users should upgrade to 2.8.6. Users who cannot upgrade immediately should monkey-patch the parseNode() and parseEdge() functions in the visualization JavaScript file to HTML-escape all API-supplied values including nodeId, :capacity, :latency, :component, :stream, and :grouping before interpolation into tooltip HTML strings, and should additionally restrict topology submission to trusted users via Nimbus ACLs as a defense-in-depth measure. A guide on how to do this is available in the release notes of 2.8.6.
Credit: This issue was discovered while investigating another report by K.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-35565 - Apache Storm UI: Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Storm UI",
"Content": "CVE ID :CVE-2026-35565
Published : April 13, 2026, 10:16 a.m. | 1 hour, 25 minutes ago
Description :Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Apache Storm UI
Versions Affected: before 2.8.6
Description: The Storm UI visualization component interpolates topology metadata including component IDs, stream names, and grouping values directly into HTML via innerHTML in parseNode() and parseEdge() without sanitization at any layer. An authenticated user with topology submission rights could craft a topology containing malicious HTML/JavaScript in component identifiers (e.g., a bolt ID containing an onerror event handler). This payload flows through Nimbus → Thrift → the Visualization API → vis.js tooltip rendering, resulting in stored cross-site scripting.
In multi-tenant deployments where topology submission is available to less-trusted users but the UI is accessed by operators or administrators, this enables privilege escalation through script execution in an admin's browser session.
Mitigation: 2.x users should upgrade to 2.8.6. Users who cannot upgrade immediately should monkey-patch the parseNode() and parseEdge() functions in the visualization JavaScript file to HTML-escape all API-supplied values including nodeId, :capacity, :latency, :component, :stream, and :grouping before interpolation into tooltip HTML strings, and should additionally restrict topology submission to trusted users via Nimbus ACLs as a defense-in-depth measure. A guide on how to do this is available in the release notes of 2.8.6.
Credit: This issue was discovered while investigating another report by K.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-15632 - 1Panel-dev MaxKB MdPreview chat.ts cross site scripting",
"Content": "CVE ID :CVE-2025-15632
Published : April 13, 2026, 10:16 a.m. | 1 hour, 25 minutes ago
Description :A vulnerability has been found in 1Panel-dev MaxKB up to 2.4.2. Impacted is an unknown function of the file ui/src/chat.ts of the component MdPreview. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.5.0 is recommended to address this issue. The name of the patch is 7230daa5ec3e6574b6ede83dd48a4fbc0e70b8d8. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-15632 - 1Panel-dev MaxKB MdPreview chat.ts cross site scripting",
"Content": "CVE ID :CVE-2025-15632
Published : April 13, 2026, 10:16 a.m. | 1 hour, 25 minutes ago
Description :A vulnerability has been found in 1Panel-dev MaxKB up to 2.4.2. Impacted is an unknown function of the file ui/src/chat.ts of the component MdPreview. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.5.0 is recommended to address this issue. The name of the patch is 7230daa5ec3e6574b6ede83dd48a4fbc0e70b8d8. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-36922 - Sourcecodester Cab Management System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36922
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the file /cms/admin/categories/view_category.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-36922 - Sourcecodester Cab Management System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36922
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the file /cms/admin/categories/view_category.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-36923 - Sourcecodester Cab Management System SQL Injection",
"Content": "CVE ID :CVE-2026-36923
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/view_booking.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-36923 - Sourcecodester Cab Management System SQL Injection",
"Content": "CVE ID :CVE-2026-36923
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/view_booking.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-36872 - Sourcecodester Basic Library System SQL Injection",
"Content": "CVE ID :CVE-2026-36872
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_book.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-36872 - Sourcecodester Basic Library System SQL Injection",
"Content": "CVE ID :CVE-2026-36872
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_book.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-36873 - Sourcecodester Basic Library System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36873
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_admin.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-36873 - Sourcecodester Basic Library System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36873
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_admin.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-36874 - Sourcecodester Basic Library System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36874
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_student.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-36874 - Sourcecodester Basic Library System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36874
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_student.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-36919 - Sourcecodester Online Reviewer System SQL Injection",
"Content": "CVE ID :CVE-2026-36919
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/admins/assessments/examproper/exam-update.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-36919 - Sourcecodester Online Reviewer System SQL Injection",
"Content": "CVE ID :CVE-2026-36919
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/admins/assessments/examproper/exam-update.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-36920 - Sourcecodester Online Reviewer System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36920
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Sourcecodester Online Reviewer System v1.0 is vulnerable to SQL Injection in the file /system/system/admins/assessments/examproper/questions-view.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-36920 - Sourcecodester Online Reviewer System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36920
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Sourcecodester Online Reviewer System v1.0 is vulnerable to SQL Injection in the file /system/system/admins/assessments/examproper/questions-view.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-34476 - Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server",
"Content": "CVE ID :CVE-2026-34476
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP.
This issue affects Apache SkyWalking MCP: 0.1.0.
Users are recommended to upgrade to version 0.2.0, which fixes this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-34476 - Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server",
"Content": "CVE ID :CVE-2026-34476
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP.
This issue affects Apache SkyWalking MCP: 0.1.0.
Users are recommended to upgrade to version 0.2.0, which fixes this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-6183 - code-projects Simple Content Management System index.php sql injection",
"Content": "CVE ID :CVE-2026-6183
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :A security flaw has been discovered in code-projects Simple Content Management System 1.0. Affected by this issue is some unknown functionality of the file /web/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-6183 - code-projects Simple Content Management System index.php sql injection",
"Content": "CVE ID :CVE-2026-6183
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :A security flaw has been discovered in code-projects Simple Content Management System 1.0. Affected by this issue is some unknown functionality of the file /web/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-6182 - code-projects Simple Content Management System login.php sql injection",
"Content": "CVE ID :CVE-2026-6182
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :A vulnerability was identified in code-projects Simple Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /web/admin/login.php. Such manipulation of the argument User leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-6182 - code-projects Simple Content Management System login.php sql injection",
"Content": "CVE ID :CVE-2026-6182
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :A vulnerability was identified in code-projects Simple Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /web/admin/login.php. Such manipulation of the argument User leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-36941 - Sourcecodester Online Resort Management System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36941
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms/admin/rooms/manage_room.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-36941 - Sourcecodester Online Resort Management System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36941
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms/admin/rooms/manage_room.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-36942 - Sourcecodester Online Resort Management System SQL Injection",
"Content": "CVE ID :CVE-2026-36942
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/manage_activity.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-36942 - Sourcecodester Online Resort Management System SQL Injection",
"Content": "CVE ID :CVE-2026-36942
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/manage_activity.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-36943 - Sourcecodester Computer and Mobile Repair Shop Management System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36943
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/repairs/manage_repair.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-36943 - Sourcecodester Computer and Mobile Repair Shop Management System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36943
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/repairs/manage_repair.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-36944 - Sourcecodester Computer and Mobile Repair Shop Management System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36944
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerale to SQL injection in the file/rsms/admin/repairs/view_details.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-36944 - Sourcecodester Computer and Mobile Repair Shop Management System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36944
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerale to SQL injection in the file/rsms/admin/repairs/view_details.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-36945 - Sourcecodester Computer and Mobile Repair Shop Management System SQL Injection",
"Content": "CVE ID :CVE-2026-36945
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/clients/manage_client.php
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-36945 - Sourcecodester Computer and Mobile Repair Shop Management System SQL Injection",
"Content": "CVE ID :CVE-2026-36945
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/clients/manage_client.php
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹