{
"Source": "CVE FEED",
"Title": "CVE-2025-15632 - 1Panel-dev MaxKB MdPreview chat.ts cross site scripting",
"Content": "CVE ID :CVE-2025-15632
Published : April 13, 2026, 10:16 a.m. | 1 hour, 25 minutes ago
Description :A vulnerability has been found in 1Panel-dev MaxKB up to 2.4.2. Impacted is an unknown function of the file ui/src/chat.ts of the component MdPreview. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.5.0 is recommended to address this issue. The name of the patch is 7230daa5ec3e6574b6ede83dd48a4fbc0e70b8d8. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-15632 - 1Panel-dev MaxKB MdPreview chat.ts cross site scripting",
"Content": "CVE ID :CVE-2025-15632
Published : April 13, 2026, 10:16 a.m. | 1 hour, 25 minutes ago
Description :A vulnerability has been found in 1Panel-dev MaxKB up to 2.4.2. Impacted is an unknown function of the file ui/src/chat.ts of the component MdPreview. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.5.0 is recommended to address this issue. The name of the patch is 7230daa5ec3e6574b6ede83dd48a4fbc0e70b8d8. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-36922 - Sourcecodester Cab Management System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36922
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the file /cms/admin/categories/view_category.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-36922 - Sourcecodester Cab Management System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36922
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the file /cms/admin/categories/view_category.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-36923 - Sourcecodester Cab Management System SQL Injection",
"Content": "CVE ID :CVE-2026-36923
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/view_booking.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-36923 - Sourcecodester Cab Management System SQL Injection",
"Content": "CVE ID :CVE-2026-36923
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/view_booking.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-36872 - Sourcecodester Basic Library System SQL Injection",
"Content": "CVE ID :CVE-2026-36872
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_book.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-36872 - Sourcecodester Basic Library System SQL Injection",
"Content": "CVE ID :CVE-2026-36872
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_book.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-36873 - Sourcecodester Basic Library System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36873
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_admin.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-36873 - Sourcecodester Basic Library System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36873
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_admin.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-36874 - Sourcecodester Basic Library System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36874
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_student.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-36874 - Sourcecodester Basic Library System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36874
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_student.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-36919 - Sourcecodester Online Reviewer System SQL Injection",
"Content": "CVE ID :CVE-2026-36919
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/admins/assessments/examproper/exam-update.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-36919 - Sourcecodester Online Reviewer System SQL Injection",
"Content": "CVE ID :CVE-2026-36919
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/admins/assessments/examproper/exam-update.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-36920 - Sourcecodester Online Reviewer System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36920
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Sourcecodester Online Reviewer System v1.0 is vulnerable to SQL Injection in the file /system/system/admins/assessments/examproper/questions-view.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-36920 - Sourcecodester Online Reviewer System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36920
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Sourcecodester Online Reviewer System v1.0 is vulnerable to SQL Injection in the file /system/system/admins/assessments/examproper/questions-view.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-34476 - Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server",
"Content": "CVE ID :CVE-2026-34476
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP.
This issue affects Apache SkyWalking MCP: 0.1.0.
Users are recommended to upgrade to version 0.2.0, which fixes this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-34476 - Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server",
"Content": "CVE ID :CVE-2026-34476
Published : April 13, 2026, 1:16 p.m. | 27 minutes ago
Description :Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP.
This issue affects Apache SkyWalking MCP: 0.1.0.
Users are recommended to upgrade to version 0.2.0, which fixes this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-6183 - code-projects Simple Content Management System index.php sql injection",
"Content": "CVE ID :CVE-2026-6183
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :A security flaw has been discovered in code-projects Simple Content Management System 1.0. Affected by this issue is some unknown functionality of the file /web/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-6183 - code-projects Simple Content Management System index.php sql injection",
"Content": "CVE ID :CVE-2026-6183
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :A security flaw has been discovered in code-projects Simple Content Management System 1.0. Affected by this issue is some unknown functionality of the file /web/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-6182 - code-projects Simple Content Management System login.php sql injection",
"Content": "CVE ID :CVE-2026-6182
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :A vulnerability was identified in code-projects Simple Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /web/admin/login.php. Such manipulation of the argument User leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-6182 - code-projects Simple Content Management System login.php sql injection",
"Content": "CVE ID :CVE-2026-6182
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :A vulnerability was identified in code-projects Simple Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /web/admin/login.php. Such manipulation of the argument User leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-36941 - Sourcecodester Online Resort Management System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36941
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms/admin/rooms/manage_room.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-36941 - Sourcecodester Online Resort Management System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36941
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms/admin/rooms/manage_room.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-36942 - Sourcecodester Online Resort Management System SQL Injection",
"Content": "CVE ID :CVE-2026-36942
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/manage_activity.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-36942 - Sourcecodester Online Resort Management System SQL Injection",
"Content": "CVE ID :CVE-2026-36942
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/manage_activity.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-36943 - Sourcecodester Computer and Mobile Repair Shop Management System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36943
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/repairs/manage_repair.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-36943 - Sourcecodester Computer and Mobile Repair Shop Management System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36943
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/repairs/manage_repair.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-36944 - Sourcecodester Computer and Mobile Repair Shop Management System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36944
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerale to SQL injection in the file/rsms/admin/repairs/view_details.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-36944 - Sourcecodester Computer and Mobile Repair Shop Management System SQL Injection Vulnerability",
"Content": "CVE ID :CVE-2026-36944
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerale to SQL injection in the file/rsms/admin/repairs/view_details.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-36945 - Sourcecodester Computer and Mobile Repair Shop Management System SQL Injection",
"Content": "CVE ID :CVE-2026-36945
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/clients/manage_client.php
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-36945 - Sourcecodester Computer and Mobile Repair Shop Management System SQL Injection",
"Content": "CVE ID :CVE-2026-36945
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/clients/manage_client.php
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-31282 - Totara LMS Authentication Bypass",
"Content": "CVE ID :CVE-2026-31282
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. An attacker can chain that with missing rate-limit on the login form to launch a brute force attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-31282 - Totara LMS Authentication Bypass",
"Content": "CVE ID :CVE-2026-31282
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. An attacker can chain that with missing rate-limit on the login form to launch a brute force attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-31283 - Totara LMS Email Bombing Vulnerability",
"Content": "CVE ID :CVE-2026-31283
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-31283 - Totara LMS Email Bombing Vulnerability",
"Content": "CVE ID :CVE-2026-31283
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-33858 - Apache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API",
"Content": "CVE ID :CVE-2026-33858
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.
Users are recommended to upgrade to Apache Airflow 3.2.0, which resolves this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-33858 - Apache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API",
"Content": "CVE ID :CVE-2026-33858
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.
Users are recommended to upgrade to Apache Airflow 3.2.0, which resolves this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-30999 - FFmpeg Heap Buffer Overflow Denial of Service",
"Content": "CVE ID :CVE-2026-30999
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-30999 - FFmpeg Heap Buffer Overflow Denial of Service",
"Content": "CVE ID :CVE-2026-30999
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-31281 - Totara LMS HTML Injection",
"Content": "CVE ID :CVE-2026-31281
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :Totara LMS v19.1.5 and before is vulnerable to HTLM Injection. An attacker can inject malicious HTLM code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-31281 - Totara LMS HTML Injection",
"Content": "CVE ID :CVE-2026-31281
Published : April 13, 2026, 3:17 p.m. | 28 minutes ago
Description :Totara LMS v19.1.5 and before is vulnerable to HTLM Injection. An attacker can inject malicious HTLM code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Apr 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹