{
"Source": "CVE FEED",
"Title": "CVE-2026-3120 - RCE in Profelis Informatics' SambaBox",
"Content": "CVE ID :CVE-2026-3120
Published : May 4, 2026, 12:16 p.m. | 1 hour, 53 minutes ago
Description :Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection.
This issue affects SambaBox: from 5.1 before 5.3.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-3120 - RCE in Profelis Informatics' SambaBox",
"Content": "CVE ID :CVE-2026-3120
Published : May 4, 2026, 12:16 p.m. | 1 hour, 53 minutes ago
Description :Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection.
This issue affects SambaBox: from 5.1 before 5.3.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-40563 - Apache Atlas: Script injection allows access to unintended data",
"Content": "CVE ID :CVE-2026-40563
Published : May 4, 2026, 3:17 p.m. | 53 minutes ago
Description :Description:
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas
Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data
Affect Version:
This issue affects Apache Atlas: from 0.8 through 2.4.0.
For the affect version >= 2.0, vulnerability is only when Atlas is deployed with below non-default configuration.
atlas.dsl.executor.traversal=false
Mitigation:
Users are recommended to upgrade to version 2.5.0, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-40563 - Apache Atlas: Script injection allows access to unintended data",
"Content": "CVE ID :CVE-2026-40563
Published : May 4, 2026, 3:17 p.m. | 53 minutes ago
Description :Description:
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas
Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data
Affect Version:
This issue affects Apache Atlas: from 0.8 through 2.4.0.
For the affect version >= 2.0, vulnerability is only when Atlas is deployed with below non-default configuration.
atlas.dsl.executor.traversal=false
Mitigation:
Users are recommended to upgrade to version 2.5.0, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-6501 - ILM Informatique jOpenDocument XML External Entity Reference Vulnerability",
"Content": "CVE ID :CVE-2026-6501
Published : May 4, 2026, 3:16 p.m. | 54 minutes ago
Description :Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup.
This issue affects jOpenDocument: 1.5.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-6501 - ILM Informatique jOpenDocument XML External Entity Reference Vulnerability",
"Content": "CVE ID :CVE-2026-6501
Published : May 4, 2026, 3:16 p.m. | 54 minutes ago
Description :Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup.
This issue affects jOpenDocument: 1.5.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-6500 - ILM Informatique OpenConcerto Password Storage Vulnerability",
"Content": "CVE ID :CVE-2026-6500
Published : May 4, 2026, 3:16 p.m. | 54 minutes ago
Description :Plaintext storage of a password vulnerability in ILM Informatique OpenConcerto allows Retrieve Embedded Sensitive Data.
This issue affects OpenConcerto: 1.7.5.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-6500 - ILM Informatique OpenConcerto Password Storage Vulnerability",
"Content": "CVE ID :CVE-2026-6500
Published : May 4, 2026, 3:16 p.m. | 54 minutes ago
Description :Plaintext storage of a password vulnerability in ILM Informatique OpenConcerto allows Retrieve Embedded Sensitive Data.
This issue affects OpenConcerto: 1.7.5.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-33007 - Apache HTTP Server: mod_authn_socache crash",
"Content": "CVE ID :CVE-2026-33007
Published : May 4, 2026, 3:16 p.m. | 54 minutes ago
Description :A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration.
Users are recommended to upgrade to version 2.4.67, which fixes this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-33007 - Apache HTTP Server: mod_authn_socache crash",
"Content": "CVE ID :CVE-2026-33007
Published : May 4, 2026, 3:16 p.m. | 54 minutes ago
Description :A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration.
Users are recommended to upgrade to version 2.4.67, which fixes this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-33523 - Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line",
"Content": "CVE ID :CVE-2026-33523
Published : May 4, 2026, 3:16 p.m. | 54 minutes ago
Description :HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers.
This issue affects Apache HTTP Server: from through 2.4.66.
Users are recommended to upgrade to version 2.4.67, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-33523 - Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line",
"Content": "CVE ID :CVE-2026-33523
Published : May 4, 2026, 3:16 p.m. | 54 minutes ago
Description :HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers.
This issue affects Apache HTTP Server: from through 2.4.66.
Users are recommended to upgrade to version 2.4.67, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-70070 - Assimp Denial of Service Vulnerability",
"Content": "CVE ID :CVE-2025-70070
Published : May 4, 2026, 3:16 p.m. | 54 minutes ago
Description :An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXMeshGeometry.cpp, MeshGeometry::MeshGeometry()
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-70070 - Assimp Denial of Service Vulnerability",
"Content": "CVE ID :CVE-2025-70070
Published : May 4, 2026, 3:16 p.m. | 54 minutes ago
Description :An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXMeshGeometry.cpp, MeshGeometry::MeshGeometry()
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-70072 - Assimp Denial of Service Remote Code Execution",
"Content": "CVE ID :CVE-2025-70072
Published : May 4, 2026, 3:16 p.m. | 54 minutes ago
Description :An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp, FBXConverter::ConvertMeshMultiMaterial() components
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-70072 - Assimp Denial of Service Remote Code Execution",
"Content": "CVE ID :CVE-2025-70072
Published : May 4, 2026, 3:16 p.m. | 54 minutes ago
Description :An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp, FBXConverter::ConvertMeshMultiMaterial() components
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-23918 - Apache HTTP Server: http2: double free and possible RCE on early reset",
"Content": "CVE ID :CVE-2026-23918
Published : May 4, 2026, 3:16 p.m. | 54 minutes ago
Description :Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol.
This issue affects Apache HTTP Server: 2.4.66.
Users are recommended to upgrade to version 2.4.67, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-23918 - Apache HTTP Server: http2: double free and possible RCE on early reset",
"Content": "CVE ID :CVE-2026-23918
Published : May 4, 2026, 3:16 p.m. | 54 minutes ago
Description :Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol.
This issue affects Apache HTTP Server: 2.4.66.
Users are recommended to upgrade to version 2.4.67, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-29169 - Apache HTTP Server: mod_dav_lock indirect lock crash",
"Content": "CVE ID :CVE-2026-29169
Published : May 4, 2026, 3:16 p.m. | 54 minutes ago
Description :A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav or mod_dav_fs.
The only known use-case for mod_dav_lock was mod_dav_svn from Apache Subversion earlier than version 1.2.0.
Users are recommended to upgrade to version 2.4.66, which fixes this issue, or remove mod_dav_lock.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-29169 - Apache HTTP Server: mod_dav_lock indirect lock crash",
"Content": "CVE ID :CVE-2026-29169
Published : May 4, 2026, 3:16 p.m. | 54 minutes ago
Description :A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav or mod_dav_fs.
The only known use-case for mod_dav_lock was mod_dav_svn from Apache Subversion earlier than version 1.2.0.
Users are recommended to upgrade to version 2.4.66, which fixes this issue, or remove mod_dav_lock.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-33006 - Apache HTTP Server: mod_auth_digest timing attack",
"Content": "CVE ID :CVE-2026-33006
Published : May 4, 2026, 3:16 p.m. | 54 minutes ago
Description :A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker.
Users are recommended to upgrade to version 2.4.67, which fixes this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-33006 - Apache HTTP Server: mod_auth_digest timing attack",
"Content": "CVE ID :CVE-2026-33006
Published : May 4, 2026, 3:16 p.m. | 54 minutes ago
Description :A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker.
Users are recommended to upgrade to version 2.4.67, which fixes this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-13605 - Shell command injection in 3onedata GW1101-1D(RS-485)-TB-P modbus gateway",
"Content": "CVE ID :CVE-2025-13605
Published : May 4, 2026, 3:16 p.m. | 54 minutes ago
Description :3onedata modbus gateway device model GW1101-1D(RS-485)-TB-P (hardware version V2.2.0) allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools.
This issue has been resolved in firmware version 3.0.59B2024080600R4353
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-13605 - Shell command injection in 3onedata GW1101-1D(RS-485)-TB-P modbus gateway",
"Content": "CVE ID :CVE-2025-13605
Published : May 4, 2026, 3:16 p.m. | 54 minutes ago
Description :3onedata modbus gateway device model GW1101-1D(RS-485)-TB-P (hardware version V2.2.0) allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools.
This issue has been resolved in firmware version 3.0.59B2024080600R4353
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-6499 - OpenConcerto Critical Resource Permission Assignment Vulnerability",
"Content": "CVE ID :CVE-2026-6499
Published : May 4, 2026, 2:16 p.m. | 1 hour, 54 minutes ago
Description :Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique OpenConcerto allows Replace Binaries.
This issue affects OpenConcerto: 1.7.5.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-6499 - OpenConcerto Critical Resource Permission Assignment Vulnerability",
"Content": "CVE ID :CVE-2026-6499
Published : May 4, 2026, 2:16 p.m. | 1 hour, 54 minutes ago
Description :Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique OpenConcerto allows Replace Binaries.
This issue affects OpenConcerto: 1.7.5.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-4928 - Apache HTTP Server Information Disclosure",
"Content": "CVE ID :CVE-2026-4928
Published : May 4, 2026, 2:16 p.m. | 1 hour, 54 minutes ago
Description :Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-4928 - Apache HTTP Server Information Disclosure",
"Content": "CVE ID :CVE-2026-4928
Published : May 4, 2026, 2:16 p.m. | 1 hour, 54 minutes ago
Description :Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-6266 - Aap-controller: aap-gateway: account hijacking and unauthorized access via unverified email linking",
"Content": "CVE ID :CVE-2026-6266
Published : May 4, 2026, 2:16 p.m. | 1 hour, 54 minutes ago
Description :A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider (IDP) identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a victim's account or gain unauthorized access to other accounts, including administrative accounts, by manipulating the IDP-provided email.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-6266 - Aap-controller: aap-gateway: account hijacking and unauthorized access via unverified email linking",
"Content": "CVE ID :CVE-2026-6266
Published : May 4, 2026, 2:16 p.m. | 1 hour, 54 minutes ago
Description :A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider (IDP) identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a victim's account or gain unauthorized access to other accounts, including administrative accounts, by manipulating the IDP-provided email.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-31205 - Pluck CMS Cross Site Scripting (XSS) Privilege Escalation",
"Content": "CVE ID :CVE-2026-31205
Published : May 4, 2026, 2:16 p.m. | 1 hour, 54 minutes ago
Description :Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-31205 - Pluck CMS Cross Site Scripting (XSS) Privilege Escalation",
"Content": "CVE ID :CVE-2026-31205
Published : May 4, 2026, 2:16 p.m. | 1 hour, 54 minutes ago
Description :Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-70067 - Assimp FBX Importer Buffer Overflow Vulnerability",
"Content": "CVE ID :CVE-2025-70067
Published : May 4, 2026, 2:16 p.m. | 1 hour, 54 minutes ago
Description :Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryProperty, where a property key string from a crafted FBX file is copied into a fixed-size heap buffer using strcpy() without runtime length validation
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-70067 - Assimp FBX Importer Buffer Overflow Vulnerability",
"Content": "CVE ID :CVE-2025-70067
Published : May 4, 2026, 2:16 p.m. | 1 hour, 54 minutes ago
Description :Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryProperty, where a property key string from a crafted FBX file is copied into a fixed-size heap buffer using strcpy() without runtime length validation
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-70069 - Assimp Denial of Service Remote Vulnerability",
"Content": "CVE ID :CVE-2025-70069
Published : May 4, 2026, 2:16 p.m. | 1 hour, 54 minutes ago
Description :An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and ConvertMeshMultiMaterial() method
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-70069 - Assimp Denial of Service Remote Vulnerability",
"Content": "CVE ID :CVE-2025-70069
Published : May 4, 2026, 2:16 p.m. | 1 hour, 54 minutes ago
Description :An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and ConvertMeshMultiMaterial() method
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-41471 - Easy PayPal Events & Tickets 1.3 Information Disclosure via QR Code Endpoint",
"Content": "CVE ID :CVE-2026-41471
Published : May 4, 2026, 5:40 p.m. | 32 minutes ago
Description :Easy PayPal Events & Tickets plugin for WordPress versions 1.3 and earlier contain an information disclosure vulnerability in the QR code scanning endpoint that allows unauthenticated attackers to enumerate and retrieve all customer order records. Attackers can iterate over sequential WordPress post IDs through the scan_qr.php endpoint to harvest the complete set of orders stored in the database without requiring authentication or prior knowledge of specific order identifiers. This plugin was officially closed as of 2026-03-18.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-41471 - Easy PayPal Events & Tickets 1.3 Information Disclosure via QR Code Endpoint",
"Content": "CVE ID :CVE-2026-41471
Published : May 4, 2026, 5:40 p.m. | 32 minutes ago
Description :Easy PayPal Events & Tickets plugin for WordPress versions 1.3 and earlier contain an information disclosure vulnerability in the QR code scanning endpoint that allows unauthenticated attackers to enumerate and retrieve all customer order records. Attackers can iterate over sequential WordPress post IDs through the scan_qr.php endpoint to harvest the complete set of orders stored in the database without requiring authentication or prior knowledge of specific order identifiers. This plugin was officially closed as of 2026-03-18.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-32834 - Easy PayPal Events & Tickets 1.3 Authentication Bypass via QR Code Scanning",
"Content": "CVE ID :CVE-2026-32834
Published : May 4, 2026, 5:39 p.m. | 33 minutes ago
Description :Easy PayPal Events & Tickets plugin for WordPress version 1.3 and earlier contain a hardcoded authentication bypass vulnerability in the QR code scanning functionality that allows unauthenticated remote attackers to bypass hash verification by supplying 'test' as the hash parameter. Attackers can access the vulnerable endpoint via the add_wpeevent_button_qr action to retrieve sensitive order details including PayPal transaction IDs, customer email addresses, purchase amounts, and ticket information for any order with a known or guessed post ID. This plugin was officially closed as of 2026-03-18.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-32834 - Easy PayPal Events & Tickets 1.3 Authentication Bypass via QR Code Scanning",
"Content": "CVE ID :CVE-2026-32834
Published : May 4, 2026, 5:39 p.m. | 33 minutes ago
Description :Easy PayPal Events & Tickets plugin for WordPress version 1.3 and earlier contain a hardcoded authentication bypass vulnerability in the QR code scanning functionality that allows unauthenticated remote attackers to bypass hash verification by supplying 'test' as the hash parameter. Attackers can access the vulnerable endpoint via the add_wpeevent_button_qr action to retrieve sensitive order details including PayPal transaction IDs, customer email addresses, purchase amounts, and ticket information for any order with a known or guessed post ID. This plugin was officially closed as of 2026-03-18.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-42140 - Server-Side Request Forgery (SSRF) in PlantUML Macro via 'server' parameter",
"Content": "CVE ID :CVE-2026-42140
Published : May 4, 2026, 5:37 p.m. | 35 minutes ago
Description :PlantUML Macro is a macro for rendering UML diagrams from simple textual schemes. Prior to version 2.4.1, the PlantUML Macro is vulnerable to Server-Side Request Forgery (SSRF). The macro allows users to specify an alternative PlantUML server via the server parameter. However, the application does not validate the supplied URL. An attacker can supply an internal IP address or a malicious external URL. The XWiki server will attempt to connect to this URL to "render" the diagram. This issue has been patched in version 2.4.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-42140 - Server-Side Request Forgery (SSRF) in PlantUML Macro via 'server' parameter",
"Content": "CVE ID :CVE-2026-42140
Published : May 4, 2026, 5:37 p.m. | 35 minutes ago
Description :PlantUML Macro is a macro for rendering UML diagrams from simple textual schemes. Prior to version 2.4.1, the PlantUML Macro is vulnerable to Server-Side Request Forgery (SSRF). The macro allows users to specify an alternative PlantUML server via the server parameter. However, the application does not validate the supplied URL. An attacker can supply an internal IP address or a malicious external URL. The XWiki server will attempt to connect to this URL to "render" the diagram. This issue has been patched in version 2.4.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹