{
"Source": "CVE FEED",
"Title": "CVE-2026-41143 - YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSave()",
"Content": "CVE ID :CVE-2026-41143
Published : May 7, 2026, 6:16 a.m. | 28 minutes ago
Description :YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data['id_fiche'] value (sourced from $_POST['id_fiche']) is concatenated directly into a raw SQL query without any sanitization or parameterization. This issue has been patched in version 4.6.1.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-41143 - YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSave()",
"Content": "CVE ID :CVE-2026-41143
Published : May 7, 2026, 6:16 a.m. | 28 minutes ago
Description :YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data['id_fiche'] value (sourced from $_POST['id_fiche']) is concatenated directly into a raw SQL query without any sanitization or parameterization. This issue has been patched in version 4.6.1.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-41413 - Istio Vulnerable to SSRF via RequestAuthentication jwksUri",
"Content": "CVE ID :CVE-2026-41413
Published : May 7, 2026, 6:16 a.m. | 28 minutes ago
Description :Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhost or link local ips. This can result in sensitive data being distributed to Envoy proxies via xDS configuration. This issue has been patched in versions 1.28.6 and 1.29.2.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-41413 - Istio Vulnerable to SSRF via RequestAuthentication jwksUri",
"Content": "CVE ID :CVE-2026-41413
Published : May 7, 2026, 6:16 a.m. | 28 minutes ago
Description :Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhost or link local ips. This can result in sensitive data being distributed to Envoy proxies via xDS configuration. This issue has been patched in versions 1.28.6 and 1.29.2.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-41586 - ObjectInputStream.readObject() without ObjectInputFilter in fabric-sdk-java allows Java deserialization RCE",
"Content": "CVE ID :CVE-2026-41586
Published : May 7, 2026, 6:16 a.m. | 28 minutes ago
Description :Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject() and exposes deSerializeChannel() which call ObjectInputStream.readObject() on untrusted byte arrays without configuring an ObjectInputFilter. This is a classic Java deserialization RCE pattern. At time of publication, there are no publicly available patches.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-41586 - ObjectInputStream.readObject() without ObjectInputFilter in fabric-sdk-java allows Java deserialization RCE",
"Content": "CVE ID :CVE-2026-41586
Published : May 7, 2026, 6:16 a.m. | 28 minutes ago
Description :Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject() and exposes deSerializeChannel() which call ObjectInputStream.readObject() on untrusted byte arrays without configuring an ObjectInputFilter. This is a classic Java deserialization RCE pattern. At time of publication, there are no publicly available patches.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-9661 - OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23/24/26/28",
"Content": "CVE ID :CVE-2025-9661
Published : May 7, 2026, 8:16 a.m. | 31 minutes ago
Description :OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28.
This issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-9661 - OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23/24/26/28",
"Content": "CVE ID :CVE-2025-9661
Published : May 7, 2026, 8:16 a.m. | 31 minutes ago
Description :OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28.
This issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-44406 - DLL Hijacking Vulnerability in ZTE Cloud PC Client uSmartview",
"Content": "CVE ID :CVE-2026-44406
Published : May 7, 2026, 8:16 a.m. | 31 minutes ago
Description :ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privilege escalation, and memory corruption.contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privilege escalation, and memory corruption.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-44406 - DLL Hijacking Vulnerability in ZTE Cloud PC Client uSmartview",
"Content": "CVE ID :CVE-2026-44406
Published : May 7, 2026, 8:16 a.m. | 31 minutes ago
Description :ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privilege escalation, and memory corruption.contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privilege escalation, and memory corruption.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-4430 - Heap Buffer Overflow in AgileEngine",
"Content": "CVE ID :CVE-2026-4430
Published : May 7, 2026, 8:16 a.m. | 31 minutes ago
Description :Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters.
This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-4430 - Heap Buffer Overflow in AgileEngine",
"Content": "CVE ID :CVE-2026-4430
Published : May 7, 2026, 8:16 a.m. | 31 minutes ago
Description :Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters.
This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-1978 - Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console",
"Content": "CVE ID :CVE-2025-1978
Published : May 7, 2026, 8:05 a.m. | 41 minutes ago
Description :Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.
This issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-1978 - Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console",
"Content": "CVE ID :CVE-2025-1978
Published : May 7, 2026, 8:05 a.m. | 41 minutes ago
Description :Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.
This issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-62127 - WordPress WEN Logo Slider plugin <= 3.4.0 - cross site scripting (xss) vulnerability",
"Content": "CVE ID :CVE-2025-62127
Published : May 7, 2026, 7:54 a.m. | 53 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Themes WEN Logo Slider allows DOM-Based XSS.
This issue affects WEN Logo Slider: from n/a through 3.4.0.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-62127 - WordPress WEN Logo Slider plugin <= 3.4.0 - cross site scripting (xss) vulnerability",
"Content": "CVE ID :CVE-2025-62127
Published : May 7, 2026, 7:54 a.m. | 53 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Themes WEN Logo Slider allows DOM-Based XSS.
This issue affects WEN Logo Slider: from n/a through 3.4.0.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-66105 - WordPress Bus Ticket Booking with Seat Reservation plugin < 5.6.8 - Broken Access Control vulnerability",
"Content": "CVE ID :CVE-2025-66105
Published : May 7, 2026, 7:46 a.m. | 1 hour ago
Description :Missing Authorization vulnerability in Magepeople inc. Bus Ticket Booking with Seat Reservation allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Bus Ticket Booking with Seat Reservation: from n/a before 5.6.8.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-66105 - WordPress Bus Ticket Booking with Seat Reservation plugin < 5.6.8 - Broken Access Control vulnerability",
"Content": "CVE ID :CVE-2025-66105
Published : May 7, 2026, 7:46 a.m. | 1 hour ago
Description :Missing Authorization vulnerability in Magepeople inc. Bus Ticket Booking with Seat Reservation allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Bus Ticket Booking with Seat Reservation: from n/a before 5.6.8.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-68060 - WordPress Team Member plugin <= 8.5 - sql injection vulnerability",
"Content": "CVE ID :CVE-2025-68060
Published : May 7, 2026, 7:44 a.m. | 1 hour, 3 minutes ago
Description :Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMart Team Member allows Blind SQL Injection.
This issue affects Team Member: from n/a through 8.5.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-68060 - WordPress Team Member plugin <= 8.5 - sql injection vulnerability",
"Content": "CVE ID :CVE-2025-68060
Published : May 7, 2026, 7:44 a.m. | 1 hour, 3 minutes ago
Description :Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMart Team Member allows Blind SQL Injection.
This issue affects Team Member: from n/a through 8.5.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-68604 - WordPress WPGraphQL plugin <= 2.5.3 - cross site request forgery (csrf) vulnerability",
"Content": "CVE ID :CVE-2025-68604
Published : May 7, 2026, 7:40 a.m. | 1 hour, 6 minutes ago
Description :Cross-Site Request Forgery (CSRF) vulnerability in WPGraphQL allows Cross Site Request Forgery.
This issue affects WPGraphQL: from n/a through 2.5.3.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-68604 - WordPress WPGraphQL plugin <= 2.5.3 - cross site request forgery (csrf) vulnerability",
"Content": "CVE ID :CVE-2025-68604
Published : May 7, 2026, 7:40 a.m. | 1 hour, 6 minutes ago
Description :Cross-Site Request Forgery (CSRF) vulnerability in WPGraphQL allows Cross Site Request Forgery.
This issue affects WPGraphQL: from n/a through 2.5.3.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-25468 - WordPress Happy Addons for Elementor plugin <= 3.20.8 - sensitive data exposure vulnerability",
"Content": "CVE ID :CVE-2026-25468
Published : May 7, 2026, 7:37 a.m. | 1 hour, 9 minutes ago
Description :Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data.
This issue affects Happy Addons for Elementor: from n/a through 3.20.8.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-25468 - WordPress Happy Addons for Elementor plugin <= 3.20.8 - sensitive data exposure vulnerability",
"Content": "CVE ID :CVE-2026-25468
Published : May 7, 2026, 7:37 a.m. | 1 hour, 9 minutes ago
Description :Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data.
This issue affects Happy Addons for Elementor: from n/a through 3.20.8.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-27329 - WordPress YITH WooCommerce Wishlist plugin <= 4.12.0 - insecure direct object references (idor) vulnerability",
"Content": "CVE ID :CVE-2026-27329
Published : May 7, 2026, 7:35 a.m. | 1 hour, 11 minutes ago
Description :Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects YITH WooCommerce Wishlist: from n/a through 4.12.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-27329 - WordPress YITH WooCommerce Wishlist plugin <= 4.12.0 - insecure direct object references (idor) vulnerability",
"Content": "CVE ID :CVE-2026-27329
Published : May 7, 2026, 7:35 a.m. | 1 hour, 11 minutes ago
Description :Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects YITH WooCommerce Wishlist: from n/a through 4.12.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-25436 - WordPress Royal Elementor Addons plugin < 1.7.1053 - Broken Access Control vulnerability",
"Content": "CVE ID :CVE-2026-25436
Published : May 7, 2026, 7:34 a.m. | 1 hour, 13 minutes ago
Description :Missing Authorization vulnerability in WProyal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Royal Elementor Addons: from n/a before 1.7.1053.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-25436 - WordPress Royal Elementor Addons plugin < 1.7.1053 - Broken Access Control vulnerability",
"Content": "CVE ID :CVE-2026-25436
Published : May 7, 2026, 7:34 a.m. | 1 hour, 13 minutes ago
Description :Missing Authorization vulnerability in WProyal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Royal Elementor Addons: from n/a before 1.7.1053.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-44407 - Remote Denial of Service Vulnerability Exists in ZTE Cloud PC Client uSmartview",
"Content": "CVE ID :CVE-2026-44407
Published : May 7, 2026, 7:33 a.m. | 1 hour, 13 minutes ago
Description :A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-44407 - Remote Denial of Service Vulnerability Exists in ZTE Cloud PC Client uSmartview",
"Content": "CVE ID :CVE-2026-44407
Published : May 7, 2026, 7:33 a.m. | 1 hour, 13 minutes ago
Description :A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-27421 - WordPress Royal Elementor Addons plugin < 1.7.1053 - Cross Site Scripting (XSS) vulnerability",
"Content": "CVE ID :CVE-2026-27421
Published : May 7, 2026, 7:31 a.m. | 1 hour, 15 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor Addons allows Stored XSS.
This issue affects Royal Elementor Addons: from n/a before 1.7.1053.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-27421 - WordPress Royal Elementor Addons plugin < 1.7.1053 - Cross Site Scripting (XSS) vulnerability",
"Content": "CVE ID :CVE-2026-27421
Published : May 7, 2026, 7:31 a.m. | 1 hour, 15 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor Addons allows Stored XSS.
This issue affects Royal Elementor Addons: from n/a before 1.7.1053.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-2514 - Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachi Virtual Storage Platform",
"Content": "CVE ID :CVE-2025-2514
Published : May 7, 2026, 7:30 a.m. | 1 hour, 16 minutes ago
Description :Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.
This issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-2514 - Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachi Virtual Storage Platform",
"Content": "CVE ID :CVE-2025-2514
Published : May 7, 2026, 7:30 a.m. | 1 hour, 16 minutes ago
Description :Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.
This issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28 : before DKCMAIN Ver 88-08-16-xx/00, GUM Ver. 88-08-20/00, before DKCMAIN Ver 93-07-26-xx/00, GUM Ver. 93-07-26/00, before DKCMAIN Ver A3-04-02-xx/00, EMS Ver. A3-04-02/00, before DKCMAIN Ver A3-03-41-xx/00, EMS Ver. A3-03-41/00, before DKCMAIN Ver A3-03-03-xx/00, EMS Ver. A3-03-02/00.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-6805 - Vulnerability on Cryptobox external sharing feature",
"Content": "CVE ID :CVE-2026-6805
Published : May 7, 2026, 10:16 a.m. | 39 minutes ago
Description :Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-6805 - Vulnerability on Cryptobox external sharing feature",
"Content": "CVE ID :CVE-2026-6805
Published : May 7, 2026, 10:16 a.m. | 39 minutes ago
Description :Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-27416 - WordPress PDF Poster plugin <= 2.4.1 - broken access control vulnerability",
"Content": "CVE ID :CVE-2026-27416
Published : May 7, 2026, 9:16 a.m. | 1 hour, 39 minutes ago
Description :Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects PDF Poster: from n/a through 2.4.1.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-27416 - WordPress PDF Poster plugin <= 2.4.1 - broken access control vulnerability",
"Content": "CVE ID :CVE-2026-27416
Published : May 7, 2026, 9:16 a.m. | 1 hour, 39 minutes ago
Description :Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects PDF Poster: from n/a through 2.4.1.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2024-43384 - Phoenix Contact: Improper removal of sensitive information in MGUARD products",
"Content": "CVE ID :CVE-2024-43384
Published : May 7, 2026, 9:16 a.m. | 1 hour, 39 minutes ago
Description :A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2024-43384 - Phoenix Contact: Improper removal of sensitive information in MGUARD products",
"Content": "CVE ID :CVE-2024-43384
Published : May 7, 2026, 9:16 a.m. | 1 hour, 39 minutes ago
Description :A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-42285 - GoBGP: Panic in AdjRib.Update via malformed BGP Update message (Nil Pointer Dereference)",
"Content": "CVE ID :CVE-2026-42285
Published : May 7, 2026, 12:16 p.m. | 40 minutes ago
Description :GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with inconsistent attribute lengths, it improperly handles the internal state transition to a "withdraw" action, leading to a nil pointer dereference in the AdjRib.Update function. This causes the entire GoBGP process to crash, resulting in a complete loss of service availability. This issue has been patched in version 4.5.0.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-42285 - GoBGP: Panic in AdjRib.Update via malformed BGP Update message (Nil Pointer Dereference)",
"Content": "CVE ID :CVE-2026-42285
Published : May 7, 2026, 12:16 p.m. | 40 minutes ago
Description :GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with inconsistent attribute lengths, it improperly handles the internal state transition to a "withdraw" action, leading to a nil pointer dereference in the AdjRib.Update function. This causes the entire GoBGP process to crash, resulting in a complete loss of service availability. This issue has been patched in version 4.5.0.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹