{
"Source": "CVE FEED",
"Title": "CVE-2026-8122 - Open5GS NSSF message.c ogs_sbi_discovery_option_add_service_names denial of service",
"Content": "CVE ID :CVE-2026-8122
Published : May 8, 2026, 12:45 a.m. | 32 minutes ago
Description :A vulnerability was found in Open5GS up to 2.7.7. This affects the function ogs_sbi_discovery_option_add_service_names in the library /lib/sbi/message.c of the component NSSF. The manipulation results in denial of service. The attack may be performed from remote. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8122 - Open5GS NSSF message.c ogs_sbi_discovery_option_add_service_names denial of service",
"Content": "CVE ID :CVE-2026-8122
Published : May 8, 2026, 12:45 a.m. | 32 minutes ago
Description :A vulnerability was found in Open5GS up to 2.7.7. This affects the function ogs_sbi_discovery_option_add_service_names in the library /lib/sbi/message.c of the component NSSF. The manipulation results in denial of service. The attack may be performed from remote. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-8121 - Open5GS NSSF conv.c ogs_sbi_parse_plmn_list denial of service",
"Content": "CVE ID :CVE-2026-8121
Published : May 8, 2026, 12:30 a.m. | 47 minutes ago
Description :A vulnerability has been found in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_parse_plmn_list in the library /lib/sbi/conv.c of the component NSSF. The manipulation leads to denial of service. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8121 - Open5GS NSSF conv.c ogs_sbi_parse_plmn_list denial of service",
"Content": "CVE ID :CVE-2026-8121
Published : May 8, 2026, 12:30 a.m. | 47 minutes ago
Description :A vulnerability has been found in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_parse_plmn_list in the library /lib/sbi/conv.c of the component NSSF. The manipulation leads to denial of service. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-8117 - SourceCodester Pizzafy Ecommerce System index.php cross site scripting",
"Content": "CVE ID :CVE-2026-8117
Published : May 8, 2026, 12:16 a.m. | 1 hour, 1 minute ago
Description :A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects some unknown processing of the file /admin/index.php. Such manipulation of the argument page leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8117 - SourceCodester Pizzafy Ecommerce System index.php cross site scripting",
"Content": "CVE ID :CVE-2026-8117
Published : May 8, 2026, 12:16 a.m. | 1 hour, 1 minute ago
Description :A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects some unknown processing of the file /admin/index.php. Such manipulation of the argument page leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-8116 - huangjunsen0406 xiaozhi-mcphub dxtController.ts path traversal",
"Content": "CVE ID :CVE-2026-8116
Published : May 8, 2026, 12:16 a.m. | 1 hour, 1 minute ago
Description :A weakness has been identified in huangjunsen0406 xiaozhi-mcphub up to 1.0.3. This vulnerability affects unknown code of the file src/controllers/dxtController.ts. This manipulation of the argument manifest.name causes path traversal. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8116 - huangjunsen0406 xiaozhi-mcphub dxtController.ts path traversal",
"Content": "CVE ID :CVE-2026-8116
Published : May 8, 2026, 12:16 a.m. | 1 hour, 1 minute ago
Description :A weakness has been identified in huangjunsen0406 xiaozhi-mcphub up to 1.0.3. This vulnerability affects unknown code of the file src/controllers/dxtController.ts. This manipulation of the argument manifest.name causes path traversal. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-8120 - Open5GS NSSF nnssf-handler.c denial of service",
"Content": "CVE ID :CVE-2026-8120
Published : May 8, 2026, 12:15 a.m. | 1 hour, 2 minutes ago
Description :A flaw has been found in Open5GS up to 2.7.7. The affected element is the function nssf_nnrf_nsselection_handle_get_from_amf_or_vnssf of the file /src/nssf/nnssf-handler.c of the component NSSF. Executing a manipulation can lead to denial of service. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8120 - Open5GS NSSF nnssf-handler.c denial of service",
"Content": "CVE ID :CVE-2026-8120
Published : May 8, 2026, 12:15 a.m. | 1 hour, 2 minutes ago
Description :A flaw has been found in Open5GS up to 2.7.7. The affected element is the function nssf_nnrf_nsselection_handle_get_from_amf_or_vnssf of the file /src/nssf/nnssf-handler.c of the component NSSF. Executing a manipulation can lead to denial of service. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-8119 - Open5GS NSSF nghttp2-server.c ogs_sbi_stream_find_by_id denial of service",
"Content": "CVE ID :CVE-2026-8119
Published : May 8, 2026, midnight | 1 hour, 17 minutes ago
Description :A vulnerability was detected in Open5GS up to 2.7.7. Impacted is the function ogs_sbi_stream_find_by_id in the library /lib/sbi/nghttp2-server.c of the component NSSF. Performing a manipulation results in denial of service. Attacking locally is a requirement. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8119 - Open5GS NSSF nghttp2-server.c ogs_sbi_stream_find_by_id denial of service",
"Content": "CVE ID :CVE-2026-8119
Published : May 8, 2026, midnight | 1 hour, 17 minutes ago
Description :A vulnerability was detected in Open5GS up to 2.7.7. Impacted is the function ogs_sbi_stream_find_by_id in the library /lib/sbi/nghttp2-server.c of the component NSSF. Performing a manipulation results in denial of service. Attacking locally is a requirement. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-8115 - gyoridavid short-video-maker REST API rest.ts path traversal",
"Content": "CVE ID :CVE-2026-8115
Published : May 7, 2026, 11:16 p.m. | 2 hours ago
Description :A security flaw has been discovered in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the file src/server/routers/rest.ts of the component REST API. The manipulation of the argument req.params.tmpFile results in path traversal. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8115 - gyoridavid short-video-maker REST API rest.ts path traversal",
"Content": "CVE ID :CVE-2026-8115
Published : May 7, 2026, 11:16 p.m. | 2 hours ago
Description :A security flaw has been discovered in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the file src/server/routers/rest.ts of the component REST API. The manipulation of the argument req.params.tmpFile results in path traversal. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-42880 - ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction",
"Content": "CVE ID :CVE-2026-42880
Published : May 7, 2026, 11:16 p.m. | 2 hours ago
Description :Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server's Server-Side Apply dry-run mechanism. This issue has been patched in versions 3.2.11 and 3.3.9.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-42880 - ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction",
"Content": "CVE ID :CVE-2026-42880
Published : May 7, 2026, 11:16 p.m. | 2 hours ago
Description :Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server's Server-Side Apply dry-run mechanism. This issue has been patched in versions 3.2.11 and 3.3.9.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-6411 - MAXHUB Pivot Client Application Use of a Broken or Risky Cryptographic Algorithm",
"Content": "CVE ID :CVE-2026-6411
Published : May 7, 2026, 11:16 p.m. | 2 hours ago
Description :This vulnerability, in the MAXHUB Pivot client application versions
prior to v1.36.2, may allow an attacker to obtain encrypted tenant email
addresses and related metadata from any tenant. Due to the presence of a
hardcoded AES key within the application, the encrypted data can be
decrypted, enabling access to tenant email addresses and associated
information in cleartext. Furthermore, an attacker may be able to cause a
denial-of-service condition by enrolling multiple unauthorized devices
into a tenant via MQTT, potentially disrupting tenant operations.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-6411 - MAXHUB Pivot Client Application Use of a Broken or Risky Cryptographic Algorithm",
"Content": "CVE ID :CVE-2026-6411
Published : May 7, 2026, 11:16 p.m. | 2 hours ago
Description :This vulnerability, in the MAXHUB Pivot client application versions
prior to v1.36.2, may allow an attacker to obtain encrypted tenant email
addresses and related metadata from any tenant. Due to the presence of a
hardcoded AES key within the application, the encrypted data can be
decrypted, enabling access to tenant email addresses and associated
information in cleartext. Furthermore, an attacker may be able to cause a
denial-of-service condition by enrolling multiple unauthorized devices
into a tenant via MQTT, potentially disrupting tenant operations.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2710 - CVE-2022-1234: Cisco Webex Meeting Server Authentication Bypass",
"Content": "CVE ID :CVE-2026-2710
Published : May 7, 2026, 11:16 p.m. | 2 hours ago
Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2710 - CVE-2022-1234: Cisco Webex Meeting Server Authentication Bypass",
"Content": "CVE ID :CVE-2026-2710
Published : May 7, 2026, 11:16 p.m. | 2 hours ago
Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-8124 - GPAC box_code_base.c sidx_box_read allocation of resources",
"Content": "CVE ID :CVE-2026-8124
Published : May 8, 2026, 2:16 a.m. | 1 hour, 2 minutes ago
Description :A security vulnerability has been detected in GPAC up to 26.02.0. This affects the function sidx_box_read of the file src/isomedia/box_code_base.c. The manipulation leads to allocation of resources. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The identifier of the patch is 442e2299530138d8f874fd885c565ba98a6318ba. It is suggested to install a patch to address this issue.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8124 - GPAC box_code_base.c sidx_box_read allocation of resources",
"Content": "CVE ID :CVE-2026-8124
Published : May 8, 2026, 2:16 a.m. | 1 hour, 2 minutes ago
Description :A security vulnerability has been detected in GPAC up to 26.02.0. This affects the function sidx_box_read of the file src/isomedia/box_code_base.c. The manipulation leads to allocation of resources. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The identifier of the patch is 442e2299530138d8f874fd885c565ba98a6318ba. It is suggested to install a patch to address this issue.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-8125 - code-projects Simple Chat System sendMessage.php sql injection",
"Content": "CVE ID :CVE-2026-8125
Published : May 8, 2026, 2:16 a.m. | 1 hour, 2 minutes ago
Description :A vulnerability was detected in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file sendMessage.php. The manipulation of the argument type/length/business parameter validity results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8125 - code-projects Simple Chat System sendMessage.php sql injection",
"Content": "CVE ID :CVE-2026-8125
Published : May 8, 2026, 2:16 a.m. | 1 hour, 2 minutes ago
Description :A vulnerability was detected in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file sendMessage.php. The manipulation of the argument type/length/business parameter validity results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-8123 - Open5GS NSSF message.c ogs_sbi_discovery_option_add_snssais denial of service",
"Content": "CVE ID :CVE-2026-8123
Published : May 8, 2026, 2:16 a.m. | 1 hour, 2 minutes ago
Description :A vulnerability was determined in Open5GS up to 2.7.7. This impacts the function ogs_sbi_discovery_option_add_snssais in the library /lib/sbi/message.c of the component NSSF. This manipulation causes denial of service. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8123 - Open5GS NSSF message.c ogs_sbi_discovery_option_add_snssais denial of service",
"Content": "CVE ID :CVE-2026-8123
Published : May 8, 2026, 2:16 a.m. | 1 hour, 2 minutes ago
Description :A vulnerability was determined in Open5GS up to 2.7.7. This impacts the function ogs_sbi_discovery_option_add_snssais in the library /lib/sbi/message.c of the component NSSF. This manipulation causes denial of service. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-8128 - SourceCodester SUP Online Shopping viewmsg.php sql injection",
"Content": "CVE ID :CVE-2026-8128
Published : May 8, 2026, 2:15 a.m. | 1 hour, 3 minutes ago
Description :A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affected element is an unknown function of the file /admin/viewmsg.php. Performing a manipulation of the argument msgid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8128 - SourceCodester SUP Online Shopping viewmsg.php sql injection",
"Content": "CVE ID :CVE-2026-8128
Published : May 8, 2026, 2:15 a.m. | 1 hour, 3 minutes ago
Description :A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affected element is an unknown function of the file /admin/viewmsg.php. Performing a manipulation of the argument msgid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-3508 - ASUS System Control Interface Out-of-bounds Read BSOD Vulnerability",
"Content": "CVE ID :CVE-2026-3508
Published : May 8, 2026, 2 a.m. | 1 hour, 17 minutes ago
Description :An Out-of-bounds Read vulnerability in the IOCTL handler in ASUS System Control Interface allows a local user to cause system crash (BSOD) via a read size that exceeds the buffer size.Refer to the '
Security Update for MyASUS ' section on the ASUS Security Advisory for more information.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-3508 - ASUS System Control Interface Out-of-bounds Read BSOD Vulnerability",
"Content": "CVE ID :CVE-2026-3508
Published : May 8, 2026, 2 a.m. | 1 hour, 17 minutes ago
Description :An Out-of-bounds Read vulnerability in the IOCTL handler in ASUS System Control Interface allows a local user to cause system crash (BSOD) via a read size that exceeds the buffer size.Refer to the '
Security Update for MyASUS ' section on the ASUS Security Advisory for more information.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-6737 - AsusPTPFilter IOCTL Access Bypass",
"Content": "CVE ID :CVE-2026-6737
Published : May 8, 2026, 2 a.m. | 1 hour, 18 minutes ago
Description :An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms and obtain restricted touchpad information or render the touchpad unusable via crafted IOCTL requests.Refer to the '
Security Update for ASUS Precision Touchpad ' section on the ASUS Security Advisory for more information.
Severity: 2.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-6737 - AsusPTPFilter IOCTL Access Bypass",
"Content": "CVE ID :CVE-2026-6737
Published : May 8, 2026, 2 a.m. | 1 hour, 18 minutes ago
Description :An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms and obtain restricted touchpad information or render the touchpad unusable via crafted IOCTL requests.Refer to the '
Security Update for ASUS Precision Touchpad ' section on the ASUS Security Advisory for more information.
Severity: 2.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-8127 - eladmin Users API Endpoint UserController.java checkLevel access control",
"Content": "CVE ID :CVE-2026-8127
Published : May 8, 2026, 2 a.m. | 1 hour, 18 minutes ago
Description :A vulnerability has been found in eladmin up to 2.7. Impacted is the function checkLevel of the file /rest/UserController.java of the component Users API Endpoint. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8127 - eladmin Users API Endpoint UserController.java checkLevel access control",
"Content": "CVE ID :CVE-2026-8127
Published : May 8, 2026, 2 a.m. | 1 hour, 18 minutes ago
Description :A vulnerability has been found in eladmin up to 2.7. Impacted is the function checkLevel of the file /rest/UserController.java of the component Users API Endpoint. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-8126 - SourceCodester Comment System post_comment.php sql injection",
"Content": "CVE ID :CVE-2026-8126
Published : May 8, 2026, 1:45 a.m. | 1 hour, 33 minutes ago
Description :A flaw has been found in SourceCodester Comment System 1.0. This issue affects some unknown processing of the file post_comment.php. This manipulation of the argument Name causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8126 - SourceCodester Comment System post_comment.php sql injection",
"Content": "CVE ID :CVE-2026-8126
Published : May 8, 2026, 1:45 a.m. | 1 hour, 33 minutes ago
Description :A flaw has been found in SourceCodester Comment System 1.0. This issue affects some unknown processing of the file post_comment.php. This manipulation of the argument Name causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-8148 - NAVER MYBOX Explorer Windows Privilege Escalation Vulnerability",
"Content": "CVE ID :CVE-2026-8148
Published : May 8, 2026, 4:36 a.m. | 43 minutes ago
Description :NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry manipulation due to improper privilege checks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8148 - NAVER MYBOX Explorer Windows Privilege Escalation Vulnerability",
"Content": "CVE ID :CVE-2026-8148
Published : May 8, 2026, 4:36 a.m. | 43 minutes ago
Description :NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry manipulation due to improper privilege checks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-8133 - zyx0814 FilePress Shares Filelist API admin.php sql injection",
"Content": "CVE ID :CVE-2026-8133
Published : May 8, 2026, 4:16 a.m. | 1 hour, 3 minutes ago
Description :A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Affected by this vulnerability is an unknown functionality of the file dzz/shares/admin.php of the component Shares Filelist API. Such manipulation of the argument order leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The name of the patch is e20ec58414103f781858f2951d178e19b1736664. A patch should be applied to remediate this issue.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8133 - zyx0814 FilePress Shares Filelist API admin.php sql injection",
"Content": "CVE ID :CVE-2026-8133
Published : May 8, 2026, 4:16 a.m. | 1 hour, 3 minutes ago
Description :A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Affected by this vulnerability is an unknown functionality of the file dzz/shares/admin.php of the component Shares Filelist API. Such manipulation of the argument order leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The name of the patch is e20ec58414103f781858f2951d178e19b1736664. A patch should be applied to remediate this issue.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-8136 - SourceCodester Pharmacy Sales and Inventory System index.php users cross site scripting",
"Content": "CVE ID :CVE-2026-8136
Published : May 8, 2026, 4:16 a.m. | 1 hour, 3 minutes ago
Description :A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /index.php?page=users. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8136 - SourceCodester Pharmacy Sales and Inventory System index.php users cross site scripting",
"Content": "CVE ID :CVE-2026-8136
Published : May 8, 2026, 4:16 a.m. | 1 hour, 3 minutes ago
Description :A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /index.php?page=users. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹