{
"Source": "CVE FEED",
"Title": "CVE-2026-8119 - Open5GS NSSF nghttp2-server.c ogs_sbi_stream_find_by_id denial of service",
"Content": "CVE ID :CVE-2026-8119
Published : May 8, 2026, midnight | 1 hour, 17 minutes ago
Description :A vulnerability was detected in Open5GS up to 2.7.7. Impacted is the function ogs_sbi_stream_find_by_id in the library /lib/sbi/nghttp2-server.c of the component NSSF. Performing a manipulation results in denial of service. Attacking locally is a requirement. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8119 - Open5GS NSSF nghttp2-server.c ogs_sbi_stream_find_by_id denial of service",
"Content": "CVE ID :CVE-2026-8119
Published : May 8, 2026, midnight | 1 hour, 17 minutes ago
Description :A vulnerability was detected in Open5GS up to 2.7.7. Impacted is the function ogs_sbi_stream_find_by_id in the library /lib/sbi/nghttp2-server.c of the component NSSF. Performing a manipulation results in denial of service. Attacking locally is a requirement. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-8115 - gyoridavid short-video-maker REST API rest.ts path traversal",
"Content": "CVE ID :CVE-2026-8115
Published : May 7, 2026, 11:16 p.m. | 2 hours ago
Description :A security flaw has been discovered in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the file src/server/routers/rest.ts of the component REST API. The manipulation of the argument req.params.tmpFile results in path traversal. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8115 - gyoridavid short-video-maker REST API rest.ts path traversal",
"Content": "CVE ID :CVE-2026-8115
Published : May 7, 2026, 11:16 p.m. | 2 hours ago
Description :A security flaw has been discovered in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the file src/server/routers/rest.ts of the component REST API. The manipulation of the argument req.params.tmpFile results in path traversal. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-42880 - ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction",
"Content": "CVE ID :CVE-2026-42880
Published : May 7, 2026, 11:16 p.m. | 2 hours ago
Description :Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server's Server-Side Apply dry-run mechanism. This issue has been patched in versions 3.2.11 and 3.3.9.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-42880 - ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction",
"Content": "CVE ID :CVE-2026-42880
Published : May 7, 2026, 11:16 p.m. | 2 hours ago
Description :Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server's Server-Side Apply dry-run mechanism. This issue has been patched in versions 3.2.11 and 3.3.9.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-6411 - MAXHUB Pivot Client Application Use of a Broken or Risky Cryptographic Algorithm",
"Content": "CVE ID :CVE-2026-6411
Published : May 7, 2026, 11:16 p.m. | 2 hours ago
Description :This vulnerability, in the MAXHUB Pivot client application versions
prior to v1.36.2, may allow an attacker to obtain encrypted tenant email
addresses and related metadata from any tenant. Due to the presence of a
hardcoded AES key within the application, the encrypted data can be
decrypted, enabling access to tenant email addresses and associated
information in cleartext. Furthermore, an attacker may be able to cause a
denial-of-service condition by enrolling multiple unauthorized devices
into a tenant via MQTT, potentially disrupting tenant operations.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-6411 - MAXHUB Pivot Client Application Use of a Broken or Risky Cryptographic Algorithm",
"Content": "CVE ID :CVE-2026-6411
Published : May 7, 2026, 11:16 p.m. | 2 hours ago
Description :This vulnerability, in the MAXHUB Pivot client application versions
prior to v1.36.2, may allow an attacker to obtain encrypted tenant email
addresses and related metadata from any tenant. Due to the presence of a
hardcoded AES key within the application, the encrypted data can be
decrypted, enabling access to tenant email addresses and associated
information in cleartext. Furthermore, an attacker may be able to cause a
denial-of-service condition by enrolling multiple unauthorized devices
into a tenant via MQTT, potentially disrupting tenant operations.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-2710 - CVE-2022-1234: Cisco Webex Meeting Server Authentication Bypass",
"Content": "CVE ID :CVE-2026-2710
Published : May 7, 2026, 11:16 p.m. | 2 hours ago
Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-2710 - CVE-2022-1234: Cisco Webex Meeting Server Authentication Bypass",
"Content": "CVE ID :CVE-2026-2710
Published : May 7, 2026, 11:16 p.m. | 2 hours ago
Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-8124 - GPAC box_code_base.c sidx_box_read allocation of resources",
"Content": "CVE ID :CVE-2026-8124
Published : May 8, 2026, 2:16 a.m. | 1 hour, 2 minutes ago
Description :A security vulnerability has been detected in GPAC up to 26.02.0. This affects the function sidx_box_read of the file src/isomedia/box_code_base.c. The manipulation leads to allocation of resources. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The identifier of the patch is 442e2299530138d8f874fd885c565ba98a6318ba. It is suggested to install a patch to address this issue.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8124 - GPAC box_code_base.c sidx_box_read allocation of resources",
"Content": "CVE ID :CVE-2026-8124
Published : May 8, 2026, 2:16 a.m. | 1 hour, 2 minutes ago
Description :A security vulnerability has been detected in GPAC up to 26.02.0. This affects the function sidx_box_read of the file src/isomedia/box_code_base.c. The manipulation leads to allocation of resources. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The identifier of the patch is 442e2299530138d8f874fd885c565ba98a6318ba. It is suggested to install a patch to address this issue.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-8125 - code-projects Simple Chat System sendMessage.php sql injection",
"Content": "CVE ID :CVE-2026-8125
Published : May 8, 2026, 2:16 a.m. | 1 hour, 2 minutes ago
Description :A vulnerability was detected in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file sendMessage.php. The manipulation of the argument type/length/business parameter validity results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8125 - code-projects Simple Chat System sendMessage.php sql injection",
"Content": "CVE ID :CVE-2026-8125
Published : May 8, 2026, 2:16 a.m. | 1 hour, 2 minutes ago
Description :A vulnerability was detected in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file sendMessage.php. The manipulation of the argument type/length/business parameter validity results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-8123 - Open5GS NSSF message.c ogs_sbi_discovery_option_add_snssais denial of service",
"Content": "CVE ID :CVE-2026-8123
Published : May 8, 2026, 2:16 a.m. | 1 hour, 2 minutes ago
Description :A vulnerability was determined in Open5GS up to 2.7.7. This impacts the function ogs_sbi_discovery_option_add_snssais in the library /lib/sbi/message.c of the component NSSF. This manipulation causes denial of service. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8123 - Open5GS NSSF message.c ogs_sbi_discovery_option_add_snssais denial of service",
"Content": "CVE ID :CVE-2026-8123
Published : May 8, 2026, 2:16 a.m. | 1 hour, 2 minutes ago
Description :A vulnerability was determined in Open5GS up to 2.7.7. This impacts the function ogs_sbi_discovery_option_add_snssais in the library /lib/sbi/message.c of the component NSSF. This manipulation causes denial of service. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-8128 - SourceCodester SUP Online Shopping viewmsg.php sql injection",
"Content": "CVE ID :CVE-2026-8128
Published : May 8, 2026, 2:15 a.m. | 1 hour, 3 minutes ago
Description :A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affected element is an unknown function of the file /admin/viewmsg.php. Performing a manipulation of the argument msgid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8128 - SourceCodester SUP Online Shopping viewmsg.php sql injection",
"Content": "CVE ID :CVE-2026-8128
Published : May 8, 2026, 2:15 a.m. | 1 hour, 3 minutes ago
Description :A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affected element is an unknown function of the file /admin/viewmsg.php. Performing a manipulation of the argument msgid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-3508 - ASUS System Control Interface Out-of-bounds Read BSOD Vulnerability",
"Content": "CVE ID :CVE-2026-3508
Published : May 8, 2026, 2 a.m. | 1 hour, 17 minutes ago
Description :An Out-of-bounds Read vulnerability in the IOCTL handler in ASUS System Control Interface allows a local user to cause system crash (BSOD) via a read size that exceeds the buffer size.Refer to the '
Security Update for MyASUS ' section on the ASUS Security Advisory for more information.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-3508 - ASUS System Control Interface Out-of-bounds Read BSOD Vulnerability",
"Content": "CVE ID :CVE-2026-3508
Published : May 8, 2026, 2 a.m. | 1 hour, 17 minutes ago
Description :An Out-of-bounds Read vulnerability in the IOCTL handler in ASUS System Control Interface allows a local user to cause system crash (BSOD) via a read size that exceeds the buffer size.Refer to the '
Security Update for MyASUS ' section on the ASUS Security Advisory for more information.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-6737 - AsusPTPFilter IOCTL Access Bypass",
"Content": "CVE ID :CVE-2026-6737
Published : May 8, 2026, 2 a.m. | 1 hour, 18 minutes ago
Description :An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms and obtain restricted touchpad information or render the touchpad unusable via crafted IOCTL requests.Refer to the '
Security Update for ASUS Precision Touchpad ' section on the ASUS Security Advisory for more information.
Severity: 2.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-6737 - AsusPTPFilter IOCTL Access Bypass",
"Content": "CVE ID :CVE-2026-6737
Published : May 8, 2026, 2 a.m. | 1 hour, 18 minutes ago
Description :An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms and obtain restricted touchpad information or render the touchpad unusable via crafted IOCTL requests.Refer to the '
Security Update for ASUS Precision Touchpad ' section on the ASUS Security Advisory for more information.
Severity: 2.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-8127 - eladmin Users API Endpoint UserController.java checkLevel access control",
"Content": "CVE ID :CVE-2026-8127
Published : May 8, 2026, 2 a.m. | 1 hour, 18 minutes ago
Description :A vulnerability has been found in eladmin up to 2.7. Impacted is the function checkLevel of the file /rest/UserController.java of the component Users API Endpoint. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8127 - eladmin Users API Endpoint UserController.java checkLevel access control",
"Content": "CVE ID :CVE-2026-8127
Published : May 8, 2026, 2 a.m. | 1 hour, 18 minutes ago
Description :A vulnerability has been found in eladmin up to 2.7. Impacted is the function checkLevel of the file /rest/UserController.java of the component Users API Endpoint. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-8126 - SourceCodester Comment System post_comment.php sql injection",
"Content": "CVE ID :CVE-2026-8126
Published : May 8, 2026, 1:45 a.m. | 1 hour, 33 minutes ago
Description :A flaw has been found in SourceCodester Comment System 1.0. This issue affects some unknown processing of the file post_comment.php. This manipulation of the argument Name causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8126 - SourceCodester Comment System post_comment.php sql injection",
"Content": "CVE ID :CVE-2026-8126
Published : May 8, 2026, 1:45 a.m. | 1 hour, 33 minutes ago
Description :A flaw has been found in SourceCodester Comment System 1.0. This issue affects some unknown processing of the file post_comment.php. This manipulation of the argument Name causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-8148 - NAVER MYBOX Explorer Windows Privilege Escalation Vulnerability",
"Content": "CVE ID :CVE-2026-8148
Published : May 8, 2026, 4:36 a.m. | 43 minutes ago
Description :NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry manipulation due to improper privilege checks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8148 - NAVER MYBOX Explorer Windows Privilege Escalation Vulnerability",
"Content": "CVE ID :CVE-2026-8148
Published : May 8, 2026, 4:36 a.m. | 43 minutes ago
Description :NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry manipulation due to improper privilege checks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-8133 - zyx0814 FilePress Shares Filelist API admin.php sql injection",
"Content": "CVE ID :CVE-2026-8133
Published : May 8, 2026, 4:16 a.m. | 1 hour, 3 minutes ago
Description :A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Affected by this vulnerability is an unknown functionality of the file dzz/shares/admin.php of the component Shares Filelist API. Such manipulation of the argument order leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The name of the patch is e20ec58414103f781858f2951d178e19b1736664. A patch should be applied to remediate this issue.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8133 - zyx0814 FilePress Shares Filelist API admin.php sql injection",
"Content": "CVE ID :CVE-2026-8133
Published : May 8, 2026, 4:16 a.m. | 1 hour, 3 minutes ago
Description :A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Affected by this vulnerability is an unknown functionality of the file dzz/shares/admin.php of the component Shares Filelist API. Such manipulation of the argument order leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The name of the patch is e20ec58414103f781858f2951d178e19b1736664. A patch should be applied to remediate this issue.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-8136 - SourceCodester Pharmacy Sales and Inventory System index.php users cross site scripting",
"Content": "CVE ID :CVE-2026-8136
Published : May 8, 2026, 4:16 a.m. | 1 hour, 3 minutes ago
Description :A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /index.php?page=users. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8136 - SourceCodester Pharmacy Sales and Inventory System index.php users cross site scripting",
"Content": "CVE ID :CVE-2026-8136
Published : May 8, 2026, 4:16 a.m. | 1 hour, 3 minutes ago
Description :A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /index.php?page=users. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-8132 - CodeAstro Leave Management System login.php sql injection",
"Content": "CVE ID :CVE-2026-8132
Published : May 8, 2026, 4:16 a.m. | 1 hour, 3 minutes ago
Description :A weakness has been identified in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /login.php. This manipulation of the argument txt_username causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8132 - CodeAstro Leave Management System login.php sql injection",
"Content": "CVE ID :CVE-2026-8132
Published : May 8, 2026, 4:16 a.m. | 1 hour, 3 minutes ago
Description :A weakness has been identified in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /login.php. This manipulation of the argument txt_username causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-43944 - electerm: dangerous code can be run through links or command line",
"Content": "CVE ID :CVE-2026-43944
Published : May 8, 2026, 4:16 a.m. | 1 hour, 3 minutes ago
Description :electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit requires clicking a crafted electerm://... link or opening a crafted shortcut/command that launches electerm with attacker-controlled opts. This issue has been patched in version 3.8.15.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-43944 - electerm: dangerous code can be run through links or command line",
"Content": "CVE ID :CVE-2026-43944
Published : May 8, 2026, 4:16 a.m. | 1 hour, 3 minutes ago
Description :electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit requires clicking a crafted electerm://... link or opening a crafted shortcut/command that launches electerm with attacker-controlled opts. This issue has been patched in version 3.8.15.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-44298 - Kimai: Arbitrary file read in invoice PDF renderer (admin)",
"Content": "CVE ID :CVE-2026-44298
Published : May 8, 2026, 4:16 a.m. | 1 hour, 3 minutes ago
Description :Kimai is an open-source time tracking application. From version 2.32.0 to before version 2.56.0, users with the role System-Admin (ROLE_SYSTE_ADMIN) and the permission upload_invoice_template can upload PDF invoice templates, which can call pdfContext.setOption('associated_files', ...) inside the sandboxed Twig render. This is forwarded to mPDF's SetAssociatedFiles(), whose writer calls file_get_contents($entry['path']) during PDF output and embeds the bytes as a FlateDecode stream in the PDF. Any file readable by the PHP worker is returned to the attacker inside the rendered invoice. This issue has been patched in version 2.56.0.
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-44298 - Kimai: Arbitrary file read in invoice PDF renderer (admin)",
"Content": "CVE ID :CVE-2026-44298
Published : May 8, 2026, 4:16 a.m. | 1 hour, 3 minutes ago
Description :Kimai is an open-source time tracking application. From version 2.32.0 to before version 2.56.0, users with the role System-Admin (ROLE_SYSTE_ADMIN) and the permission upload_invoice_template can upload PDF invoice templates, which can call pdfContext.setOption('associated_files', ...) inside the sandboxed Twig render. This is forwarded to mPDF's SetAssociatedFiles(), whose writer calls file_get_contents($entry['path']) during PDF output and embeds the bytes as a FlateDecode stream in the PDF. Any file readable by the PHP worker is returned to the attacker inside the rendered invoice. This issue has been patched in version 2.56.0.
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-8129 - SourceCodester SUP Online Shopping wishlist.php sql injection",
"Content": "CVE ID :CVE-2026-8129
Published : May 8, 2026, 4:16 a.m. | 1 hour, 3 minutes ago
Description :A vulnerability was determined in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file wishlist.php. Executing a manipulation of the argument delwlistid can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8129 - SourceCodester SUP Online Shopping wishlist.php sql injection",
"Content": "CVE ID :CVE-2026-8129
Published : May 8, 2026, 4:16 a.m. | 1 hour, 3 minutes ago
Description :A vulnerability was determined in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file wishlist.php. Executing a manipulation of the argument delwlistid can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-8130 - SourceCodester SUP Online Shopping message.php sql injection",
"Content": "CVE ID :CVE-2026-8130
Published : May 8, 2026, 4:16 a.m. | 1 hour, 3 minutes ago
Description :A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. This affects an unknown function of the file /admin/message.php. The manipulation of the argument seenid leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-8130 - SourceCodester SUP Online Shopping message.php sql injection",
"Content": "CVE ID :CVE-2026-8130
Published : May 8, 2026, 4:16 a.m. | 1 hour, 3 minutes ago
Description :A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. This affects an unknown function of the file /admin/message.php. The manipulation of the argument seenid leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹