{
"Source": "CVE FEED",
"Title": "CVE-2026-44916 - OpenStack Ironic Unvalidated Template Injection",
"Content": "CVE ID :CVE-2026-44916
Published : May 8, 2026, 6:38 a.m. | 42 minutes ago
Description :In OpenStack Ironic through 35.x, instance_info['ks_template'] is rendered without sandboxing.
Severity: 3.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-44916 - OpenStack Ironic Unvalidated Template Injection",
"Content": "CVE ID :CVE-2026-44916
Published : May 8, 2026, 6:38 a.m. | 42 minutes ago
Description :In OpenStack Ironic through 35.x, instance_info['ks_template'] is rendered without sandboxing.
Severity: 3.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-51092 - LibreNMS OS Command Injection Vulnerability",
"Content": "CVE ID :CVE-2024-51092
Published : May 8, 2026, 6:16 a.m. | 1 hour, 4 minutes ago
Description :LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index(), SettingsController.php's update(), and PollDevice.php's initRrdDirectory().
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-51092 - LibreNMS OS Command Injection Vulnerability",
"Content": "CVE ID :CVE-2024-51092
Published : May 8, 2026, 6:16 a.m. | 1 hour, 4 minutes ago
Description :LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index(), SettingsController.php's update(), and PollDevice.php's initRrdDirectory().
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-53326 - LINQPad Deserialization Remote Code Execution",
"Content": "CVE ID :CVE-2024-53326
Published : May 8, 2026, 6:16 a.m. | 1 hour, 4 minutes ago
Description :LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache(), leading to code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-53326 - LINQPad Deserialization Remote Code Execution",
"Content": "CVE ID :CVE-2024-53326
Published : May 8, 2026, 6:16 a.m. | 1 hour, 4 minutes ago
Description :LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache(), leading to code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-27686 - Mikrotik RouterOS SMB Denial of Service",
"Content": "CVE ID :CVE-2024-27686
Published : May 8, 2026, 6:16 a.m. | 1 hour, 4 minutes ago
Description :Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) allows a remote attacker to cause a denial of service (device crash) via crafted packet data to the SMB service on TCP port 445.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-27686 - Mikrotik RouterOS SMB Denial of Service",
"Content": "CVE ID :CVE-2024-27686
Published : May 8, 2026, 6:16 a.m. | 1 hour, 4 minutes ago
Description :Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) allows a remote attacker to cause a denial of service (device crash) via crafted packet data to the SMB service on TCP port 445.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-30167 - Atlona AT-OME-MS42 Remote Command Execution Vulnerability",
"Content": "CVE ID :CVE-2024-30167
Published : May 8, 2026, 6:16 a.m. | 1 hour, 4 minutes ago
Description :/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow remote authenticated users to execute arbitrary commands as root via a POST request that carries a serverName parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-30167 - Atlona AT-OME-MS42 Remote Command Execution Vulnerability",
"Content": "CVE ID :CVE-2024-30167
Published : May 8, 2026, 6:16 a.m. | 1 hour, 4 minutes ago
Description :/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow remote authenticated users to execute arbitrary commands as root via a POST request that carries a serverName parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-33288 - "PHP Prison Management System SQL Injection"",
"Content": "CVE ID :CVE-2024-33288
Published : May 8, 2026, 6:16 a.m. | 1 hour, 4 minutes ago
Description :Prison Management System Using PHP v1.0 was discovered to contain a SQL injection vulnerability via the username on the Admin login page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-33288 - "PHP Prison Management System SQL Injection"",
"Content": "CVE ID :CVE-2024-33288
Published : May 8, 2026, 6:16 a.m. | 1 hour, 4 minutes ago
Description :Prison Management System Using PHP v1.0 was discovered to contain a SQL injection vulnerability via the username on the Admin login page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-33722 - SOPlanning SQL Injection",
"Content": "CVE ID :CVE-2024-33722
Published : May 8, 2026, 6:16 a.m. | 1 hour, 4 minutes ago
Description :SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated user via projets.php with statut[].
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-33722 - SOPlanning SQL Injection",
"Content": "CVE ID :CVE-2024-33722
Published : May 8, 2026, 6:16 a.m. | 1 hour, 4 minutes ago
Description :SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated user via projets.php with statut[].
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-33724 - SOPlanning Cross Site Scripting (XSS)",
"Content": "CVE ID :CVE-2024-33724
Published : May 8, 2026, 6:16 a.m. | 1 hour, 4 minutes ago
Description :SOPlanning 1.52.00 is vulnerable to Cross Site Scripting (XSS) via the groupe_id parameter to process/groupe_save.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-33724 - SOPlanning Cross Site Scripting (XSS)",
"Content": "CVE ID :CVE-2024-33724
Published : May 8, 2026, 6:16 a.m. | 1 hour, 4 minutes ago
Description :SOPlanning 1.52.00 is vulnerable to Cross Site Scripting (XSS) via the groupe_id parameter to process/groupe_save.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-45257 - BYOB Command Injection Vulnerability",
"Content": "CVE ID :CVE-2024-45257
Published : May 8, 2026, 6:16 a.m. | 1 hour, 4 minutes ago
Description :A Command Injection issue in the payload build page in BYOB (Build Your Own Botnet) 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-45257 - BYOB Command Injection Vulnerability",
"Content": "CVE ID :CVE-2024-45257
Published : May 8, 2026, 6:16 a.m. | 1 hour, 4 minutes ago
Description :A Command Injection issue in the payload build page in BYOB (Build Your Own Botnet) 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-46507 - Yeti-Platform SSTI Code Execution",
"Content": "CVE ID :CVE-2024-46507
Published : May 8, 2026, 6:16 a.m. | 1 hour, 4 minutes ago
Description :A SSTI (server side template injection) vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-46507 - Yeti-Platform SSTI Code Execution",
"Content": "CVE ID :CVE-2024-46507
Published : May 8, 2026, 6:16 a.m. | 1 hour, 4 minutes ago
Description :A SSTI (server side template injection) vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-46508 - Yeti-Platform JWT Token Forgery Vulnerability",
"Content": "CVE ID :CVE-2024-46508
Published : May 8, 2026, 6:16 a.m. | 1 hour, 4 minutes ago
Description :yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed (by setting YETI_AUTH_SECRET_KEY to a value other than SECRET).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-46508 - Yeti-Platform JWT Token Forgery Vulnerability",
"Content": "CVE ID :CVE-2024-46508
Published : May 8, 2026, 6:16 a.m. | 1 hour, 4 minutes ago
Description :yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed (by setting YETI_AUTH_SECRET_KEY to a value other than SECRET).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2023-47268 - PrusaSlicer Code Injection Vulnerability",
"Content": "CVE ID :CVE-2023-47268
Published : May 8, 2026, 6:16 a.m. | 1 hour, 4 minutes ago
Description :In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is sliced and G-code exported.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2023-47268 - PrusaSlicer Code Injection Vulnerability",
"Content": "CVE ID :CVE-2023-47268
Published : May 8, 2026, 6:16 a.m. | 1 hour, 4 minutes ago
Description :In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is sliced and G-code exported.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-8149 - GCM chunking can lead to bad tag exception on decryption",
"Content": "CVE ID :CVE-2026-8149
Published : May 8, 2026, 6:01 a.m. | 1 hour, 19 minutes ago
Description :A vulnerability in Legion of the Bouncy Castle Inc. BC-FJA BC-FIPS on Linux, X86_64, AVX, AVX-512f.
This vulnerability is associated with program files gcm128w, gcm512w.
This issue affects BC-FJA: from 2.1.0 through 2.1.2.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-8149 - GCM chunking can lead to bad tag exception on decryption",
"Content": "CVE ID :CVE-2026-8149
Published : May 8, 2026, 6:01 a.m. | 1 hour, 19 minutes ago
Description :A vulnerability in Legion of the Bouncy Castle Inc. BC-FJA BC-FIPS on Linux, X86_64, AVX, AVX-512f.
This vulnerability is associated with program files gcm128w, gcm512w.
This issue affects BC-FJA: from 2.1.0 through 2.1.2.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-4935 - SureTriggers < 1.1.23 โ Unauthenticated SQLi",
"Content": "CVE ID :CVE-2026-4935
Published : May 8, 2026, 6 a.m. | 1 hour, 21 minutes ago
Description :The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does not properly sanitize user input before using it in a SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-4935 - SureTriggers < 1.1.23 โ Unauthenticated SQLi",
"Content": "CVE ID :CVE-2026-4935
Published : May 8, 2026, 6 a.m. | 1 hour, 21 minutes ago
Description :The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does not properly sanitize user input before using it in a SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-8069 - PredatorSense V3: Local Privilege Escalation (LPE) vulnerability",
"Content": "CVE ID :CVE-2026-8069
Published : May 8, 2026, 5:57 a.m. | 1 hour, 23 minutes ago
Description :PredatorSense version 3.00.3136 to 3.00.3196 contain Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with NT AUTHORITY\SYSTEM privileges and to delete arbitrary files with SYSTEM privileges. By leveraging this, an attacker can execute arbitrary code on the target system with elevated privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-8069 - PredatorSense V3: Local Privilege Escalation (LPE) vulnerability",
"Content": "CVE ID :CVE-2026-8069
Published : May 8, 2026, 5:57 a.m. | 1 hour, 23 minutes ago
Description :PredatorSense version 3.00.3136 to 3.00.3196 contain Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with NT AUTHORITY\SYSTEM privileges and to delete arbitrary files with SYSTEM privileges. By leveraging this, an attacker can execute arbitrary code on the target system with elevated privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-42279 - solidtime: Time entry update endpoint allows cross-organization modification of a known time-entry UUID",
"Content": "CVE ID :CVE-2026-42279
Published : May 8, 2026, 5:16 a.m. | 2 hours, 4 minutes ago
Description :solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/{organization}/time-entries/{timeEntry} API accepts a route-bound timeEntry from another organization when the caller has time-entries:update:all in the URL organization, allowing a known foreign time-entry UUID to be modified and rebound to objects in the caller's organization. This issue has been patched in version 0.12.1.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-42279 - solidtime: Time entry update endpoint allows cross-organization modification of a known time-entry UUID",
"Content": "CVE ID :CVE-2026-42279
Published : May 8, 2026, 5:16 a.m. | 2 hours, 4 minutes ago
Description :solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/{organization}/time-entries/{timeEntry} API accepts a route-bound timeEntry from another organization when the caller has time-entries:update:all in the URL organization, allowing a known foreign time-entry UUID to be modified and rebound to objects in the caller's organization. This issue has been patched in version 0.12.1.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-8137 - Totolink X5000R formDdns sub_458E40 buffer overflow",
"Content": "CVE ID :CVE-2026-8137
Published : May 8, 2026, 5:16 a.m. | 2 hours, 4 minutes ago
Description :A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vulnerability affects the function sub_458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-8137 - Totolink X5000R formDdns sub_458E40 buffer overflow",
"Content": "CVE ID :CVE-2026-8137
Published : May 8, 2026, 5:16 a.m. | 2 hours, 4 minutes ago
Description :A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vulnerability affects the function sub_458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-8138 - Tenda CX12L SetPptpServerCfgโ formSetPPTPServer stack-based overflow",
"Content": "CVE ID :CVE-2026-8138
Published : May 8, 2026, 5:16 a.m. | 2 hours, 4 minutes ago
Description :A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfgโ. The manipulation results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-8138 - Tenda CX12L SetPptpServerCfgโ formSetPPTPServer stack-based overflow",
"Content": "CVE ID :CVE-2026-8138
Published : May 8, 2026, 5:16 a.m. | 2 hours, 4 minutes ago
Description :A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfgโ. The manipulation results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-42276 - Onyx: IDOR in /chat/stop-chat-session allows any authenticated user to interrupt other users chat sessions",
"Content": "CVE ID :CVE-2026-42276
Published : May 8, 2026, 5:16 a.m. | 2 hours, 4 minutes ago
Description :Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the POST /chat/stop-chat-session/{chat_session_id} endpoint lets any authenticated user stop any other user's active chat session. The endpoint checks authentication but never verifies the session belongs to the caller. An attacker who knows a chat session UUID can kill another user's LLM generation mid-stream. This issue has been patched in versions 3.0.9, 3.1.6, and 3.2.6.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-42276 - Onyx: IDOR in /chat/stop-chat-session allows any authenticated user to interrupt other users chat sessions",
"Content": "CVE ID :CVE-2026-42276
Published : May 8, 2026, 5:16 a.m. | 2 hours, 4 minutes ago
Description :Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the POST /chat/stop-chat-session/{chat_session_id} endpoint lets any authenticated user stop any other user's active chat session. The endpoint checks authentication but never verifies the session belongs to the caller. An attacker who knows a chat session UUID can kill another user's LLM generation mid-stream. This issue has been patched in versions 3.0.9, 3.1.6, and 3.2.6.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-42277 - Onyx: IDOR in /chat/file/{file_id} allows any authenticated user to download other users files",
"Content": "CVE ID :CVE-2026-42277
Published : May 8, 2026, 5:16 a.m. | 2 hours, 4 minutes ago
Description :Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/{file_id} endpoint allows any authenticated user to download any other user's uploaded files by providing the file UUID. The endpoint verifies the caller is authenticated but never checks that the file belongs to them. An attacker who knows or obtains a file UUID can access confidential documents, chat attachments, and other files uploaded by any user in the system. This issue has been patched in versions 3.0.9, 3.1.6, and 3.2.6.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-42277 - Onyx: IDOR in /chat/file/{file_id} allows any authenticated user to download other users files",
"Content": "CVE ID :CVE-2026-42277
Published : May 8, 2026, 5:16 a.m. | 2 hours, 4 minutes ago
Description :Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/{file_id} endpoint allows any authenticated user to download any other user's uploaded files by providing the file UUID. The endpoint verifies the caller is authenticated but never checks that the file belongs to them. An attacker who knows or obtains a file UUID can access confidential documents, chat attachments, and other files uploaded by any user in the system. This issue has been patched in versions 3.0.9, 3.1.6, and 3.2.6.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-7330 - Auto Affiliate Links <= 6.8.8 - unauthenticated stored cross-site scripting via 'url' parameter",
"Content": "CVE ID :CVE-2026-7330
Published : May 8, 2026, 8:26 a.m. | 55 minutes ago
Description :The Auto Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.8.8 This is due to insufficient input sanitization on the 'url' POST parameter in the aal_url_stats_save_action() function and a complete absence of output escaping in aal_display_clicks(), where the stored value is echoed directly into an anchor element's href attribute and inner text without esc_url(), esc_attr(), or esc_html(). This makes it possible for unauthenticated attackers to inject arbitrary web scripts into the admin statistics page that execute in an administrator's browser when the page is visited, leveraging a publicly exposed nonce and an unauthenticated AJAX endpoint registered via the wp_ajax_nopriv_ hook.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-7330 - Auto Affiliate Links <= 6.8.8 - unauthenticated stored cross-site scripting via 'url' parameter",
"Content": "CVE ID :CVE-2026-7330
Published : May 8, 2026, 8:26 a.m. | 55 minutes ago
Description :The Auto Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.8.8 This is due to insufficient input sanitization on the 'url' POST parameter in the aal_url_stats_save_action() function and a complete absence of output escaping in aal_display_clicks(), where the stored value is echoed directly into an anchor element's href attribute and inner text without esc_url(), esc_attr(), or esc_html(). This makes it possible for unauthenticated attackers to inject arbitrary web scripts into the admin statistics page that execute in an administrator's browser when the page is visited, leveraging a publicly exposed nonce and an unauthenticated AJAX endpoint registered via the wp_ajax_nopriv_ hook.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น