{
"Source": "CVE FEED",
"Title": "CVE-2025-62745 - WordPress Team Showcase plugin <= 1.22.28 - cross site scripting (xss) vulnerability",
"Content": "CVE ID :CVE-2025-62745
Published : May 25, 2026, 9:34 p.m. | 35 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Stored XSS.
This issue affects Team Showcase: from n/a through 1.22.28.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-62745 - WordPress Team Showcase plugin <= 1.22.28 - cross site scripting (xss) vulnerability",
"Content": "CVE ID :CVE-2025-62745
Published : May 25, 2026, 9:34 p.m. | 35 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Stored XSS.
This issue affects Team Showcase: from n/a through 1.22.28.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-24586 - WordPress Newses theme <= 2.0.0.77 - broken access control vulnerability",
"Content": "CVE ID :CVE-2026-24586
Published : May 25, 2026, 9:32 p.m. | 37 minutes ago
Description :Missing Authorization vulnerability in Themeansar Newses allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Newses: from n/a through 2.0.0.77.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-24586 - WordPress Newses theme <= 2.0.0.77 - broken access control vulnerability",
"Content": "CVE ID :CVE-2026-24586
Published : May 25, 2026, 9:32 p.m. | 37 minutes ago
Description :Missing Authorization vulnerability in Themeansar Newses allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Newses: from n/a through 2.0.0.77.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-24592 - WordPress Auto Affiliate Links plugin <= 6.8.8.3 - broken access control vulnerability",
"Content": "CVE ID :CVE-2026-24592
Published : May 25, 2026, 9:31 p.m. | 39 minutes ago
Description :Missing Authorization vulnerability in Lucian Apostol Auto Affiliate Links allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Auto Affiliate Links: from n/a through 6.8.8.3.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-24592 - WordPress Auto Affiliate Links plugin <= 6.8.8.3 - broken access control vulnerability",
"Content": "CVE ID :CVE-2026-24592
Published : May 25, 2026, 9:31 p.m. | 39 minutes ago
Description :Missing Authorization vulnerability in Lucian Apostol Auto Affiliate Links allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Auto Affiliate Links: from n/a through 6.8.8.3.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-9504 - GNU LibreDWG Dwggrep Utility dwggrep.c bit_convert_TU out-of-bounds",
"Content": "CVE ID :CVE-2026-9504
Published : May 25, 2026, 9:15 p.m. | 55 minutes ago
Description :A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Patch name: be996bf2178a40e98720f18c2414815d244413db. Applying a patch is the recommended action to fix this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-9504 - GNU LibreDWG Dwggrep Utility dwggrep.c bit_convert_TU out-of-bounds",
"Content": "CVE ID :CVE-2026-9504
Published : May 25, 2026, 9:15 p.m. | 55 minutes ago
Description :A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Patch name: be996bf2178a40e98720f18c2414815d244413db. Applying a patch is the recommended action to fix this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-24582 - WordPress FlexTable plugin <= 3.24.0 - broken access control vulnerability",
"Content": "CVE ID :CVE-2026-24582
Published : May 25, 2026, 9:10 p.m. | 1 hour ago
Description :Missing Authorization vulnerability in WPPOOL FlexTable allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects FlexTable: from n/a through 3.24.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-24582 - WordPress FlexTable plugin <= 3.24.0 - broken access control vulnerability",
"Content": "CVE ID :CVE-2026-24582
Published : May 25, 2026, 9:10 p.m. | 1 hour ago
Description :Missing Authorization vulnerability in WPPOOL FlexTable allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects FlexTable: from n/a through 3.24.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-24545 - WordPress QR Redirector plugin <= 2.0.3 - broken access control vulnerability",
"Content": "CVE ID :CVE-2026-24545
Published : May 25, 2026, 9:08 p.m. | 1 hour, 2 minutes ago
Description :Missing Authorization vulnerability in Nikki Blight QR Redirector allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects QR Redirector: from n/a through 2.0.3.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-24545 - WordPress QR Redirector plugin <= 2.0.3 - broken access control vulnerability",
"Content": "CVE ID :CVE-2026-24545
Published : May 25, 2026, 9:08 p.m. | 1 hour, 2 minutes ago
Description :Missing Authorization vulnerability in Nikki Blight QR Redirector allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects QR Redirector: from n/a through 2.0.3.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-24574 - WordPress Export WP Page to Static HTML/CSS plugin <= 6.0.0 - cross site request forgery (csrf) vulnerability",
"Content": "CVE ID :CVE-2026-24574
Published : May 25, 2026, 9:07 p.m. | 1 hour, 3 minutes ago
Description :Cross-Site Request Forgery (CSRF) vulnerability in Recorp Export WP Page to Static HTML/CSS allows Cross Site Request Forgery.
This issue affects Export WP Page to Static HTML/CSS: from n/a through 6.0.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-24574 - WordPress Export WP Page to Static HTML/CSS plugin <= 6.0.0 - cross site request forgery (csrf) vulnerability",
"Content": "CVE ID :CVE-2026-24574
Published : May 25, 2026, 9:07 p.m. | 1 hour, 3 minutes ago
Description :Cross-Site Request Forgery (CSRF) vulnerability in Recorp Export WP Page to Static HTML/CSS allows Cross Site Request Forgery.
This issue affects Export WP Page to Static HTML/CSS: from n/a through 6.0.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-24597 - WordPress Organization chart plugin <= 1.7.5 - cross site request forgery (csrf) vulnerability",
"Content": "CVE ID :CVE-2026-24597
Published : May 25, 2026, 9:05 p.m. | 1 hour, 4 minutes ago
Description :Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart allows Cross Site Request Forgery.
This issue affects Organization chart: from n/a through 1.7.5.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-24597 - WordPress Organization chart plugin <= 1.7.5 - cross site request forgery (csrf) vulnerability",
"Content": "CVE ID :CVE-2026-24597
Published : May 25, 2026, 9:05 p.m. | 1 hour, 4 minutes ago
Description :Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart allows Cross Site Request Forgery.
This issue affects Organization chart: from n/a through 1.7.5.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-9503 - GNU LibreDWG DWG File decode.c dwg_next_entity null pointer dereference",
"Content": "CVE ID :CVE-2026-9503
Published : May 25, 2026, 9 p.m. | 1 hour, 10 minutes ago
Description :A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwg_next_entity of the file src/decode.c of the component DWG File Handler. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The patch is identified as 8f03865f37f5d4ffd616fef802acc980be54d300. Upgrading the affected component is advised.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-9503 - GNU LibreDWG DWG File decode.c dwg_next_entity null pointer dereference",
"Content": "CVE ID :CVE-2026-9503
Published : May 25, 2026, 9 p.m. | 1 hour, 10 minutes ago
Description :A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwg_next_entity of the file src/decode.c of the component DWG File Handler. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The patch is identified as 8f03865f37f5d4ffd616fef802acc980be54d300. Upgrading the affected component is advised.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-9502 - GNU LibreDWG Dwgread Utility decode.c decompress_R2004_section heap-based overflow",
"Content": "CVE ID :CVE-2026-9502
Published : May 25, 2026, 8:45 p.m. | 1 hour, 25 minutes ago
Description :A vulnerability was identified in GNU LibreDWG up to 0.14. This affects the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is e501cb9926c1e9a07a0d1cc997f3e69e9be801c9. To fix this issue, it is recommended to deploy a patch.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-9502 - GNU LibreDWG Dwgread Utility decode.c decompress_R2004_section heap-based overflow",
"Content": "CVE ID :CVE-2026-9502
Published : May 25, 2026, 8:45 p.m. | 1 hour, 25 minutes ago
Description :A vulnerability was identified in GNU LibreDWG up to 0.14. This affects the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is e501cb9926c1e9a07a0d1cc997f3e69e9be801c9. To fix this issue, it is recommended to deploy a patch.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-9501 - GNU LibreDWG Dwgread Utility decode.c decompress_R2004_section assertion",
"Content": "CVE ID :CVE-2026-9501
Published : May 25, 2026, 8:30 p.m. | 1 hour, 40 minutes ago
Description :A vulnerability was determined in GNU LibreDWG up to 0.14. The impacted element is the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. Executing a manipulation can lead to reachable assertion. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called e501cb9926c1e9a07a0d1cc997f3e69e9be801c9. A patch should be applied to remediate this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-9501 - GNU LibreDWG Dwgread Utility decode.c decompress_R2004_section assertion",
"Content": "CVE ID :CVE-2026-9501
Published : May 25, 2026, 8:30 p.m. | 1 hour, 40 minutes ago
Description :A vulnerability was determined in GNU LibreDWG up to 0.14. The impacted element is the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. Executing a manipulation can lead to reachable assertion. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called e501cb9926c1e9a07a0d1cc997f3e69e9be801c9. A patch should be applied to remediate this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-48589 - Apache Shiro: Jakarta EE open redirect via untrusted Referer in post-login redirect flow",
"Content": "CVE ID :CVE-2026-48589
Published : May 25, 2026, 8:20 p.m. | 1 hour, 50 minutes ago
Description :Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login.
In affected versions, insufficient validation of this client-controlled value could allow an attacker to influence the redirect target in applications using the Jakarta EE module.
This issue affects Apache Shiro from 2.0-alpha to 2.2.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module.
Severity: 0.0 | NONE
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-48589 - Apache Shiro: Jakarta EE open redirect via untrusted Referer in post-login redirect flow",
"Content": "CVE ID :CVE-2026-48589
Published : May 25, 2026, 8:20 p.m. | 1 hour, 50 minutes ago
Description :Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login.
In affected versions, insufficient validation of this client-controlled value could allow an attacker to influence the redirect target in applications using the Jakarta EE module.
This issue affects Apache Shiro from 2.0-alpha to 2.2.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module.
Severity: 0.0 | NONE
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-44598 - Apache Shiro Jakarta EE module: Open redirect and SSRF (requires valid credentials)",
"Content": "CVE ID :CVE-2026-44598
Published : May 25, 2026, 8:19 p.m. | 1 hour, 50 minutes ago
Description :With valid login credentials, URL Redirection to Untrusted Site ('Open Redirect'), Server-Side Request Forgery (SSRF) vulnerability in Apache Shiro.
This issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module.
Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue by encrypting the cookie.
After successful login, Jakarta EE integration module uses shiroSavedRequest cookie to redirect to a particular web page after login.
This cookie was not validated, and can be forged to send a HTTP GET request from the server itself to an arbitrary URL from the cookie.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-44598 - Apache Shiro Jakarta EE module: Open redirect and SSRF (requires valid credentials)",
"Content": "CVE ID :CVE-2026-44598
Published : May 25, 2026, 8:19 p.m. | 1 hour, 50 minutes ago
Description :With valid login credentials, URL Redirection to Untrusted Site ('Open Redirect'), Server-Side Request Forgery (SSRF) vulnerability in Apache Shiro.
This issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module.
Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue by encrypting the cookie.
After successful login, Jakarta EE integration module uses shiroSavedRequest cookie to redirect to a particular web page after login.
This cookie was not validated, and can be forged to send a HTTP GET request from the server itself to an arbitrary URL from the cookie.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-43828 - Apache Shiro: Shiro's native session and rememberMe cookies do not have secure flag set by default",
"Content": "CVE ID :CVE-2026-43828
Published : May 25, 2026, 8:19 p.m. | 1 hour, 51 minutes ago
Description :Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute.
This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1.
Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue.
In the affected versions, Shiro-native session manager, as well as Remember-Me manager sends JSESSIONID and rememberMe cookies without 'secure' attribute by default.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-43828 - Apache Shiro: Shiro's native session and rememberMe cookies do not have secure flag set by default",
"Content": "CVE ID :CVE-2026-43828
Published : May 25, 2026, 8:19 p.m. | 1 hour, 51 minutes ago
Description :Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute.
This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1.
Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue.
In the affected versions, Shiro-native session manager, as well as Remember-Me manager sends JSESSIONID and rememberMe cookies without 'secure' attribute by default.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-48852 - PuTTY ECDSA Signature Verification Assertion Failure",
"Content": "CVE ID :CVE-2026-48852
Published : May 25, 2026, 8:19 p.m. | 1 hour, 51 minutes ago
Description :PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-48852 - PuTTY ECDSA Signature Verification Assertion Failure",
"Content": "CVE ID :CVE-2026-48852
Published : May 25, 2026, 8:19 p.m. | 1 hour, 51 minutes ago
Description :PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-43827 - Apache Shiro: Session fixation: new session is not created after login by default",
"Content": "CVE ID :CVE-2026-43827
Published : May 25, 2026, 8:19 p.m. | 1 hour, 51 minutes ago
Description :Default configurations of Apache Shiro have a session fixation vulnerability.
This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1.
Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue.
In the affected versions, when a session already exists, it is not invalidated upon successful login, nor is a new session being generated with a new ID.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-43827 - Apache Shiro: Session fixation: new session is not created after login by default",
"Content": "CVE ID :CVE-2026-43827
Published : May 25, 2026, 8:19 p.m. | 1 hour, 51 minutes ago
Description :Default configurations of Apache Shiro have a session fixation vulnerability.
This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1.
Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue.
In the affected versions, when a session already exists, it is not invalidated upon successful login, nor is a new session being generated with a new ID.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-48851 - PuTTY TELNET Icon Trust Indication Vulnerability",
"Content": "CVE ID :CVE-2026-48851
Published : May 25, 2026, 8:16 p.m. | 1 hour, 54 minutes ago
Description :PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-48851 - PuTTY TELNET Icon Trust Indication Vulnerability",
"Content": "CVE ID :CVE-2026-48851
Published : May 25, 2026, 8:16 p.m. | 1 hour, 54 minutes ago
Description :PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-9500 - GNU LibreDWG Dwgread Utility decode.c read_2004_compressed_section heap-based overflow",
"Content": "CVE ID :CVE-2026-9500
Published : May 25, 2026, 8:15 p.m. | 1 hour, 55 minutes ago
Description :A vulnerability was found in GNU LibreDWG up to 0.14. The affected element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgread Utility. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-9500 - GNU LibreDWG Dwgread Utility decode.c read_2004_compressed_section heap-based overflow",
"Content": "CVE ID :CVE-2026-9500
Published : May 25, 2026, 8:15 p.m. | 1 hour, 55 minutes ago
Description :A vulnerability was found in GNU LibreDWG up to 0.14. The affected element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgread Utility. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-48850 - PuTTY RSA KEX Double Free Vulnerability",
"Content": "CVE ID :CVE-2026-48850
Published : May 25, 2026, 8:13 p.m. | 1 hour, 56 minutes ago
Description :PuTTY 0.72 before 0.84 has a double free in RSA KEX.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-48850 - PuTTY RSA KEX Double Free Vulnerability",
"Content": "CVE ID :CVE-2026-48850
Published : May 25, 2026, 8:13 p.m. | 1 hour, 56 minutes ago
Description :PuTTY 0.72 before 0.84 has a double free in RSA KEX.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-9498 - Dromara lamp-cloud Message Template GroovyClassLoader.parseClass special elements used in a template engine",
"Content": "CVE ID :CVE-2026-9498
Published : May 25, 2026, 8 p.m. | 2 hours, 10 minutes ago
Description :A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-9498 - Dromara lamp-cloud Message Template GroovyClassLoader.parseClass special elements used in a template engine",
"Content": "CVE ID :CVE-2026-9498
Published : May 25, 2026, 8 p.m. | 2 hours, 10 minutes ago
Description :A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-9515 - Totolink CA750-PoE Setting cstecgi.cgi setUnloadUserData os command injection",
"Content": "CVE ID :CVE-2026-9515
Published : May 25, 2026, 11:15 p.m. | 57 minutes ago
Description :A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument plugin_version results in os command injection. The attack may be launched remotely. The exploit is now public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-9515 - Totolink CA750-PoE Setting cstecgi.cgi setUnloadUserData os command injection",
"Content": "CVE ID :CVE-2026-9515
Published : May 25, 2026, 11:15 p.m. | 57 minutes ago
Description :A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument plugin_version results in os command injection. The attack may be launched remotely. The exploit is now public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹