{
"Source": "CVE FEED",
"Title": "CVE-2026-48688 - FastNetMon Community Edition BGP MP_REACH_NLRI IPv6 Attribute Decoder Out-of-Bounds Read Vulnerability",
"Content": "CVE ID :CVE-2026-48688
Published : May 26, 2026, 4:16 p.m. | 22 minutes ago
Description :FastNetMon Community Edition through 1.2.9 contains multiple out-of-bounds reads in the BGP MP_REACH_NLRI IPv6 attribute decoder. The function decode_mp_reach_ipv6() in src/bgp_protocol.cpp contains a TODO comment at line 156 explicitly acknowledging 'we should add sanity checks to avoid reads after attribute memory block.' The function casts raw pointers to structure types without verifying sufficient data exists (line 158), uses the attacker-controlled length_of_next_hop field to determine memcpy size (line 181), and computes prefix_length by dereferencing a pointer calculated from multiple attacker-controlled offsets without bounds validation (line 189). The prefix_length is then used to calculate number_of_bytes_required_for_prefix which becomes a memcpy length (line 202) with no check against remaining buffer size.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-48688 - FastNetMon Community Edition BGP MP_REACH_NLRI IPv6 Attribute Decoder Out-of-Bounds Read Vulnerability",
"Content": "CVE ID :CVE-2026-48688
Published : May 26, 2026, 4:16 p.m. | 22 minutes ago
Description :FastNetMon Community Edition through 1.2.9 contains multiple out-of-bounds reads in the BGP MP_REACH_NLRI IPv6 attribute decoder. The function decode_mp_reach_ipv6() in src/bgp_protocol.cpp contains a TODO comment at line 156 explicitly acknowledging 'we should add sanity checks to avoid reads after attribute memory block.' The function casts raw pointers to structure types without verifying sufficient data exists (line 158), uses the attacker-controlled length_of_next_hop field to determine memcpy size (line 181), and computes prefix_length by dereferencing a pointer calculated from multiple attacker-controlled offsets without bounds validation (line 189). The prefix_length is then used to calculate number_of_bytes_required_for_prefix which becomes a memcpy length (line 202) with no check against remaining buffer size.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-43934 - e107: Broken Access Control in e107 comment edit allows cross-user comment modification",
"Content": "CVE ID :CVE-2026-43934
Published : May 26, 2026, 4:16 p.m. | 22 minutes ago
Description :e107 is a content management system (CMS). Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access control validation, where the application depends only on a predictable identifier in the request to determine which comment to edit, without confirming the requesting userโs ownership of the comment. This vulnerability is fixed in 2.3.4.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-43934 - e107: Broken Access Control in e107 comment edit allows cross-user comment modification",
"Content": "CVE ID :CVE-2026-43934
Published : May 26, 2026, 4:16 p.m. | 22 minutes ago
Description :e107 is a content management system (CMS). Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access control validation, where the application depends only on a predictable identifier in the request to determine which comment to edit, without confirming the requesting userโs ownership of the comment. This vulnerability is fixed in 2.3.4.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-43935 - e107: Host Header Injection in e107 password reset enables phishing",
"Content": "CVE ID :CVE-2026-43935
Published : May 26, 2026, 4:16 p.m. | 22 minutes ago
Description :e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset links pointing to attacker-controlled domains. This can lead to phishing attacks, account takeover, or other security risks. The severity is high, as the vulnerability affects a critical function related to user authentication. This vulnerability is fixed in 2.3.4.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-43935 - e107: Host Header Injection in e107 password reset enables phishing",
"Content": "CVE ID :CVE-2026-43935
Published : May 26, 2026, 4:16 p.m. | 22 minutes ago
Description :e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset links pointing to attacker-controlled domains. This can lead to phishing attacks, account takeover, or other security risks. The severity is high, as the vulnerability affects a critical function related to user authentication. This vulnerability is fixed in 2.3.4.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-43936 - e107: Server-Side Request Forgery (SSRF) in the remote file fetcher",
"Content": "CVE ID :CVE-2026-43936
Published : May 26, 2026, 4:16 p.m. | 22 minutes ago
Description :e107 is a content management system (CMS). Prior to 2.3.4, you can access the local environment by specifying the URL of the local environment from "Image/File URL:" of "From a remote location" in "Media Manager" on the administrator screen. This vulnerability is fixed in 2.3.4.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-43936 - e107: Server-Side Request Forgery (SSRF) in the remote file fetcher",
"Content": "CVE ID :CVE-2026-43936
Published : May 26, 2026, 4:16 p.m. | 22 minutes ago
Description :e107 is a content management system (CMS). Prior to 2.3.4, you can access the local environment by specifying the URL of the local environment from "Image/File URL:" of "From a remote location" in "Media Manager" on the administrator screen. This vulnerability is fixed in 2.3.4.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-40564 - Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator",
"Content": "CVE ID :CVE-2026-40564
Published : May 26, 2026, 4:16 p.m. | 22 minutes ago
Description :Files or Directories Accessible to External Parties, Server-Side Request Forgery (SSRF) vulnerability in Apache Flink Kubernetes Operator.
The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files from the operator pod's filesystem and pull content from any backing store reachable through Flink's pluggable filesystem layer and access them through the submitted Flink job. Furthermore for fetching from http/https addresses there is currently no allowlist on the URI scheme, no host check, no IP-range restriction, and no protection against pointing the URI at internal or link-local addresses.This issue affects Apache Flink Kubernetes Operator: from 1.3.0 before 1.15.0.
Users are recommended to upgrade to version 1.15.0, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-40564 - Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator",
"Content": "CVE ID :CVE-2026-40564
Published : May 26, 2026, 4:16 p.m. | 22 minutes ago
Description :Files or Directories Accessible to External Parties, Server-Side Request Forgery (SSRF) vulnerability in Apache Flink Kubernetes Operator.
The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files from the operator pod's filesystem and pull content from any backing store reachable through Flink's pluggable filesystem layer and access them through the submitted Flink job. Furthermore for fetching from http/https addresses there is currently no allowlist on the URI scheme, no host check, no IP-range restriction, and no protection against pointing the URI at internal or link-local addresses.This issue affects Apache Flink Kubernetes Operator: from 1.3.0 before 1.15.0.
Users are recommended to upgrade to version 1.15.0, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-38587 - ONLYOFFICE DocSpace IDOR Vulnerability",
"Content": "CVE ID :CVE-2026-38587
Published : May 26, 2026, 4:16 p.m. | 22 minutes ago
Description :An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions (User or Guest) to retrieve sensitive information, such as the Owner's unique identifier (ID) and profile information, which should only be accessible to administrators.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-38587 - ONLYOFFICE DocSpace IDOR Vulnerability",
"Content": "CVE ID :CVE-2026-38587
Published : May 26, 2026, 4:16 p.m. | 22 minutes ago
Description :An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions (User or Guest) to retrieve sensitive information, such as the Owner's unique identifier (ID) and profile information, which should only be accessible to administrators.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-25112 - Genetec RabbitMQ Privilege Escalation Vulnerability",
"Content": "CVE ID :CVE-2026-25112
Published : May 26, 2026, 4:16 p.m. | 22 minutes ago
Description :A high-severity vulnerability in the deployment of Genetec RabbitMQ that allows a privilege escalation attack.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-25112 - Genetec RabbitMQ Privilege Escalation Vulnerability",
"Content": "CVE ID :CVE-2026-25112
Published : May 26, 2026, 4:16 p.m. | 22 minutes ago
Description :A high-severity vulnerability in the deployment of Genetec RabbitMQ that allows a privilege escalation attack.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-9552 - Das Parking Management System ๅ่ฝฆๅบ็ฎก็็ณป็ป Search API Endpoint sql injection",
"Content": "CVE ID :CVE-2026-9552
Published : May 26, 2026, 3:17 p.m. | 1 hour, 21 minutes ago
Description :A security flaw has been discovered in Das Parking Management System ๅ่ฝฆๅบ็ฎก็็ณป็ป 6.2.0. This vulnerability affects unknown code of the component Search API Endpoint. The manipulation of the argument Value results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-9552 - Das Parking Management System ๅ่ฝฆๅบ็ฎก็็ณป็ป Search API Endpoint sql injection",
"Content": "CVE ID :CVE-2026-9552
Published : May 26, 2026, 3:17 p.m. | 1 hour, 21 minutes ago
Description :A security flaw has been discovered in Das Parking Management System ๅ่ฝฆๅบ็ฎก็็ณป็ป 6.2.0. This vulnerability affects unknown code of the component Search API Endpoint. The manipulation of the argument Value results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-9551 - Das Parking Management System ๅ่ฝฆๅบ็ฎก็็ณป็ป API Endpoint ExportParkingRecords xp_cmdshell sql injection",
"Content": "CVE ID :CVE-2026-9551
Published : May 26, 2026, 3:17 p.m. | 1 hour, 21 minutes ago
Description :A vulnerability was identified in Das Parking Management System ๅ่ฝฆๅบ็ฎก็็ณป็ป 6.2.0. This affects the function xp_cmdshell of the file ParkingRecord/ExportParkingRecords of the component API Endpoint. The manipulation of the argument Value leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-9551 - Das Parking Management System ๅ่ฝฆๅบ็ฎก็็ณป็ป API Endpoint ExportParkingRecords xp_cmdshell sql injection",
"Content": "CVE ID :CVE-2026-9551
Published : May 26, 2026, 3:17 p.m. | 1 hour, 21 minutes ago
Description :A vulnerability was identified in Das Parking Management System ๅ่ฝฆๅบ็ฎก็็ณป็ป 6.2.0. This affects the function xp_cmdshell of the file ParkingRecord/ExportParkingRecords of the component API Endpoint. The manipulation of the argument Value leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-9550 - Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform upfile path traversal",
"Content": "CVE ID :CVE-2026-9550
Published : May 26, 2026, 3:16 p.m. | 1 hour, 21 minutes ago
Description :A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile. Executing a manipulation of the argument path can lead to path traversal. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-9550 - Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform upfile path traversal",
"Content": "CVE ID :CVE-2026-9550
Published : May 26, 2026, 3:16 p.m. | 1 hour, 21 minutes ago
Description :A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile. Executing a manipulation of the argument path can lead to path traversal. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-4480 - Samba: samba: remote code execution in printing subsystem via unescaped job description",
"Content": "CVE ID :CVE-2026-4480
Published : May 26, 2026, 3:16 p.m. | 1 hour, 21 minutes ago
Description :A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J"
substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-4480 - Samba: samba: remote code execution in printing subsystem via unescaped job description",
"Content": "CVE ID :CVE-2026-4480
Published : May 26, 2026, 3:16 p.m. | 1 hour, 21 minutes ago
Description :A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J"
substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-45247 - Mirasvit Cache Warmer for Magento < 1.11.12 PHP Object Injection",
"Content": "CVE ID :CVE-2026-45247
Published : May 26, 2026, 3:16 p.m. | 1 hour, 21 minutes ago
Description :Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted call to PHP's native unserialize() function combined with gadget chains available in Magento and its dependencies to execute arbitrary code on the server.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-45247 - Mirasvit Cache Warmer for Magento < 1.11.12 PHP Object Injection",
"Content": "CVE ID :CVE-2026-45247
Published : May 26, 2026, 3:16 p.m. | 1 hour, 21 minutes ago
Description :Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted call to PHP's native unserialize() function combined with gadget chains available in Magento and its dependencies to execute arbitrary code on the server.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-46368 - luci-app-https-dns-proxy Authenticated Command Injection via setInitAction",
"Content": "CVE ID :CVE-2026-46368
Published : May 26, 2026, 3:16 p.m. | 1 hour, 21 minutes ago
Description :luci-app-https-dns-proxy through 2025.12.29-5 โ an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default โ contains a command injection vulnerability in the setInitAction function. An authenticated user holding the luci.https-dns-proxy ACL permission can inject shell metacharacters through the 'name' parameter of a ubus RPC call to luci.https-dns-proxy setInitAction, resulting in arbitrary command execution as root on the underlying device. Core OpenWrt is not affected; only installations that have opted in to the luci-app-https-dns-proxy package are vulnerable.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-46368 - luci-app-https-dns-proxy Authenticated Command Injection via setInitAction",
"Content": "CVE ID :CVE-2026-46368
Published : May 26, 2026, 3:16 p.m. | 1 hour, 21 minutes ago
Description :luci-app-https-dns-proxy through 2025.12.29-5 โ an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default โ contains a command injection vulnerability in the setInitAction function. An authenticated user holding the luci.https-dns-proxy ACL permission can inject shell metacharacters through the 'name' parameter of a ubus RPC call to luci.https-dns-proxy setInitAction, resulting in arbitrary command execution as root on the underlying device. Core OpenWrt is not affected; only installations that have opted in to the luci-app-https-dns-proxy package are vulnerable.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-9560 - OpenVPN Connect Privilege Escalation Vulnerability",
"Content": "CVE ID :CVE-2026-9560
Published : May 26, 2026, 6:16 p.m. | 22 minutes ago
Description :Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-9560 - OpenVPN Connect Privilege Escalation Vulnerability",
"Content": "CVE ID :CVE-2026-9560
Published : May 26, 2026, 6:16 p.m. | 22 minutes ago
Description :Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-9566 - teableio teable Sign-up LoginPage.tsx cross site scripting",
"Content": "CVE ID :CVE-2026-9566
Published : May 26, 2026, 6:16 p.m. | 22 minutes ago
Description :A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. Upgrading to version release.2026-04-21T08-57-20Z.1513 will fix this issue. The affected component should be upgraded. The vendor confirms: "The default branch of teableio/teable is develop, and the reported login redirect issue has already been fixed there. The login redirect flow now validates the redirect parameter with isValidRedirectPath() before navigation, which blocks javascript:, data:, and cross-origin redirects."
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-9566 - teableio teable Sign-up LoginPage.tsx cross site scripting",
"Content": "CVE ID :CVE-2026-9566
Published : May 26, 2026, 6:16 p.m. | 22 minutes ago
Description :A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. Upgrading to version release.2026-04-21T08-57-20Z.1513 will fix this issue. The affected component should be upgraded. The vendor confirms: "The default branch of teableio/teable is develop, and the reported login redirect issue has already been fixed there. The login redirect flow now validates the redirect parameter with isValidRedirectPath() before navigation, which blocks javascript:, data:, and cross-origin redirects."
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-9567 - GPAC MP4Box isom_intern.c MergeFragment null pointer dereference",
"Content": "CVE ID :CVE-2026-9567
Published : May 26, 2026, 6:16 p.m. | 22 minutes ago
Description :A security flaw has been discovered in GPAC up to 2.4.0. Affected is the function MergeFragment of the file src/isomedia/isom_intern.c of the component MP4Box. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks. The patch is identified as 525bf1af642c30af04e4df5345e6d798c0a4d8a1. It is advisable to implement a patch to correct this issue.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-9567 - GPAC MP4Box isom_intern.c MergeFragment null pointer dereference",
"Content": "CVE ID :CVE-2026-9567
Published : May 26, 2026, 6:16 p.m. | 22 minutes ago
Description :A security flaw has been discovered in GPAC up to 2.4.0. Affected is the function MergeFragment of the file src/isomedia/isom_intern.c of the component MP4Box. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks. The patch is identified as 525bf1af642c30af04e4df5345e6d798c0a4d8a1. It is advisable to implement a patch to correct this issue.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-8854 - IBM HTTP Server is affected by multiple vulnerabilities",
"Content": "CVE ID :CVE-2026-8854
Published : May 26, 2026, 6:16 p.m. | 22 minutes ago
Description :IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_mem_cache.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-8854 - IBM HTTP Server is affected by multiple vulnerabilities",
"Content": "CVE ID :CVE-2026-8854
Published : May 26, 2026, 6:16 p.m. | 22 minutes ago
Description :IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_mem_cache.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-8855 - IBM HTTP Server is affected by multiple vulnerabilities",
"Content": "CVE ID :CVE-2026-8855
Published : May 26, 2026, 6:16 p.m. | 22 minutes ago
Description :IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication).
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-8855 - IBM HTTP Server is affected by multiple vulnerabilities",
"Content": "CVE ID :CVE-2026-8855
Published : May 26, 2026, 6:16 p.m. | 22 minutes ago
Description :IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication).
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-8856 - IBM HTTP Server is affected by multiple vulnerabilities",
"Content": "CVE ID :CVE-2026-8856
Published : May 26, 2026, 6:16 p.m. | 22 minutes ago
Description :IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-8856 - IBM HTTP Server is affected by multiple vulnerabilities",
"Content": "CVE ID :CVE-2026-8856
Published : May 26, 2026, 6:16 p.m. | 22 minutes ago
Description :IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-9170 - IBM WebSphere Application Server and WebSphere Application Server Liberty are affected DOS and RCE.",
"Content": "CVE ID :CVE-2026-9170
Published : May 26, 2026, 6:16 p.m. | 22 minutes ago
Description :IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to denial of service and a potential remote code execution due to improper input validation.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-9170 - IBM WebSphere Application Server and WebSphere Application Server Liberty are affected DOS and RCE.",
"Content": "CVE ID :CVE-2026-9170
Published : May 26, 2026, 6:16 p.m. | 22 minutes ago
Description :IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to denial of service and a potential remote code execution due to improper input validation.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-7454 - WRL File Parsing Memory Corruption in Autodesk 3ds Max",
"Content": "CVE ID :CVE-2026-7454
Published : May 26, 2026, 6:16 p.m. | 22 minutes ago
Description :A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-7454 - WRL File Parsing Memory Corruption in Autodesk 3ds Max",
"Content": "CVE ID :CVE-2026-7454
Published : May 26, 2026, 6:16 p.m. | 22 minutes ago
Description :A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "26 May 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น